From szabo at netcom.com Mon Nov 1 02:43:49 1993 From: szabo at netcom.com (Nick Szabo) Date: Mon, 1 Nov 93 02:43:49 PST Subject: Increasing subscriber base (fwd) Message-ID: <9311011041.AA27784@netcom6.netcom.com> Cypherpunks, Enclosed below is a call for help. imp-interest deals with Internet commercial protocols, with special interest in secure billing. The future of cypherpunks' goals, most obviously digital cash but also much of the rest of our varied agenda, ranging from privacy to freedom on the net, is deeply tied in with what direction the emerging world of Internet commerce chooses to pursue. Will these businesses move us towards a world of freedom and privacy on the net, or a world in which our credit card numbers and IDs will be tracked to "ensure accountability", and our every purchase and data access on the commercial Net tied to our True Names to build lucrative marketing databases and fodder for future snoops? Contrariwise, what insights can those pursuing the everyday practicum of net.business contribute to the cypherpunks vision? It would be a tremendous advance, I daresay more important than stopping Clipper (important as that task is), to get Internet commerce on board with the commercial privacy-enhancing protocols of Chaum et. al. -- digital cash, DC-nets, per-organization pseudonyms with transferable credentials, etc. And contrariwise, to invigorate those protocols with doses of practical, real-world business considerations. Those of us with an interest in promoting free and private Internet commerce, and motivation to pursue this, I urge you to get deeply involved in the "imp" movement. Nick Szabo szabo at netcom.com Forwarded message: Date: Sun, 31 Oct 93 22:00:54 PST From: ptrubey at shl.com (Phil Trubey) Message-Id: <9311010600.AA25672 at technet1.shl.com> Subject: Increasing subscriber base No offence meant to anyone subscribed to this mailing list, but this mailing list does not seem to have enough of a critcal mass of interested people to ensure a good level of dicussion and the ability for collaborative work. I am suggesting that we advertise the existence of this list to a selected few other mailing lists and newsgroups to increase awareness and participation. If there are no violent objections I can send out a short note to cypherpunks, com-priv, the Internet List of Lists. .... Phil Trubey | Internet: ptrubey at shl.com Systemhouse Inc. | Voice: 310-809-5491 | Fax: 310-860-9668 From still at kailua.colorado.edu Mon Nov 1 07:09:46 1993 From: still at kailua.colorado.edu (James Still) Date: Mon, 1 Nov 93 07:09:46 PST Subject: Nazis/Privacy/Cypherpunks Message-ID: <2CD5431A@kailua.colorado.edu> >Personally, I don't rule out examination of Nazi tactics as a >worst case scenario model. Let's face it, as ugly and dark as >Nazi rule was, they did some things quite efficiently indeed. > > [...] > >To rule out Nazi approaches, especially when dealing with >intelligence and counter-intelligence issues (which IMHO is >basically what cypherpunks is all about on some level or >another...) is plain silly. Current intelligence practices are If I understand your basic point to be: "consider the worst possible scenario in order to better prepare for it" then I agree completely. However I have serious reservations with emulating or (gadzooks!) *admiring* those Nazi tactics that seemed to "work" because I would disagree that, first they actually did work, and more importantly, that their ends justified the means. Which brings me to your second point: >[Note 2] >No one writes code from "the bottom up" in the manner that you >suggest. If that were the case we'd see the wheel invented time >and time again. One of the reasons this mailing list exists is to >accomplish exactly the opposite. That being to incorporate common >or even fringe ideas into the development of code for the common >purpose (The Prize as you adeptly put it.) so we don't HAVE to >build from the ground up every time. I disagree. (Semantics check: I'm not talking about a mouse driver or a basic windowing interface here. Obviously, there's no need to hammer out that wheel again.) I am talking about what I see as a basic cypherpunk mission, that being, "the constant reevaluation of the approach towards privacy." We have the ability to constantly rip apart our own ideas, like children's ABC blocks, and see if they fit back together again in a better way. I would prefer to see constant rewrite's of a "given" (like PGP for instance) than to stagnate and rely on the one idea, concept, or proof just because we've always done it that way. Our code should be like our ethics: constantly re- evaluated, questioned, and tested for validity. --- still at kailua.colorado.edu -------------------------------- From yerazunis at aidev.enet.dec.com Mon Nov 1 07:19:46 1993 From: yerazunis at aidev.enet.dec.com (Cum catapultae proscriptae erunt tum soli proscripti catapultas habebunt 01-Nov-1993 1019) Date: Mon, 1 Nov 93 07:19:46 PST Subject: unsubscribe Message-ID: <9311011516.AA07656@us3rmc.bb.dec.com> unsubscribe From wak at next11.math.pitt.edu Mon Nov 1 11:33:48 1993 From: wak at next11.math.pitt.edu (walter kehowski) Date: Mon, 1 Nov 93 11:33:48 PST Subject: BOOK: Learning Perl Message-ID: <9311011643.AA03242@next11.math.pitt.edu> Extropians and Cypherpunks: O'Reilly&Assoc. has a new book out, "Learning Perl" (ISBN 1-56592-042-2, price $24.95). I have back-ordered it. O'Reilly&Assoc. can be contacted at: PHONE: 800-998-9938 FAX: 707-829-0104 MAILING ADDRESS: O'Reilly&Assoc., 103 Morris St., Suite A, Sebastopol, CA, 95472 Walter, wak at next0.math.pitt.edu From koontzd at lrcs.loral.com Mon Nov 1 11:34:47 1993 From: koontzd at lrcs.loral.com (David Koontz ) Date: Mon, 1 Nov 93 11:34:47 PST Subject: Secure Phone Progress (fwd) Message-ID: <9311011627.AA02085@io.lrcs.loral.com> >From: jim at Tadpole.COM (Jim Thompson) (lets see if I can do this without screwing up the spelling) >CLEP is a speech encoding algorithm (compressor) that can work well inside >a 4800bps channel. It is, however, quite expensive in terms of CPU power. >A DSP would help here. :-) CLEP also tends to diminish the dynamic range of >its input, with a resulting loss of 'quality'. Thats CELP - Codebook Excited Linear Predictive coder. The reason everyone targets 4800 baud is to allow operation over analog cellular phones, which won't support faster transmissions. The government extensively uses secure voice systems over cellular phones. The market place for secure voice follows the government. CELP can be a single chip solution (QUALCOMM, $70 in 10K, (QCELP)). I'm not sure AT&T Surety Communications devices use a single chip solution, they're guaranteed to use AT&T DSP chips. A proprietary vocoder (ACELP) is used, which is supposed to work better with female voices. A large part of insuring the quality of compressed voice falls under the heading of signal conditioning. AGC for dynamic range, pre-emphassis or otherwise filtering to match the frequency response of the input (mic and preamps). AT&T sells 5 plug-in modules to their 3700 unit which are considered adequate to interface to all the phones out there. I recall there was one for a 500 series phone, and one for NEC phones. From wex at media.mit.edu Mon Nov 1 11:43:49 1993 From: wex at media.mit.edu (Alan (Gesture Man) Wexelblat) Date: Mon, 1 Nov 93 11:43:49 PST Subject: Secure Phone Progress (fwd) In-Reply-To: <0gp7NE600awUQ5lkYP@andrew.cmu.edu> Message-ID: <9311011654.AA23855@media.mit.edu> Well, keep in mind that the phone doesn't transmit nearly all of the spectrum of hearing. In fact it doesn't transmit anything above about 3.5KHz, so you don't have to have enough bandwidth for the human 20Khz hearing range if all you're doing is emulating today's voice phone technology. This, btw, is why it's hard to identify speakers over the phone even in a noise-free transmission -- the acoustical signal is just plain impoverished. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request Try not to have a good time ... This is supposed to be educational. From ajw at Think.COM Mon Nov 1 11:53:49 1993 From: ajw at Think.COM (Andy Wilson) Date: Mon, 1 Nov 93 11:53:49 PST Subject: ON THE ROAD TO NOSINESS... In-Reply-To: <9310300019.AA04372@anon.penet.fi> Message-ID: <9311011950.AA27966@custard.think.com> From: an15489 at anon.penet.fi (Jack Daniels) Date: Sat, 30 Oct 1993 00:19:10 UTC >In Europe, I believe that there are highways >that you can speed on, and then receive a ticket in the mail >when the camera photographs your plate. This happens here in the United States. In Campbell, California the police have a small van which they set up on major streets. If the radar thinks you're speeding, it photographs you and mails you a ticket. There is a similar system in Paris, if I remember correctly. Andy Jack ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From kovar at NDA.COM Mon Nov 1 12:39:47 1993 From: kovar at NDA.COM (David Kovar) Date: Mon, 1 Nov 93 12:39:47 PST Subject: Anonymous vs false IDs Message-ID: <9311012037.AA03787@NDA.COM> There is a lot of effort being put into creating tools to mask identities. I'm curious why people don't go a different route - creating a false electronic identity? If you have control over your own system, it is easy enough to create an account. Lacking that, there are a lot of companies out there offering low cost accounts on Unix systems with full Internet access. Why not get an account in a different name rather than using anonymous remailers? I can see some reasons for going both routes, I'm just curious as to other people's reasons. -David From jim at chiba.Tadpole.COM Mon Nov 1 12:53:49 1993 From: jim at chiba.Tadpole.COM (Jim Thompson) Date: Mon, 1 Nov 93 12:53:49 PST Subject: ON THE ROAD TO NOSINESS... Message-ID: <9311012046.AA00537@chiba.tadpole.com> > There is a similar system in Paris, if I remember correctly. Yes, and Germany. There may be others. They (the big 'they') tried this in Nevada several years ago, but stopped after about 6 months. It seems that the last picture a number of these units took was of a pickup truck, license plate masked off, both driver and passenger wearing ski masks, with the passenger weilding a baseball bat. I guess it was pretty expensive. ;-) The ACLU was, at some point, challenging the practice of un-manned units beaming radar at every car on the road, taking pictures of those that were 'speeding'. Jim (who stands corrected, its 'CELP'.) From dmandl at lehman.com Mon Nov 1 13:19:49 1993 From: dmandl at lehman.com (David Mandl) Date: Mon, 1 Nov 93 13:19:49 PST Subject: Anonymous vs false IDs Message-ID: <9311012116.AA21226@disvnm2.lehman.com> > From: kovar at nda.com (David Kovar) > > There is a lot of effort being put into creating tools to mask identities. > I'm curious why people don't go a different route - creating a false > electronic identity? If you have control over your own system, it is easy > enough to create an account. Lacking that, there are a lot of companies > out there offering low cost accounts on Unix systems with full Internet > access. Why not get an account in a different name rather than using > anonymous remailers? If you use five different identities, why waste your money paying for five accounts, especially if some of them are used only infrequently? Why have a full UNIX account (like my account on PANIX, say) for an identity that won't need to do anything but send out a couple of email messages now and then? What if you create and kill off personas relatively frequently? Having everything centralized seems like the most logical way to go--don't forget, separate accounts would mean setting up separate .profile files, copying code from one place to another all the time, keeping duplicate copies of things, etc., etc. The exception would be when you have identities or "lives" that are truly separate, with little overlap, but even then I'd prefer having full access to all my files and robots in one place all the time. If I had an Internet connection on my own box at home, sure, it might be more convenient to segregate things in separate accounts, but most people don't have that luxury yet. --Dave. From GRABOW_GEOFFREY at tandem.com Mon Nov 1 13:43:49 1993 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Mon, 1 Nov 93 13:43:49 PST Subject: ON THE ROAD TO NOSINESS... Message-ID: <199311011343.AA2361@comm.Tandem.COM> > There is a similar system in Paris, if I remember correctly. > Yes, and Germany. There may be others. Yes, there are others. Six of these camera systems were installed in Manhattan, and they have been rumored to have issued more than 250 tickets per week each!!! I guess that this means that cops will now have more time to do other things. (Nab bad guys, eat donuts, etc...) From barrett at daisy.ee.und.ac.za Mon Nov 1 14:09:50 1993 From: barrett at daisy.ee.und.ac.za (Alan Barrett) Date: Mon, 1 Nov 93 14:09:50 PST Subject: ON THE ROAD TO NOSINESS... In-Reply-To: <199311011343.AA2361@comm.Tandem.COM> Message-ID: Here in South Africa, we have had unmanned speed traps with cameras since about the mid 1970's, I think, and the unmanned cameras at intersections to catch folk driving through on a red light have been around since the early 1980's. Are such devices uncommon in other countries? --apb (Alan Barrett) From mg5n+ at andrew.cmu.edu Mon Nov 1 14:14:51 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Mon, 1 Nov 93 14:14:51 PST Subject: Anonymous vs false IDs In-Reply-To: <9311012116.AA21226@disvnm2.lehman.com> Message-ID: David Mandl wrote: > If you use five different identities, why waste your money paying for > five accounts, especially if some of them are used only infrequently? > > Why have a full UNIX account (like my account on PANIX, say) for > an identity that won't need to do anything but send out a couple of > email messages now and then? Perhaps it would be better to set up a remailer where people could create a pseudonymous accounts on it. If the remailer didn't have an obvious "anon" name, most people probably wouldn't realize that it was a remailer, and might think that it was a real site with real users. From eb at srlr14.sr.hp.com Mon Nov 1 14:19:51 1993 From: eb at srlr14.sr.hp.com (Eric Blossom) Date: Mon, 1 Nov 93 14:19:51 PST Subject: ON THE ROAD TO NOSINESS... In-Reply-To: <199311011343.AA2361@comm.Tandem.COM> Message-ID: <9311012215.AA08514@srlr14.sr.hp.com> > Yes, there are others. Six of these camera systems were installed in > Manhattan, and they have been rumored to have issued more than 250 tickets > per week each!!! I guess that this means that cops will now have more time > to do other things. (Nab bad guys, eat donuts, etc...) My understanding of the one in Campbell was that the company that owned the van / built the gizmo got a cut of the action. I also understand that they discontinued it, because you had to post a cop next to the thing so that people wouldn't just take a hammer to it. From mech at eff.org Mon Nov 1 15:03:50 1993 From: mech at eff.org (Stanton McCandlish) Date: Mon, 1 Nov 93 15:03:50 PST Subject: Reposting to FidoNews Message-ID: <199311012300.AA10920@eff.org> Not a good idea. The material from Mike was pretty good, but whoever did that also forwarded some solidly afactual material from P.Metzger pretending to be a telecom lawyer. There's no telling how many sysops are going around thinking they are common carriers now, and who are utterly mistaken. This may take quite a bit of doing to clean up. A better tactic would be to write an article, then pass it on to people that know what they are talking about for some editorial review, THEN send it to the Snooze. -- -=> mech at eff.org <=- Stanton McCandlish Electronic Frontier Foundation Online Activist & SysOp "A nation that is afraid to let its people judge the truth and falsehood of ideas in an open market is a nation that is afraid of its people." -JFK NitV-DC BBS 202-232-2715, Fido 1:109/? IndraNet 369:111/1, 14.4V32b 16.8ZyX Join EFF! For more information about membership, send mail to eff at eff.org From mnemonic at eff.org Mon Nov 1 15:04:53 1993 From: mnemonic at eff.org (Mike Godwin) Date: Mon, 1 Nov 93 15:04:53 PST Subject: Nazis/Privacy/Cypherpunks In-Reply-To: <2CD5431A@kailua.colorado.edu> Message-ID: <199311011604.AA29446@eff.org> This seems as good a time as any to remind folks of Godwin's Law, which represents one of my earliest net.meme.hacks: ----- Godwin's Law of Nazi Analogies: As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one. ---- --Mike P.S. You may also be interested in the corollaries, which shed some useful light on the dynamics of online discussions: Gordon's Restatement of Newman's Corollary to Godwin's Law: Libertarianism (pro, con, and internal faction fights) is *the* primordial netnews discussion topic. Anytime the debate shifts somewhere else, it must eventually return to this fuel source. Morgan's Corollary to Godwin's Law: As soon as such a comparison occurs, someone will start a Nazi-discussion spinoff thread on alt.censorship. Sircar's Corollary: If the USENET discussion touches on homosexuality or Heinlein, Nazis or Hitler are mentioned within three days. From gtoal at an-teallach.com Mon Nov 1 15:07:11 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 1 Nov 93 15:07:11 PST Subject: ID of anonymous posters via word analysis? Message-ID: <4963@an-teallach.com> In article <9310292305.AA22193 at anon.penet.fi> an41418 at anon.penet.fi writes: > If studying writing patterns is a viable method for > discovering the true identity of a nym, then by all means > try it. If someone were to discover my identity, I would Much can be hidden by some mechanical process of canonizing ones text, but I'm fairly sure a lot of personal traits will remain; especially ones to which the writer is unconscious, such as the use of particular bits of vocabulary. Take this pretentious word 'nym', for instance, that some of the cypherpunks are so fond of. Do you realise only *FOUR* non-anonymous people on the whole of this list have used it in the last month or so? - Tim May, Jamie Dinkelacker, Hal Finney and Richard Kennaway. (There was also a remailed anonymous poster, and the cryptically named major at dcd.wa.gov.au who interestingly posts from a .au address but uses US English; and whose finger demon says 'no such user') If one were slightly paranoid in the Detweiler mould, one might look more closely at an41418's postings and the postings of the above, for other similarities. For instance, only Tim May and Jamie Dinkelacker have ever used the word "essay"... (one I chose to look up at random); or one could watch for idiosyncracies such as a misspelling like 'revokation' (Richard Kennaway alone, consistently), or "somesuch" (Tim May, consistently) which they're probably not aware of and would be hard pushed to suppress if they were adopting other personae. Other things to look at are punctuation - do they consistently put a comma before the last element of a list preceding an 'and', or do they miss it out (as in the old style). Things like that are a lot harder to consciously suppress than using...ellipses for instance---instead of dashes, in an attempt to disguise your most obvious writing traits. Just FYI, I don't think any of the people mentioned here are each other, unless they do a much better job of hiding their identities than I have a right to expect - for instance Jamie Linkelackers appalling solecisms - "thou doth protesteth too much" and "is purposive to" seem too archetypal to me to be deliberate mistakes, and none of the other posters come close to that kind of mistake. G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From bart at netcom.com Mon Nov 1 16:19:52 1993 From: bart at netcom.com (Harry Bartholomew) Date: Mon, 1 Nov 93 16:19:52 PST Subject: privacy, packwood, & pgp Message-ID: <9311020019.AA00687@netcom5.netcom.com> I'm not really sure what point I wish to make. Packwood on McNeill-Lehrerer seemed to deserve consideration. The question of what one may expect to be private seems paramount. Just now the whole country is paying attention to the issue, so if you can figure a way to attract their attention, major leverage may be obtained. What would Packwood have gained if he had used PGP or DES ? From arthurc at crl.com Mon Nov 1 16:22:40 1993 From: arthurc at crl.com (Arthur Chandler) Date: Mon, 1 Nov 93 16:22:40 PST Subject: Your mother's maiden name In-Reply-To: Message-ID: At least three places/organizations I do business with ask for this bit of info as a "security check." The idea being, I think that you mother's maiden name is something that only those intimately familiar with your family would know, and therefore is an easy, universally applicable kind of "password" to be used before handing out sensitive info. But I've always wondered just how secure this "password" is. Recalling Eric Hughes statement that "cryptography is all economics," and realizing that someone with an unlimited budget could probably scrounge that info after some effort -- just how much effort would it take? And how secure is "mom's maiden name" as a password for obtaining sensitive information over the phone? From alanr at media.mit.edu Mon Nov 1 16:24:51 1993 From: alanr at media.mit.edu (Alan Ruttenberg) Date: Mon, 1 Nov 93 16:24:51 PST Subject: anonymity and privacy in email Message-ID: <9311012346.AA06090@media.mit.edu> I've looked over the instructions for the anonymous remailer and hals' instructions, and I have a few thoughts concerning the attempted guarantee of anonymity and privacy. In all cases, privacy is guaranteed only if you trust the remailer. I'll take as a given that this is the case. But suppose that a response is mailed in plaintext using an encrypted return address method. The privacy of that message can be violated by someone who had enough power and interest to monitor incoming mail to the destination site, since mail and message are unencrypted as the response enters its destination's mail queue. This is not very much power to have. The sysop the destination can do this, as can a person at any gateway between the final remailer and you. That much can be prevented if you trust the originater of the message and you have them encrypt their reply using your public key. But suppose that you have a malicious respondant who wishes to expose your identity, and has a good guess as to where you might be. Then the responder needs to send a tagged message and their accomplice needs to monitor incoming mail looking for that tag. The only way around this that I see is to have a trusted remailer to which you have given a public key to use when remailing mail addressed to you. A second problem concerns the time ordering of incoming and outgoing messages from a remailer. Consider the one remailer case, as I believe that the argument holds for chained remailings as well. Suppose that you are able to monitor the incoming and outgoing feeds of the remailer. Further, you can identify mail which goes to the remailer (as opposed to other persons at that site) by reading the to: header. Suppose that you have a method to identify outgoing mail from the remailer (from some header) such as "From: nobody at alumni.cco.caltech.edu". If messages are processed by the remailer in a fifo manner, then you can identify the recipient of any incoming message assuming that you get synchronized at some point. One can to get around this, I think, is by deliberately scrambling the message processing order, and perhaps inserting enough fake messages that the monitoring agent can no longer reliably synchronize. I'm new to the list, and apologize if I'm repeating previous commentary. -alan From lefty at apple.com Mon Nov 1 16:53:49 1993 From: lefty at apple.com (Lefty) Date: Mon, 1 Nov 93 16:53:49 PST Subject: privacy, packwood, & pgp Message-ID: <9311020042.AA16247@internal.apple.com> > What would Packwood have gained if he had used PGP or DES ? Nothing but increased notoriety, and the immediate presumption of guilt in the minds of many. "Well, if you don't have anything to hide, then why are you hiding it, huh?" Sadly, many people subscribe, consciously or unconsciously to the sort of thinking that Ed Meese liked to promulgate: "If they weren't guilty, then they wouldn't be suspects." Note that nobody is, as far as I know, trying to extract Packwood's diary by sheer force of arms. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From nobody at cicada.berkeley.edu Mon Nov 1 18:03:49 1993 From: nobody at cicada.berkeley.edu (nobody at cicada.berkeley.edu) Date: Mon, 1 Nov 93 18:03:49 PST Subject: PGP automation Message-ID: <9311020155.AA18104@cicada.berkeley.edu> > > secure stuff. Anyone here have any other suggestions on making encryption > > less of a pain? > >This may seem a little excessive, but the only sensible way to use >pgp in environments like yours or prz's (heh heh) is to set yourself >up with your own site at home, either with a dialup SLIP/PPP feed or >a plain and cheap uucp feed. Both of those options are becoming much >cheaper than they used to be, and you can run suitable software on all >sorts of computers - whatever you're using to dial in to your timeshare >service at the moment would probably do, as long as its not just a dumb >terminal. DOS, a free unix or linux, Amiga, Atari - they can all handle >at least uucp if not tcp/ip too. If you don't have suitable hardware, >you can surelu find a 286 dos box with an old 20Mb drive and plain text- >only display secondhand somewhere for $200 or less... that'll run UUPC >or even KA9Q. Why not just get Nupop, a freeware mail downloader, off Simtel? No good for reading newsgroups, but mail, no problem. > >If you care about privacy in your email, you *have* to run it all the >way into your own machine. Agreed. From hhll at u.washington.edu Mon Nov 1 18:33:50 1993 From: hhll at u.washington.edu (Steven Hodas) Date: Mon, 1 Nov 93 18:33:50 PST Subject: Your mother's maiden name In-Reply-To: Message-ID: About a year ago my wife got a phone call from a stranger claiming to believe he had gone to high school with her, but he wasn't really sure. After a whole song and dance he finally said, nonchalantly, "Well, gee, what was your mother's maiden name?" Since her mother's maiden name was not, "Fuck you, asshole", I gathered from those words that she had figured out his scam. Who knows who he was. We immediatley changed all maiden-name passwords to something more obscure and less socially-engineerable. Steven ______________________________________________________ | | | HORSE HORSE LION LION, A Consulting Cooperative | | "Information into Culture" | | | | Steven Hodas/Catherine Holland, Principals | | | | hhll at u.washington.edu VOICE/FAX 206.285.5975 | |______________________________________________________| On Mon, 1 Nov 1993, Arthur Chandler wrote: > > At least three places/organizations I do business with ask for this bit > of info as a "security check." The idea being, I think that you mother's > maiden name is something that only those intimately familiar with your > family would know, and therefore is an easy, universally applicable kind > of "password" to be used before handing out sensitive info. > But I've always wondered just how secure this "password" is. Recalling > Eric Hughes statement that "cryptography is all economics," and > realizing that someone with an unlimited budget could probably scrounge > that info after some effort -- just how much effort would it take? And > how secure is "mom's maiden name" as a password for obtaining sensitive > information over the phone? > > From an5877 at anon.penet.fi Mon Nov 1 19:24:50 1993 From: an5877 at anon.penet.fi (deadbeat) Date: Mon, 1 Nov 93 19:24:50 PST Subject: Online Cash Checks Message-ID: <9311020323.AB07789@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- Online Cash Checks David Chaum Centre for Mathematics and Computer Science Kruislaan 413 1098SJ Amsterdam INTRODUCTION Savings of roughly an order of magnitude in space, storage, and bandwidth over previously published online electronic cash protocols are achieved by the techniques introduced here. In addition, these techniques can increase convenience, make more efficient use of funds, and improve privacy. "Offline" electronic money [CFN 88] is suitable for low value transactions where "accountability after the fact" is sufficient to deter abuse; online payment [C 89], however, remains necessary for transactions that require "prior restraint" against persons spending beyond their available funds. Three online schemes are presented here. Each relies on the same techniques for encoding denominations in signatures and for "devaluing" signatures to the exact amount chosen at the time of payment. They differ in how the unspent value is returned to the payer. In the first, all change is accumulated by the payer in a single "cookie jar," which might be deposited at the bank during the next withdrawal transaction. The second and third schemes allow change to be distributed among unspent notes, which can themselves later be spent. The second scheme reveals to the shop and bank the maximum amount for which a note can be spent; the third does not disclose this information. DENOMINATIONS AND DEVALUING For simplicity and concreteness, but without loss of generality, a particular denomination scheme will be used here. It assigns the value of 1 cent to public exponent 3 in an RSA system, the value of 2 cents to exponent 5, 4 cents to exponent 7, and so on; each successive power-of-two value is represented by the corresponding odd prime public exponent, all with the same modulus. Much as in [C 89], a third root of an image under the one-way function f (together with the pre-image modulo the bank's RSA composite) is worth 1 cent, a 7th root is worth 4 cents, and a 21st root 5 cents. In other words, a distinct public prime exponent is associated with each digit of the binary integer representation of an amount of payment; for a particular amount of payment, the product of all those prime exponents corresponding to 1 's in the binary representation of the amount is the public exponent of the signature. A signature on an image under f is "devalued" by raising it to the public powers corresponding to the coin values that should be removed. For instance, a note having a 21st root could be devalued from its 5 cent value, to 1 cent, simply by raising it to the 7th power. In earlier online payment systems [C 89], the number of separate signatures needed for a payment was in general the Hamming weight of the binary representation of the amount. Since online systems would be used for higher-value payments (as mentioned above), and extra resolution may be desired to provide interest for unspent funds [C 89], an average of roughly an order of magnitude is saved here. COOKIE JAR In this first scheme the payer periodically withdraws a supply of notes from the bank, each with the system-wide maximum value. Consider an example, shown in Figure 1.1, in which two notes are withdrawn. The n and ri are random. The ri "blind" (from the bank) the images under the public, one-way function f. The bank's signature corresponds to taking the h-th root, where h = 3*5*7*11. As in all the figures, the payer sends messages from the left and the bank sends from the right. h h f(n1) * r1 , f(n2) * r2 -----------------------------------------> PAYER BANK <------------------------------------------ 1/h 1/h f(n1) * r1, f(n2) * r2 Fig. 1.1. Cookie-jar withdrawal In preparing the first payment, the payer divides r1 out. The signature is then raised to the 55th power to devalue it from 15 cents to 5 cents. Figure 1.2 shows this first payment. Of course the shop is an intermediary between the payer (left) and the bank (right) in every online payment, but this is not indicated explicitly. Also not shown in the figures are messages used to agree on the amounts of payment. 1/(3*7) 5*11 n1, f(n1) , f(j) * s1 -----------------------------------------> PAYER BANK <------------------------------------------ 1/(5*11) f(j) * s1 Fig. 1.2. First cookie-jar payment The first two residues sent in paying, n1 and its signed image under f, are easily verified by the bank to be worth 5 cents. The third residue is a blinded "cookie jar," a blinded image under f of a randomly chosen value j. This cookie jar is modulo a second RSA composite that is only used for cookie jars. Once the bank verifies the funds received, and that n1 has not been spent previously, it signs and returns the blinded cookie jar (under the cookie jar modulus) with public exponents corresponding to the change due. The second payment, shown in figure 1.3, is essentially the same as the first, except that the amount is 3 cents and the cookie jar now has some roots already on it. If more payments were to be made using the same cookie jar, all resulting signatures for change would accumulate. 1/(3*5) 1/(5*11) 7*11 n2, f(n2) , f(j) * s2 -----------------------------------------> PAYER BANK <------------------------------------------ 1/(5*11*7*11) f(j) * s2 Fig. 1.3. Second cookie-jar payment The cookie jar might conveniently be deposited, as shown in figure 1.4, during the withdrawal of the next batch of notes. It is verified by the bank much as a payment note would be: the roots must be present in the claimed multiplicity and the pre-image under f must not have been deposited before. 1/(5*7*11*11) j, f(j) -----------------------------------------> PAYER BANK Fig. 1.4. Cookie-jar deposit The cookie jar approach gives the effect of an online form of "offline checks" [C 89], in that notes of a fixed value are withdrawn and the unspent parts later credited to the payer during a refund transaction. DECLARED NOTE VALUE Figure 2 depicts a somewhat different scheme, which allows change to be spent without an intervening withdrawal transaction. Withdrawals can be just as in the cookie-jar scheme, but here a single modulus is used for everything in the system. The products of public exponents representing the various amounts are as follows: d is the amount paid, g is the note value, the "change" c is g/d, and h is again the maximal amount, where d | g | h. A payment (still to the bank through a shop) includes first and second components that are the same as in the cookie-jar scheme. The third component is the amount of change c the payer claims should be returned. The fourth is a (blinded) number m, which could be an image under f used in a later payment just as n is used in this one. 1/d c n, f(n) , c, m*s -----------------------------------------> PAYER BANK <------------------------------------------ +------------+ 1/c | 1/c | (Graphic padlock) m * s * | f(f(n) ) | +------------+ Fig. 2. Declared note value payment The signature returned contains a "protection" factor (shown inside the padlock). This factor ensures that the payer actually has the c-th root of f(n), by requiring that the payer apply f to it before dividing the result out of the signature. Without such protection, a payer could get the system- wide maximum change, regardless of how much change is actually due; with it, the change claimed can only be recovered if the corresponding roots on n are in fact known to the payer. DISTRIBUTING CHANGE The change returned in a payment can be divided into parts that fill in missing denominations in notes not yet spent. Suppose, for example, that the last payment is spent with d = 5*11, c = 3*7, and that m is formed by the payer as shown in the first line of Figure 3.1. Then unblinding after the payment yields the a shown in the second line. (Use === for "is equivalent to") 3 7 m === f(n1) * f(n2) 1/21 a === m Fig. 3.1. Form of change returned - From a, the two roots shown in the last two lines of Figure 3.2 are readily computed. (This technique is easily extended to include any number of separate roots.) Thus the values unused in the last payment fill in roots missing in notes n1 and n2. -1 u = 3 mod 7 v = 3u div 7 1/7 3 -1 u -v f(n1) === (a * f(n2) ) * f(n1) 1/3 -1/7 f(n2) === a * f(n1) Fig. 3.2. Distributing the change Because overpayment allows change to be returned in any chosen denominations (not shown), the payer has extra flexibility and is able to use all funds held. This also increases convenience by reducing the need for withdrawals. HIDDEN NOTE VALUE Although the combination of the previous two subsections is quite workable, it may be desirable for the payer not to have to reveal c to the shop or the bank. Figure 4 shows a system allowing this. The payment message is just as in the declared note value protocol above, except that c is not sent. The protection factor (shown again in a lock) is also placed under the signature, but it is missing the extra f and is raised to a random power z chosen by the bank 1/d c n, f(n) , m*s -----------------------------------------> PAYER BANK <------------------------------------------ +----------+ d/h g/h | zd/h | m * s * | f(n) |, z +----------+ Fig. 4. Hidden note value payment If z were known to the payer before payment, then the payer could -z cheat by including f(n) in the third component; this would yield the payer the system-wide maximum change, even if none were due. Consider a single change exponent q. If z mod q is guessed correctly by a cheating payer, then the payer improperly gets the corresponding coin value. Thus the chance of successful cheating is 1/q. If, however, the divisors of h are chosen sufficiently large, quite practical security can be achieved. When the possibilities of distributing change and refunding are included, this scheme's privacy surpasses that of a coin system. CONCLUSION Combining online coins improves efficiency, use of funds, convenience, and privacy. REFERENCES Chaum, D., "Privacy Protected Payments: Unconditional Payer and/or Payee Anonymity," in Smart Card 2000, North-Holland, 1989, pp. 69-92. Chaum, D., A. Fiat, & M. Naor, "Offline Electronic Cash," Proceedings of Crypto '88. Brought to you by the Information Liberation Front, and DEADBEAT -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBFAgUBLNVnzvFZTpBW/B35AQGVAAGAq1L57YI/1zlXVH0LYyHBvbN/2h/RuVeR Uf8VSC0gCjvkmy5QnlqXuGM/H2k3R16S =WhD1 -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From mdiehl at triton.unm.edu Mon Nov 1 20:34:50 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Mon, 1 Nov 93 20:34:50 PST Subject: Your mother's maiden name In-Reply-To: Message-ID: <9311020433.AA01264@triton.unm.edu> According to Arthur Chandler: > > But I've always wondered just how secure this "password" is. Recalling > Eric Hughes statement that "cryptography is all economics," and > realizing that someone with an unlimited budget could probably scrounge > that info after some effort -- just how much effort would it take? And > how secure is "mom's maiden name" as a password for obtaining sensitive > information over the phone? You mean you told them your mother's REAL maiden name? Bummer. ;^) J. Michael Diehl ;^) |*The 2nd Amendment is there in case the mdiehl at triton.unm.edu | Government forgets about the 1st! Mike.Diehl at f29.n301.z1 |*God is a good Physicist, and an even .fidonet.org | better Mathematician. al945 at cwns9.ins.cwru.edu|*I'm just looking for the opportunity to (505) 299-2282 (voice) | be Politically Incorrect! Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703. From mdiehl at triton.unm.edu Mon Nov 1 20:39:50 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Mon, 1 Nov 93 20:39:50 PST Subject: privacy, packwood, & pgp In-Reply-To: <9311020042.AA16247@internal.apple.com> Message-ID: <9311020436.AA01358@triton.unm.edu> According to Lefty: > > Note that nobody is, as far as I know, trying to extract Packwood's diary > by sheer force of arms. Well what do you think a supeona is? It most certainly is backed by "sheer force of arms..." the long arm of the law, if you will. J. Michael Diehl ;^) |*The 2nd Amendment is there in case the mdiehl at triton.unm.edu | Government forgets about the 1st! Mike.Diehl at f29.n301.z1 |*God is a good Physicist, and an even .fidonet.org | better Mathematician. al945 at cwns9.ins.cwru.edu|*I'm just looking for the opportunity to (505) 299-2282 (voice) | be Politically Incorrect! Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703. From MIKEINGLE at delphi.com Mon Nov 1 22:39:52 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Mon, 1 Nov 93 22:39:52 PST Subject: Hole in MD5 Message-ID: <01H4TM7X9M2A91WCV4@delphi.com> Recently there was a message here about MD5 having a hole in it. Maybe this is what the person was talking about... >From msuinfo!uwm.edu!cs.utexas.edu!uunet!ddsw1!chinet!schneier Tue Mar 23 10:36:50 1993 Newsgroups: sci.crypt Path: msuinfo!uwm.edu!cs.utexas.edu!uunet!ddsw1!chinet!schneier From: schneier at chinet.chi.il.us (Bruce Schneier) Subject: Successful Cryptanalysis of MD5 Message-ID: Organization: Chinet - Public Access UNIX Date: Thu, 18 Mar 1993 04:06:39 GMT Lines: 25 This is from Bart Preneel's Ph.D. thesis, "Analysis and Design of Cryptographic Hash Functions," Jan 1993, p. 191. It is about the cryptanalysis of MD5: B. den Boer noted that an approximate relation exists between any four consecutive additive constants. Moreover, together with A. Bosselaers he developed an attack that produces pseudo-collisions, more specifically they can construct two chaining variables (that only differ in the most significant bit of every word) and a single message block that yield the same hashcode. The attack takes a few minutes on a PC. This means that one of the design principles behind MD4 (and MD5), namely to design a collision resistant function is not satisfied. I have not seen the actual paper yet, which will be presented at Eurocrypt. Both PEM and PGP rely on MD5 for a secure one-way hash function. This is troublesome, to say the least. Bruce ************************************************************************** * Bruce Schneier * Counterpane Systems For a good prime, call 391581 * 2^216193 - 1 * schneier at chinet.chi.il.us ************************************************************************** From: burt at chirality.rsa.com (Burt Kaliski) Newsgroups: sci.crypt Subject: Pseudocollisions in MD5 Message-ID: Date: 23 Apr 93 21:13:38 GMT Distribution: sci Organization: RSA Data Security, Inc. Lines: 89 NNTP-Posting-Host: chirality.rsa.com Following is a short note commenting on den Boer and Bosselaers' recent work on the MD5 message-digest algorithm. Feel free to email questions or further comments. -- Burt Kaliski RSA Laboratories ---------------------------------------------------------------------- \documentstyle[12pt]{article} \begin{document} \title{On ``Pseudocollisions'' in the MD5 Message-Digest Algorithm} \author{Burton S. Kaliski Jr. \\ {\tt burt at rsa.com} \and Matthew J.B. Robshaw \\ {\tt matt at rsa.com} \and RSA Laboratories \\ 100 Marine Parkway \\ Redwood City, CA 94065} \date{April 23, 1993} \maketitle A message-digest algorithm maps a message of arbitrary length to a ``digest'' of fixed length, and has three properties: Computing the digest is easy, finding a message with a given digest---``inversion''---is hard, and finding two messages with the same digest---``collision''---is also hard. Message-digest algorithms have many applications, including digital signatures and message authentication. RSA Data Security's MD5 message-digest algorithm, developed by Ron Rivest \cite{rfc-md5}, maps a message to a 128-bit message digest. Computing the digest of a one-megabyte message takes as little as a second. While no message-digest algorithm can yet be {\em proved} secure, MD5 is believed to be at least as good as any other that maps to a 128-bit digest. Inversion should take about $2^{128}$ operations, and collision should take about $2^{64}$ operations. No one has found a faster approach to inversion or collision. Recent work by den Boer and Bosselaers \cite{den-boer-md5} presents a special kind of ``pseudocollision'' in MD5's internal compression function, which maps a 512-bit message block $x$ and a 128-bit input state $s$ to a 128-bit output state. They show how to find a message block $x$ and two related input states $s_1$ and $s_2$ that yield the same output state: $f(x,s_1)$ = $f(x,s_2)$. Their well-thought approach exploits structural properties of the collision function to find a pseudocollision in about $2^{16}$ operations, much less than one would expect. Practical implications of this pseudocollision work to the security of MD5 are not evident. While a real collision in MD5 implies a pseudocollision (or a ``pseudo-inversion''), a pseudocollision need not imply a real collision. Indeed, a real collision, since it involves two different messages, would almost always involve {\em different} message blocks $x_1$ and $x_2$ such that $f(x_1,s_1) = f(x_2,s_2)$, but the pseudocollisions have the same message blocks. Moreover, the input states $s_1$ and $s_2$ would generally be unrelated, but the pseudocollisions' input states are the same except for four bits. There does not seem to be any way to extend den Boer and Bosselaers' approach to anything beyond the special pseudocollisions, a limitation they readily admit. It is reasonable, therefore, to believe that MD5 remains secure. While den Boer and Bosselaers have found interesting structural properties in MD5, the properties seem only to lead to special pseudocollisions and not anything approaching real collisions. Further research, of course, will give a better understanding of the strengths of MD5 and other message-digest algorithms, with the eventual hope that such algorithms can, in some sense, be proved secure. \bibliographystyle{plain} \begin{thebibliography}{1} \bibitem{den-boer-md5} Bert den~Boer and Antoon Bosselaers. \newblock Collisions for the compression function of {MD5}. \newblock In {\it Advances in Cryptology --- Eurocrypt '93}, 1993. \newblock Preprint. \bibitem{rfc-md5} R.L. Rivest. \newblock {\it {RFC} 1321: The {MD5 Message-Digest Algorithm}}. \newblock Internet Activities Board, April 1992. \end{thebibliography} \end{document} From gg at well.sf.ca.us Tue Nov 2 01:29:52 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Tue, 2 Nov 93 01:29:52 PST Subject: on the road... Message-ID: <199311020929.BAA22765@well.sf.ca.us> ...and in Berkeley the PD has a little trailer they set up all by itself, which has a radar system in it and a display in large red numerals. There is a place to hang some large printed numbers representing the speed limit. There is a large sign on the back which says, "Speed limit (printed numbers); your speed: (red display numbers), drive safely!" No tickets dispensed, but pretty effective at getting people to slow down. From hughes at ah.com Tue Nov 2 01:31:20 1993 From: hughes at ah.com (Eric Hughes) Date: Tue, 2 Nov 93 01:31:20 PST Subject: Your mother's maiden name In-Reply-To: Message-ID: <9311020923.AA01212@ah.com> re: cost of obtaining mother's maiden name. >And how secure is "mom's maiden name" as a password for obtaining >sensitive information over the phone? Not very. Birth records and marriage records tend to be public record. Organizations that do genealogical research tend to have this data around, although they don't always make it easy to get data on the living. On the other hand, most organizations I've dealt with that use it just use it as a password field. You can just pretend that the person on the other end of the line is asking "What is your password?" rather than the standard question. Eric From collins at newton.apple.com Tue Nov 2 01:34:52 1993 From: collins at newton.apple.com (Scott Collins) Date: Tue, 2 Nov 93 01:34:52 PST Subject: Hole in MD5 Message-ID: <9311020930.AA05211@newton.apple.com> Kaliski's response (re: den Boer and Bosselaers' recent work) sounds reasonable when applied to real life 'human readable' messages typically comprising many blocks. I wonder, though, if this technique admits a reasonable attack on single-block, offline hashing schemes like Bellcore's timestamping system. I am a little unsure of the details of their system, but I think I correctly present the gist of it in the following. Bellcore's timestamping system is 'offline' in that all the information a verifier gets is from the prover (except, perhaps, double-checking the root hash with some public archive). Most of the important information is already gone: the maximum depth of that day's hash-tree; the hash-tree itself; the actual depth of any given timestamp; et al. Eve has a document, allegedly timestamped with the Bellcore system. To prove it to me, she gives me the document (doc), a date/time, and a list of N hashes, h_1..h_N, where h_N is the root hash for that date (verifable from some widely published event on that date). I call Bellcore, or look in some archives to get the published root hash (root) for that date/time. h <- MD5(doc) For i<-1..N-1 h<-MD5(h concatenated with h_i) When I'm done, if h = h_N, then the timestamp is valid. Since I don't know the actual depth of Eve's timestamp, her hash sequence can have any number of elements. If Eve can produce a collision for digests the size of the internal nodes in the daily timestamp hash-tree, even if she can't do it with a single direct collision, she can spoof me. (Of course, if she gives me some number of hashes such that 2 to that power is greater than the number of people in the U.S., I might smell a rat.) I haven't yet seen the paper, so this may be an unreasonable conclusion. I gathered from Bellcore's presentation at the last RSA conference that they don't sign the timestamps because "you could always bribe the timestamper". They rely completely on the security of the chosen hash function, and the idea of a 'widely published event'. If anybody has better/more specific info on Bellcore's system, or den Boer and Bosselaers work, or Preneel's paper, I would be interested. Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2B Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024:669687 catalyst at netcom.com From hughes at ah.com Tue Nov 2 03:19:54 1993 From: hughes at ah.com (Eric Hughes) Date: Tue, 2 Nov 93 03:19:54 PST Subject: Chaum's credentials (technical question) In-Reply-To: <9310310111.AA04231@jobe.shell.portal.com> Message-ID: <9311021112.AA01396@ah.com> Hal Finney writes about a paper of Chaum's, and near the end asks: >In short, I haven't found any interpretation of Chaum's math that makes >sense. Can anyone shed any light on this? I think you're correct, Hal. From everything I can tell, Chaum's confused product and greatest common divisor. First, though, there's a basic fact about the arithmetic of integers which everyone who wants to learn more algebra should know. Z is the set of integers. For every m,n in Z, there is a,b in Z such that a*m + b*n = gcd(m,n). One calculates the gcd by means of the Euclidean algorithm, and the coefficients a and b by an extension of that algorithm. Lots of basic algorithm books contain descriptions. >From an abstract point of view, this is a simple consequence that Z is a principal ideal domain. The ideal (m,n) is composed of the linear span of m and n. Since this ideal is principal, by definition there is a c such that (m,n) = (c). Clearly c is in the linear span of m and n, hence coefficients exist. Note that reducing mod n gives a*m = gcd(m,n) (mod n). If m and n are relatively prime (means gcd = 1), the a is m inverse mod n. Likewise b is n inverse mod m. This is a standard algorithm for calculating modular inverses. Here's the relevant passage, again: > "Suppose an organization X were to require that you have each of two > credentials, say both that with public exponents e1 and e2. You could > send X separatley Px^d1 and Px^d2. It is also possible for you to use > the two credentials to form the single credential Px^(d1*d2), which > will be called their AND.... To create the AND, you: set g to the > multiplicative inverse of d1 modulo d2; set h to the remainder after > dividing g*d1-1 by d2; and computing > (Px^d1)^g * (Px^d2)^(-h) = Px^(d1*d2)." I believe that Hal is correct when he points out that h is not a remainder (which would be zero, as he points out) but the quotient. I originally misread this as quotient because I recognized the context. First, the multiplicative inverse of d1 (mod d2) exists only if the two are relatively prime. Hal did not quote the whole article, so I don't know if this criterion is stated elsewhere. Let us assume the d's have this property, since the d's can be so chosen. The calculation of d1 (mod d2) is exactly the calculation of the coefficients in the extended Euclidean algorithm above. Consider a*d1 + b*d2 = 1. Reducing mod d2, we have a*d1 = 1 (mod d2). That means that a is d1^(-1) (mod d2). Likewise (a*d1 - 1) / d2 = -b. Chaum's description exactly fits the gcd context. >The other possibility I thought of is that he meant that the signing >agency would make g and h, as he defined them, public. That's my interpretation as well. After the calculation, as Hal observes, you just end up with Px, not Px^(d1*d2). That's totally useless, since you already knew Px. It is certainly possible to create coefficients for combining credentials such that you end up with a product in the exponent. For example, the pairs and <0,d1> both work nicely, with the bad side effect that you've given away a private key. Let's try blinding them. Suppose you have coefficients a and b such that a*d1+b*d2=0; the pair works here. Then every such pair of product-combining coefficients can be represented as + r*. Since the exponents are mod phi(N), we can suppose that the pair doesn't _directly_ reveal the private keys. But it's unclear to me that this pair of coefficients doesn't reveal d1 and d2. One doesn't know phi(N), but one may not need to. Eric From mlshew at netcom.com Tue Nov 2 04:09:56 1993 From: mlshew at netcom.com (Mark Shewmaker) Date: Tue, 2 Nov 93 04:09:56 PST Subject: 700 Club Report on the Clipper Chip on Wednesday, October 20, 1993 Message-ID: <9311021208.AA26528@netcom6.netcom.com> On October 20, 1993, the 700 Club gave a report on the Clipper chip. The report was fantastic. If you want to convince people why the chip is so very dangerous, and why cryptographic freedoms are so important, I recommend that you take a good look at this. Most people don't take to overly technical explanations of things, at least for the first round of explanations. This is an excellent model of starter explanation for such people. I've included a transcript of the show's Clipper segments. Notice one important thing: The report is not overtly religious in tone. It does not need to be. Encryption and privacy issues cut across many political and religious lines. There is no need to alienate the people you are trying to convince by insulting their group affiliations. Notes on the transcript: It includes only the Clipper-chip segments. The transcript is in three sections. The first is from the intro to the show where they show clips of future segments of that days show, the second is the pre-commercial "Next: The Clipper chip, here on the 700 Club", and the last is the actual report. All typos and inaccuracies are mine. The editing I did to the report is: (1) remove "uh"'s (2) try to add returns in order to put the speech's format into some semblance of paragraph form for easier reading, and (3) change one case of two people talking simultaneously (at the end) to one person saying a few words, followed by the other saying a few words. People in the report: Ben Kinchlow and Terry Meeuwsen are the hosts, who talk about the stories between themselves, and Julia Zaher is the reporter for the story. She speaks both in a voiceover to the report, and in the report, interviewing Jerry Berman, Lynn McNulty, Lance Hoffman, and of course Dorothy Denning. By the way, they showed the Clipper chip itself! Or, at least they showed something they claimed to be the Clipper chip. Unfortunately, there was no close-up, just the chip in someone's hand, with the chip taking about a sixteenth of the screen. It looked like a 28 pin PLCC package, with the cheaper tin plated leads. Odd that there are so few pins. Here's the transcript: [The following was clipped from the intros to the that day's topics] Ben Kinchlow: We've also got a word of caution for you because very soon, if you're familiar with this song: _Every_Move_You_Make,_Every_ _Step_You_Take: The federal government could be watching you! Jerry Berrman: We are going to conduct our lives in electronic media: Order our movies, order our television shows, decide what schools we send our children to, what programs we want to, what products we want to buy, what magazines we want downloaded into our homes. Ben Kinchlow: And if you're a big fan of large government, this tiny computer chip could now give the government, Big Brother, instant access to every detail of your private life. And we'll have details of that still to come. Terry? Terry Meeuwsen: Right...Scary. --- [The following is the pre-commercial message.] --- Ben Kinchlow: Well coming up next... The clipper computer chip. It could be a key to invading your privacy. We'll have that for you as the 700 club continues. --- [The following is the actual report.] --- Terry Meeuwsen: The famous line from the book _1984_ was "Big Brother is watching you", and in the future, that could prove to be true. How would Big Brother watch you? What method would he use? Some privacy experts fear the means could be-- a computer chip. CBN News correspondent Julia Zaher brings us the story from Washington. Julia Zaher: (voiceover) The way we communicate is changing rapidly. It won't be long before our telephone, our computer, and perhaps even our television will all be one device. Jerry Berman of the Electronic Frontier Foundation says we'll use that device to conduct most of our daily business, our personal business; and for some of us, our professional business. Jerry Berrman: We are going to conduct our lives in electronic media: Order our movies, order our television shows, decide what schools we send our children to, what programs we want, what products we want to buy, what magazines we want downloaded into our homes. Julia Zaher: (voiceover) Berman and others in the communications and computer industries welcome the innovative technology, but they also worry that a new danger is threatening the privacy of every American. The danger is that a computerized record of nearly all of our activities will be constantly accumulating. That record could show virtually every move we make, from what we buy, to how much money we make, to what political causes we support. To protect our privacy, Berman and others believes, more people will start doing what the government and the military have done for decades: Add scrambling devices to telephones and computers, to keep outsiders from tapping into important information and conversations. That process of coding and decoding information is called encryption. Jerry Berrman: Today we don't think of encrypting our communications, but it will be done with a flick of a button. Julia Zaher: (voiceover) Already, AT&T makes a scrambling device for telephones. Many businesses, especially those with overseas offices, use these scrambling devices routinely. They also take advantage of the almost 300 computer software programs available to code and decode computer programs and electronic mail. The Clinton administration has taken a great interest in this information revolution, and the government has invented its own scrambling device. Lynn McNulty: This is one of the clipper chips. The chip itself costs about twenty-five dollars. Julia Zaher: (voiceover) The new invention is known as the Clipper chip. The chip is supposed to provide the strongest possible method of coding phone, FAX, and computer transmissions to prevent unwanted eavesdropping. The chip is supposed to be on the market soon. Lynn McNulty is with the National Institute of Standards and Technology, known as NIST for short. President Clinton has commissioned NIST to help make the Clipper chip the highest standard for scrambling information. The White House wants to see more businesses and individuals use the Clipper chip to protect their communications once it's on the market. The reportedly unbreakable scrambling code in the chip would be a big plus in the fight to keep information private. But there's a catch. Lynn McNulty: A good part of the technical details of the, that underlie the standard will not be made public, which is a departure from the way we've done business in the past. Julia Zaher: (voiceover) The details of how Clipper works and the keys that can break the code are all being kept secret by the government. That has nearly everyone in the computer and communications industries alarmed. Lance Hoffman is a computer science and encryption coding and decoding expert. Lance Hoffman: The administration wants to control the whole process, and wants the government to control all the keys, is what it boils down to--that's the real problem. Julia Zaher: (voiceover) The government says it alone must hold the keys that can break Clipper's private scrambling code. That would mean that only government agencies could eavesdrop on computer and telephone transmissions. Private agencies, or individuals like private detectives couldn't do it. The FBI and other law enforcement agencies say, instead of getting court orders for wiretaps, in the future they'll be routinely requesting codes that are scrambling computers and telephones. Dorothy Denning is one of the five outside computer experts who had the chance to examine the Clipper chip and try to break its code. Julia Zaher: And what happened? Dorothy Denning: I failed. I didn't break it. Julia Zaher: There was no way you could break it? Dorothy Denning: There was no way I could break it. Julia Zaher: (voiceover) Denning is one of the very few people in the computer science field who sees no danger in the government holding the only keys that can break Clipper's code. Dorothy Denning: ...And this initiative does not in any way to expand the government's authority to intercept communications. Julia Zaher: (voiceover) Denning also says Clipper's unbreakable code would make it more difficult for police or the FBI to do illegal wiretaps. But Hoffman and many others disagree. They say that all of the secrecy about how clipper works, combined with the government alone holding the keys to break the code, would put the privacy of everyone using clipper in jeopardy. Hoffman says that while the chip is just one of many scrambling devices now, the government could eventually argue that everyone coding their information must use clipper Lance Hoffman: There's no reason they couldn't change their mind at a later point and say "well we tried it voluntari..." "We tried it as a voluntary measure, it doesn't work, so now it's going to be mandatory." Julia Zaher: (voiceover) Privacy advocates like Jerry Berman point out the government has been known to spy on citizens when it believes they hold dangerous political opinions. Jerry Berrman: There are good governments, there are bad governments. We've gone through abusive periods where we've had intelligence agencies chasing different political dissidents from the right and left around. We worry about these things. Julia Zaher: (reporting) Computer coding and decoding standards may all seem irrelevant at this point, but they'll be important in the future to protect your privacy. The government's Clipper chip is the most powerful coding and decoding device developed so far. It hasn't been decided yet if Clipper will be the one national standard used to protect electronic privacy, but if it is, it could also pose the greatest threat, if those decoding keys, held by the government, fall into the wrong hands. Julia Zaire, CBN News, Washington. Ben Kinchlow: And some of us would say that the wrong hands for them to fall into is the government! You know. What your talking about here, essentially, is a giant superhighway. This is what the President, Vice-President Gore is recommending--that we have this super-highway, which on the surface is wonderful. It enables us all across the world to hook up and, you know, exchange information and communications with people, and that's a wonderful idea, and we need to take full advantage of what's going on in technology today: Marvelous things. Like one of our cameramen is hooked up to something called Internet, where you can pull out files from the university of Tokyo, if you will. I mean, it's a wonderful idea. The problem is, when the government comes in and starts saying, "The only" I mean, everybody has this scrambling device, but the only people who can unscramble this device is the government. But the government says that "we must have this" in order to track down criminals and terrorists. The problem is, "criminals and terrorists" eventually become who the government says "criminals and terrorists" are. And it will not be long before anybody who disagrees with the government, then, can become a criminal, and his whole activities can be tracked down. And indeed what Orwell said about 1984 becomes a reality. The Big Brother has the capacity to watch you, track you. And by the way, interestingly enough, they do have, and have developed, a small uh Terry Meeuwsen: Oh, I don't want to know this Ben Kinchlow: tracking device that goes under Terry Meeuwsen: Under the skin? Ben Kinchlow: under your skin. In fact, they used some of it, according to one report I read, over in the war that just took place in the middle east, so they could track our men by satellite. Terry Meeuwsen: Well, you know [sigh], the bottom line is that it's the same thing we've been hearing day after day after day: More government control, more government control. So, we need to hear that... Ben Kinchlow: The operative word here being 'control.' Terry Meeuwsen: Yeah. Ben Kinchlow: Watch it. From hiscdcj at lux.latrobe.edu.au Tue Nov 2 06:19:56 1993 From: hiscdcj at lux.latrobe.edu.au (Dwayne) Date: Tue, 2 Nov 93 06:19:56 PST Subject: Some possible projects/topics for CypherPunks Message-ID: <9311021416.AA13358@lux.latrobe.edu.au> This is from the guy who thought up the punk net idea. He has a smallish mbox, so asked me to passs this on. Feel free to mail him directly.. Dwayne. : From jon at werple.apana.org.au Tue Nov 2 17:26:48 1993 : Date: Tue, 02 Nov 1993 17:26:23 +1100 (EST) : From: Jon Holdsworth : Subject: Re: Some possible projects/topics for CypherPunks : To: hiscdcj at lux.latrobe.edu.au (Dwayne) : Message-Id: <199311020626.RAA00708 at werple.apana.org.au> : : > 1. HARDWARE: What about building our own machines? This is the Vinge-ian : > crypto-anarchy theme ultimately. We should be able to produce our own : > technology, and not depend on the merchantile/government-mandated : > economic system/monopolies. : > : > I see this as being very important to the oceania/autopia/technomad : > ideas and projects of creating ocean-going free societies. : > This is all good encouraging stuff! Of course you realize that half the issue is that PunkNet and some other things HAVE to be *Illegal*. Why? Because they have no point in existing if they can be regulated, taxed, interferred with or "policed" (an abstract) by any govt or comm agency : : > Or is anyone interested in starting a parallel list of sorts for the : > hardware-punks? 'ware-punks? :-) or perhaps an even better name This is an excellent idea. Get the HAM crowd into it (The ULTRAnerds) : : > would be The Homebrew Computer Club^2. No that would be a fucking shithouse name : : > 2. STEGENOGRAPHY: Using the genome project data listings : > (bionet.molbio.genbank.updates) as a stegenographic source to : > hide encrypted info in. Similar to the alt.w.a.s.t.e NG, : > but more public. Of course, it'd be bad if your ecrypted data : > got credited with curing/causing a genetic disease.... => : > Mad. I like it : : > 3. PUNK-NET: (see HARDWARE above) Wheeeeeee!!!! : : > 4. POLITICS/ANONYMITY: I may have missed this, but has anyone : > discussed Gibson's "The Republic of Desire" idea of having a : > network based guerilla organization? Not that we need to be : > guerilla's yet, but... : > In MUDS (eg. Graphical muds!!) I think it would become easier than ever to assemble cell-structure type (eg. IRA style) orgs Encyphered PunkNet too : : : > I think the guerilla cell organization would probably lend itself : > to using the DC-net protocols, and developing webs-of-trust Whats DC-net? {Dwayne's note: I'll pass on the DC-NET thing that was posted here a while ago. I've saved it. Somewhere :-/ } (Dwayne Jones-Evans IRC, MediaMOO: ddraig ) ( SCA: Cynon Yscolan ap Myrddin, Stormhold, Lochac, West) PGP public key available. finger me. be gentle. internet---> hiscdcj at lux.latrobe.edu.au From mlshew at netcom.com Tue Nov 2 06:23:54 1993 From: mlshew at netcom.com (Mark Shewmaker) Date: Tue, 2 Nov 93 06:23:54 PST Subject: 700 Club Report on the Clipper Chip on Wednesday, October 20, 1993 Message-ID: <9311021420.AA08854@netcom6.netcom.com> I have an error in my spelling. I spelled Jerry Berman's name wrongly as Jerry Berrman. Major apologies. And after mentioning him as just 'an eff guy' in the first message. I'm sorry to have misspelled your name, Mr. Berman. *** Everyone, please do a search and replace of Berrman->Berman before distributing the document any further. *** From ejuv19 at festival.edinburgh.ac.uk Tue Nov 2 10:33:54 1993 From: ejuv19 at festival.edinburgh.ac.uk (D Nicoll) Date: Tue, 2 Nov 93 10:33:54 PST Subject: unsubscribe Message-ID: <9311021828.aa13590@uk.ac.ed.festival> unsubscribe please thanks From thomas.hughes at chrysalis.org Tue Nov 2 11:33:54 1993 From: thomas.hughes at chrysalis.org (thomas.hughes at chrysalis.org) Date: Tue, 2 Nov 93 11:33:54 PST Subject: Z Message-ID: <9311021301.A4036wk@chrysalis.org> wild and crazy ideas for the remailers: o some fabulous code writer needs to hack up a copy of PGP so that it will allow/force a batch-mode operation and not stop and wait for input from the "user" if the message fed into it uses an unknown key or something else happens that causes PGP to pause/stop/halt/quit/die. " :: " the " PGP-ENCRYPTED " line could be done away with all together. if the message fed through the PGP.batch.version returns a plaintext, use the plaintext; if not, try to process the original message. o i looked at the code for hal-the-remailer for about 5 seconds and can't remember even a line of what it looked like, but how difficult would it be to rig up the remailers to delay untill midnight and then process each message stacked in the remailer que _randomly_? 1 out of 3 it is sent out 1 out of 3 it is skipped entirely (until the next remailing-event/time) 1 out of 3 it is forwarded automagicly through a "friendly" remailer. you set the remailer to NOT skip a message that is in the first "n" messages on the stack to be remailed. (to prevent a message from getting "stuck" inside the remailer for an extended period of time...) obviously whomever is running the remailer can tinker with the ratios and the number of times per day messages are processed ... o the more remailers the message goes through, the harder it is to track down the original sender. why force the sender to manually send messages through multiple remailers when some clever script can do it from inside the "remailer network" automaticly? messages go into one remailer, and are forwarded in a random order once/twice/? a day through a second remailer. encryption, compression, padding, etc would add to the effect as well. o how about checking for " :: " " Respond " and bouncing back: " Message received. " " ReMailer active. " or perhaps the remailer's public key, or even a description of the location of the system the remailer is running on, how to get a copy of the software, what the author's favorite color is, etc ... anyone that wants the remailer to bounce back a response can stick "::RESPONDDAMNIT!" in their messages, and the people who don't want the remailers to respond at all, won't hafta worry about it. o i suggest adding an "ignore list" of sites. this would provide a simple somewhat effective way to cut down on abuse with a minimum effort. if a problem-abuser pops up, just lock that site out for a while and maybe the problem will go away. the amount of annoyance/difficulty the abuser is caused is much greater than the effort needed to add the site's name to the ignore list. sure the abuser will just find another site to send from or another remailer to abuse, but mr abuser will wear himself out while the remailers won't even break a sweat. o an overiding "OK-to-respond" list would be nice too. (to allow remailers to accept messages from certain systems, users, and remailers regardless of any locked out sites.) From ptaylor at panix.com Tue Nov 2 12:10:01 1993 From: ptaylor at panix.com (Phil Taylor) Date: Tue, 2 Nov 93 12:10:01 PST Subject: Style Analysis In-Reply-To: <199310292142.AA22002@access.digex.net> Message-ID: On Fri, 29 Oct 1993, Dark wrote: > It seems to me that the software to "filter" a message through and > remove anomalies, standardize punctuations and replace words > over 5 letters with more standard words.. etc.. has a kind of > utility. I remember a sf suggestion a while ago that went like this: a. A mail reader that intelligently filters incoming messages to extract only the factual content. b. A mail sender that intelligntly "stylizes" a factual message with appropriate "fluff". That way I can send you a one line message "watch out for the MDS!", but our computers will communicate with as much polite waffling as possible. The suggestion was a joke but maybe it has applicability :-) PJT - A new poster but a longtime reader. From kwaldman at BBN.COM Tue Nov 2 13:10:01 1993 From: kwaldman at BBN.COM (kwaldman) Date: Tue, 2 Nov 93 13:10:01 PST Subject: Z In-Reply-To: <9311021301.A4036wk@chrysalis.org> Message-ID: <9311022108.AA26311@toad.com> >From: thomas.hughes at chrysalis.org >Date: Tue, 02 Nov 93 13:01:08 >Subject: Z >To: cypherpunks at toad.com > > >wild and crazy ideas for the remailers: > > >o some fabulous code writer needs to hack up a copy of PGP so that it will > allow/force a batch-mode operation and not stop and wait for input from > the "user" if the message fed into it uses an unknown key or something > else happens that causes PGP to pause/stop/halt/quit/die. > > " :: " > the " PGP-ENCRYPTED " line could be done away with all together. > if the message fed through the PGP.batch.version returns a plaintext, > use the plaintext; if not, try to process the original message. > > At least on version 2.2 you could set BATCHMODE=TRUE in pgp.c Karl -------- Karl M. Waldman kwaldman at bbn.com BBN Systems and Technologies From szabo at netcom.com Tue Nov 2 13:13:54 1993 From: szabo at netcom.com (Nick Szabo) Date: Tue, 2 Nov 93 13:13:54 PST Subject: Commerce Models (fwd) Message-ID: <9311022112.AA10177@netcom5.netcom.com> Addendum my to previous post: the Internet commerce list is at imp-interest at thumper.bellcore.com, presumably you can subscribe via imp-interest-request at thumper.bellcore.com. Great articles on electronic cash, "digital pennies", Internet Billing Service, etc. from people intending to implement and use this stuff, soon. Nick Szabo szabo at netcom.com From klbarrus at owlnet.rice.edu Tue Nov 2 13:30:01 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Tue, 2 Nov 93 13:30:01 PST Subject: ANON: mail concerns Message-ID: <9311022125.AA05859@elf.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- Hm.. there have been some concerns over anonymous mail recently... both Alan and Thomas have noted that it is easy to match up sender and destination for a remailer which processes each message as it arrives. Solution: cache all messages and process them later (once a day, once a week, etc.). For example, the remailer at elee9sf at menudo.uh.edu caches all incoming requests, and processes them (randomly) at midnight. I didn't even have to modify the remailer scripts to do this; rather, I wrote some extra ones. The process seems stable. The trickiest part is scheduling the remailing: I have to use the 'at' command since I can't have my own crontab. Also, Thomas mentioned what seems to be 'random remailing'. As I mentioned in a previous message ("ANON: anonymous mail"), forcing mail to progress through a network randomly also forces the final destination to be known to everybody, where before only one site knows the final destination. Also, instead of building the necessay headers to hop mail you may be able to use one of several scripts and programs available at soda.berkeley.edu Karl Barrus -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLNbQEoOA7OpLWtYzAQEe0QP+KaDWOyep8+wSfEMtUjBOj8OGJMrdSCkO jAfS3zW/uASpOfZ8zgaGBhl8kFPzF9ZyEJyKV/tydIHJdQUEI9K3FU0AE4vB2Fei xcGcM16dZlSSOW/E+CkRR/3UstlRwUuHCccFACTh5SIPIG3mSSVvNMEp7Cz+SIss j5Mkq9KqJc0= =tWzv -----END PGP SIGNATURE----- From jet at netcom.com Tue Nov 2 13:40:04 1993 From: jet at netcom.com (J. Eric Townsend) Date: Tue, 2 Nov 93 13:40:04 PST Subject: 700 Club Report on the Clipper Chip on Wednesday, October 20, 1993 In-Reply-To: <9311021208.AA26528@netcom6.netcom.com> Message-ID: <9311022136.AA22619@netcom7.netcom.com> Mark Shewmaker writes: > Notice one important thing: The report is not overtly religious in > tone. It does not need to be. Encryption and privacy issues cut As a regular and long-time 700 Club viewer :-), I'd like to point out that they've taken great pains to be non-religous in their coverage of issues. They're really trying to appeal to people who don't already 'believe'. Also, I suspect they're trying to snare channel-surfers. From cdodhner at indirect.com Tue Nov 2 15:47:14 1993 From: cdodhner at indirect.com (Christian D. Odhner) Date: Tue, 2 Nov 93 15:47:14 PST Subject: ANON: mail concerns In-Reply-To: <9311022125.AA05859@elf.owlnet.rice.edu> Message-ID: I recently bought a copy of oracom's "Programing Perl" (which btw has a GREAT quickreference guide) and have been working on a remailer mod with little succsess. My thought goes like this: New remailer command... :: Induce-Delay: X Where X is any number between 0 and 9999, or the word 'Random'. This would delay the remailing of the message by X minutes through a simple perl sleep command. QUESTION: Would new mail be kept waiting by the old mail? Or would Unix spawn a new incarnation of the remailer process to take care of each subsequent message? :: Mail-At-Time: X Mail-On-Date: X Again both of these would use a sleep command to avoid the cron and at commands. :: Request-Encryption-To: X If user ID X is on the remailer's pubkey ring, the outgoing message is encrypted to X. This could be usefull for anonymous return-address blocks. I think these are all pretty good ideas, however I'm not very good at perl (in fact, at this point I suck) and things keep on bombing. Well, Happy Hunting to all, -Chris. Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" My opinions are shareware. To register your copy, send me 15$ in DigiCash. Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 From mg5n+ at andrew.cmu.edu Tue Nov 2 16:42:17 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 2 Nov 93 16:42:17 PST Subject: Some possible projects/topics for CypherPunks In-Reply-To: <9311021416.AA13358@lux.latrobe.edu.au> Message-ID: <0gpjpDm00awINIlkpF@andrew.cmu.edu> : > 1. HARDWARE: What about building our own machines? This is the Vinge-ian : > crypto-anarchy theme ultimately. We should be able to produce our own : > technology, and not depend on the merchantile/government-mandated : > economic system/monopolies. : > : > I see this as being very important to the oceania/autopia/technomad : > ideas and projects of creating ocean-going free societies. I agree. Altho we'd probably want to build our own boards, we'd have to rely on commercially availiable integrated circuits and other components. The components we'd need are fairly easy to obtain, and I don't see any reason to believe that we will have difficulty obtaining computer components to build a secret network in the future. Oceania will probably become a major source of electronic privacy technologies, but that's still several years in the future. : > Or is anyone interested in starting a parallel list of sorts for the : > hardware-punks? 'ware-punks? :-) or perhaps an even better name Yes. Who can host the mailing list? From khijol!erc Tue Nov 2 17:22:16 1993 From: khijol!erc (Ed Carp) Date: Tue, 2 Nov 93 17:22:16 PST Subject: anonymous remailing/posting software Message-ID: Ah, yes. Once again, it's time to upgrade the APS software here at khijol. For those who don't know, I run an anonymous posting site which posts to only a select set of newsgroups (to prevent abuse). Now that the machine is sitting on the Internet, it's time to revamp the software, and I have thought that it might be easier to hack someone else's than to redo my own (which was one of those all-day hack sessions). Double blind remailing and unique ID services are essential, with the 'nice to have' services like automatic pinging of posts, checksum verifications of posts, automatic encryption/decryption of posts, etc. would be ideal. Any ideas on where I could obtain such software? Shell scripts are OK, C is better. Perl is not desirable unless I really have to. :( Thanks! -- Ed Carp, N7EKG erc at apple.com 510/659-9560 an38299 at anon.penet.fi, anon-1157 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From alanr at media.mit.edu Tue Nov 2 20:12:15 1993 From: alanr at media.mit.edu (Alan Ruttenberg) Date: Tue, 2 Nov 93 20:12:15 PST Subject: trivia question Message-ID: <9311030407.AA16095@media.mit.edu> A friend, (who wished to remain anonymous :) asks: Perhaps you can forward for me a trivia question I've been trying to get answered. I'm pretty sure the phreak magazine "2600" is named after 2.6KHz, which I think was a tone used for some phone billing system that got cracked (perhaps Cap'n Crunch's whistle frequency?) The trivia question is this: can anyone point me to a definitive reference for what 2600 really was? An ACM article or the particular phone system or the cracker who exploited it would suffice. thanks! From unicorn at access.digex.net Tue Nov 2 20:42:15 1993 From: unicorn at access.digex.net (Dark) Date: Tue, 2 Nov 93 20:42:15 PST Subject: Nazis/probability of their mention and/or use to discredit Message-ID: <199311030439.AA27770@access.digex.net> -----BEGIN PGP SIGNED MESSAGE----- Message 53: - From owner-cypherpunks at toad.com Mon Nov 1 10:35:58 1993 From: James Still To: 'Cypherpunks List' Subject: RE: Nazis/Privacy/Cypherpunks Date: Mon, 01 Nov 93 09:08:00 PST >Personally, I don't rule out examination of Nazi tactics as a >worst case scenario model. Let's face it, as ugly and dark as >Nazi rule was, they did some things quite efficiently indeed. [Stuff Deleted] If I understand your basic point to be: "consider the worst possible scenario in order to better prepare for it" then I agree completely. However I have serious reservations with emulating or (gadzooks!) *admiring* those Nazi tactics that seemed to "work" because I would disagree that, first they actually did work, and more importantly, that their ends justified the means. Which brings me to your second point: - -> Let me make clear that I do not (gadzooks appropiate here) condone any Nazi security measures. My point was more to provoke thought about how Nazi security techniques would pan out in the information age. Again, the question, did they work, is debateable. <- >[Note 2] >No one writes code from "the bottom up" in the manner that you >suggest. If that were the case we'd see the wheel invented time >and time again. I disagree. (Semantics check: I'm not talking about a mouse driver or a basic windowing interface here. Obviously, there's no need to hammer out that wheel again.) I am talking about what I see as a basic cypherpunk mission, that being, "the constant reevaluation of the approach towards privacy." We have the ability to constantly rip apart our own ideas, like children's ABC blocks, and see if they fit back together again in a better way. I would prefer to see constant rewrite's of a "given" (like PGP for instance) than to stagnate and rely on the one idea, concept, or proof just because we've always done it that way. Our code should be like our ethics: constantly re- evaluated, questioned, and tested for validity. - -> I interpreted your ground up analogy incorrectly. I do believe that ideas should be examined and reassembled. I just think it's silly to rule out anything that might have merit. (I guess I'm just determined to be flamed here on the merit of anything Nazi) <- - -uni- (Dark) --- still at kailua.colorado.edu -------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLNc0/BibHbaiMfO5AQFrXwQAoxfek4YivmYGsAc21mS6LrRLqTkDXrB1 62o+te0Fge3k2drHiC9oKPEXGa3Aid6/Td3HjDb7IjFsXvAlyD6P/x4IXtVw1W2J Tb2CnwoNl0mz171iLIjHIHAWcfDqwzU5mYgPb1T5XyntgFJTJ966tvEIYhhfkvcH nU5EVDMsdyo= =nSBc -----END PGP SIGNATURE----- From alanr at media.mit.edu Tue Nov 2 21:42:15 1993 From: alanr at media.mit.edu (Alan Ruttenberg) Date: Tue, 2 Nov 93 21:42:15 PST Subject: trivia question In-Reply-To: <9311030448.AA02487@ah.com> Message-ID: <9311030539.AA20710@media.mit.edu> This topic is inappropriate for cypherpunks. At the least next time please acknowledge this and ask for replies in private email. Eric My apologies. I've only joined the list recently and was just passing on a question which someone else thought might be answered in this forum. Please direct any further responses to my email address. Thanks -alan From rarachel at ishara.poly.edu Tue Nov 2 21:42:17 1993 From: rarachel at ishara.poly.edu (A1 ray arachelian (library)) Date: Tue, 2 Nov 93 21:42:17 PST Subject: Style Analysis In-Reply-To: Message-ID: <9311030137.AA11763@ishara.poly.edu> > I remember a sf suggestion a while ago that went like this: > a. A mail reader that intelligently filters incoming messages to extract > only the factual content. > b. A mail sender that intelligntly "stylizes" a factual message with > appropriate "fluff". > That way I can send you a one line message "watch out for the MDS!", but > our computers will communicate with as much polite waffling as possible. > > The suggestion was a joke but maybe it has applicability :-) Yes, however, this isn't too feasable. There's a great quote somewhere in Don Lancaster's Secret Money Machine II that goes along the lines of a bit of text being translated to Russian and back which illustrates just how (in)effective these things can be: IN: The spirit is willing, but the flesh is weak. OUT:The vodka was great, but the mean is rotten. From sameer at uclink.berkeley.edu Tue Nov 2 22:22:15 1993 From: sameer at uclink.berkeley.edu (Sameer) Date: Tue, 2 Nov 93 22:22:15 PST Subject: My PGP key Message-ID: I finally got linux/a secure place for PGP set up-- here's my key. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiyGsCgAAAEEAKrK7SMIBaiBzQRigdhA5BlztMpiCrs4ooWeMEZYpCl8/FPf bz3LHri5dYRNBMLnpv7c8Ezn/nUTbcIPs0zVXpj/8t/4lP1AHHg6QDky1KwBYFaW 9LLAye4EBD3kKq3UvctmdIK225ouMKn6X5+PgNT+dbhwV5LPeXi7eNFdXppdAAUR tCpTYW1lZXIgUGFyZWtoIChzdHJvbmcpIDxzYW1lZXJAbmV0Y29tLmNvbT6JAJUC BRAsiAJ+C/JrSKEuC60BAaFuA/0cu/WBeLvnc1dIEIep/oI4JHqx96QwpC2TOJAp LK/IkVXF9fUUnNHYK6JtxnWj4iowoxYmsuVqJR3bfPND4wYk0Amgu9SQAHu1IDiz cFbXVJ9YwY1u/yZ1+CEQGnUD+ZcXSkIZh3UXu1ubW3iHcAIZ+AbVfuXd082tJo5E QWqzPLQvU2FtZWVyIFBhcmVraCA8Y3M2MGEtcXVAY29yeS5FRUNTLkJlcmtlbGV5 LkVEVT60JlNhbWVlciBQYXJla2ggPHNhbWVlckBnZW5lc2lzLm1jcy5jb20+tChT YW1lZXIgUGFyZWtoIDxzYW1lZXJAc29kYS5iZXJrZWxleS5lZHU+tCdTYW1lZXIg UGFyZWtoIDxzYW1lZXJAb2NmLmJlcmtlbGV5LmVkdT60KlNhbWVlciBQYXJla2gg PHNhbWVlckB1Y2xpbmsuYmVya2VsZXkuZWR1Pg== =Rgag -----END PGP PUBLIC KEY BLOCK----- From mdiehl at triton.unm.edu Tue Nov 2 23:47:18 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Tue, 2 Nov 93 23:47:18 PST Subject: Procmail update. Message-ID: <9311030743.AA21191@triton.unm.edu> Hi all! Just a quick update on my procmail mail processor rc file. I have most of the functionality implemented. I'm working on speeding up mail delivery and making sure I don't have a file locking problem. So far, my system will: 1 Accept incoming mail and determine if it contains a pgp message, key, or signature. 2 If it contains a message, it determines who can read it. 3 If it contains a key, it is added to your pubring.pgp 4 If it contains a signed message, the signature is validated. 5 An informative subset of pgp's output is tacked onto the head of the message, surrounded by user-defined lines to prevent spoofing of the validation info. 6 Finally, the subject of the mail is prefixed with either (key), (sig), (prv) to indicate that the message contains a key, signed message, or encrypted (private) message. I also have the capability to use procmail as a pgp-info server. You could send me mail with the subject: send pgp-help and my machine would send you a file which contains help for pgp. This could lead to lots of uses.... Any comments are welcome. I should be releasing my procmailrc file within the week. Take care, all Lagers, J. Michael Diehl ;^) |*The 2nd Amendment is there in case the mdiehl at triton.unm.edu | Government forgets about the 1st! Mike.Diehl at f29.n301.z1 |*God is a good Physicist, and an even .fidonet.org | better Mathematician. al945 at cwns9.ins.cwru.edu|*I'm just looking for the opportunity to (505) 299-2282 (voice) | be Politicly Incorrect! Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703. PGP Key = 7C06F1 = A6 27 E1 1D 5F B2 F2 F1 12 E7 53 2D 85 A2 10 5D From thomas.hughes at chrysalis.org Wed Nov 3 00:17:18 1993 From: thomas.hughes at chrysalis.org (thomas.hughes at chrysalis.org) Date: Wed, 3 Nov 93 00:17:18 PST Subject: MORE Z Message-ID: <9311022222.A6296wk@chrysalis.org> some seriously moronic dribling idiot wrote: >> o i suggest adding an "ignore list" of sites. fine. it was late. i wasn't thinking clearly. shut up. i don't wanna hear it. this idea would work fine if you happen to have a clue where the hell the abusive/annoying messages are comming from ... how about just switching that around to be a "lock out these sites" list and ignore all messages that ask to be remailed to those sites. and be sure to stick "willy at whitehouse.gov" on the top of the list. From thomas.hughes at chrysalis.org Wed Nov 3 01:07:18 1993 From: thomas.hughes at chrysalis.org (thomas.hughes at chrysalis.org) Date: Wed, 3 Nov 93 01:07:18 PST Subject: RE-RE-RE-RE: ZEE Message-ID: <9311030207.A6385wk@chrysalis.org> >>Random mailing routes actually make it easier to track down the >>original sender. >>Perhaps you missed an earlier message I sent to the list ("Anonymous >>Mail"). If the message proceeds randomly through the remailers, then >>every single site must somehow be told the final address. Therefore, >>instead of just one site knowing the final destination, every site >>must know the final destination. if every single site knows the final address, so what? how is this going to help them track down the original sender?? anyone at the final destination who wants to track down the original sender would need to hop-scotch backwards through the numerous sites and try to track down the path the message took. this is of course, IF someone really wants to go to this much trouble and if they think they can talk a slew of administrators into helping them with the witchhunt. 1 out of 5 odds that a "special processing script" is executed on the message and it is forwarded through a remailer or two using encryption. just set up 20 different scripts that route the message in encrypted form through various/random/secret/obscure remailer-paths. From remail at tamsun.tamu.edu Wed Nov 3 02:47:22 1993 From: remail at tamsun.tamu.edu (remail at tamsun.tamu.edu) Date: Wed, 3 Nov 93 02:47:22 PST Subject: TRW PhonePrint (fwd) Message-ID: <9311031045.AA09792@tamsun.tamu.edu> FACT SHEET What is TRW PhonePrintTM ? TRW PhonePrintTM is a system designed to block illegal access to cellular networks by cellular "counterfeiters" who use stolen telephone identification numbers. How Does It Work? Each cellular telephone emits unique signal transmission characteristics - an electronic version of a human fingerprint - which cannot be duplicated. These characteristics are matched with the mobile identification number (MIN) and the electronic serial number (ENS) of the phone to develop a unique pattern for each legitimate customer, TRW PhonePrintTM uses sophisticated signal analysis hardware and software to analyze and file the patterns belonging to legitimate customers. When a caller attempts to access the network, the system compares incoming patterns to those on file. If the patterns do not match the call is immediately terminated. Who Benefits? Cellular telephone fraud costs the industry up to $300 million annually. TRW PhonePrintTM benefits cellular operators and customers by: o Terminating fraudulent calls before they can access the system o Eliminating the need for legitimate users to change phone numbers or codes. o Increasing the capacity of the network by eliminating the flow of illegal traffic. o Building customer confidence in the security of the cellular network. When Will It Be Available? TRW PhonePrintTM is currently being tested by PacTel Cellular, Los Angeles. Testing is expected to be completed in early 1994, and the system will be made available to cellular carriers nationwide. The Company TRW, headquartered in Cleveland, Ohio, is strategically focused on providing products and services with a high technology or engineering content. From koontzd at lrcs.loral.com Wed Nov 3 07:52:25 1993 From: koontzd at lrcs.loral.com (David Koontz ) Date: Wed, 3 Nov 93 07:52:25 PST Subject: TRW PhonePrint (fwd) Message-ID: <9311031547.AA00321@io.lrcs.loral.com> >Each cellular telephone emits unique signal transmission characteristics - an >electronic version of a human fingerprint - which cannot be duplicated. These >characteristics are matched with the mobile identification number (MIN) and the >electronic serial number (ENS) of the phone to develop a unique pattern for >each legitimate customer I would take it that this would have to operate at the cell level? From talon57 at well.sf.ca.us Wed Nov 3 07:52:26 1993 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Wed, 3 Nov 93 07:52:26 PST Subject: INFO: Word Cracking program Message-ID: <199311031550.HAA00208@well.sf.ca.us> I saw several requests for a program that can break the encryption on Word for Windows ans Word for Dos files....I have just uploaded WORDPWD>ZIP to (thats wordpwd.zip) to soda.berkeley.edu cd pub/cypherpunks/incoming. I think the author put it best; HELLO MICROSOFT: If any of you are listening; it would be very nice if future versions of Winword had competent encryption that can't be broken by any kid who understands his Spiderman Secret Decoder Ring. A false sense of security is much worse than none at all. It misleads people into thinking that they have assured the confidentiality of their documents when they have in fact not, and should have used another method to do so. The best approach is to have winword call an external program to do the encryption. This would let us plug in our favourite cryptengine and save you a lot of hassle vis-a-vis export controls on useful crypto technology. --- Marc Thibault | Automation Architect | All we are saying marc at tanda.isis.org | R.R.1, Oxford Mills, | is give global CIS:71441,2226 | Ontario, Canada K0G 1S0 | warming a chance. NC FreeNet: aa185 | | -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.0 mQBNAiqxYTkAAAECALfeHYp0yC80s1ScFvJSpj5eSCAO+hihtneFrrn+vuEcSavh AAUwpIUGyV2N8n+lFTPnnLc42Ms+c8PJUPYKVI8ABRG0I01hcmMgVGhpYmF1bHQg PG1hcmNAdGFuZGEuaXNpcy5vcmc+ =HLnv -----END PGP PUBLIC KEY BLOCK----- enjoy... Brian D Williams Extropian Cypherpatriot From wex at media.mit.edu Wed Nov 3 08:52:25 1993 From: wex at media.mit.edu (Alan (Gesture Man) Wexelblat) Date: Wed, 3 Nov 93 08:52:25 PST Subject: TRW PhonePrint (fwd) In-Reply-To: <9311031045.AA09792@tamsun.tamu.edu> Message-ID: <9311031647.AA17745@media.mit.edu> This sounds like they're matching access codes to physical devices. Does that mean I can't use someone else's cellphone? If this "fingerprint" signal is transmitted continuously, does this mean that it's now easier to track cellphone users? How long before someone makes a black box to spoof these signals? --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request Try not to have a good time ... This is supposed to be educational. From lefty at apple.com Wed Nov 3 10:42:21 1993 From: lefty at apple.com (Lefty) Date: Wed, 3 Nov 93 10:42:21 PST Subject: Style Analysis Message-ID: <9311031756.AA18695@internal.apple.com> >IN: The spirit is willing, but the flesh is weak. >OUT:The vodka was great, but the mean is rotten. IN: Out of sight, out of mind. OUT: Blind lunatic. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From mnemonic at well.sf.ca.us Wed Nov 3 11:37:26 1993 From: mnemonic at well.sf.ca.us (Mike Godwin) Date: Wed, 3 Nov 93 11:37:26 PST Subject: EFF statement on Bell Atlantic/TCI deal Message-ID: <199311031935.LAA24250@well.sf.ca.us> The following is an offical EFF statement with regard to the Bell Atlantic/TCI deal. --Mike ====== The recent spate of telecommunications mergers -- Bell Atlantic/TCI, US West/Time-Warner, AT&T/McCaw, plus numerous others in the works -- raise the stakes for information policy makers and those of us who are concerned about the development of an open, accessible information infrastructure. EFF has just released a major new statement on our Open Platform Campaign, which explains EFF's approach to infrastructure policy. Our big concern is encourage Congess and the Administration to do the right thing and set out a new, positive communications policy that is ready for the information age. We believe that this policy must achieve the following goals: + Diversity of Information Sources: Promote a fully interactive infrastructure in which the First Amendment flourishes, allowing the greatest possible diversity of view points; + Universal Service: Ensure a minimum level of affordable information and communication service for all Americans; + Free Speech and Common Carriage: Guarantee infrastructure access regardless of the content of the message that the user is sending; + Privacy: Protect the security and privacy of all communications carried over the infrastructure, and safeguard the Fourth and Fifth Amendment rights of all who use the information infrastructure; + Development of Public Interest Applications and Services: Ensure that public interest applications and services which are not produced by the commercial market are widely available and affordable. Our policy proposal, available by anonymous ftp on ftp.eff.org in /pub/eff/papers/op2.0, contains a discussion of these principles and concrete legislative recommendations on how to accomplish many of these goals. Here are a few selected paragraphs from the main paper to give a flavor of our positions, but we hope you'll read the whole thing. "Regulatory changes should be made, and mergers approved or barred based on specific, enforceable commitments that the electronic superhighways will meet public goals and realize the potential of digital technology. That potential arises from the extraordinary spaciousness of the broadband information highway, contrasted with the scarcity of broadcast spectrum and the limited number of cable channels that defined the mass media era. Properly constructed and administered, the information highway has enough capacity to permit passage not only for a band of channels controlled by the network operator, but also for a common carriage connection that is open to all who wish to speak, publish, and communicate on the digital information highway. For the first time, electronic media can have the diversity of information we associate only with the print media." But we can't rely on the promises of industry or the wonders of the competitive marketplace alone to create this infrastructure. We need legislative benchmarks to ensure that all citizens have access to advanced information infrastructure. We will achieve this goal not by having government build the whole thing, but by finding a new communications policy framework that works for the market and brings benefits to consumers. We've expanded the concept of "Open Platform Services" from just narrowband ISDN, to include any switched, digital service, offered on a common carriage basis, by any provider. "To achieve the full potential of new digital media, we need to make available what we call Open Platform services, which reach all American homes, businesses, schools, libraries, and government institutions. Open Platform service will enable children at home to tie into their school library (or libraries all around the world) to do their homework. It will make it possible for a parent who makes a video of the local elementary school soccer game to share it with parents and students throughout the community. Open Platform will make it as easy to be an information provider as it is to be an information consumer." "Open Platform services provide basic information access connections, just as today's telephone line allows your to connect to an information service or the coaxial cable running into your home connects you to cable television programming. This is not a replacement for current online services such as America Online or Compuserve, but rather is the basic transport capacity that one needs to access the multimedia version of these information services. "Specifically, Open Platform service must meet the following criteria: + widely available, switched digital connections; + affordable prices; + open access to all without discrimination as the content of the message; + sufficient "up-stream" capacity to enable users to originate, as well as receive, good quality video, multimedia services. "Open Platform service itself will be provided by a variety of providers over interconnected networks, using a variety of wires, fiber optics, coax cable, and wireless transmission services. But however it is provided, if it is affordable and widely available, it will be the on-ramp for the nation's growing information superhighway." Rather than a narrow focus on stopping or delaying the proposed mergers, policy makers should use the leverage of the moment to create a new Communications Act that serves the public interest. "The Administration and Congress can create an prompt the deployment of open platforms by using the political leverage at its disposal. Bell Atlantic, TCI, Time Warner, US West and others involved in recent mergers are all promising to build open platforms. Telecommunications giants are asking policymakers for permission to enter new markets or to form new, merged entities. Rather than per se opposition to current mergers, or mere reliance on competition to build the data highways, make the mergers and other accommodations conditional on providing affordable open platform services. The terms of this new social contract should be written into a new Communications Act, revised for the information age. With a real "social contract" in hand, we just might realize the Jeffersonian potential of the data superhighways. " "Together with a coalition of public interest groups and private industry, the Electronic Frontier Foundation is working to establish Open Platform objectives in concrete legislation. Open Platform provisions, which would cause near term deployment of Open Platform services, are present in both the recent Senate infrastructure bill and the latest draft of House telecommunications legislation, soon to be introduced. We are also working with the Administration to have Open Platform policies included in the recommendations of the Information Infrastructure Task Force. In addition to federal policy, critical decisions about the shape of the information infrastructure will be made at state and local levels. Since 1991, EFF has been working with a number state legislatures and public utility commissions to have affordable, digital services offered at a local level. As cable and telephone infrastructures converge, we will also work with local cable television franchising authorities. We invite all who are concerned about these issues to join with us in these public policy efforts." We hope that everyone will have a look at our new proposal, and join in to help us. =================================================================== FOR MORE INFORMATION ABOUT THE OPEN PLATFORM CAMPAIGN CONTACT: Daniel J. Weitzner, Senior Staff Counsel, MEMBERSHIP: Sarah Simpson, Membership Coordinator, ONLINE RESOURCES AND INFORMATION: Stanton McCandlish, Online Activist, EFF DOCUMENTS ON THE SUBJECT (in ftp.eff.org): Open Platform Campaign: Public Policy for the Information Age /pub/eff/papers/op2.0 Senate Telecommunications Infrastructure Act of 1993 (S. 1086) /pub/eff/legislation/infra-act-s1086 /pub/eff/legislation/infra-act-s1086-summary EFF Testimony on Senate Infrastructure Bill /pub/eff/legislation/kapor-on-s1086 From mech at eff.org Wed Nov 3 11:57:26 1993 From: mech at eff.org (Stanton McCandlish) Date: Wed, 3 Nov 93 11:57:26 PST Subject: WARNING: direct-marketing email address list Message-ID: <199311031956.AA10135@eff.org> FYI... ____ begin forward ____________________________________________ Date: Mon, 1 Nov 93 10:11:21 xST From: [Anonymous] Subject: Direct E-Mail: J.S. McBride & Co. According to the Internet Business Report 1.3 (page 4), J.S. McBride and Company are selling access to a database of Internet addresses, including demographic information. They claim over one million entries. The net address is jim_mcbride at netmail.com, and I am sure they would enjoy hearing from anybody who would like to be removed from the list. [Equifax revisited? PGN] ____ end forward ______________________________________________ From mech at eff.org Wed Nov 3 12:07:27 1993 From: mech at eff.org (Stanton McCandlish) Date: Wed, 3 Nov 93 12:07:27 PST Subject: New EFF Infrastructure Policy Statement Message-ID: <199311032002.AA10225@eff.org> New EFF Open Platform Statement Online The recent spate of telecommunications mergers -- Bell Atlantic/TCI, US West/Time-Warner, AT&T/McCaw, plus numerous others in the works -- raise the stakes for information policy makers and those of us who are concerned about the development of an open, accessible information infrastructure. EFF has just released a major new statement on our Open Platform Campaign, which explains EFF's approach to infrastructure policy. Our big concern is encourage Congess and the Administration to do the right thing and set out a new, positive communications policy that is ready for the information age. We believe that this policy must achieve the following goals: * Diversity of Information Sources: Promote a fully interactive infrastructure in which the First Amendment flourishes, allowing the greatest possible diversity of view points; * Universal Service: Ensure a minimum level of affordable information and communication service for all Americans; * Free Speech and Common Carriage: Guarantee infrastructure access regardless of the content of the message that the user is sending; * Privacy: Protect the security and privacy of all communications carried over the infrastructure, and safeguard the Fourth and Fifth Amendment rights of all who use the information infrastructure; * Development of Public Interest Applications and Services: Ensure that public interest applications and services which are not produced by the commercial market are widely available and affordable. Our policy proposal, available by anonymous ftp on ftp.eff.org in /pub/eff/papers/op2.0, contains a discussion of these principles and concrete legislative recommendations on how to accomplish many of these goals. Here are a few selected paragraphs from the main paper to give a flavor of our positions, but we hope you'll read the whole thing. "Regulatory changes should be made, and mergers approved or barred based on specific, enforceable commitments that the electronic superhighways will meet public goals and realize the potential of digital technology. That potential arises from the extraordinary spaciousness of the broadband information highway, contrasted with the scarcity of broadcast spectrum and the limited number of cable channels that defined the mass media era. Properly constructed and administered, the information highway has enough capacity to permit passage not only for a band of channels controlled by the network operator, but also for a common carriage connection that is open to all who wish to speak, publish, and communicate on the digital information highway. For the first time, electronic media can have the diversity of information we associate only with the print media." But we can't rely on the promises of industry or the wonders of the competitive marketplace alone to create this infrastructure. We need legislative benchmarks to ensure that all citizens have access to advanced information infrastructure. We will achieve this goal not by having government build the whole thing, but by finding a new communications policy framework that works for the market and brings benefits to consumers. We've expanded the concept of "Open Platform Services" from just narrowband ISDN, to include any switched, digital service, offered on a common carriage basis, by any provider. "To achieve the full potential of new digital media, we need to make available what we call Open Platform services, which reach all American homes, businesses, schools, libraries, and government institutions. Open Platform service will enable children at home to tie into their school library (or libraries all around the world) to do their homework. It will make it possible for a parent who makes a video of the local elementary school soccer game to share it with parents and students throughout the community. Open Platform will make it as easy to be an information provider as it is to be an information consumer." "Open Platform services provide basic information access connections, just as today's telephone line allows your to connect to an information service or the coaxial cable running into your home connects you to cable television programming. This is not a replacement for current online services such as America Online or Compuserve, but rather is the basic transport capacity that one needs to access the multimedia version of these information services. "Specifically, Open Platform service must meet the following criteria: * widely available, switched digital connections; * affordable prices; * open access to all without discrimination as the content of the message; * sufficient "up-stream" capacity to enable users to originate, as well as receive, good quality video, multimedia services. "Open Platform service itself will be provided by a variety of providers over interconnected networks, using a variety of wires, fiber optics, coax cable, and wireless transmission services. But however it is provided, if it is affordable and widely available, it will be the on-ramp for the nation's growing information superhighway." Rather than a narrow focus on stopping or delaying the proposed mergers, policy makers should use the leverage of the moment to create a new Communications Act that serves the public interest. "The Administration and Congress can create an prompt the deployment of open platforms by using the political leverage at its disposal. Bell Atlantic, TCI, Time Warner, US West and others involved in recent mergers are all promising to build open platforms. Telecommunications giants are asking policymakers for permission to enter new markets or to form new, merged entities. Rather than per se opposition to current mergers, or mere reliance on competition to build the data highways, make the mergers and other accommodations conditional on providing affordable open platform services. The terms of this new social contract should be written into a new Communications Act, revised for the information age. With a real "social contract" in hand, we just might realize the Jeffersonian potential of the data superhighways. " "Together with a coalition of public interest groups and private industry, the Electronic Frontier Foundation is working to establish Open Platform objectives in concrete legislation. Open Platform provisions, which would cause near term deployment of Open Platform services, are present in both the recent Senate infrastructure bill and the latest draft of House telecommunications legislation, soon to be introduced. We are also working with the Administration to have Open Platform policies included in the recommendations of the Information Infrastructure Task Force. In addition to federal policy, critical decisions about the shape of the information infrastructure will be made at state and local levels. Since 1991, EFF has been working with a number state legislatures and public utility commissions to have affordable, digital services offered at a local level. As cable and telephone infrastructures converge, we will also work with local cable television franchising authorities. We invite all who are concerned about these issues to join with us in these public policy efforts." We hope that everyone will have a look at our new proposal, and join in to help us. =================================================================== FOR MORE INFORMATION ABOUT THE OPEN PLATFORM CAMPAIGN CONTACT: Daniel J. Weitzner, Senior Staff Counsel, MEMBERSHIP: Sarah Simpson, Membership Coordinator, ONLINE RESOURCES AND INFORMATION: Stanton McCandlish, Online Activist, EFF DOCUMENTS ON THE SUBJECT (in ftp.eff.org): Open Platform Campaign: Public Policy for the Information Age /pub/eff/papers/op2.0 Senate Telecommunications Infrastructure Act of 1993 (S. 1086) /pub/eff/legislation/infra-act-s1086 /pub/eff/legislation/infra-act-s1086-summary EFF Testimony on Senate Infrastructure Bill /pub/eff/legislation/kapor-on-s1086 From jim at bilbo.suite.com Wed Nov 3 12:47:26 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Wed, 3 Nov 93 12:47:26 PST Subject: WARNING: direct-marketing email address list Message-ID: <9311032045.AA07624@bilbo.suite.com> > According to the Internet Business Report 1.3 (page 4), J.S. McBride and > Company are selling access to a database of Internet addresses, including > demographic information. They claim over one million entries. The net > I receive an unsolicited e-mail from these people just the other day. It said something to effect of "I have heard that you may be interested in implementing UNIX/Mac/PC software...I have a database of contact addresses that may interest you...I am NOT selling anything...If I have mis-read your intentions, I apologize. However, could you forward this letter to someone would may be interested." I deleted it. Jim_Miller at suite.com From m5 at vail.tivoli.com Wed Nov 3 13:12:21 1993 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 3 Nov 93 13:12:21 PST Subject: Internet "mailing list" Message-ID: <9311032108.AA20464@vail.tivoli.com> (Hoping I don't get yelled at (TYPED at?) for something not suitably cypherpunkish...) I wonder if the Internet mailing list people have "ringers" in the list? They could set up accounts on netcom and other services, I suppose, and just keep a .forward file there. Of course, if one stole the list (or bought 1 use and decided to keep using it) but sent all mail through an anonymous remailer, that wouldn't do them much good (not that mailing through an anonymous remailer could do much good to a business abusing the list in an attempt to make a profit.) I wonder whether any well-used anonymous addresses are in it? One could, in principle, compile quite useful demographic information about a nym. And what if (gasp! shudder! my fluids!) several names in the list map to one real user? Could the purchaser of the list demand a partial refund? -- Mike McNally From jim at bilbo.suite.com Wed Nov 3 13:32:21 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Wed, 3 Nov 93 13:32:21 PST Subject: WARNING: direct-marketing email address list Message-ID: <9311032125.AA08247@bilbo.suite.com> >> I receive an unsolicited e-mail from these people just the other day. >> It said something to effect of > > You should have posted it and their address so we could all email them > and tell them how pleased we were to receive their crapola. :) > Their address is the one mentioned in Stanton McCandlish's "WARNING: direct-marketing email address list" post: jim_mcbride at netmail.com Jim_Miller at suite.com From wex at media.mit.edu Wed Nov 3 13:42:22 1993 From: wex at media.mit.edu (Alan (Gesture Man) Wexelblat) Date: Wed, 3 Nov 93 13:42:22 PST Subject: WARNING: direct-marketing email address list In-Reply-To: <9311032045.AA07624@bilbo.suite.com> Message-ID: <9311032136.AA14423@media.mit.edu> As I've pointed out several times in other places, the Internet as it's currently set up makes junk mail remarkably easy to deter. Kill files can remove it before you see it or if the offender persists, a cron job mailing him core files can be a remarkable deterrent. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request Try not to have a good time ... This is supposed to be educational. From hiscdcj at lux.latrobe.edu.au Wed Nov 3 14:12:34 1993 From: hiscdcj at lux.latrobe.edu.au (Dwayne) Date: Wed, 3 Nov 93 14:12:34 PST Subject: Some possible projects/topics for CypherPunks In-Reply-To: <0gpjpDm00awINIlkpF@andrew.cmu.edu> Message-ID: <9311031422.AA19696@lux.latrobe.edu.au> Matthew J Ghio blew a bubble, which danced and sang: : : I agree. Altho we'd probably want to build our own boards, we'd have to : rely on commercially availiable integrated circuits and other : components. The components we'd need are fairly easy to obtain, and I : don't see any reason to believe that we will have difficulty obtaining : computer components to build a secret network in the future. Oceania : will probably become a major source of electronic privacy technologies, : but that's still several years in the future. Oceania is, but we may be able to set up the network soon, with a bit of effort. Or maybe not, it depends on enthusiasm, I suppose. : : > Or is anyone interested in starting a parallel list of sorts for the : : > hardware-punks? 'ware-punks? :-) or perhaps an even better name : : Yes. Who can host the mailing list? I may be able to. As in, I have a TCP/IP access and a very large account. Is listserv large? Will I get shot if I install it, I wonder. I've been told that any software I want to run I can install it myself, so I _guess_ this means I could run a mailing list...... I'll talk it over with sysadmin, I think. :-/ Dwayne FAQ stolen by dream bandits (Dwayne Jones-Evans IRC, MediaMOO: ddraig ) ( SCA: Cynon Yscolan ap Myrddin, Stormhold, Lochac, West) PGP public key available. finger me. be gentle. internet---> hiscdcj at lux.latrobe.edu.au From mech at eff.org Wed Nov 3 15:17:30 1993 From: mech at eff.org (Stanton McCandlish) Date: Wed, 3 Nov 93 15:17:30 PST Subject: oops Message-ID: <199311032313.AA13012@eff.org> Please pardon the double posting of the Open Platform info. We'll try not to let that happen again. -- -=> mech at eff.org <=- Stanton McCandlish Electronic Frontier Foundation Online Activist & SysOp "A nation that is afraid to let its people judge the truth and falsehood of ideas in an open market is a nation that is afraid of its people." -JFK NitV-DC BBS 202-232-2715, Fido 1:109/? IndraNet 369:111/1, 14.4V32b 16.8ZyX Join EFF! For more information about membership, send mail to eff at eff.org From pdn at dwroll.dw.att.com Wed Nov 3 15:47:31 1993 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Wed, 3 Nov 93 15:47:31 PST Subject: Looking for WORDPWD.ZIP Message-ID: <9311032345.AA16996@toad.com> I used anonymous ftp to connect to soda.berkeley.edu and wandered through the directory structures in search of WORDPWD.ZIP, but to no avail. Has anybody else picked this software up from there? I get a giggle out of demonstrating just how 'secure' the encryption schemes in popular PC packages really are... ........................................................................ Philippe D. Nave, Jr. | The person who does not use message encryption pdn at dwroll.dw.att.com | will soon be at the mercy of those who DO... Denver, Colorado USA | PGP public key: by arrangement. From jdblair at nextsrv.cas.muohio.EDU Wed Nov 3 17:27:30 1993 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Wed, 3 Nov 93 17:27:30 PST Subject: punk hardware list possibilities Message-ID: <9311040148.AA08057@ nextsrv.cas.muohio.EDU > Relating to the discussion of setting up a cypherpunk hardware related list... I would be able to host a list on the machine here, most likely-- its a little used (relatively) and a pretty open system. Let me know if anybody is interested. -john From nobody at alumni.cco.caltech.eduEternalOptimist Wed Nov 3 18:57:31 1993 From: nobody at alumni.cco.caltech.eduEternalOptimist (nobody at alumni.cco.caltech.eduEternalOptimist) Date: Wed, 3 Nov 93 18:57:31 PST Subject: ANON: mail concerns Message-ID: <9311040252.AA20137@alumni.cco.caltech.edu> -----BEGIN PGP SIGNED MESSAGE----- >:: >Request-Encryption-To: X > >If user ID X is on the remailer's pubkey ring, the outgoing message is >encrypted to X. This could be usefull for anonymous return-address blocks. Encryption should be the default. Err on the side of caution. Eternal!Optimist at anon.penet.fi (copyright 1993, Eternal Optimist [Ha Ha Ha]) 0) 0) =:()]-< -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLNgXzIjvfLxJbYYtAQEK4AP9HrSaMSOnlsxzEjgLbAgvsCSw3vMxLJ4u 856ZbKI2cZTNLoPzyWLNW68gZ7kcNeaF7MHKzWbI9tLEDePpWN34sB11wBlpfzcf WzcYVLI6JBLVERq2seyKU3cqAhWuxldSDeAlsKkMsrzI0tGgOaLkxCxhxn9weZf8 58mZeANd3sg= =8F9u -----END PGP SIGNATURE----- From jim at bilbo.suite.com Wed Nov 3 19:12:21 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Wed, 3 Nov 93 19:12:21 PST Subject: message depots Message-ID: <9311040308.AA14472@bilbo.suite.com> The mailing list has been pretty quite today. How about a new(?) idea to kick around... One of the main unsolved problems with anonymous remailer networks is that, somewhere, there has to be a remailer that knows the mapping from your anonymous identity to your real identity (or at least your real e-mail address). This means that you will have to trust the person running the remailer. It seems to me that as long as remailers use a message *delivery* paradigm, this problem is unsolvable. However, there is another paradigm that can be used which can solve this problem. I call it the "message depot" paradigm. It wastes a lot of bandwidth and cpu cycles. However, I believe that in the not too distant future we'll have more bandwidth than we know what to do with (Telecosm). Perhaps someday we'll also have more cpu cycles than we'll know what to do with (cray on a chip). When that day arrives, this idea will become practical. Until then, it will probably just be a toy. Still... Here how I see it working... Simplest case: One message depot Not too different from a message-only BBS where all messages are encrypted. If Bob wants to send a secure message to Alice and defeat traffic analysis, he will encrypt the message with Alice's public key and send it to the message depot. Alice (and everyone else) periodically grabs *all* new messages from the message depot and attempts to decrypt them. Alice finds that she can decrypt one of them; the one from Bob. If Bob signed the message before encrypting it, and Alice has Bob's public key, she can verify the signature. Of course, this doesn't means she knows who "Bob" is, just that "Bob" sent the message. Replace "Bob" with you favorite 'nym. Since everybody is periodically downloading all new messages, the message depot doesn't know which message goes to which person. Also, since the only clue to the sender's identity is the message signature, the message recipient may not know the identity of the sender. (It would depend on how the recipient got the sender's public key.) Scaling Up a Step: Multiple message depots Place a dozen message depots in the picture. They each publish a unique public key, which means that people can send encrypted messages to the depots as end points. The depots would poll each other for new messages to see if there is a message encrypted with their public keys. Example: Depot A polls depot B for new messages. Depot A attempts to decrypt the new messages. It finds one that it can decrypt. Upon decrypting the message, the depot sees a depot command and more message. The one and only depot command will be: "PUT THE REMAINDER OF THE MESSAGE IN YOUR MESSAGE POOL AS A NEW MESSAGE". Any message the depot cannot decrypt will be discarded. How is this useful? Well, by nesting a message in layers of digital envelopes, a sender can effectively move the message around the set of message depots until it reaches a depot that the final recipient polls. Lets say that Bob knows that Alice polls Depot E, yet, for some reason, Bob doesn't want to send the message directly to Depot E. What does he do? He first signs the message with his private key (if he wants to), then encrypts it with Alice's public key, appends the depot command and encrypts everything with Depot E's public key, appends another depot command and encrypts everything with Depot B's public key. He then sends the result to Depot B. Depot B decrypts the message, sees the depot command, strips it off and places the remainder in its message pool as a new message. Some time later, Depot E polls Depot B for new messages. Depot B obliges. Depot E attempts to decrypt the messages, finds that it can decrypt one of them. It sees the depot command, strips and posts the remainder of the message to its message pool. Eventually, Alice polls Depot E for new messages. And you can guess the rest. If Bob doesn't know which message depot Alice polls, he can send copies to a number of different depots and hope that Alice will find it. If he sent it to *all* depots, Alice will eventually get the message (unless she stops polling altogether). Messages depots will delete messages after a configurable amount of time. Also, the depots will not keep track of who has sucked down which set of "new" messages. This implies that the people polling the depots will have to tell the depot they want all messages since a given time. The client-side polling software can easily keep track of this for the user. Interfacing to the rest of the world: To support sending messages to specific e-mail addresses or news groups, somebody will have to run a remailer that polls the message depots. A sender will encrypt a remailer command and a message using the remailer's public key and direct it to the depot that the remailer polls. The remailer will find the message and interpret the remailer command. The command could be "SEND THIS TO ", or "POST THIS TO ", or whatever. Replies would have to travel back through the depot net. The body of the message can indicate a message depot to "reply" to. I believe most of this message depot idea can be automated. As you can see, this mechanism consumes lots of bandwidth and lots of cpu. But it does not require that you trust any part of the system except the part that sits in front of you. I also believe that it successfully defeats traffic analysis. "All the smarts will be at the fringes of the network." - the guy who is writing Telecosm (and whose name escapes me). Jim_Miller at suite.com From jazz at hal.com Wed Nov 3 19:47:34 1993 From: jazz at hal.com (Jason Zions) Date: Wed, 3 Nov 93 19:47:34 PST Subject: ID of anonymous posters via word analysis? Message-ID: <9311040344.AA02307@jazz.hal.com> This brings up the subject of how one can post without leaving an "ASCII fingerprint". I suspect the use of a spelling checker and grammatical checker would help. Perhaps running your text through a language converter, (say English to French) then back would remove many identifying characteristics. Two words: "jive"; "valspeak". Okay, two more: "swedish chef". Sure, it makes it a little harder to extract semantics from a message, and it can be hard to keep from giggling at the results, but those lex-based filters would work much better than some English->French->English translator program. You'd want to run the results through a reading-level checking program to make sure you knocked out the 64-dollar words; the size of ones vocabulary is one of those "identifying characteristics." Jazz From tcmay at netcom.com Wed Nov 3 20:22:21 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 3 Nov 93 20:22:21 PST Subject: message depots In-Reply-To: <9311040308.AA14472@bilbo.suite.com> Message-ID: <9311040418.AA21327@netcom5.netcom.com> Jim Miller writes: > One of the main unsolved problems with anonymous remailer networks is that, > somewhere, there has to be a remailer that knows the mapping from your > anonymous identity to your real identity (or at least your real e-mail > address). This means that you will have to trust the person running the > remailer. This is not so, and we have discussed this many, many times. Chaum's 1981 CACM paper, referred to again by Hal Finney recently, describes how a series of remailers (or mixes, in his terminology) can prevent this mapping from "real identity" to "anonymous identity." This mapping is currently known to remailer in "Julf-style" remailers, such as the one S. Boxx used. But what if, to pick a simple example, someone first used an encrypted Cyperpunks remailer to mail to the Julf site? Unless Julf and the Cypherpunks remailer owner get together (collude), neither of them can construct the mapping. With N remailers and use of encryption at each node, all any of the N nodes can deduce is the mapping between inputs and outputs, neither of which are necessariy either the "real name" or the "anonymous name." Jim goes on to describe his ideas for a "message depot" system, which bears close resemblance to Chaum's mixes, the basis for our existing encrypted remailers, and Myron Cuperman's "pool" idea, first deployed about a year ago. My own "BlackNet" example of a month or so ago (and developed in 1988, conceptually) used both encryption and pools: the messages I picked up and decrypted, using the BlackNet private key, were readable only by me, and neither I nor the senders had any way of knowing who the other person was. I know some will call me an old fogey, or an old-timer who won't help newcomers, or even a parasitic nym (or somesuch, says G. Toal :-}) intent on devouring the initiative of the creative talents here, but I have to call 'em as I see 'em. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From doug at netcom.com Wed Nov 3 20:37:34 1993 From: doug at netcom.com (Doug Merritt) Date: Wed, 3 Nov 93 20:37:34 PST Subject: trusting software Message-ID: <9311040435.AA23042@netcom5.netcom.com> How does one know that one can trust the software that one is using on one's own machine for encryption, mailing, etc, or worse yet, how can one know whether to trust the software doing anonymous or other remailing on other machines? Web-of-trust schemes are only statistically reliable due to these concerns. These are rhetorical questions; the point is, I just realized that I didn't explain myself last month when I talked about an algorithm for verifying *intentions*. A number of people emailed me to complain that authentication should be a matter of establishing a person's *real* identity -- a valid issue, but I was off on a tangent and neglected to explain my actual point: Imagine you have a single piece of software which runs a dcnet over the internet by being instantiated on many nodes. Imagine that you're concerned that the NSA or someone will spoof a whole bunch of nodes, pretend to be the Real Software (which ordinarily helps guarantee anonymity, defeat traffic analysis, etc), but actually works to defeat the Real Software and the people who use it. One would like to somehow guarantee that when one talks to remote software as part of a web of trust scheme, that the software really is the One and Only True Software, and not some deceitful counterfeit. It is in *this* connection that one might wish to authenticate the unique identity of multiply instantiated *software* by a hypothetical process which ascertains the *intentions* of that software instantiation. I previously phrased this as if it were a person that the hypothetical algorithm was authenticating, leading to understandable objections. Apologies; I had gotten into a digressive train of thought about using it with people before I posted, and it's taken me this long to realize that I never communicated clearly. I still haven't described the algorithm ("this margin is too narrow" :-), but I hope it's more clear that such an algorithm is potentially more realizable for software than it would be for people. Doug From csm2747 at NebrWesleyan.edu Wed Nov 3 20:52:22 1993 From: csm2747 at NebrWesleyan.edu (Chad S. Mawson) Date: Wed, 3 Nov 93 20:52:22 PST Subject: Remailers... Message-ID: <9311040450.AA09291@NebrWesleyan.edu> Ok, Ok, I'll admit I'm a newbie to encryption and the like. This idea of remailers seems excellent. My only question how do I use them? Also where could I get more info about all this? The ftp at soda.berkeley looks like a good place to start...any suggestions on specific files or programs, beside PGP. Thanks. +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | Chad Mawson *-* Nebraska Weseleyan University <> Lincoln, Nebraska *-* | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ csm2747 at hobbes.nebrwesleyan.edu From strick at osc.versant.com Wed Nov 3 22:07:34 1993 From: strick at osc.versant.com (henry strickland) Date: Wed, 3 Nov 93 22:07:34 PST Subject: message depots, packet routing? In-Reply-To: <9311040418.AA21327@netcom5.netcom.com> Message-ID: <9311040605.AA00344@osc.versant.com> # Jim goes on to describe his ideas for a "message depot" system, which # bears close resemblance to Chaum's mixes, the basis for our existing # encrypted remailers, and Myron Cuperman's "pool" idea, first deployed # about a year ago. If these papers address how to do naming/routing services in DCNets, I'd like to get references/copies. The idea of using well known names and well known hierarchies and fairly static connectivity with long TTLs (like DNS does) in order to get addressing and routing information does not seem as desirable in a DCNet. Sometimes it seems better to have static topology: if a couple of nodes I trust are in my dining ring and each ring connected to mine, I feel fairly confident doing business. I can take the time to get the right people around me. But static topologies allow more time for third parties to form alliances and collude. So perhaps every few seconds we should all get up, run around the room, grab hands with different partners, and start new rings. But then you don't have time to check out the reputations of your new neighbors. I can imagine a world of dining cryptographers in which 95% of the participants all work for the same highly-funded branch of the government and are in collusion ... paranoid, strick From ld231782 at longs.lance.colostate.edu Wed Nov 3 23:22:22 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 3 Nov 93 23:22:22 PST Subject: pseudospoofing SF Message-ID: <9311040718.AA07685@longs.lance.colostate.edu> cypherpunks interested in identity mutations, perversions, and crimes like MPD, impersonation, pseudospoofing, etc., and developing a legendary anecdotes and a complex mythology regarding it all with e.g. compiled science fiction references, (who comprise the majority of the members, based on my mail and enemies) may be delighted by the masterpiece novella `Mefisto in Onyx' by Harlan Ellison in the Oct. 1993 Omni magazine. From julf at penet.fi Thu Nov 4 06:57:36 1993 From: julf at penet.fi (Johan Helsingius) Date: Thu, 4 Nov 93 06:57:36 PST Subject: Er? Message-ID: <199311041453.AA24861@mail.eunet.fi> Anyone have any idea what this is about? Anon.penet.fi is being bombarded by an endless flow of these... Julf ------- Forwarded Message X-Envelope-To: na26436 Received: from hydra.acs.uci.edu by anon.penet.fi (5.67/1.35) id AA21686; Thu, 4 Nov 93 16:42:48 +0200 Received: by hydra.acs.uci.edu id AA24199 (5.65c/IDA-1.4.4 for na26436 at anon.penet.fi); Thu, 4 Nov 1993 05:47:52 -0800 Date: Thu, 4 Nov 1993 05:47:52 -0800 From: Mail Delivery Subsystem Message-Id: <199311041347.AA24199 at hydra.acs.uci.edu> To: na26436 at anon.penet.fi Subject: Returned mail: Return receipt ----- Transcript of session follows ----- ----- Message header follows ----- Received: from orion.oac.uci.edu by hydra.acs.uci.edu with SMTP id AA24194 (5.65c/IDA-1.4.4 for ); Thu, 4 Nov 1993 05:47:52 - 0800 Received: from relay2.UU.NET by orion.oac.uci.edu with SMTP id AA28377 (5.65c/IDA-1.4.4 for ); Thu, 4 Nov 1993 05:47:50 - 0800 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AA04164; Thu, 4 Nov 93 08:45:13 -0500 Received: by toad.com id AA23509; Thu, 4 Nov 93 05:37:38 PST Received: by toad.com id AA23503; Thu, 4 Nov 93 05:35:10 PST Return-Path: Received: from pad-thai.aktis.com ([192.231.148.11]) by toad.com id AA23499; Th u, 4 Nov 93 05:35:05 PST Errors-To: na26436 at anon.penet.fi Received: from gza-client1.aktis.com by pad-thai.aktis.com (8.6.4/) with ESMTP id ; Thu, 4 Nov 1993 08:35:27 -0500 Received: from localhost by gza-client1.aktis.com (8.6.4/4.7) id IAA28688; Thu, 4 Nov 1993 08:35:26 -0500 Received: from relay2.UU.NET by pad-thai.aktis.com (8.6.4/) with SMTP id ; Wed, 3 Nov 1993 22:05:39 -0500 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AA29104; Wed, 3 Nov 93 22:02:57 -0500 Received: by toad.com id AA18024; Wed, 3 Nov 93 18:57:31 PST Received: by toad.com id AA18012; Wed, 3 Nov 93 18:56:25 PST Received: from punisher.caltech.edu ([131.215.48.151]) by toad.com id AA18007; Wed, 3 Nov 93 18:56:20 PST Errors-To: na26436 at anon.penet.fi Received: from alumni.cco.caltech.edu by punisher.caltech.edu (4.1/DEI:4.41) id AA29935; Wed, 3 Nov 93 18:56:14 PST Received: by alumni.cco.caltech.edu (4.1/DEI:4.41) id AA20137; Wed, 3 Nov 93 18:52:10 PST Date: Wed, 3 Nov 93 18:52:10 PST Message-Id: <9311040252.AA20137 at alumni.cco.caltech.edu> To: XXXXXXXXXXXXXXX, cypherpunks at toad.com X-Mail-Duplicate-From: nobody at alumni.cco.caltech.edu Comments: This message is NOT from the person listed in the From line. It is from an automated software remailing service operating at that address. Please report problem mail to . Subject: Re: ANON: mail concerns From: Eternal Optimist Return-Receipt-To: na26436 at anon.penet.fi Reply-To: na26436 at anon.penet.fi Errors-To: na26436 at anon.penet.fi ------- End of Forwarded Message From cowlingl at cs.WNMU.EDU Thu Nov 4 08:07:36 1993 From: cowlingl at cs.WNMU.EDU (Lloyd Cowling) Date: Thu, 4 Nov 93 08:07:36 PST Subject: ciphers and such Message-ID: <9311041607.AA01018@CS.WNMU.EDU> Cipherpunks: I have a long running interest in ciphers. Could you put me on to your modis operundi and FAQ's, etc. Where I might find out more about you and what you do? Thx - Lloyd From klbarrus at owlnet.rice.edu Thu Nov 4 09:02:23 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Thu, 4 Nov 93 09:02:23 PST Subject: ANON: random remailing... Message-ID: <9311041659.AA13439@arcadien.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- >if every single site knows the final address, so what? >how is this going to help them track down the original sender?? >anyone at the final destination who wants to track down the original sender >would need to hop-scotch backwards through the numerous sites and try to >track down the path the message took. this is of course, IF someone really Yes, this is true, but the key point in the anonymous remailers is they can be used for two-way communication. Presumably, both you and your friend intend to email each other. If mail proceeds randomly throughout the network, then the final destination must be available to every remailer. This may be fine if A only sends to B (announces to every remailer B's address), but when B responds to A, A's address is similarly announced to every remailer. Now it is simple to figure out A and B are communicating. If all you want is one-way communication (i.e. you just want to send and don't expect any replies), you may be better off faking mail with telnet, or using a newsgroup. Karl Barrus -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLNk0qoOA7OpLWtYzAQF17wP/eittrsJRkRuKSXH0V1bSiEEc1+ZAYGj9 4+aTctisX0QG2LholGDHqxti02SyEH+iQO8qjAkY5vyHNDVM6pH4tr2xzF2W9prx 1A91KNXHdiZPAvsUWgv32+B5IJYZqarRVmLjuI7PnydTiKX9/24bffl8TUtoidln syJ3O/cVoyA= =iz1j -----END PGP SIGNATURE----- From klbarrus at owlnet.rice.edu Thu Nov 4 09:12:25 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Thu, 4 Nov 93 09:12:25 PST Subject: ANON: pools Message-ID: <9311041709.AA13687@arcadien.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- >address). This means that you will have to trust the person running the >remailer. Well, you can always run your own remailer or two... :-) >used which can solve this problem. I call it the "message depot" paradigm. Actually, this is quite similar (identical to?) anonymous pools. The stuff about interfacing different pools sounds good. Miron is running one at extropia.wimsey.com (mail to pool0-request or pool0-help). Basically, it is a mailing list with several subscribers. If you want to send a message to one person, encrypt it and send it to the pool. Everybody gets the message, but only one person can decrypt it. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLNk3FoOA7OpLWtYzAQENwgQAoYV+LeTQ2XguY5OtXgiW1pkMuZYxwifl pmmoHvUiFN5JdOBnyII4JgFjWpU1vqzAuUaZxR7yG1/c6Uaq+IluADGsu9NdSUVX NM7UGKffDMmE0bdlfzmlZJtP7+bbUK5kNE7gJkseyZ6q8cU9qjftUlFgASNrUCH9 w75nM8tMM68= =x9BH -----END PGP SIGNATURE----- From hughes at ah.com Thu Nov 4 09:22:23 1993 From: hughes at ah.com (Eric Hughes) Date: Thu, 4 Nov 93 09:22:23 PST Subject: Er? In-Reply-To: <199311041453.AA24861@mail.eunet.fi> Message-ID: <9311041716.AA04672@ah.com> It appears that last few fields in the returned header are responsible for the problems. Julf's mail also indicates why cypherpunks has had a couple of duplicate posts recently. The offending headers are "Return-Receipt-To" and "Errors-To". The "Return-Receipt-To" field is triggering a reaction in some other mailers to bounce back acknowledgement of the mail. Now cypherpunks at toad.com was in the "To" list, and it appears that acknowldegement mail was sent out to cypherpunks again. All this time the "Received" fields are increasing. When there are too many of them--the number is mailer dependent, but is typically 17-20, some mailer along the chain bounces the message. It sees the "Errors-To" line and sends back the bounce to penet. My guess is that a significant fraction of the cypherpunks list is sending anon.penet.fi back one message each per "Return-Receipt-To". Not all that many mailers honor return receipts, but all mailers bounce mail with too many Received fields. Hence the first return receipts sent didn't generate nearly so many errors as all the bounces from the second time the message went out to the list. How we solve this? Well, let's list the mailers involved in the particular message you sent. The first one was the anonymous remailer at caltech. The message from there was directed to cypherpunks, so that's toad.com. From there it travelled through uunet (toad.com's mail gateway for a large amount of traffic) to somewhere in the gza/aktis/ov group of machines. Somewhere in there the return receipt was generated; note the "Return-Path: " field. This mailer generated a message back to cypherpunks (toad.com) again. One copy of this went to a machine in uci.edu, which bounced it to penet. I'd say that the mailer which generated the return-receipt back to cypherpunks (assuming that happened) is the most proximate cause. Cypherpunks was in the To: field, not the From: field, and even though your standard reply might go to both parties (assuming the To: field is larger than just you), a return receipt should only be propagated to the original sender. toad.com is a secondary cause, since the Return-Receipt-To: field should probably not be propagated out to a mailing list, but rather acknowledged or discarded before mailing list expansion. Also, since toad.com is not running reasonable mailing list software (which we don't have), it's not detecting duplicate messages sent back to the list and discarding them. Eric From jim at bilbo.suite.com Thu Nov 4 09:57:38 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 4 Nov 93 09:57:38 PST Subject: message depots Message-ID: <9311041755.AA27473@bilbo.suite.com> It seems the message depot idea is not terribly original. Oh well, I'm not too surprised. I suspected this and that's why I put "new(?) idea" in my post. I can at least pat my self on the back for reinventing it a few years late. :-) Jim_Miller at suite.com From jik at security.ov.com Thu Nov 4 09:57:44 1993 From: jik at security.ov.com (Jonathan I. Kamens) Date: Thu, 4 Nov 93 09:57:44 PST Subject: Er? In-Reply-To: <9311041716.AA04672@ah.com> Message-ID: <199311041755.MAA29355@gza-client1.aktis.com> ACK! I'm not responsible for the "Return-Receipt-To" in that message. However, I am responsible for resending the message to the mailing list. Our mail2news gateway (we gateway cypherpunks into a local newsgroup) bounced it because of a duplicate From line, and when I resent it to the gateway alias, I screwed up and sent it to the list as well. I'm sorry for the extra traffic on the list. I'll be more careful in the future. Jonathan Kamens | OpenVision Technologies, Inc. | jik at security.ov.com From mg5n+ at andrew.cmu.edu Thu Nov 4 10:12:24 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 4 Nov 93 10:12:24 PST Subject: ANON: random remailing... In-Reply-To: <9311041659.AA13439@arcadien.owlnet.rice.edu> Message-ID: > If all you want is one-way communication (i.e. you just want to > send and don't expect any replies), you may be better off faking > mail with telnet, or using a newsgroup. Exacltly how do you fake mail with telnet or use a newsgroup for one-way anonymous email? Care to elaborate? From crunch at netcom.com Thu Nov 4 10:47:38 1993 From: crunch at netcom.com (John Draper) Date: Thu, 4 Nov 93 10:47:38 PST Subject: Next Step show Message-ID: <9311041847.AA05706@netcom.netcom.com> Saw Eric Hughes on the Next Step science show on the Discovery Channel last Tuesday. Good job Eric...!! Wish they would have mentioned PGP and how easy it was to get it... Cheers CC From nowhere at bsu-cs.bsu.edu Thu Nov 4 11:57:38 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Thu, 4 Nov 93 11:57:38 PST Subject: Jim McBride Message-ID: <9311041958.AA25172@bsu-cs.bsu.edu> Got this in the mail today: -- cut -- Date: Wed, 03 Nov 1993 22:11:07 From: jim_mcbr at netmail.com Subject: Auto Reply To: Thank you for your mail to Jim McBride at JS McBride & Company. Due to the volume of mail be handled by this account, this is an automatic reply. PLEASE READ CAREFULLY!! 1. JS McBride is NOT collecting demographic information on email addresses. Due to the controversy surrounding this practice, we have discarded the product demographics we collected. We are however still collecting email addresses and user names. 2. The information collected (name and email address) will be offered in a printed white pages directory and in a white pages server on the net. 3. You DO NOT need to ask to have your name removed. BEFORE your name is used in the directory, you will receive mail asking for your permission. If you reply to the inquiry, your information will be used. If you do not reply, your name will NOT be used. 4. Comments regarding the white pages should be sent to Tom Manning at JS McBride & Company. 5. Mail to Jim McBride should be sent to 6. Information regarding the purchase of the white pages directory should be sent to or telephone us at 415-949-4295 Thank you for your time, Jim McBride -- David Sward sward+ at cmu.edu Finger or email for PGP public key 3D567F Encryption is an envelope for your email; read alt.security.pgp for details. GCS: -d+ -p+(---) c++(++++) l+ u+ e+ m+()@ s+/++ n+@ h+ f !g w+@ t+@ r+ y? From mech at eff.org Thu Nov 4 12:47:38 1993 From: mech at eff.org (Stanton McCandlish) Date: Thu, 4 Nov 93 12:47:38 PST Subject: UPDATE: direct-marketing email address list In-Reply-To: <2b92da$9sc@eff.org> Message-ID: <199311042046.AA10416@eff.org> Here's what you get if you send mail to J.S. McBride's posted address to query about the direct-marketing email address list: ______ begin forward ______ From Wizard at falcon.lhup.edu Thu Nov 4 12:52:38 1993 From: Wizard at falcon.lhup.edu (The Wizard) Date: Thu, 4 Nov 93 12:52:38 PST Subject: PC Magizine..... Message-ID: <9311042049.AA36322@falcon.lhup.edu> ...just to let all know, the November issue of PC Magazine mentions PGP in the Trends section. (pg 29) '....in fact, cryptography is included on the State Departments' list of weapons that could compromise the country's security.' '..Despite attemps to keep the technology stateside, 84 products that employ Digital Encryption Standard (DES) are available overseas, says the Software Publishers Association. But the regulation has succeeded in keeping U.S. companies out of the globabl marketplace. And recently, the makers of a software encryption program called Pretty Good Privacey(PGP) have been investigated for possible export violations. (Both DES and PGP are available on the Internet.)' The article also talks some about Clipper, but nothing new to my ears. The Skip-Jack algorithm is mentioned, and the fact that the NSA is keeping mum on how it works. Sean wizard at falcon.lhup.edu From sward+ at CMU.EDU Thu Nov 4 13:27:38 1993 From: sward+ at CMU.EDU (David Reeve Sward) Date: Thu, 4 Nov 93 13:27:38 PST Subject: Jim McBride In-Reply-To: <9311041958.AA25172@bsu-cs.bsu.edu> Message-ID: Excerpts from internet.cypherpunks: 4-Nov-93 Jim McBride by Anonymous at bsu-cs.bsu.edu > David Sward sward+ at cmu.edu Finger or email for PGP public key 3D567F > Encryption is an envelope for your email; read alt.security.pgp for details. > GCS: -d+ -p+(---) c++(++++) l+ u+ e+ m+()@ s+/++ n+@ h+ f !g w+@ t+@ r+ y? Whoops :) -- David Sward sward+ at cmu.edu Finger or email for PGP public key 3D567F Encryption is an envelope for your email; read alt.security.pgp for details. GCS: -d+ -p+(---) c++(++++) l+ u+ e+ m+()@ s+/++ n+@ h+ f !g w+@ t+@ r+ y? From jim_mcbr at netmail.com Thu Nov 4 12:38:43 1993 From: jim_mcbr at netmail.com (jim_mcbr at netmail.com) Date: Thu, 4 Nov 1993 15:38:43 -0500 Subject: Auto Reply Message-ID: <2cd89d75.jmcbride@netmail.com> Thank you for your mail to Jim McBride at JS McBride & Company. Due to the volume of mail be handled by this account, this is an automatic reply. PLEASE READ CAREFULLY!! 1. JS McBride is NOT collecting demographic information on email addresses. Due to the controversy surrounding this practice, we have discarded the product demographics we collected. We are however still collecting email addresses and user names. 2. The information collected (name and email address) will be offered in a printed white pages directory and in a white pages server on the net. 3. You DO NOT need to ask to have your name removed. BEFORE your name is used in the directory, you will receive mail asking for your permission. If you reply to the inquiry, your information will be used. If you do not reply, your name will NOT be used. 4. Comments regarding the white pages should be sent to Tom Manning at JS McBride & Company. 5. Mail to Jim McBride should be sent to 6. Information regarding the purchase of the white pages directory should be sent to or telephone us at 415-949-4295 Thank you for your time, Jim McBride ___________ end forward __________ From jim at bilbo.suite.com Thu Nov 4 15:47:40 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 4 Nov 93 15:47:40 PST Subject: ViaCrypt PGP has arrived Message-ID: <9311042344.AA04365@bilbo.suite.com> My copy of ViaCrypt PGP arrived yesterday (Nov 3). Since I worked late, I haven't had a chance to play with it yet. I looked through the manual. The commands look similar (if not identical) to "classic" PGP's, as far as I could tell at a glance. The bulk of the text for the manual was taken from the documentation that comes with PGP, except all occurances of "PGP" where replaced with "ViaCrypt PGP". The box looks pretty good. :-) Looks like they hired a real graphics designer. I suppose some of you are wondering why I'd fork over 100 bucks for something I could get for free. First of all, I can afford it. Second of all, I simply feel more comfortable using a licensed shinkwrapped software product than a quasi-legal freeware one. Call me a coward. I realize that by not compiling the code myself on my own machine I basically have to trust the ViaCrypt PGP implementation. So be it. If there is something wrong with ViaCrypt PGP I believe it will eventually be discovered. Somebody will no doubt disassemble it and look for backdoors. If someone finds one, ViaCrypt's reputation will be worthless. It's in ViaCrypts best interest not to put in any backdoors. Jim_"Rebel without a spine"_Miller at suite.com From edgar at spectrx.saigon.com Thu Nov 4 16:37:41 1993 From: edgar at spectrx.saigon.com (Edgar W. Swank) Date: Thu, 4 Nov 93 16:37:41 PST Subject: Allegations of PGP Weaknesses Message-ID: <66Licc4w165w@spectrx.saigon.com> -----BEGIN PGP SIGNED MESSAGE----- A few days ago, Victor Borisov posted here the following allegations or rumors about "weaknesses" in PGP. >He made same program (LanCrypto). That why, I hear only bad >words from he. :) You can read about this program in >cypherpunks. >From other KGB-men, I hear, that prophesor >Sidelnicov (the well known cryptoanalisist from Russia) saw, >that PGP has some weak places: > - random number is`t "good" random number. > - md5 has hole (but here man lapse into salence:( ). > - PGP for DOS don`t have any anti-overloking tools. > >BTW: LanCrypto play on last weakness: thay wrote litle >resident DOS program. This program crack PGP and than pgp >sign (and check) only part of message. LanCrypto public >this resalt in buziness newspaper and show program on the >big computer-show. I think this is rough market, but it >work well (as all, that KGB made:))!!! Since then, I have checked with other members of the PGP development team and here is a summary of what they (and I) say: The random number handling in PGP was beefed up in the 2.2 release. We don't know if there were any real weaknesses before that, but the improvements were added anyway. We suspect that if there were any problems, they are gone now. The guy who complained about it, Dr. Sidelnikov, never cooperated with requests for details on what he found wrong with PGP. In fact, he was pointedly uncooperative when contacted with questions asking him for details. If MD5 has a hole, we'd like to know about it. It would be publishable in any crypto journal. At Eurocrypt93, someone did find some slight weakness in MD5, but in realistic situations, this would not be a significant weakness. Future versions of PGP may use the SHA hash algorithm, instead of MD5. MD5 should be kept around for backwards compatibility. MD5 is still a good hash function, and the weaknesses found were not applicable to any real-world uses of it. An old version of PGP did not detect if material was appended to a signed message. This was a bug that was fixed, around version 2.2, or maybe 2.1, I'm not sure which. We're not quite sure what "anti-overlooking" tools are, but based on Boris' example, we guess it would be code added 1) to insure that the code is unmodified and 2) make analysis of the code (e.g. with debugging tools & disassemblers) difficult. Since PGP is distributed with source code, it's obviously open to analysis and modification by anyone even moderately skilled in programming. "Overlooking" attacks are easily countered by 1) making sure you have a "clean" PGP.EXE by checking it against the detached signature packed with it. 2)Running PGP with a freshly booted MSDOS from a factory diskette. This is especially true if you run into "suspicious" actions when running PGP in your normal configuration. (Like you get back a copy of something you signed which seems to have text added you don't remember). -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLNeRXt4nNf3ah8DHAQE+0QP/csLY4hw6AHGTdkoZu2koETv2q/ohnVl8 yGDwR65VVeuuiSANHjSmhUbA2w7DcbOaIxamzi1PSY6OHosB1ve4d2hOHKzdMrv1 m38x0iQLPZdGuuX0mCxRqvIJ47W8xKj49CxXIB+Khrva0nn+pAmQF6+IYonPGSAE 7uRREQnIzCU= =7ogP -----END PGP SIGNATURE----- -- edgar at spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From crypto at fizbin.fredd.com Thu Nov 4 18:17:41 1993 From: crypto at fizbin.fredd.com (Red Rover) Date: Thu, 4 Nov 93 18:17:41 PST Subject: unsubscribe Message-ID: <9311042032.D4339xz@fizbin.fredd.com> Please unsubscribe me. Thanks! -- Red Rover crypto at nowhere.com From cdodhner at indirect.com Thu Nov 4 18:17:50 1993 From: cdodhner at indirect.com (Christian D. Odhner) Date: Thu, 4 Nov 93 18:17:50 PST Subject: ANON: mail concerns In-Reply-To: <9311040252.AA20137@alumni.cco.caltech.edu> Message-ID: On Wed, 3 Nov 1993 nobody at alumni.cco.caltech.edu wrote: > >:: > >Request-Encryption-To: X > > > >If user ID X is on the remailer's pubkey ring, the outgoing message is > >encrypted to X. This could be usefull for anonymous return-address blocks. > > Encryption should be the default. Err on the side of caution. > What if the "To" address has more than one key associated with it? Maybe even more than one entity? Another (not publicized) remailer? Maybe this wouldn't be a problem. Hmmm..... Happy Hunting, -Chris Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" My opinions are shareware. To register your copy, send me 15$ in DigiCash. Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 > -----BEGIN PGP SIGNATURE----- > Version: 2.3 > > iQCVAgUBLNgXzIjvfLxJbYYtAQEK4AP9HrSaMSOnlsxzEjgLbAgvsCSw3vMxLJ4u > 856ZbKI2cZTNLoPzyWLNW68gZ7kcNeaF7MHKzWbI9tLEDePpWN34sB11wBlpfzcf > WzcYVLI6JBLVERq2seyKU3cqAhWuxldSDeAlsKkMsrzI0tGgOaLkxCxhxn9weZf8 > 58mZeANd3sg= > =8F9u > -----END PGP SIGNATURE----- From unicorn at access.digex.net Thu Nov 4 20:27:41 1993 From: unicorn at access.digex.net (Dark) Date: Thu, 4 Nov 93 20:27:41 PST Subject: ViaCrypt PGP has arrived Message-ID: <199311050423.AA21464@access.digex.net> I was with you all the way until you said: -> I realize that by not compiling the code myself on my own machine I basically have to trust the ViaCrypt PGP implementation. So be it. If there is something wrong with ViaCrypt PGP I believe it will eventually be discovered. Someb ody will no doubt disassemble it and look for backdoors. If someone finds one, ViaCrypt's reputation will be worthless. It's in ViaCrypts best interest not t o put in any backdoors. <- Call me paranoid: I'd never take what it's in someone's "best interest" as a major factor in predicting actions. Look at the crime section of the local paper or that bit called "news of the wierd" I happen to agree with you this time, though it would be nice if ViaCrypt had included the code and a compling mechanism. I suppose this is outside the realm of marketing possibility though. -uni- (Dark) From nobody at alumni.cco.caltech.eduEternalOptimist Thu Nov 4 20:42:27 1993 From: nobody at alumni.cco.caltech.eduEternalOptimist (nobody at alumni.cco.caltech.eduEternalOptimist) Date: Thu, 4 Nov 93 20:42:27 PST Subject: PGP BUG/FEATURE: multi-platform keys Message-ID: <9311050434.AA19322@alumni.cco.caltech.edu> -----BEGIN PGP SIGNED MESSAGE----- Recently I have received two keys that were unusable without modification (from wonderer and Sameer) because they were not prepared using canonical text. I had to replace all the carriage returns by hand (this is the workaround for mac users who receive PC keys). Why is non-canonical text even an option in pgp? Who would use it except by mistake? As long as I'm at it, here are some more macPGP2.3 bugs, for those who care. Trying to decrypt a message signed by a key I don't have causes a serious crash requiring reboot. Trying to select cancel in a signature dialogue just raises the same dialogue box instead of cancelling. I'm running on a powerbook 145 under system 7.0.1. Eternal!Optimist at anon.penet.fi (copyright 1993, Eternal Optimist [Ha Ha Ha]) 0) 0) =:()]-< -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLNe7R4jvfLxJbYYtAQFFHQP7BCqn1JKaI09wBrWnjOF73CPz7GetaC/y XL8zqhmzDdrGdLbWB/vBDgXW7z+2EJHazbvqaUhq1GQw8bq+opC2fe4mXcw2x3Y+ wliLy1CWDtfl24L8ah//nLQMtttfG4kXjiB8JqUnS7US+W3vvH3AXxi+wZb5W2qi 7gPXMErUCUA= =Ew/6 -----END PGP SIGNATURE----- From hfinney at shell.portal.com Thu Nov 4 21:47:41 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Thu, 4 Nov 93 21:47:41 PST Subject: Signing keys for nyms Message-ID: <9311050543.AA26998@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- Eric Hughes writes, regarding the problem of determining whether the key of a "nym" is valid: > If a provider of any sort is the sole means of access to a series of > communications, there will be the possibility of tampering. If some > public key must issue forth through this channel only, it is possible > to alter the pseudonym's public key each time it is passed throught > that channel. Since every protocol which uses communications only > through the server won't work, every solution needs another channel. Eric goes on to describe a solution based on sending the key through two different channels, with a return message via the pseudonym server channel. I think this is a good solution, but there is the possibility that the evil pseudonym server could corrupt the return message so that the nym did not find out that his key was being mangled (although other people would find out, which may be good enough). A more general solution is to use more than one pseudonym server. Assuming they aren't both colluding, you can send your nym1 key to nym2, and vice versa. By providing two or more channels back to you as well as out from you, you are able to detect corruption of your messages. Eric suggested that if the pseudonym server signed the user's key, then corruption of the key could be proven to third parties. I'm not sure this is the case, because it would seem that a user could falsely incriminate a pseudonym server by claiming that he had never created the key which the pseudonym server signed, that it was a bogus key. I suppose reputations would have to play a role then, in weighing the credibility of the pseudonym server against that of the nym. Hal hfinney at shell.portal.com -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLNm4NagTA69YIUw3AQFGOwQApSwLHzBfQKStZd6g/17dsL3WUtgCvy6D OyQjFQ3dRd6VRGrEaQ7aRbnae9If0NqF2qbaxeHAKNP/Uiyo/cGBWvFjAxWeVyY0 hddLRBygxIyqjkDkxAEBGaYRruly8TC4TEU45ChwSUz2Smh0rDm8S2GINgXe340P a1peTNDPSlI= =Ywbw -----END PGP SIGNATURE----- From hfinney at shell.portal.com Thu Nov 4 22:37:41 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Thu, 4 Nov 93 22:37:41 PST Subject: ANON: pools Message-ID: <9311050634.AA00945@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- >address). This means that you will have to trust the person running the >remailer. One point is being missed here - a chain of remailers is as strong as its STRONGEST link. As long as even ONE remailer in the chain is trustworthy, hiding the connection between incoming and outgoing messages, your anonymity is preserved. The suggestion that remailers themselves choose the routing path means that you have to trust the remailer that chooses the path. If it is corrupt, it can defeat the effect of the path. To protect yourself, you want to use many remailers in the chain, and use a system which does not require you to trust any one remailer. Having the remailers choose the path does not really help. Hal Finney hfinney at shell.portal.com -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLNnDFKgTA69YIUw3AQFDWQP/fCdoob+6zBSTFIlvnWLmXEL5+KPzMOgf AOImZJlFDOSAbAL2GK/+Pm/tsOiLEQ0MD7yEvUjafpM0D2qEtsxzz7FJvJl09+gd GFoGrMmbkCavFqajYGK89aq+8ESGIc4Gefyob4izeAOOWXIhZpS2CjX16CQ2s0DZ U2xTGaO67/Q= =0MVk -----END PGP SIGNATURE----- From hfinney at shell.portal.com Thu Nov 4 22:37:51 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Thu, 4 Nov 93 22:37:51 PST Subject: message depots, packet routing? Message-ID: <9311050634.AA00949@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- A few discussions of DC-Nets here show a small misconception. The network topology does not have to be the same as the DC-Net topology. What I mean is this: the communication in the network may be a ring or any other topology. But that does not mean that you only share random numbers with your neighbors on the ring. You can share random numbers (on a pairwise basis) with every other participant in the network, in the most extreme case. Look at this diagram, showing four people communicating in a DC-Net. The lines represent shared random number one-time pads. A---------B | \ / | | \ / | | / \ | | / \ | C---------D Each person shares random numbers individually with every other person in the network, in this example. A and B share their own random numbers, A and C share a different set, A and D have their own, B and C do, and so on. But that does not mean that the network communication topology has to be all to all. Instead, a ring topology could be used, with packets passing around the network A-B-D-C-A-B-D-C-.... At each step, A would xor in the next random number from each of the three pads that he is using, then xor in his message bits if he has anything. Then he would pass it on to B. After the packet has gone all the way around, the message (if any) would be revealed. And in this case it doesn't matter who your "neighbors" are in the communication network. B and C colluding can't distinguish whether messages come from A and D despite the fact that they separate them in the comm network. So this concern about "knowing your neighbors" in the DC-Net is not as serious as it sounds. If truly paranoid people want to participate in a DC-Net (and who else would?) then they can use a DC-Net topology which does not allow partitioning. This adds overhead and inconvenience of distributing shared random numbers, but it does not require the communication pattern to change. BTW, I like the name someone proposed for a DC-Net: "Ouija Net". The idea is that messages appear in a DC-Net somewhat like messages appearing on a Ouija board. The true source of most Ouija board messages, IMO, is people pushing the indicator around. But because everyone is touching it, each person has plausible denial. You know that SOMEONE is moving it, but there is no way to tell who. This is similar to DC-Net messaging. Hal hfinney at shell.portal.com -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLNnG0qgTA69YIUw3AQFigQP+LDMO6S7HkS4YkLdctLus4GamIvb/BxSX uG8VcZ/0eujQt8ZEIlNEzwNZvBR3Sio8gKko2jjvmWDGyobibSpctfqcr5Qf42xz 42TWVzYCjg+tka6FttosZ0phwGP1m7Dy+sC/zE0YmEQagS6jDSn/RiqR2PDMSJZn FEo2lfh8tmQ= =ZUfW -----END PGP SIGNATURE----- From miron at extropia.wimsey.com Thu Nov 4 23:27:41 1993 From: miron at extropia.wimsey.com (Miron Cuperman) Date: Thu, 4 Nov 93 23:27:41 PST Subject: ANON: pools In-Reply-To: <9311041709.AA13687@arcadien.owlnet.rice.edu> Message-ID: <1993Nov5.064715.7230@extropia.wimsey.com> -----BEGIN PGP SIGNED MESSAGE----- klbarrus at owlnet.rice.edu (Karl Lui Barrus) writes: >stuff about interfacing different pools sounds good. Miron is running >one at extropia.wimsey.com (mail to pool0-request or pool0-help). Err... The correct procedure is to send 'help' on the subject line to pool0-request. >Basically, it is a mailing list with several subscribers. If you want >to send a message to one person, encrypt it and send it to the pool. >Everybody gets the message, but only one person can decrypt it. That's a good description as any. Miron - -- Miron Cuperman | NeXTmail/Mime ok Unix/C++/DSP, consulting/contracting | Public key avail AMIX: MCuperman | What we seek is not the overthrow of the government but a situation in which it gets lost in the shuffle. anon. -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLNn215NxvvA36ONDAQGqiQP9GG8hVqK7/hkBjM0q/P3Hnos9fTFapDsZ 0ft4QEH2VIVVo5eXnEwbbmKCESimuk0Rt0AUSF6jFObbT1hbqLkNdVHSom59wheo wfGcF8H6+9BBCQjKIhoRILdkanZSRCHLQMRonl3ggZofIUBxKs4JeUEmwUWWxZ2Z ULUef3Khz+Y= =4467 -----END PGP SIGNATURE----- From hughes at ah.com Thu Nov 4 23:57:42 1993 From: hughes at ah.com (Eric Hughes) Date: Thu, 4 Nov 93 23:57:42 PST Subject: Signing keys for nyms In-Reply-To: <9311050543.AA26998@jobe.shell.portal.com> Message-ID: <9311050750.AA05585@ah.com> re: my protocol for determining whether your pseudonym server is spoofing your public key distribution. >Eric goes on to describe a solution based on sending the key through >two different channels, with a return message via the pseudonym server >channel. I think this is a good solution, but there is the possibility >that the evil pseudonym server could corrupt the return message so that >the nym did not find out that his key was being mangled (although other >people would find out, which may be good enough). The pseudonym server may deny service, that is either refuse to pass the email at all or corrupt the container (a piece of email) so that no message is sent. As the owner of the pseudonym tries the protocol multiple times and never gets a response, alteration at the server become more plausible. What the pseudonym server cannot do is read the contents of the incoming message. If this message contains a bit of data that was not passed through the server, either a signature made by the match-and-remail server or by an arbitrary number passed through the anonymous channel, then the pseudonym server cannot make a valid message to substitute for the return message. The pseudonym server can substitute any arbitrary message it cares to, since it does have the pseudonym's true public key, but it cannot know what to put in such a message, either because it does not hold the private key of the M&R server or because it has never seen the arbitrary number passed out of the other channel. >Eric suggested that if the pseudonym server signed the user's key, then >corruption of the key could be proven to third parties. If the pseudonym server is signing keys, it will have to send one certificate on the true key to the owner of the pseudonym and one certificate on the false key. The certificates have different keys and the same identifier. This pair of certificates, exhibited side by side, is prima facie evidence of alteration of keys. This is the situation that I was speaking of. >I'm not sure this >is the case, because it would seem that a user could falsely incriminate >a pseudonym server by claiming that he had never created the key which the >pseudonym server signed, that it was a bogus key. The certificate that a pseudonym provider signs asserts the following: "I certify that this key K is a key of name N who can be reached at address A for which I provide final delivery." Let us assume that the pseudonym server is propagating a false key; we may also assume that the false key has a certificate as above. If the pseudonym owner is not using a public key, they're screwed. The identity is the public key, not the email address, which is only a form of delivery. The server is asserting that a cryptographic identity is reachable at that address, but the pseudonym owner thinks that mail delivery is sufficient to prove identity. In fact, a cryptographic identity _is_ reachable at that address, it's just that that identity is not the one whose mailbox it is. In Hal's situation, the pseudonym owner claims that the server is distributing a false key. Immediately after such an claim, the first question will be "Well, where is your public key and the certificate made by the server?" Unless the pseudonym owner can exhibit these, the accusation holds no weight. Eric From ateel at nyx10.cs.du.edu Fri Nov 5 00:27:42 1993 From: ateel at nyx10.cs.du.edu (A. J. Teel - Sui Juris) Date: Fri, 5 Nov 93 00:27:42 PST Subject: bouncing mail? Message-ID: <9311050824.AA26688@nyx10.cs.du.edu> Dear cypherpunks at toad.com: I read the following message and then followed itss instructions and the messages after it were the result. Any ideas? BTW: What is cypherpunks? +---------------------------------------------------------+ | With Explicit Reservation of All Rights (U.C.C. 1-207), | | Regards, -A. J. Teel-, Sui Juris (ateel at nyx.cs.du.edu). | | Call (303) 687-4935 anytime! Finger for PGP PUBLIC KEY. | | Please use "ateel at nyx.cs.du.edu" NOT ". at nyx10." Thanks. | +---------------------------------------------------------+ --------------------- Msg 1 --------------------- Date: Tue, 2 Mar 93 00:09:27 CST From: dclunie at pax.tpa.com.au (David Clunie) Message-Id: <9303011339.AA15227 at britt> To: cypherpunks at toad.com Subject: Mail server for PGP sources I gather some people have had trouble obtaining sources for PGP. I have accumulated those I can and they are available from my mail server. If you can get these somewhere closer then great, but if desperate feel free to get them from here (as long as the load doesn't get out of hand I will keep it going). The address is "mail-server at pax.tpa.com.au". Help is available by sending in the message body: send help end An index of PGP files is available by sending in the message body: index pgp end And results in something like the following ... Date Size Index: pgp ---------- ------ ---------------------------- 1992/12/25 216K security/pgp/macpgp2.0.sit.hqx 1992/12/25 160K security/pgp/msiguide.zip 1992/12/25 33K security/pgp/ngclon11.zip 1992/12/25 168K security/pgp/pgp-ng.zip 1992/09/13 184K security/pgp/pgp20.zip 1992/09/13 376K security/pgp/pgp20src.zip 1992/12/25 536K security/pgp/pgp21.tar.Z 1992/12/25 192K security/pgp/pgp21.zip 1992/12/25 656K security/pgp/pgp21ami.lha 1992/12/25 240K security/pgp/pgp21os2.zip 1992/12/25 440K security/pgp/pgp21src.zip 1992/12/25 224K security/pgp/pgp21_next.tar.Z 1992/12/25 256K security/pgp/pgp21_sparc.tar.Z 1992/09/13 464K security/pgp/unix_pgp20.tar.Z Probably pgp21.tar.Z or pgp21.zip are what you want for unix or pcdos respectively. If anyone has a more recent mac version I will put that up too. david --------------------- Msg 2 ----------------- From MAILER-DAEMON at mordor.cs.du.edu Fri Nov 5 00:16:55 1993 From: MAILER-DAEMON at mordor.cs.du.edu (Mail Delivery Subsystem) Date: Fri, 5 Nov 93 01:16:55 MST Subject: Returned mail: Host unknown Message-ID: <199311050816.AA26755@mordor.cs.du.edu> ----- Transcript of session follows ----- 550 pax.tpa.com.au (TCP)... 550 Host unknown 554 ... 550 Host unknown (Authoritative answer from name server) ----- Unsent message follows ----- Received: from nyx10.cs.du.edu by mordor.cs.du.edu with SMTP id AA26753 (5.65c/IDA-1.4.4 for ); Fri, 5 Nov 1993 01:16:14 -0700 Received: by nyx10.cs.du.edu (4.1/SMI-4.1) id AA26238; Fri, 5 Nov 93 01:16:38 MST Date: Fri, 5 Nov 93 01:16:38 MST From: ateel at nyx10.cs.du.edu (A. J. Teel - Sui Juris) Message-Id: <9311050816.AA26238 at nyx10.cs.du.edu> X-Disclaimer: Nyx is a public access Unix system run by the University of Denver. The University has neither control over nor responsibility for the opinions or correct identity of users. To: mail-server at pax.tpa.com.au Subject: ... send help end ------------------------------------------------ From MAILER-DAEMON at mordor.cs.du.edu Fri Nov 5 00:17:17 1993 From: MAILER-DAEMON at mordor.cs.du.edu (Mail Delivery Subsystem) Date: Fri, 5 Nov 93 01:17:17 MST Subject: Returned mail: Host unknown Message-ID: <199311050816.AA26761@mordor.cs.du.edu> ----- Transcript of session follows ----- 550 pax.tpa.com.au (TCP)... 550 Host unknown 554 ... 550 Host unknown (Authoritative answer from name server) ----- Unsent message follows ----- Received: from nyx10.cs.du.edu by mordor.cs.du.edu with SMTP id AA26759 (5.65c/IDA-1.4.4 for ); Fri, 5 Nov 1993 01:16:46 -0700 Received: by nyx10.cs.du.edu (4.1/SMI-4.1) id AA26298; Fri, 5 Nov 93 01:17:11 MST Date: Fri, 5 Nov 93 01:17:11 MST From: ateel at nyx10.cs.du.edu (A. J. Teel - Sui Juris) Message-Id: <9311050817.AA26298 at nyx10.cs.du.edu> X-Disclaimer: Nyx is a public access Unix system run by the University of Denver. The University has neither control over nor responsibility for the opinions or correct identity of users. To: mail-server at pax.tpa.com.au Subject: ... index pgp end ---------------------- Msg 3 ---------------------- From szabo at netcom.com Fri Nov 5 01:52:28 1993 From: szabo at netcom.com (Nick Szabo) Date: Fri, 5 Nov 93 01:52:28 PST Subject: Commerce models Message-ID: <9311050950.AA06937@netcom.netcom.com> Here's a copy of a post I made to imp-interest at thumper.bellcore.com (among other reasons to refute Detweiler, who is on imp now promoting his "tag the criminals" agenda). I hope I've given a fair overview of some of the things we're interested in, but from a "pro-commerce" rather than "pro-cypherpunks" point of view. (I find the ends and means to be very similar, but the point of view is different. imp-interest is interested in pushing Internet commerce, not ideological agendas). ----------------------- > 1. Can anyone else come up with some other Internet commerce models? You mentioned one of the original digital cash shemes. There are wide variety of offline (2-party transactions) and online (realtime connection of buyer & seller with bank) digital cash proposals, many by David Chaum, his students, and colleagues (cf. Eurocrypt and Crypto proceedings). Some of these can be implemented securely in software, without the need for smart cards or other kinds of physical security. (For example, one's own digital cash can be encrypted with one's own private key & passphrase, making it as difficult to rip off as any other form of electronic money). Also, Chaum has an interesting per-organization pseudonym/transferrable credentials system that could allow checking credit ratings without revealing identity. Another, much simpler concept, is "digital postage", where tokens would be sold per service provider, perhaps from physical stores or vending machines, or online in exhange for other tokens, or by a non-private means like credit card as long as there is a fluid market for such tokens. These would be much like the token cards used now in subways, copy machines, etc. Although this is not as general as digital cash, client software might allow a wide variety of tokens to be maintained and used automatically, and the basic software would be less complicated (the underlying security protocols easier to understand and implement purely in software). > 2. Do you think that the IBS model is good? (Forgive me if I'm misunderstanding the nature of Internet Billing Service; I'm basing my comments on your comparison of it to credit card billing). I'm very concerned that IBS and on-line checks would, like credit cards, lack privacy, allowing dossiers to be easily collected on customer buying patterns. Under such systems there would be incentive for those seeking privacy to spoof (eg by creating false credentials and/or credentialling agencies), as well as for those seeking to defraud to spoof. A good net commerce model should be able to deal with the fact that many Internet users can easily create pseudonyms, and credentials (digital signatures, etc.) for those pseudonyms, without demanding expensive, privacy-endangering "true ID" enforcement. Given the extremely messy legal environment with thousands of jurisdictions criss-crossed by the Internet, a basic principle of Internet commerce should be to minimize the need for legal intervention. Also I'm concerned about the vulnerabity of the IBS organization(s) themselves to corruption, which could sap or destroy an economy centered on such an agency. A good commercial model should be decentralized so that any such corruption can be quickly routed around, much like the Internet is built to route around node failures. With the efficiency of on-line software customers can "ping" banks, billing services, etc. by depositing money in a very fine-grained manner at a wide variety of such service providers, to determine which services are the most trustworthy. Extensive reputation records for these services can be accumulated, searchable on-line Consumer Reports. Thus I hope a wide variety of decentralized means of Internet commerce can be tolerated. Of the possible means, digital cash and/or pseudonyms with transferrable credentials seem the most attractive. They are complicated in raw protocol and software, but could present a simple conceptual interface for most users, and they don't demand that third parties, ie net culture, net user's software, and world politics be changed in in fundamental ways. Some sorts of changes might happen, but the goal of Internet commerce is not to predict them or bring them about or prevent them (we can't do those things any better than anybody else), but to set up Internet commerce without having to rely on major help or change on the part of third parties. Nick Szabo szabo at netcom.com From felix at hu.se Fri Nov 5 02:32:28 1993 From: felix at hu.se (Felix Ungman) Date: Fri, 5 Nov 93 02:32:28 PST Subject: Macintosh PGP CDEV Idea Message-ID: <199311051029.AA15275@mail.swip.net> I have some ideas I've been working on (a modular approach). To be sucessfull, a cryptographic utility for the Mac has to fit nicely into the system. Here's my proposal (divided into five layers): 1 - CryptoModules To do encryption we need cryptographic algorithms. These are written as small modules (code resources) and are put into the Extensions folder. They contain algorithms but no user interaction. It's easy for the user to install and upgrade CryptoModules. It's also easy to write new modules, as you don't need to worry about user interfacing, and can concentrate on the algorithms. 2 - CryptoAccess This module is the interface to the CryptoModules. It provides c/pascal routine interface and scripting abilities (AppleEvents). Contains no user interaction, and is key oriented (it looks up the right algorithm for a given key). 3 - CryptoAPI This module handles the user interaction. Provides the dialogs and menus neccesarry for encrypting/signing data. Accessed by c/pascal routines or AppleEvents. 4 - Applications/Utilities With the CryptoAPI it's easy to write encryption capable programs. Very little code has to be added to existing applications. A nice utility would be encryption of text in TextEdit. 5 - Integration with System 7 Pro Patching the Digital Signature Manager will extend the system in a consistent way. All neat features (like signing in the Finder, etc) will also work with PGP. Unfortunately, I haven't enough spare time to do all this myself. The layer model makes it possible to divide the work that has to be done. ---------------------------------------------------------------------- True Name: Felix Ungman "Gen is god and your God is not" From zeek at IO.COM Fri Nov 5 07:47:47 1993 From: zeek at IO.COM (zeek) Date: Fri, 5 Nov 93 07:47:47 PST Subject: Remailer Abuse? Message-ID: <9311051540.AA27805@illuminati.IO.COM> -----BEGIN PGP SIGNED MESSAGE----- What constitutes remailer abuse is my question. I'm aware of the obvious reasons, but unclear about the details. I suppose this question could be asked another way; what constitutes the *proper* use of a remailer? Or; have clear guidelines been drawn for them? - -z - -- ThesearelessonswhichIlearnedinpartwalikingwithmydogsandwonderinghowtheworld lookswithoutafoveaandveryfewretinalcellsforcolourvisionbutwithahugeneural processingandsensoryareaforsmellsTheeyesmadeavailableinmoderntechnological sciencesshatteranyideaofpassivevision-donnaharraway. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLNpzwmH4Xujemt89AQEc7wP/b5VNxNG6AvkdjXt/oWiRp5cB6a2DDEvx s+UuJUuaw42LPn10H7pOb8pIr9Uz1NK+CKUvMqbxnH9v859pFqh1DjHTDvit7MYf Kr8khtZdZusZUqgAttZ+gHC1uQdkM1fcCqabAz2+9689kPfhnlcYfGoito1o/xfz cUoN/LIuZCI= =3zpi -----END PGP SIGNATURE----- From pierre at shell.portal.com Fri Nov 5 07:57:46 1993 From: pierre at shell.portal.com (Pierre Uszynski) Date: Fri, 5 Nov 93 07:57:46 PST Subject: ViaCrypt PGP has arrived Message-ID: <9311051556.AA16560@jobe.shell.portal.com> > From: jim at bilbo.suite.com (Jim Miller) [...] > I realize that by not compiling the code myself on my own machine I basically > have to trust the ViaCrypt PGP implementation. So be it. If there is > something wrong with ViaCrypt PGP I believe it will eventually be discovered. > Somebody will no doubt disassemble it and look for backdoors. If someone finds > one, ViaCrypt's reputation will be worthless. It's in ViaCrypts best interest > not to put in any backdoors. Unfortunately, backdoors have not been the main security problem in commercial system software, bugs and "honest mistakes" have been. Unfortunately too, there has been very little pressure by customers to hold companies accountable for the software they ship. Usually somebody uncovers a bug, uses it for a while, is detected, and that causes (in the best case) the software company to issue a new patch. Some distribute the patches for free, some make you pay big bucks for it. But never is the company really harmed by the fact that it claimed some level of security (or functionality), and was not providing it. If, in the future, ViaCrypt says "ooops, there was a debugging switch left on when we compiled, here is a free patch." would you discard your ViaCrypt PGP, buy the competitor's version (there is none), and sue them? Did they include any disclaimer in the license? Call me cynical, Pierre. pierre at shell.portal.com From dmandl at lehman.com Fri Nov 5 08:12:30 1993 From: dmandl at lehman.com (David Mandl) Date: Fri, 5 Nov 93 08:12:30 PST Subject: PGP BUG/FEATURE: multi-platform keys Message-ID: <9311051606.AA04336@disvnm2.lehman.com> > As long as I'm at it, here are some more macPGP2.3 bugs, for those who care. Trying to decrypt a message signed by a key I don't have causes a serious crash requiring reboot. Trying to select cancel in a signature dialogue just raises the same dialogue box instead of cancelling. I'm running on a powerbook 145 under system 7.0.1. > > Eternal!Optimist at anon.penet.fi (copyright 1993, Eternal Optimist [Ha Ha Ha]) > 0) 0) =:()]-< It's been a while since I beta-tested MacPGP 2.3, but I think that... The problem with quitting out of the pass phrase prompt was a "feature." When you pressed CANCEL, the interface told the pgp engine that you had typed in a bad pass phrase. I guess this was an easy quick and dirty way to handle it. The problem was, when you typed in a bad pass phrase, you were given two more chances to get it right. Therefore, when you pressed CANCEL, you were also prompted two more times. So, you had to press CANCEL three times to quit from that prompt. This was fixed in 2.3a, a beta version of which I've got. I guess the official 2.3a has been released by now, but I haven't checked. --Dave. From cme at sw.stratus.com Fri Nov 5 08:37:45 1993 From: cme at sw.stratus.com (Carl Ellison) Date: Fri, 5 Nov 93 08:37:45 PST Subject: Sternlight Message-ID: <199311051636.LAA02859@ellisun.sw.stratus.com> I don't know who wanted to start reposting Sternlight posts to this list, but I have a good way in my news reader to avoid mail from him or in reply to him or talking about him -- but lack such facilities in my mail reader. Could any message mentioning Sternlight or reacting to something he said (however indirectly) include his name in the subject line so that I can kill it without reading? Thank you. - Carl From doug at netcom.com Fri Nov 5 08:57:45 1993 From: doug at netcom.com (Doug Merritt) Date: Fri, 5 Nov 93 08:57:45 PST Subject: trusting software Message-ID: <199311051657.IAA20001@mail.netcom.com> ogr at wyvern.wyvern.com (Jason Plank) said: > Phil Zimmerman solved this problem by supplying the source code for >his product. You can see for yourself that there are no backdoors. This helps, but is imperfect. How many people will read their particular copy in sufficient detail to ascertain that there aren't any obvious backdoors added by e.g. a sneaky archive site maintainer, or some sneaky cracker who found a way to modify the archived copy? Furthermore, even close reading won't absolutely *guarantee* the lack of backdoors in all cases, even if the reader is an expert on relevant subjects. We'll all continue to use software despite lack of absolute assurances, but it's worth keeping in mind what the situation is. Doug From doug at netcom.com Fri Nov 5 09:17:45 1993 From: doug at netcom.com (Doug Merritt) Date: Fri, 5 Nov 93 09:17:45 PST Subject: trusting software Message-ID: <199311051714.JAA21715@mail.netcom.com> greg at ideath.goldenbear.com (Greg Broiles) said: >It's not clear to me how you can trust systems not under your control to >report on themselves or local conditions accurately. As your program gets >more complex, aren't you going to run into an analog of the Turing >machine/halting problem? The idea is to encode the important-to-be-trusted features of the software and the inter-machine protocol handshake together into the equivalent of a Goedel number which acts as a public key during the protocol handshake, so that any change to that core encoding of the functionality would have the side effect that it was no longer able to communicate. >It's an intriguing idea, but it's still very unclear to me how it might >work on software of any real complexity. Yeah...I'm having strong difficulties with doing it in a way that is computationally feasible as well as theoretically sound. Several times I thought I'd found the right approach but then found holes in it. So I lied in implying that I really did have a final algorithm....I *thought* I did, but I was wrong. Doug From jdblair at nextsrv.cas.muohio.EDU Fri Nov 5 09:57:46 1993 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Fri, 5 Nov 93 09:57:46 PST Subject: punk-net mailing list Message-ID: <9311051817.AA16654@ nextsrv.cas.muohio.EDU > To those interested in participating in a hardware specific cypherpunks list, (punk-net, net underground, whatever) e-mail me. My sysadmin is cool with the idea of setting the list up here, so if a decent number of people respond over the next week, I'll set it up. So, hardware fiends... time to bring a whiff of burnt flux and overheated resistors to the world of underground cryptography. -john. jdblair at nextsrv.cas.muohio.edu From collins at newton.apple.com Fri Nov 5 11:27:47 1993 From: collins at newton.apple.com (Scott Collins) Date: Fri, 5 Nov 93 11:27:47 PST Subject: Hole in MD5 (Not) Message-ID: <9311051919.AA10041@newton.apple.com> What follows is a private e-mail exchange with Burt Kaliski (posted with his permission), where he clarifies the 'hole in MD5' and shows that it does not afford the attack I described previously. Mike Ingle: >Recently there was a message here about MD5 having a hole in it. >Maybe this is what the person was talking about... Bruce Schneier: [ describes Bart Preneel's Ph.D. thesis, which cites the work of den Boer and Bosselaer ] Burt Kaliski: [ a LaTeX document noting the implications, or lack thereof, of den Boer and Bosselaers' work ] Scott Collins: [ describes an attack on (e.g.) Bellcore's timestamp system; wonders if den Boer and Bosselaers' work makes this attack possible ] Burt Kaliski (private response): >When operating on single blocks, MD5 computes a function z = f(x,y0), >where x is the 512-bit message block, y0 is a fixed 128-bit value, and >z is the 128-bit message digest. > >den Boer and Bosselaers found a way to construct a triple (x,y1,y2) >such that f(x,y1) = f(x,y2). The y1 and y2 values are not the same as >the fixed y0, so clearly this is different than an MD5 collision, >which would have different message blocks. > >I'm not sure how this relates to the attack you have in mind, although >I'd be interested in more details. Also, the attack you describe is >"after-the-fact" in the sense that the target value h_N is already >published. To forge a time-stamp at that point, what I need is not a >collision, but an inversion. (I have to find something that hashes to >h_N.) Collisions play a greater role "before-the-fact," where I might >give Eve something to sign, where I happen to know another message >with the same digest. > >-- Burt Kaliski >RSA Laboratories Scott Collins: > [ ... ] > >Ahh. This is not (even close to) a big enough foothold to support my >attack. :-) > > [ ... ] > >The attack does, in fact, require inversion. Since the verifier can't >compare the depth of the alleged hash tree to the actual one, the attack is >still possible even when only _some_ inversions are possible, as long as >the attacker can find one along the actual path to the root (the degenerate >case being when the attacker can find an inversion for the root itself). > >The attack only came to mind because the the depth cannot be verified, and >so the attacker is not limited in the number of steps (in case she can only >find inversions of a special form); the intermediate hash values are all of >minimal size; the intermediate hash values are expected to be 'random', and >so there is no constraint requiring human-readable inversions. Thus, it >seemed that if an the hash could be usefully inverted, this would be the >situation that allowed it. > >Thanks for the clarification. May I repost your answer, or at least _this_ >message which quotes it, to the original distribution list of my question? Permission was granted. Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2B Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024:669687 catalyst at netcom.com From gtoal at an-teallach.com Fri Nov 5 11:32:30 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 5 Nov 93 11:32:30 PST Subject: Sarah's Bio Message-ID: <5816@an-teallach.com> In article <199311051657.IAA20001 at mail.netcom.com> doug at netcom.com writes: > ogr at wyvern.wyvern.com (Jason Plank) said: > > Phil Zimmerman solved this problem by supplying the source code for > >his product. You can see for yourself that there are no backdoors. > > This helps, but is imperfect. How many people will read their particular > copy in sufficient detail to ascertain that there aren't any obvious > backdoors added by e.g. a sneaky archive site maintainer, or some sneaky > cracker who found a way to modify the archived copy? Well, I did for one. Some of you may remember me posting to sci.crypt quite some time ago, because the one thing I wasn't happy about was the use of a probabilistic primality tester when there were completely certain primality tests available (albeit a bit more expensive in cpu). (especially since I didn't understand how the probabilistic one worked) I see from a posting on sci.crypt today that the probabilistic tests have been show to be possibly mildly weak in some infrequent cases. Probably not worth worrying about, but still, it's a sobering thought. The rest of the code I understood well enough to trust it, mostly :) G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From ebrandt at jarthur.Claremont.EDU Fri Nov 5 12:47:47 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Fri, 5 Nov 93 12:47:47 PST Subject: trusting software In-Reply-To: <199311051657.IAA20001@mail.netcom.com> Message-ID: <9311052045.AA11880@toad.com> > From: doug at netcom.com (Doug Merritt) > Furthermore, even close reading won't absolutely *guarantee* the lack of > backdoors in all cases, even if the reader is an expert on relevant > subjects. Case in point: sendmail. The sendmail code is something like a nucleon, in that one can apparently obtain an arbitrary number of bugs by putting sufficient energy in. ViaCrypt's market is people who want unquestioned legality as well as decent security. The best way to get this is to use PGP 2.3a, with source, while holding a license to a product producing identical output. Conveniently, editing the "2.3a" to "2.4" in a PGP-encrypted file causes no apparent problems. Eli ebrandt at jarthur.claremont.edu From MJMISKI at macc.wisc.edu Fri Nov 5 13:12:30 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Fri, 5 Nov 93 13:12:30 PST Subject: dcnets and tcmay cartoon Message-ID: <23110515071891@vms2.macc.wisc.edu> I have just been reading d. Chaum's _Security without identification: Card Computers to make Big Brother Obsolete_ and have some questions. But Ill ask the serious ones in another post. For this one, and to satisfy the comparable conspiracy buffs on the list, look first at the Cypherpunks Wired issue. Now look at the comic in Chaum's paper. I guess that bearded guy with the longer hair could be....hmm....Jamie...no...Nick...no ITS TIM MAY! --Matt ______________________________________________________________________________ In defense of liberty, encrypt for all purposes, civil and professional. In defense of privacy, encrypt all correspondence, personal and professional. In defense of sanity, do not encrypt your dry cleaning invoice! ++++++++--------mjmiski at macc.wisc.edu (c)1993 From klbarrus at owlnet.rice.edu Fri Nov 5 15:52:35 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Fri, 5 Nov 93 15:52:35 PST Subject: ANON: random remailing Message-ID: <9311052351.AA14311@elf.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- >Exacltly how do you fake mail with telnet or use a newsgroup for >one-way anonymous email? Care to elaborate? Whoops, I think I was vague in my earlier response. In mail, either you know whoever your mailing to or you don't. If A wants to mail B and doesn't need a response: If A doesn't know B, A could use telnet to fake mail to B. This leaves more of a trail than an anonymous remailer, narrows down where the message could have come from, but obscures who actually sent it (I'm sure some logging facilities invalidate this). If A knows B, they could agree to use a newsgroup as an anonymous pool (sort of). A posts a message, B reads it. - From time to time, random remailing is suggested. I think I'll go re-read Chaum's paper and think about it more, but I'm nearly positive that this makes it easier to pair up sender and destination. Suppose remailers used random routing. Assuming one remailer can be trusted (the first hop) so linking A and mail sent to the trusted remailer is not possible, A could send to B via the trusted remailer. B's address will be made available to every remailer. Now when B replies, A's address is made available. Caching and padding messages may help, but all an eavesdropper has to do is monitor mail from B, a known address, and when mail hits any remailer, A's address is known. So is it reasonable to assume an eavesdropper can monitor a remailer (all remailers except the trusted remailer), they can also monitor an arbitrary address (B's)? Hm... -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLNrmyoOA7OpLWtYzAQHZxgP9HtoFrHh+grNuP3rG3jI+uXYRi36FzQ7f /BftSwec4ZGtJ/L14EB1fwP6j31m365VflUMzckJk0kViLcS3pMT85dCEK5pIduu kzzdhBGS/MRYaj2uHlSMdz2dtyzwtjYc7hLyAriPLCKcwLrCcc440G81Z0BSWOhj 5ECgPYSNsIM= =VKgV -----END PGP SIGNATURE----- From 72461.2150 at CompuServe.COM Fri Nov 5 19:12:36 1993 From: 72461.2150 at CompuServe.COM (John Alden) Date: Fri, 5 Nov 93 19:12:36 PST Subject: Newsletter? Message-ID: <931106030757_72461.2150_CHU53-1@CompuServe.COM> Hi, I heard you publish a newsletter - how can I get a copy? TIA, John Alden PO 1492 Mercer Island, WA 98040 From nobody at cicada.berkeley.edu Fri Nov 5 20:17:52 1993 From: nobody at cicada.berkeley.edu (nobody at cicada.berkeley.edu) Date: Fri, 5 Nov 93 20:17:52 PST Subject: information meter Message-ID: <9311060416.AA07749@cicada.berkeley.edu> >From Bits and Bytes Online v1 #14: >=> INFO METER. The "information meter" chip developed by Wave Systems >can be installed in any computer and used to bill users for the amount >of software and/or data they actually make use of. The chip costs >less than $30. (Forbes 10/18 93, EDUPAGE 10/19/93) Little brother is watching your computer! From hh at cicada.berkeley.edu Fri Nov 5 20:37:52 1993 From: hh at cicada.berkeley.edu (hh at cicada.berkeley.edu) Date: Fri, 5 Nov 93 20:37:52 PST Subject: Remailer Abuse? In-Reply-To: <9311051540.AA27805@illuminati.IO.COM> Message-ID: <9311060434.AA19801@cicada.berkeley.edu> In message <9311051540.AA27805 at illuminati.IO.COM>, zeek writes: >What constitutes remailer abuse is my question. I'm aware of the obvious >reasons, but unclear about the details. Harassing other users is considered abuse, and sending chain letters is a form of harassing other users. However, it's not a very serious form of abuse. If I found conclusive evidence that someone were sending something like childporn through my remailer, I would take some pretty drastic actions. Chainletters are just an annoyance. >I suppose this question could be asked another way; what constitutes >the *proper* use of a remailer? Or; have clear guidelines been drawn for >them? Well, there aren't any guidelines for the proper use. The only things which are improper uses are uses designed to make the Net a less friendly place by harassing other users, and uses which I find morally unbearable, like childporn or something like that. Note that the only way I found out that you had sent that through my remailer was because the mail bounced. The only way I am aware of stuff going through my remailer is stuff that bounces or when recipients of mail complain. I don't read logs; I wouldn't have time to do that if I had 30 hour days, and besides, most of it is encrypted anyway. e From abootch at sfsuvax1.sfsu.edu Fri Nov 5 23:47:54 1993 From: abootch at sfsuvax1.sfsu.edu (Bokum Bop Till You Drop) Date: Fri, 5 Nov 93 23:47:54 PST Subject: pgp in the weirdest places! Message-ID: <9311060745.AA13909@sfsuvax1.sfsu.edu> Hello out there - A friend of mine recently bought a computer and I've spent the past couple days with him setting it up and stuff. Anyways, I've come across some interesting stuff in his fax/modem software. In converting a word processing text into a format the fax recognizes, I got a weird file that seemed to be encrypted in pgp or something - I'm not sure since I haven't seen pgp run on dos. That was no big deal but when I scanned through the converted text I found various messages about pgp. Some of it was obviously from the readme files but there was some other stuff about some other Hughes guy (btw, I'm a newbie, so...) that wasn't Eric. I'm not that familiar with pc so I couldn't really help him so I'm calling on you guys. The software is called "Quick Link II" It claims to be the "Next Generation in Communication Software" and seemingly so. Its from Smith Micro Software Inc. and its being run on yer average 486 sx20. I'll post the converted texts if there's interest but in the meanwhile I am highly confused! -- From DOUGHTYD at Citadel.edu Sat Nov 6 00:02:36 1993 From: DOUGHTYD at Citadel.edu (Cdt Pvt Dan Doughty) Date: Sat, 6 Nov 93 00:02:36 PST Subject: unsub Message-ID: <01H4ZAE1IMYM8WW39Z@Citadel.edu> I've tried to normal unsub. It didn't work. Can someone please take me off? Thanks and sorry this had to go out. From ld231782 at longs.lance.colostate.edu Sat Nov 6 01:07:54 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sat, 6 Nov 93 01:07:54 PST Subject: pseudospoofing ad nauseam Message-ID: <9311060906.AA07563@longs.lance.colostate.edu> - another Mailing List - the Fires in my Mailbox - on the Unequivocal Distinction of Pseudoanonymity - my Position and a Modest Proposal Crystallized - an Open Letter to Criminals and Terrorists - the Story of the Cyberspatial Lynch Mob - on Pseudospoofing by the Eminent Leaders - L. Detweiler's Complete Confession another Mailing List == I would like to hear from any cypherpunks interested in starting another mailing list. I unfortunately lack the resources to start one. It seems to me there would be a strong interest in the following agenda: - in favor of Democracy and experimenting with voting systems - in favor of some form of Government, and some form of law enforcement - in favor of experimenting with reputation schemes - in favor of some identification systems, esp. to catch criminals - in favor of a `movement' that includes political aspects - in favor of a totally open, honest, representative, polite, respectful, egalitarian dialogue - in favor of systematic development and progress reports to others - in favor of presenting a professional appearance to the public and media - in favor of `some' restrictions on communications to limit criminality - in favor of putting together protocols, RFCs, and FAQs for the world - against Clipper or any involuntary encryption scheme - against behind-the-scenes machinations (`conspiracies') or elitism - against tax evasion - against black marketeering - against pseudospoofing and pseudoanonymity - against other criminal behaviors like impersonation and forgery - against routine hostility, secrecy, and flames - against manipulating the media or individual ego-assuagement - against people only interested in tedious debates or popularity contests Above all, in favor of `using technology, especially cryptographic techniques, to accomplish promote all of the above.' I don't really know how many current cypherpunks would be interested in this agenda. Judging by my mail, NONE! But seriously, I think there are some more `moderate' cypherpunks out there who would really love this agenda, and their existence has long caused a lot of tension on this list over the above points, when what is really happening is that there is a tension in fundamentally incompatible goals and views underneath it all, such that we could all be better served by better `organization' (or perhaps `segragation' or `sequestration' ). Regarding the above agenda: we should recognize that all great technologies can be used for different purposes. The internet can be used for honest communication between strangers, or it can be used to manipulate people who naturally trust each other. We can develop digital cash schemes that encourage tax evasion and black marketeering, or they can enforce some taxation and discourage criminal behavior for overall social harmony (quite like the system we currently live under). Nothing is inevitable with passivity, everything is possible with activity! As I recall, a long time ago, in a very hot flame war over the Cypherpunks name involving all the great luminaries (E.Hughes, T.C.May, P.Metzger, etc.) T.C.May ended up posting a message near the dying embers of the flames that indicated some of the other names that he and E.Hughes had tossed around. Does anyone have that message? Could you send it to me? I thought there were some interesting names in there, as I recall. I wouldn't want to take anyway from the existing cypherpunk agenda in promoting something that was entirely incompatible with it under the same name. The public and the media would certainly be confused (as if they aren't already)! I was thinking -- maybe the `cypherwonks'. (Ever hear about Bill Clinton being a `policy wonk'?) As for the mailing list, if anyone starts one I promise you my personal cyberspatial allegiance as long as it sticks to this above agenda, and humbly offer you all the things I have done on this list over about 10 months or so, like forwarding articles, summarizing views, `cypherwonk awards', mini-newsletters, hot controversy, analysis of press reports, Clipper & NSA flames, D.Denning ridicule , etc. if you provide a highly literate, polite, and professional audience. Just imagine, all of you in the L. Detweiler Hate Society (the membership has quite grown lately!) -- you could be freed of all the flames here over everything I stand for! I'm *sure* you will appreciate that. the Fires in my Mailbox == yes, the flames in my mailbox have really died down. It's gone from >I'm going to come and kill your family with a rusty razor blade. to >It would seem that, as you are a victim of such TERRIBLE CRIMES, your "RIGHT" >has BEEN alienated someWHAT. ah, I have to settle for what I can get, even if it is sarcastic. on the Unequivocal Distinction of Pseudoanonymity == (So, because I am insane, I am writing more on the subject of pseudospoofing, as more carrion for the amusement of vultures.) It really astounds me how many people continue to write me email obfuscating the distinction between anonymous/pseudonymous mail vs. pseudoanonymous. In the former category, the identification in the message says or implies, `this could be from *anyone*.' `passive concealment'. In the latter, the identification implies, `this is from a real person named [x], distinct from any other real people named [y].' Also, many continue to ignore the sheer dangers of this practice. If anyone does not understand and has not seen my essay `The Joy of Pseudospoofing', please email me and I will send it to you. (If you have seen it, and continue to miss the point, well, I can't help you. As Ann Landers says, seek professional counseling.) my Position and a Modest Proposal Crystallized == I fear my position has been accidentally misrepresented on this list by people who wish to understand pseudospoofing, or intentionally obfuscated phantoms who wish to demonize me. (Once, a long time ago, I flamed D.Denning with such searing ire on this list. T.C.May suggested that `demonizing' anyone was counterproductive and impolite. Point well taken! What goes around comes around!) Here is what I propose for the Internet. 1) a *voluntary* system whereby people who want to `authenticate' their identities can do so by registering with some form of identification. 2) identification servers could be formed that would service requests in the form, `is identity [x] a real person?' 3) hence, people who choice to screen pseudospoofed identities from their mailboxes have the choice of subscribing to a system that allows them this freedom of choice. Such a system, in my view, is NOT Draconian, NOT Orwellian, NOT against the grain of the Internet, and actually feasible in practice. And, in fact I think some form of this is *inevitable*. (and, believe it or not, contrary to the brainwashing, this is *not* incompatible with `true' or `pure' anonymity, which is quite another issue entirely.) Mr. Finney suggested this scheme for `is a person' certificates many messages ago. I fervently believe this system is going to be inevitable because of its high social usefulness and desirability. I'll bet anyone $1 in digital cash the most popular version of Cyberspace is going to have at *least* this much. an Open Letter to Criminals and Terrorists == Many people have been using all kinds of euphemisms for condoning brutality in referring to pseudospoofing etc. `anyone who doesn't know how the internet works deserves to learn the hard way.' `anyone who is stupid enough not to recognize that pseudospoofing is a fact of life should go somewhere else with padded walls and handholding, like Prodigy.' (etc.) But all you vicious cypherpunks, recognize: the world is not as unrefined and raw as you yourselves are, as much as you say it is and wish it were. The greatest and most omnipresent technology is that which is simple and incorruptable. The widespread public can be frightened very easily! and will gravitate toward a system that promotes trust and honesty, because they themselves crave trust and honesty. it is a total fantasy if you think you are going to get away with your imaginary identity arsenals in the future civilized cyberspace. yes, there may be some bloody battles, but you are going to lose. Or, at least, as I was telling an eminent member of EFF, if you do not lose, and I have not died in the battle, I think I will commit suicide. Inevitably, some of you are going to want to sabotage a system that prevents pseudospoofing -- `because its there' -- even if doing so is against the law. I am absolutely AGHAST how much raw criminality is being disguised here in `the cryptographic revolution' and `privacy for the masses' brainwashing. From my mail, a very strong representation of cypherpunks are in favor of, perhaps routinely, FORGING things like birth certificates etc. in the name of PRIVACY. this they disguise under views like, `those damned Big Corporations and Government are Evil, and we have to do everything we can to stop their oppression.' uh, how exactly are you being oppressed? you look at the bountiful fruits of our society and think you are being deprived? `whatever system you will invent, someone will break it.' well, yes, this is like saying, `criminals exist.' there are these cypherpunks who have created an entire *religion* out of *defying* and *sabotaging* whatever identification scheme is invented. Let it be signatures, checks, birth certificiates, drivers licenses, social security, etc. How many cypherpunks are reincarnated thieves, anyway? What society do you people live in, anyway? do you think that checks with your True Name invade your privacy? do you think your bank, associates, or the government doesn't have a right to know who you are? (Uh, rhetorical question. I know the answer.) I hold this as an AXIOM, an Inalienable Human Right: you do NOT have the right to guarantee that another particular individual will read your pseudospoofed postings. If they choose to develop a system that filters it and do all their communication within it, I think you're out of luck (yes, the technique of pseudoanonymity will always be possible in frivolous amusement parks and other various quarantined playpens.) If you think otherwise, well, I guess those bloody battles have already started, haven't they? Frankly, I think quite a few cypherpunks have seriously deluded themselves about the basic nature of the Internet and the ultimate desirability and likelihood of certain protocols (and their own influence in manipulating them). The mail I have been getting is just so far beyond reality, I can barely even respond to it. As (I think) Linus Pauling once said after coming out of a talk, after prompted by a student, `It wasn't even wrong'. This would not be a problem, but in my view you cypherpunks, with your pseudospoofing, forgeries, and sabotage, are really poisoning Cyberspace. Excuse me, I live here too, and it is all choking me. the Story of the Cyberspatial Lynch Mob == Here is one aspect of pseudospoofing I haven't really addressed yet publicly. `As for people being tricked into seeing a consensus when one does not exist, who cares?' The person who asked me this was referring to a scenario like this. Imagine that Medusa has grown quite a few snakes in cyberspace, and uses them all in a single disinformation campaign. `who cares?' To answer this, consider the psychology and anatomy of a lynch mob. In frontier days, this was the notion of `criminal justice' -- a mob of people would catch a criminal, supposedly the perpetrator of heinous crimes. I suspect pseudo-trials went on even in these `mob societies'. you see, a mob is often comprised of people with a slight glimmer of conscience individually. A leader will often arise who manipulates that doubt so that it is turned into vicious hatred, almost animal brutality, to serve the aims of the public lynching. `What did this man do?' the leader might ask, somewhat rhetorically. `He stole my gold!' says one. `He raped my wife!' says another. `He murdered my brother!' says the other. At this point, as you can imagine, the rest of the mob needs no further motivation. If they are too impatient to watch the `criminal's' eyes bulge out from the asphyxiating rope, or are in a particularly vindictive mood, they might even rip or bludgeon the `criminal' to oozing brains and blood, meat strips, and poking bones with their bare hands, all with the barest encouragement like `what are we going to DO ABOUT IT?' from the Leader. Ah -- Justice is Served -- but what if the `Leader' is Medusa? And `one' is Snake #1, `another' is Snake #2, and `the other' is Snake #3? on Pseudospoofing by the Eminent Leaders == By the way, some people have said to me in email that E.Hughes and T.C.May have publicly condemned pseudospoofing, or at least indicated they have not ever practiced it, or at least they are not doing it routinely, or at least that they are not doing it at the moment, or at least they hate the term `pseudospoof', or whatever. If so, please send me those messages. I missed them. (I have asked them to post on the subject, but these letters invariably go unanswered. They are exceedingly evasive in my private email. In fact, Mr. May said that he was quite tired of my enthusiams, and I have so upset Mr. Hughes that he has given me the great honor of putting me, alone, in solitary confinement, into his kill file. `plonk!') The only statements I have are the following: ``That which can never be enforced should not be prohibited. The claim that a person should have only one pseudonym per forum indicates profound misunderstanding. If someone wants to have multiple ... pseudonyms, they will be able to; that is one of the main goals of cypherpunks software. The situations you despise will occur. This is reality. Change your own psychology or change your own software. You will not be able to change the other person.'' --E.Hughes, cofounder, Cypherpunks ``Better to live with the occasional vagaries of digital pseudonyms than to ban them.'' --T.C.May, cofounder, Cypherpunks L. Detweiler's Complete Confession == By the way, just to encourage others to come clean, express my good will and sense of ethics to all the cypherpunks on this list, and whiten my own conscience, following is my public posting of the list of all the pseudoanonymous identities I have ever posted or emailed under: From julf at penet.fi Sat Nov 6 01:32:37 1993 From: julf at penet.fi (Johan Helsingius) Date: Sat, 6 Nov 93 01:32:37 PST Subject: pseudospoofing ad nauseam (actually: new list) In-Reply-To: <9311060906.AA07563@longs.lance.colostate.edu> Message-ID: <199311060930.AA07312@mail.eunet.fi> > I would like to hear from any cypherpunks interested in starting > another mailing list. I unfortunately lack the resources to start one. If there is enough interest, I am willing to host it (using an automatic listserver such as Majordomo - I already have it set up anyway...). I do feel there is a need for a split, as the current list just keeps oscillating between wildly different subtopics. But I am not sure about what the right split would be... Julf (occasionally masquerading as an0 at anon.penet.fi) From ebrandt at jarthur.Claremont.EDU Sat Nov 6 01:52:37 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Sat, 6 Nov 93 01:52:37 PST Subject: pseudospoofing ad nauseam In-Reply-To: <9311060906.AA07563@longs.lance.colostate.edu> Message-ID: <9311060951.AA20006@toad.com> > there are these cypherpunks who have created an entire *religion* out > of *defying* and *sabotaging* whatever identification scheme is > invented. Amen, brother L. > do you think your bank, associates, or the government doesn't have > a right to know who you are? Nope. They can have my unforgeable credentials, though. Eli ebrandt at jarthur.claremont.edu From ld231782 at longs.lance.colostate.edu Sat Nov 6 02:07:57 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sat, 6 Nov 93 02:07:57 PST Subject: `the Dinkelacker matter' Message-ID: <9311061004.AA08136@longs.lance.colostate.edu> Many people appear to have me confused with `S.Boxx'. I assure you, we are two unique identities. Anyway, this all appears to have resulted partly from H.Finney's posting a while back asking for help in relieving me of my `mental anguish' and `mental suffering' as a `personal favor' to bring me `piece of mind.' >Larry believes that people have been communicating with him in private >mail under multiple identities in order to confuse and mislead him. >Specifically, he has suggested that Jamie Dinkelacker is a pseudonym >employed by Tim May. I gather that he has received email from both >names. He also suggests that others have employed these practices. I'm not really sure where Mr. Finney got this impression -- perhaps from private mail we traded. I definitely had some doubts about the `Dinkelacker matter', partly in consideration of the (admittedly bizarre) `S.Boxx' postings, as I stated publicly in response to his post. But I (L. Detweiler!) haven't ever publicly accused Mr. Dinkelacker of being anyone other than Mr. Dinkelacker, that I remember! Anyway, an eminent cypherpunk was kind enough to clear up this misunderstanding to me in email. I asked him to post to the list or to sci.crypt, but to my knowledge it has not made it to either place so far. Since this is an important matter and may have caused some other cypherpunks some confusion, here is the *unequivocal* assurance that Dinkelacker exists independent of T.C.May, and that the latter has never posted under the identity of the former! (esp. given the eminent reputation of this kind soul who has reassured me.) I really appreciate this effort to help me in my own doubts, but also let me assure everyone that (contrary to the person's suggestions) I am not `clinging to a paranoid fantasy, adding layers of elaboration, and as more evidence comes forward just adding layers upon layers,' `afraid of the truth', `afraid to face the possibility you are wrong' As far as all this pseudospoofing, it is something I would rather not worry about, and I'm very hopeful that J. Helsingius will start a new list where it is at least discouraged. I would like to see a new taboo against it arise with the strength of those currently against network censorship. In some quarters of the internet, the taboo against pseudospoofing is actually there. Unfortunately, quite the opposite is the case here, and it has indeed caused me some unpleasant and unsettling doubts I would not even wish on my enemies. A new list would certainly solve a lot of problems! >I have to say that it's sad >to see you screwing yourself up like this. I hope you can get straight. I really appreciate this person's concern and compassion, but even if Mr. Dinkelacker was a snake of Medusa or a tentacle of a monster, I certainly would not waste much time in `screwing myself up' over it. As for my `reluctance to call Mr. May or Mr. Dinkelacker yourself' is not due less to blind obstinacy than blase disinterist! (Although I'm not sure how this person knew I hadn't called either -- but that's just my paranoia speaking! ) Actually, Mr. May sent me mail stating that the assertion that he had ever posted under J. Dinkelacker, jamie at netcom.com, was `too bizarre to be believed', and I believe him. I wasn't quite sure what he meant about his actual pseudospoofing experience, though, and that's not really my business to comment on (I asked him to post an unequivocal statement to the list, beyond his initial satire, given the importance of the matter, which I have apparently missed). (following slightly edited to preserve anonymity) ===cut=here=== Date: Tue, 26 Oct 93 09:49:42 PDT From: [...] To: ld231782 at longs.lance.colostate.edu Subject: Dinkelacker Lance - For what it's worth, I called Jamie Dinkelacker on the phone yesterday. He seemed to be a real person. I had met Tim May a year or two ago (and BTW, Tim looks just like his picture in Wired), and Dinkelacker 's voice seemed different from Tim's. Tim had a deep voice (he's a big guy) while Dinkelacker's was higher pitched. We talked for about twenty minutes, and I was convinced that he was who he claimed. He is the former VP of Marketing for AMix, the American Information Exchange, a spin-off from Autodesk (the CAD company) which I think went out of business last year (maybe they're still around). You might be able to find some articles about AMiX from last year or the year before and they might mention him. Dinkelacker is active in nanotechnology circles there in the Bay area. That is how he met Tim. He has never been to a CP meeting. He mentioned a couple of people who knew them both: Nick Szabo, who confirmed this to me in email, and also Max More, whom I know personally. Max is a grad student at USC, where my [...] goes to school. He is the founder of thee Extropian movement, and publishes a twice-yearly journal called Extropy. Max is a really nice guy, soft-spoken and friendly. He is originally from Ireland. If you'd like his phone number, let me know. This is about all I can offer you in terms of evidence for Dinkelacker's independent existence. It's up to you now. You can cling to this paranoid fantasy, adding layers of elaboration, saying that I must be a false identity, Nick must be, this Max More must be (but then, who publishes Extropy? You can get back issues going back three years!), and as more evidence comes forward you just add layers upon layers. Or you can say to yourself, do I really have any basis for believing that people are trying to mislead me in this way? Who is my best candidate for being a fake persona? Let's investigate that one in detail. Let's face the truth. If you're afraid of the truth, you're never going to find your way out of fantasy. Your reluctance to call Tim May and Jamie Dinkelacker directly suggests to me that you don't really want to face the possibility that you are wrong. That's your decision to make, but I have to say that it's sad to see you screwing yourself up like this. I hope you can get straight. From mg5n+ at andrew.cmu.edu Sat Nov 6 07:57:58 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sat, 6 Nov 93 07:57:58 PST Subject: unsub In-Reply-To: <01H4ZAE1IMYM8WW39Z@Citadel.edu> Message-ID: In "unsub", Cdt Pvt Dan Doughty wrote: > I've tried to normal unsub. It didn't work. Can someone please > take me off? Thanks and sorry this had to go out. When sending mail to cypherpunks-request, Eric has to read them and alter the subscription requests himself, and sometimes he gets a few days behind. A little patience will save you from having to announce your intent to depart to the entire list. Thank you. From cme at sw.stratus.com Sat Nov 6 08:07:58 1993 From: cme at sw.stratus.com (Carl Ellison) Date: Sat, 6 Nov 93 08:07:58 PST Subject: Warning for PGP Users! Message-ID: <199311061605.LAA05613@ellisun.sw.stratus.com> >Each new >version of PGP should contain a file with MD5 hashes of each of the >source files, and the whole file with MD5 hash should be clearsigned >by one of the developers (Branko, I think). I checked the .tar file at soda.berkeley.edu and the sources have several mismatching MD5s. Is anyone looking at this? - Carl From 72114.1712 at CompuServe.COM Sat Nov 6 10:17:59 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Sat, 6 Nov 93 10:17:59 PST Subject: HE'S BACK! Message-ID: <931106181157_72114.1712_FHF107-1@CompuServe.COM> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort at attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Punksters, It's nice to see that Detweiler is back on his medications. Let's hope he stays with the program. I have no doubt he is telling the truth when he says he and S.Boxx "are two unique identities." Yes Lance, but are they the same person? I don't think any Cypherpunk will have any objections to his voluntary name certification schemes. On the other hand, most Cypherpunks would probably consider it their *civic duty* to attempt to discover the weaknesses in such protocols. This is called "destructive testing" in industry, and is a time honored technique. Lance, you will be a better writer, and will be taken much more seriously if you, (a) tone down the purple prose, and (b) learn some verbal economy. You write far too much, and say far too little. Repetition is not a substitute for argumentation. S a n d y (who is really just himself) S a n d f o r t >>>>>> Please send e-mail to: ssandfort at attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From ferguson at icm1.icp.net Sat Nov 6 12:47:59 1993 From: ferguson at icm1.icp.net (Paul Ferguson x2044) Date: Sat, 6 Nov 93 12:47:59 PST Subject: (fwd) ViaCrypt PGP ships today Message-ID: <9311062047.AA09612@icm1.icp.net> I realize that this is a few days old, but I've been up to my eye-teeth with other network problems and using this dreary Saturday afternoon to catch up on Net News. Cheers. Forwarded message: > Newsgroups: alt.security > From: hugh at gargoyle.uchicago.edu (Hugh Miller) > Subject: ViaCrypt PGP ships today > Message-ID: > Sender: news at uchinews.uchicago.edu (News System) > Organization: University of Chicago -- Academic & Public Computing > Date: Mon, 1 Nov 1993 14:53:25 GMT > Lines: 61 > > ViaCrypt, Inc., will begin shipping ViaCrypt PGP today, 1 November > 1993. ViaCrypt PGP is a commercial public-key encryption package which is > based on, and virtually identical with, the freeware program known as PGP, > or `Pretty Good Privacy.' (The source code is in fact identical to that of > the freeware version 2.3a of PGP, with the exception of the RSA encryption > module, which is one ViaCrypt developed in-house after acquiring a license > for the algorithm from PKPartners. In addition, ViaCrypt incorporates a > few bug fixes. The private-key crypto algorithm is IDEA, as in freeware > PGP, for which ViaCrypt has obtained a license from Ascom-Tech AG of Zurich.) > ViaCrypt bought its RSA license from PKP before either PKP or ViaCrypt knew > that ViaCrypt would someday use it to sell PGP. ViaCrypt later acquired > the rights to sell PGP from Phil Zimmermann. I don't know what PKP thinks > of this state of affairs, but ViaCrypt's PKP license clearly allows them > to sell PGP. > > Output is byte-for-byte identical with that of freeware PGP 2.3a, except > that the `Version' header atop the message body reads "Version: 2.4" > instead of "Version: 2.3a". Keys, signature certificates, binary or > ASCII-armored ciphertexts, produced by one program will be identical to, > and transparently handled by, the other. ViaCrypt PGP will (for now) be > available in the US and Canada only, pending any future relaxation of the > ITAR export control laws. Phil Zimmermann says no compromises in the > cryptographic strength of PGP were made for ViaCrypt's version of PGP. > > The ViaCrypt PGP package include program disks (executables only, no > source code), user manual, and individual user license. The current release > will be for MS-DOS only; ViaCrypt plans to ship a UNIX version soon. > Introductory price of a single user package is US$100. (For purchases > of 20 units or more, a substantial discount -- price drops to about US$41 > per user -- is available.) > > To purchase ViaCrypt PGP or to find out more about it, you can contact > them as follows: > > ViaCrypt > 2104 W. Peoria Ave. > Phoenix, AZ 85029 USA > 602-944-0773 (Voice) > 602-943-2601 (FAX) > 70304.41 at compuserve.com (Netmail) > > I have no connection with ViaCrypt, commercial or otherwise. Indeed, I > disagree in principle with the concept of algorithm patents. I think, > though, that the net, and particularly users and admirers of the freeware > PGP deserve to hear about this. Because ViaCrypt paid PKP for a > license, users of ViaCrypt can now utilize PGP with absolutely no fear of > lawsuit for patent infringement. Since ViaCrypt will ship only in > USA/Canada, ITAR violations are not at issue. This will enable the > PGP approach, with its decentralized distributed-trust key management, > to achieve crucial penetration into the corporate marketplace. > This will speed its acceptance as the de facto email crypto standard, > as opposed to other centralized or key-escrow schemes, like PEM or Clipper. > And ViaCrypt PGP will enable U.S. users to communicate completely legally > with non-U.S. users of PGP 2.3a. > > -- > > Hugh Miller | Asst. Prof. of Philosophy | Loyola University Chicago > FAX: 312-508-2292 | Voice: 312-508-2727 | hmiller at lucpul.it.luc.edu > PGP 2.3A Key fingerprint: FF 67 57 CC 0C 91 12 7D 89 21 C7 12 F7 CF C5 7E > > _____________________________________________________________________________ Paul Ferguson Mindbank Consulting Group fergp at sytex.com Fairfax, Virginia USA ferguson at icp.net From unicorn at access.digex.net Sat Nov 6 13:18:02 1993 From: unicorn at access.digex.net (Dark) Date: Sat, 6 Nov 93 13:18:02 PST Subject: (fwd) ViaCrypt PGP ships today Message-ID: <199311062117.AA05991@access.digex.net> For some reason it occured to me that were CiaCrypt (oops, slip... sorry) to want to provide an unsecure product to the general cryptography public, the best way to do it would be to attack the security of the secret key password. To me, the fact that Phil Z. has vouched for the program is enough for the moment. If the key password were attacked, output would not be affected. I'm sure this is no revelation to most of you. As for the rest, See how smart I am? :) -uni- (Dark) From ferguson at icm1.icp.net Sat Nov 6 13:22:45 1993 From: ferguson at icm1.icp.net (Paul Ferguson x2044) Date: Sat, 6 Nov 93 13:22:45 PST Subject: Mark Abene (Phiber Optik) sentenced Message-ID: <9311062120.AA09817@icm1.icp.net> forwarded message follows: 8<--------- cut here ------------ From: risks at csl.sri.com (RISKS Forum) Newsgroups: comp.risks Subject: RISKS DIGEST 15.22 Date: 6 Nov 93 01:57:47 GMT Sender: daemon at ucbvax.BERKELEY.EDU Reply-To: risks at csl.sri.com Date: 04 Nov 93 17:37:14 EST From: "Mich Kabay / JINBU Corp." <75300.3232 at compuserve.com> Subject: Master of Disaster Phiber Optik sentenced Mark Abene, 21, widely known as Phiber Optik, was sentenced to a year and a day in prison. He will serve 600 hours of community service. He pleaded guilty last July to conspiracy, wire fraud and other federal charges relating to his activities as one of five Masters of Disaster indicted for breaking into telephone, educational, and commercial computer systems. [Perhaps in a few years more, they will be Doctors of Disaster?] [PGN Excerpting Service, drawn from the Associated Press and Reuters, both on 3 November 1993] The Reuter article give background information, including o the charges against MoD marked the first use of wiretaps to record both conversations and datacomm by accused hackers. o the hackers attacked phone switching computers belonging to Southwestern Bell, New York Telephone, Pacific Bell, U.S. West and Martin Marietta Electronics Information and Missile Group. o they broke into credit-status reporting companies including TRW, Trans Union and Information America, stealing at least 176 TRW credit reports. o the young men were apparently competing with each other and other hacker groups for "rep" (reputation) and were also interested in harassing people they didn't like. o the Reuter article mentions that "they wiped out almost all of the information contained on a system operated by the Public Broadcasting System affiliate in New York, WNET, that provided educational materials to schools in New York, New Jersey and Connecticut" and left the message, ""Happy Thanksgiving you turkeys, from all of us at MOD." Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn 8<---------- cut here --------- Cheers. _____________________________________________________________________________ Paul Ferguson Mindbank Consulting Group fergp at sytex.com Fairfax, Virginia USA ferguson at icp.net From jim at bilbo.suite.com Sat Nov 6 13:32:45 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Sat, 6 Nov 93 13:32:45 PST Subject: some newbie DC-net questions Message-ID: <9311062129.AA16194@bilbo.suite.com> I'm a newcommer to DC-nets, so the following questions may sound funny to somebody that actually knows DC-nets... 1) What is happening on a DC-net when nobody is sending a message? Is it simply issuing a stream of zeros? Are "coins" being continuously flipped, even when no messages are being sent? 2) What does it look like (from a traffic flow perspective) when the DC-net transitions from no messages being sent to a message being sent? The stream of zeros becomes and bunch of ones-and-zeros? 3) What happens when two members of a "table" attempt to transmit at the same time? How is this case handled? 4) Are there any DC-net papers available for downloading via FTP? Thanks, Jim_Miller at suite.com From jdblair at nextsrv.cas.muohio.EDU Sat Nov 6 13:58:04 1993 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Sat, 6 Nov 93 13:58:04 PST Subject: name for hardware list... Message-ID: <9311062216.AA20823@ nextsrv.cas.muohio.EDU > -----BEGIN PGP SIGNED MESSAGE----- Hey, y'all... The response to the proposal for the punk hardware list was overwhelming (or at least far beyond expectations). I will get it set up hopefully on Monday, or Tuesday at the latest of next week. I just have to get my sysadmin to get moving and set of the list on the ListProcessor. There is a minor problem, which I want to spend very little time worrying about, concerning the name of the list. All I've come up with is the boring "punk hardware" or "punkware", or the cryptic "punk-net." The punk-net name derives from the discussion of an underground, wireless net (which got me interested in forming the list) but I think that discussion about that net will probably be a minor part of the list. Perhaps we should get away from the "punk*" naming scheme-- I don't know. Let me know what you think it should be called... I'll determine the name by a psuedo-democratic process (I'll use the name that's proposed the most, unless I think there's a better one.). So, let me know what you think it should be called, but let me know soon-- when it's on-line I'll post info on how to subscribe. rave on, - -john. -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLNvls6NqtARNqVmxAQG+0wIAnFlvkuRAVgkZyL7osC3S0lTqk44eMldI /fpawVKB/gsa1s3EMbXbL73XYH5u4chuNav84ZLobpqLJjfECO38FA== =JrAe -----END PGP SIGNATURE----- From an41418 at anon.penet.fi Sat Nov 6 14:02:47 1993 From: an41418 at anon.penet.fi (wonderer) Date: Sat, 6 Nov 93 14:02:47 PST Subject: some newbie DC-net questions Message-ID: <9311062158.AA07250@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- Thank you Jim. I have been wondering about these questions myself. Especially #4. Anybody? -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLNwc9R1kTJuroDD9AQEfTQIAoHVnZUc0GR10KJxmymw5Bj/3no2SXjY+ WH6AdS6SEU/KGgD+AkR+VbJFHtD0VyFCCTwUERqiG0x1u2LAlKxZdQ== =Zb+C -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From mccoy at ccwf.cc.utexas.edu Sat Nov 6 14:58:02 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Sat, 6 Nov 93 14:58:02 PST Subject: some newbie DC-net questions In-Reply-To: <9311062129.AA16194@bilbo.suite.com> Message-ID: <199311062256.AA00524@tramp.cc.utexas.edu> > 1) What is happening on a DC-net when nobody is sending a message? Is it > simply issuing a stream of zeros? Are "coins" being continuously > flipped, even when no messages are being sent? Yes. Lots of zeros. Generally one would probably have a low traffic "carrier" of zeros and then once traffic starts the system would ramp up to a higher traffic/fast throughput system. > 2) What does it look like (from a traffic flow perspective) when the DC-net > transitions from no messages being sent to a message being sent? The > stream of zeros becomes and bunch of ones-and-zeros? Generally one would have a signal that when boradcast by someone indicates that they have the token for speaking and things progress from there. It is basically a distributed ring network (because of the lack of true broadcasting over any distance) and so it will follow the standard methods and protocols for networks of that type. > 3) What happens when two members of a "table" attempt to transmit at the > same time? How is this case handled? They will get a collision. If an even number of members transmit at once then the bit will be the opposite of what each expects to see, if an odd number then it will be an undetected collision. There are fairly standard protocols for backdown on distributed broadcast networks. > 4) Are there any DC-net papers available for downloading via FTP? ftp.cc.utexas.edu:/pub/cypherpunks/dc-nets there is the chaum paper and tim mays general outline; both were posted to the list a while back. Once i get motivated i will write up an outline of a proposed implementation for mail passing I am going to try to get running to use to test the concept and hack out any bugs... jim From an41418 at anon.penet.fi Sat Nov 6 15:42:47 1993 From: an41418 at anon.penet.fi (wonderer) Date: Sat, 6 Nov 93 15:42:47 PST Subject: some newbie DC-net questions Message-ID: <9311062341.AA17127@anon.penet.fi> How do you implement people seeing their neighbors coin, but nobody else seeing it? Does it require a secure channel between every adjacent person? Wonderer ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From plaz at netcom.com Sat Nov 6 17:12:50 1993 From: plaz at netcom.com (Geoff Dale) Date: Sat, 6 Nov 93 17:12:50 PST Subject: Blacknet in WIRED Message-ID: <199311070112.RAA23954@mail.netcom.com> Did everyone catch the Blacknet reference in WIRED 1.5? P.32 in the central item. Check it out! _______________________________________________________________________ Geoff Dale -- insert standard disclaimers here -- plaz at netcom.com "We are the shock troops of reality." - Voice of the Friends (Wild Palms) From mg5n+ at andrew.cmu.edu Sat Nov 6 19:18:05 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sat, 6 Nov 93 19:18:05 PST Subject: (fwd) ViaCrypt PGP ships today In-Reply-To: <199311062117.AA05991@access.digex.net> Message-ID: > For some reason it occured to me that were CiaCrypt (oops, slip... sorry) > to want to provide an unsecure product to the general cryptography > public, the best way to do it would be to attack the security of the > secret key password. > To me, the fact that Phil Z. has vouched for the program is enough > for the moment. > If the key password were attacked, output would not be affected. I don't see how this would be of much help tho. Putting a weakness in the secret key password wouldn't help them much since they don't have your secret key. Furthermore, they couldn't easily change it without making it incompatible with previous keys. If I wanted to subtly weaken PGP, I'd do it by weakening the randomness of the IDEA cipher key, making it significantly easier to guess, by choosing a "random" key based on something known, such as the legnth of the message or the date it was encrypted, which would provide seemingly random encryption, but actually make it easy to break if you knew the pattern. I'm not saying that anyone did that, but that's where I would start if I wanted to sabotage it... From pierre at shell.portal.com Sat Nov 6 20:12:48 1993 From: pierre at shell.portal.com (Pierre Uszynski) Date: Sat, 6 Nov 93 20:12:48 PST Subject: some newbie DC-net questions Message-ID: <9311070412.AA14773@jobe.shell.portal.com> > From: Jim McCoy > > > 3) What happens when two members of a "table" attempt to transmit at the > > same time? How is this case handled? > > They will get a collision. If an even number of members transmit at once > then the bit will be the opposite of what each expects to see, if an odd > number then it will be an undetected collision. There are fairly standard > protocols for backdown on distributed broadcast networks. > Actually, it seems to me undetected collisions are not as likely as this makes it appear: Every person trying to transmit is monitoring at the same time to make sure the message they transmit does appear in the "sum of differences". If you tried to transmit and any bit comes out wrong, it's that there was a collision. Only an odd number of completely identical messages transmitted at the same time would appear as one un-collided message. Of course, if you are only considering very short messages (like 1 bit answers to questions) you are looking for trouble... but if you are sending around longer messages similar to email, then un-noticed collisions are unlikely because messages include signatures and such. When you detected that your message collided, typically, you stop transmitting. You then decide on a random time delay, wait for that duration and try again if the way is clear (all zeroes carrier). Pierre. pierre at shell.portal.com From MIKEINGLE at delphi.com Sat Nov 6 22:58:05 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Sat, 6 Nov 93 22:58:05 PST Subject: Real-world digicash Message-ID: <01H50ID1IWXU9AN48T@delphi.com> I've been reading digicash papers lately, and it appears there are three approaches to preventing double-spending: 1) Catch the cheater after the fact, by matching up two copies of the same coin in such a way as to reveal his identity. This requires a challenge-response sequence between the user and the shop. 2) Combine (1) with an observer, a piece of secure hardware which signs transfers and prevents double spending. 3) Use an online server which checks off coins as they are spent. After-the-fact detection probably won't fly, because organized multiple spending could kill it. There are people who are dumb enough to write their PIN numbers on their ATM cards. Such people will also be careless with their digicash and any secret keys used to protect it. A thief could compromise a few coins belonging to such careless people, distribute them to a network of many thieves, and spend them hundreds of times before being detected. This would make the shops either abandon digicash or refuse to deliver merchandise until the coins cleared the bank, making it effectively an online system. Using this type of digicash over the net would be particularly troublesome. A person receiving a double-spent coin would be in the same situation as a person receiving a bad check from another state. Legally, he has all kinds of rights. Practically, he is flat out of luck. It will cost him more to take action than the amount of the coin or check. Observer-based protocols can protect privacy. All data going to and from the observer is blinded by the user's software so the observer cannot learn anything about the user. The design of the observer can be public; the only secret in the observer is a key. Observer-based protocols also include the after-the-fact detection, so anyone who cracked his observer (i.e. extracted the secret key) would still be caught later. To cheat, you would have to steal someone else's observer, extract the key, and use it. If the time required to crack an observer was longer than what it would take a person to notice and report his stolen observer, fraud would be uncommon. Because the observer is hard to crack, it would be much like counterfeiting paper money: possible, but requiring a large organization to be profitable. Such an organization would be susceptible to traditional methods of law enforcement. Since observers require hardware, this method cannot easily be used on a guerrilla basis. The banking industry could do it, but since people are willing to use credit cards, which are online, insecure, and a dossier-builder's dream, there is no particular motive for the banks to create such a system. Most people, if surveyed, will say that they are concerned about their privacy. But when made to choose between privacy and convenience, they choose convenience. That leaves online digicash as the most practical system for use on the net right now. Online digicash will probably be the only system trustworthy enough for large transactions in any case. Are there any published online systems which include strong privacy and which allow multiple banks/servers? NetCash does not provide strong anonymity; the user has to trust the coin issuer not to record who gets which coins. An investigator could go to the coin issuer and demand that the issuer track a particular user's coins. --- MikeIngle at delphi.com From unicorn at access.digex.net Sat Nov 6 23:38:05 1993 From: unicorn at access.digex.net (Dark) Date: Sat, 6 Nov 93 23:38:05 PST Subject: (fwd) ViaCrypt PGP ships today Message-ID: <199311070733.AA12593@access.digex.net> -> I don't see how this would be of much help tho. Putting a weakness in the secret key password wouldn't help them much since they don't have your secret key. Furthermore, they couldn't easily change it without making it incompatible with previous keys. If I wanted to subtly weaken <-- oh, yeah. I knew that. -uni- (Dark) From gg at well.sf.ca.us Sun Nov 7 02:02:50 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Sun, 7 Nov 93 02:02:50 PST Subject: ID of anonymous posters via word analysis? Message-ID: <199311070959.BAA13037@well.sf.ca.us> I'm not so sure about translation software... apparently there is a story about the first time this was attempted; an NSA implementation for use on the US-USSR hot line, to speed things along in the event of a crisis. When they opened the thing up for test, there was a diplomat at each end, and a top military official as well. At the US end, they typed in, "The spirit is willing but the flesh is weak." Then it popped out in Russian, and was typed back in again in Russian. What popped back out in Washington in English was, "The ghost is ready but the meat is raw." Back to the proverbial drawing board. Presumably things have improved a bit since then, eh...? -g From szabo at netcom.com Sun Nov 7 02:03:05 1993 From: szabo at netcom.com (Nick Szabo) Date: Sun, 7 Nov 93 02:03:05 PST Subject: Mostly Offline Digicash In-Reply-To: <01H50ID1IWXU9AN48T@delphi.com> Message-ID: <199311071002.CAA13037@mail.netcom.com> Mike Ingle: > After-the-fact detection probably won't fly, because organized multiple > spending could kill it. There are people who are dumb enough to write > their PIN numbers on their ATM cards. Nevertheless, millions use ATM cards, with substantially less loss to fraud than with credit cards. Improvement in privacy and reduction of incidence of fraud over credit cards are sufficient goals for a digital cash system. For Pretty Good Digicash, which would probably far exceed those goals, how about a "mostly offline" system as follows: * Modify offline cash to be "stochastically online", so that 1 out of every N coin transactions are checked for double spending online, and the remainder of the coins are kept offline. The chances of getting away with K+1-spending a coin are (1-1/N)^K. The chances of getting away with K+1-spending each of M different coins are (1-1/N)^MK. In general, with a fixed upper limit on coin denominations, the chances of getting caught at the scene of double-spending increase exponentially with the amount double-spent. This means penny-ante fraud will be easy to get away with (at the scene), but large scale fraud quickly becomes impractical. This also means that most low-value transactions will be offline and most high-value transactions online. Note that above formulae are the odds of getting the goods before being caught. Even if by chance all coins are kept offline during the fraudulent transactions, the odds of two making it back to the bank increase exponentially with the number of times they change hands. Thus even penny-ante double-spenders will soon be caught, with odds quickly approaching certainty, after the fact. The double-spender's 'nym is then revealed, and its reputation damaged or destroyed. * N is the credit rating of the customer. 'Nyms with good, solid credentials and/or long-standing reputations can be trusted to spend large amounts of digital cash per online check. New 'nyms, 'nyms with bad credit ratings, and anonymous spenders have lower N and are thus checked more often. Attempting to defraud via rapid turnover of penny-ante double-spending 'nyms won't pay, because the odds of a new 'nym getting caught online can be placed as high as needed to make this strategy a loser. At the first sign of double-spending, or if other signs of bad credit accumulate, credit rating N is lowered for the customer. N should be set by credit rating agencies so that (Max coin denomination)*MK*(1-1/N)^MK is less than the 'nym's accumulated "reputation capital", so that it does not pay to build a reputation and then "cash in the reputation chips" with a spectacular act of digicash fraud. Since the reputation capital of most customers will dwarf the average size of their purchases, in practice the vast majority of purchases will be offline, with only a few (mostly large) purchases held up for online verification (which need not take any longer than online verification of credit cards today). I envision a decentralized credit-rating system, so that the integrity of ratings cannot be jeopardized by corrupting one or a related few credit rating agencies with false information. (The IP paradigm: an economy should be able to route around node failures). Nick Szabo szabo at netcom.com HEx symbol: N :-) From barrett at daisy.ee.und.ac.za Sun Nov 7 02:33:27 1993 From: barrett at daisy.ee.und.ac.za (Alan Barrett) Date: Sun, 7 Nov 93 02:33:27 PST Subject: Warning for PGP Users! In-Reply-To: <199311061605.LAA05613@ellisun.sw.stratus.com> Message-ID: > I checked the .tar file at soda.berkeley.edu and the sources have > several mismatching MD5s. Is anyone looking at this? Yes, the PGP 2.3A distribution has incorrect MD5 values in contrib/md5sum/pgp23.md5. I think that they were not updated to acount for the changes between versions 2.3 and 2.3A. Nevertheless, the file pgp23sigA.asc (which is distributed separately from the .tar.Z and .zip files) contains good detached signatures from Colin Plumb, covering the various .zip and .tar.Z files for PGP 2.3A. --apb (Alan Barrett) From mnemonic at eff.org Sun Nov 7 07:03:11 1993 From: mnemonic at eff.org (Mike Godwin) Date: Sun, 7 Nov 93 07:03:11 PST Subject: Mark Abene (Phiber Optik) sentenced In-Reply-To: <9311062120.AA09817@icm1.icp.net> Message-ID: <199311071502.AA00947@eff.org> Paul Ferguson reports on the MOD case: > The Reuter article give background information, including > > o the young men were apparently competing with each other and other > hacker groups for "rep" (reputation) and were also interested in > harassing people they didn't like. Reuters doesn't mention, for some reason, that these defendants, and Mark Abene in particular, were primarily motivated by the desire to learn about the systems they were using. > o the Reuter article mentions that "they wiped out almost all of the > information contained on a system operated by the Public Broadcasting > System affiliate in New York, WNET, that provided educational > materials to schools in New York, New Jersey and Connecticut" and > left the message, ""Happy Thanksgiving you turkeys, from all of us at MOD." No MOD defendant has admitted to doing this. In fact, it seems certain that this particular act was committed by a rival who wanted to frame the MOD members. --Mike From pmetzger at lehman.com Sun Nov 7 08:48:10 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sun, 7 Nov 93 08:48:10 PST Subject: ID of anonymous posters via word analysis? In-Reply-To: <199311070959.BAA13037@well.sf.ca.us> Message-ID: <9311071646.AA04416@snark.lehman.com> Astonishing how far urban legends go. This keeps getting distorted further and further. I've heard this go further and further and further from the version I first heard. I wonder if there ever was a real story to begin with. Perry "George A. Gleason" says: > I'm not so sure about translation software... apparently there is a story > about the first time this was attempted; an NSA implementation for use on > the US-USSR hot line, to speed things along in the event of a crisis. > > When they opened the thing up for test, there was a diplomat at each end, > and a top military official as well. At the US end, they typed in, "The > spirit is willing but the flesh is weak." Then it popped out in Russian, > and was typed back in again in Russian. What popped back out in Washington > in English was, "The ghost is ready but the meat is raw." Back to the > proverbial drawing board. > > Presumably things have improved a bit since then, eh...? > > -g From hfinney at shell.portal.com Sun Nov 7 11:12:53 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Sun, 7 Nov 93 11:12:53 PST Subject: Real-world digicash Message-ID: <9311071909.AA04142@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- I agree with Mike Ingle's points re NetCash. I had some pretty strong criticisms of their proposal when it first came out. They didn't seem too familiar with the literature on digital cash. Their system was more like cashier's checks than cash. The anonymity was not strong. Nick has some interesting ideas re the use of "reputation capital" to discourage double-spending of dcash. You wouldn't want to destroy your reputation by cheating on a small sum of money, not if the reputation was one which you had built up over a period of time. In considering these ideas, there are a lot of questions about the whole infrastructure in which the dcash is being used. Is this something which we would see occuring in the near future, the next couple of years, in which case current systems of electronic communication would be used? In that case, we might imagine people purchasing items via the more progressive on-line services, like the new MUD-based systems people are working on (metaverse, virtual city, ...). Or companies might simply advertise items for sale on the internet and accept orders by email or perhaps TCP connection. One technical detail is that dcash systems require a multi-step protocol for spending and withdrawal. This would make email orders more difficult to deal with since mail would have to bounce back and forth. Actually, Chaum's simplest dcash scheme has a one-step protocol for spending (just send the cash), but that requires on-line verification. TCP connections can handle the back-and-forth very quickly so that may be a preferred communications method. Today, most credit card transactions do an on-line check, so I don't think that on-line systems should be ruled out, although eventually a dedicated network separate from the internet would probably be needed. The total data transfer per transaction is not large, a few hundred bytes. One question in considering whether double-spending is likely to be a problem is whether bank accounts are anonymous. One possible system is for bank accounts to be non-anonymous, but for transactions to be untraceable. Then if someone double-spends the cheating is traced, not to a "nym", but to a real person. (There is still the possibility Mike raised of stealing someone's cash, similar to how you might steal someone's PGP secret key today, but perhaps this will not occur often enough to be a problem.) In this case you don't have to have an infrastructure of reputations and credit ratings in order to use the cash. Nick's idea sounds like it would take some time to develop. Our hundreds of years of experience in giving credit will require some readjustement to a world in which "nyms" can disappear much more easily than physical people can. Another technical detail with the two forms of digital cash that I am more familiar with, Chaum's on-line and off-line systems from his Crypto 88 paper, is that even the off-line system requires the vendor to communicate with the bank for every transaction. He has to send in the spent cash, as well as the results of his protocol with the customer, for every piece of cash he gets. The difference is that he doesn't have to do it right away. So this off-line system will actually require more bandwidth for communication with the bank than Chaum's on-line system would (because of the extra transaction information that has to be sent). It seems that on-line and off-line cash systems both have pros and cons. Initially my feeling is that an on-line system might be preferable because there is less need for trust between the parties involved. Each person checks at each stage to make sure he is not being cheated. There is no need for a legal system to prove double-spending and force cheaters to make good. The protocols are much simpler and easier to understand. And the bandwidth requirements are less. The main disadvantage is the need for enough redundancy in the bank to allow continual accessibility, although even this would not be an issue for purchases which are delivered after a delay, typical of electronic purchases today. Hal Finney hfinney at shell.portal.com -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLN0b86gTA69YIUw3AQEw+wP/daSj1lrRoYB/YuXVq1JGVvqxANOwVEyb KeG53eOaauxn4BlhG6z7jMZYLeTJO1Ct045ZbeKwfgMEDKFyDJyfwquDz7VcgtQH 5N1E4yLRYiIyy6UEiIz6Vg2BLOp1yYqux4h/n6F13xY7HgXYSzHTwZAp+9UFvh5v lUxNkVkC8Tk= =n4aj -----END PGP SIGNATURE----- From nowhere at bsu-cs.bsu.edu Sun Nov 7 12:52:54 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sun, 7 Nov 93 12:52:54 PST Subject: Mirrorshades & Prosody Message-ID: <9311072050.AA04405@bsu-cs.bsu.edu> ABOUT MIRRORSHADES & PROSODY ************************************************************************ by Keith Eluard FAQs with a bit of Technical Info buried inside... 1. What are Mirrorshades & Prosody? and Why? Mirrorshades and Prosody are my babies - a pair of text generation/revision programs that I developed to suit my needs as a creative pump to force me to use more vibrant and evocative images in my writings. They originally started as a semi-intelligent thesaurus on my Commodore 64 (which I still use ...as a printer controller). If I were to enter the word "bird", I would have spat back at me a few dozen choices such as "black bird" or "the blue bird of happiness that flew up my left nostril". Anyway, I kept messing with it and eventually ported it out onto a NeXT, where I also was using a wonderful language known as cmusic to generate musical sequences and sounds. Then an evil idea occurred to me. If language is related to music, then a music tool could be used to create a language tool of a similar nature...Why Not! The first program was what would later become Mirrorshades. It wrote haiku. nothing but haiku lots of haiku 1,768,669 haiku, to be exact. Then it ran out of possible word combinations that fit its algorithms (more later) That bit o' code was called "basher" (in dadaist mockery of Basho) and was slapped onto indyvax.iupui.edu by a few friends (a copy might be around there still...). It had quite a few things in it I didn't like, so I revised it to fix its problems and what I thought were problems... Then a lovely group of people sent me a note called SUNDEVIL... ((I'm still paying for that Mac... )) It was at that time I decided that encryption is A GOOD THING and bought into PGP. Not a bad cypher, but it could be better... That's where Prosody came from - a bulletproof adaptation of PGP into an encryption that I DARE ANYONE to decode (& if you do, may I please drool over your machine, pretty please...). It revises an existing text to a degree specified by the user. If the word "bird" is entered, it might spit back "black bird" or it might spit back "a silly gesture" depending on its settings. The original text is preserved electronically in its original form, but encoded using a strange attractor. So if you see the text block: it snores in the simple tank. its pipe pesters the mud. its hot glove is full of meaning. you have to decide if I'm being weird or using Prosody to send an encrypted post. And it can't be decoded except by using Prosody to revise the received message at the appropriate setting or else you get weirdness of a similar nature back at you. Combine this with traditional encryption and viola! Privacy at its finest and easiest. But Mirrorshades uses the same algorithms to search a database of words (the text pool) and generate a surreal style all its own: rubbing her sable with long thoughtful fingers. skimming the curdles of the dream. his eyes, dull and tired, like grape seeds. gravy stains from the previous tenant. motific clouds. a summer shaped like a hot dog, and its rungs of sunlight. nails--no two bent the same way. 2. How exactly does it work? Both programs use iterative mathematics to search databases of words classified by 1)part of speech, 2)connotative meaning, 3)association to other words, 4)metrical value & common pronunciation, and 5)established user preferences (it can be taught to write really messed up love poems, if you'd like). In Prosody, most of the algorithms are strange or chaotic attractors with a few Julia curves thrown in for good measure driving a probability engine in the form of a set of distribution curves set up in a way reminiscent of cmusic algorithmic composition programs. As a result, it flows very well when spoken aloud (wink, wink, nudge, nudge, you voice synthesis developers ...). Mirrorshades does somewhat of the same thing, except that it uses the intersections of strange attractors, distributed pseudo-random number generators, various fractal curves, and formal rules to create semi-surreal, lucid dreaming images (I was inspired by Wm Gibson's work in _Mirrorshades_, an anthology of first wave cyberpunk authors ed. by Bruce Sterling) that fit a series of preferences that could be called poems. That is, if you want a sonnet you can get a sonnet. If you want a really f8nky paragraph on gravity to lead off a chapter in a physics textbook you're working on, you could get that too. In short, I was setting out to create the most flexible writing tool I could. I think I've come close. 3. Is it commercial? What do you think!!! No, actually it's shareware with a pricing structure like this: if you request a copy as an *.edu user from now until 1 December, it's free. After that, it's available at the *.com user price of $10 to receive the code key to unlock a copy. I'm still not sure if I want to let any *.gov types have it yet, but if they're nice to me...we'll see. Hacked copies are worthless - it comes out as a really screwed up epic poem (when I tried hacking it, it was about an umbrella and a sewing machine --I heard great grandpa Eluard rolling in his grave). You have to use the appropriate code key for that copy of the program or my shipping backdoor (no, it won't open messages created with it, just the copy I give you...). I think it's a reasonable pricing structure. If you don't, please tell me through keithwriters @ delphi.com. 4. When will these programs be available? That depends on your function in the universe. If you are a sysop at a university with a respected Creative Writing program, advance copies for your Net will be made available. The same with industry magazines (computer science, cyberculture, artificial intelligence, iterative math, etc... but not $5/issue advertisements like @(*# or &@ (##% posing as "true sources of NEW information" on computers when they're actually rehashing stuff thought of and started in the '50s...yes, it's a torchy kind of thing for me...). User copies will be sent via e-mail or to designated FTP sites for downloading by 1 December. Pre-release registration materials will be sent to requestors around Thanksgiving. Physical (diskette) copies will be available also (give KEITHWRITERS at DELPHI.COM a physical address for you and everyone will be happy). 5. Has anyone used this stuff before? Yes. Me. I have 4 books of poetry out and available that are direct output from Mirrorshades and/or Prosody: _Naked_City_, "Black Sun" (actually the libretto to an opera in development of the same name), _A_Dream_of_a_Shadow_of_Smoke_, and _Hieroglyphs_of_Desire_. Copies of all are available by e-mail and asking nicely for the book(s) you want and providing a physical address. They will be sent COD (or free to reviewers). 6. Is it AI (artificial intelligence)? Maybe. I'm not completely sure. They use a cut-down version of a neural net and intuitive search processes based on past accepted outputs (it can figure out what you want from that session, but not between sessions). They have passed some informal Turing tests among some poets & writers of international caliber with some interesting results. However, none were computer experts and so I am interested in that side of testing. Any volunteers? 7. Where can I find out more? Prowl the sci.ai.nat-lang for some nifty academic resources. I have brewed my notes from my development stage into a text file I could send to any interested persons, but it's mostly on strange attractors and fractals. Most GOPHERs will have something there under computer science, artificial intelligence, fractals, chaos theory, or related topics. Thanx for your time and patience. Please direct replies/correspondence to KEITHWRITERS at DELPHI.COM mark it: "ATTN: K Eluard" in the subject line so that it doesn't wind up on Keith Boyle's desk here at the Writers' Center of Indianapolis. or snail mail us at Technosys: Keith Eluard, software development Technosys 3025 North Meridian Street #202 Indianapolis Indiana 46208 From szabo at netcom.com Sun Nov 7 13:38:12 1993 From: szabo at netcom.com (Nick Szabo) Date: Sun, 7 Nov 93 13:38:12 PST Subject: Commercial aspects of digital cash Message-ID: <199311072137.NAA27470@mail.netcom.com> Here's my attempt to explain the practical commercial aspects of digital cash on imp-interest at thumper.bellcore.com: Rob Raisch questions digital cash by pointing out the many problems with issuing credit over the net. What's missing is that digital cash is not credit. It is cash, unforgeable, signed by a reputable bank. The customer cannot obtain such cash without presenting whatever credentials are necessary to join the bank, and the bank takes any risk involved in trusting those credentials. Cf. Chaum & colleague papers for the protocols. Thus, no physical identity is needed by the vendor, just as none is needed for physical cash purchases. Thus, > - Monetary transactions require hard identity to cover risk. True for credit transactions, untrue for cash. For customers without physical identity, the the cash's integrity is verified with real-time connection to the issuing bank before the goods are delivered (much like credit cards are verified today, except that we're checking the signature of the bank that issued the cash, not the ID of the customer). > - Risk can be offset by charging a fee for each transaction. The risk of digital cash fraud is much lower than for credit cards, ATMs, and even physical cash (which can be forged and stolen much more easily than digital cash). > - On the Internet, there is no hard physical identity. Quite true, and it is also quite impractical to insist, as Mr. Detweiler does, that the Internet be radically changed to facilitate it. It is possible to build up a system of reputation for "soft" identities, so that digital signatures with unforgeable credentials and/or well developed credit ratings can be extended limited amounts of credit, but such a system will take time to develop and get used to. I've described a combination offline cash/reputation system which gives extremely low rates of fraud, which I can post if there's interest, but it's probably better to start off with the online digital cash system which also gives very low rates of fraud, is simpler and doesn't require any credit ratings for digital signatures. > - Data cannot be protected because it lacks a physical identity. Not at all true. Encryption, digital signatures, and variations of these can be used to protect data in a wide variety of ways, typically superior to protecting the integrity of physical objects (photo IDs, cash, etc.). The difference is that on the net, the signature itself becomes an identity with its own reputation. This requires a change in the way we view commercial credit risk as we become more at home in the net, but it is not inherently less trustworthy or "subversive" (love ya, Mr. Detweiler) than physical identity (which is also just based on information, the imperfect information of our senses, which can be spoofed in various ways). Keeping mind it is not necessary to trust such signatures for online digital cash: the customer's identity doesn't matter, and the bank's signature can be checked online. Conclusion: Issuing credit over the net is, for the near future, a can of worms. Even just verifying credit entails the high fraud, lack of ubiquity, and lack of privacy of credit cards. Lack of hard identitity, thousands of legal jurisdictions criss-crossed by the net, etc. make net credit very risky. Take the trouble to implement digital cash. With significant volume it will soon pay for itself in much lower, even very close to zero, rates of fraud. Nick Szabo szabo at netcom.com From Lyle_Seaman at transarc.com Sun Nov 7 13:48:12 1993 From: Lyle_Seaman at transarc.com (Lyle_Seaman at transarc.com) Date: Sun, 7 Nov 93 13:48:12 PST Subject: Real-world digicash In-Reply-To: <9311071909.AA04142@jobe.shell.portal.com> Message-ID: hfinney at shell.portal.com writes: re NetCash: > The anonymity was not strong. Hmph. You can say that again. There is no real anonymity in NetCash (v1). What they describe is something like an online (non-anonymous) system with the suggestion that people may achieve anonymity by trafficking in coins without verifying their validity. If they receive an invalid coin, T.S. In such an environment, you can bet that everyone would keep records of all off-line transactions so they could recover their losses if they were passed an invalid (spent) coin. The suggestion that a (non-anonymous) Currency Server might simply avoid tracking coins is poppycock. That would work for epsilon months, until the CS was strongarmed into keeping logs. One valid point that the NetCash paper raised was that a framework must be devised in which currency exchange can occur, without forcing an intermediate transfer into paper. I like Nick's suggestions regarding mostly-offline digicash. A couple of issues which it seems must be pointed out: 1. Any digicash scheme is going to require some hardware. You just can't do this with pencil and paper. They don't all require special-purpose, tamperproof hardware, but very few people are going to be willing to keep long lists of numbers and do complex arithmetic in their head... Hal sez: > Today, most credit card transactions do an on-line check, so I don't think > that on-line systems should be ruled out, although eventually a dedicated > network separate from the internet would probably be needed. The total > data transfer per transaction is not large, a few hundred bytes. The credit-card infrastructure is funded by the 3%-7% cut that the credit company gets from each purchase. Who is going to fund such an infrastructure (potentially much much much larger) for cash transactions? Presumably, it would be someone who stands to make a profit from these transactions, but how will that profit be realized? Maybe the digicash vendor will charge for on-line verification. I guess that works. It lets the dcash recipient decide whether to trade off risks against known costs, which I like. > to a "nym", but to a real person. (There is still the possibility Mike > raised of stealing someone's cash, similar to how you might steal someone's > PGP secret key today, but perhaps this will not occur often enough to > be a problem.) A widely-used digicash scheme will certainly include small computers for performing the transactions. Such a computer should be guarded as well as one's wallet, or one's home safe. > So this off-line system will actually require more bandwidth for communication > with the bank than Chaum's on-line system would (because of the extra > transaction information that has to be sent). Requiring more bandwidth isn't really a problem. The available bandwidth of any network is practically infinite, if you don't care about delay. For all practical purposes, the off-line systems don't care about delay. (to forestall flames, I will admit that the delay must be small enough to reduce the temptation to double-spend, and that it must be small enough to prevent the holder of cash from losing value due to inflation. Delays on the order of days are not unreasonable. Given current technology (ie, without purchasing any new hardware), the workstation on my desk can handle 10 times the bandwidth that it now does, if I will accept delays on the order of several days.) I forgot what else I was going to say. I think my 'nym is stealing my thoughts. Lyle Transarc 707 Grant Street 412 338 4474 The Gulf Tower Pittsburgh 15219 From MIKEINGLE at delphi.com Sun Nov 7 14:08:15 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Sun, 7 Nov 93 14:08:15 PST Subject: Mostly offline digicash Message-ID: <01H51I6RG58296WT1B@delphi.com> >>After-the-fact detection probably won't fly, because organized multiple >>spending could kill it. There are people who are dumb enough to write >>their PIN numbers on their ATM cards. >Nevertheless, millions use ATM cards, with substantially less loss to >fraud than with credit cards. Improvement in privacy and reduction >of incidence of fraud over credit cards are sufficient goals for a >digital cash system. True, but if someone swipes your ATM card and PIN, they can only get what's in your account, and only $300 or $500 a day. If someone swipes your digi-coins, they can spend them hundreds of times, obtaining merchandise worth much more than the coins, before being detected. That's the hazard I'm worried about. A few such heists could make people back away from digicash. The problem with credit cards (and cellular phones) is the "replay attack." Some kind of authentication is needed. As I understand it, ATM's use DES with the PIN being used as part of the DES key, correct? >For Pretty Good Digicash, which would probably far exceed those >goals, how about a "mostly offline" system as follows: I like this approach. It does require the "online infrastructure" to be present at every shop, but it would generate less bandwidth than fully online systems. Offline processing could be done at night when the system is otherwise idle. The Russian-roulette aspect of trying to cheat would certainly discourage it. >I envision a decentralized credit-rating system, so that the >integrity of ratings cannot be jeopardized by corrupting one or a >related few credit rating agencies with false information. (The IP >paradigm: an economy should be able to route around node failures). Definitely. The goal of digicash, at least in my opinion, is to destroy centralized power. An online system should have multiple servers, and an observer-based system should have multiple suppliers of observers. The only secret in the observer should be the key. --- MikeIngle at delphi.com From mccoy at ccwf.cc.utexas.edu Sun Nov 7 15:08:13 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Sun, 7 Nov 93 15:08:13 PST Subject: some newbie DC-net questions In-Reply-To: <9311062341.AA17127@anon.penet.fi> Message-ID: <199311072306.AA05258@flubber.cc.utexas.edu> an41418 at anon.penet.fi (wonderer) writes: > > How do you implement people seeing their neighbors > coin, but nobody else seeing it? Does it require > a secure channel between every adjacent person? Yes. There are a couple of methods you could use to perform this. One is to burn a ton of random noise into a CD-ROM and mail it to your neighbor. Another is to use public-key encryption to pass a large chunk of data over the net (you know who your neighbors are, so it is relatively easy for them to publish a key along with thier address when the net is forming) or you could all agree to use the same PRNG and then you just pass seed values to the person you share data with and let them expand it out as needed (if bandwidth is limited, for example.) Either way, if one transmission is compromised you are not necessarily left visible to an evesdropper; they also need to know the random numbers that are being compared to the data you exchange... jim From mccoy at ccwf.cc.utexas.edu Sun Nov 7 15:18:13 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Sun, 7 Nov 93 15:18:13 PST Subject: some newbie DC-net questions In-Reply-To: <9311070412.AA14773@jobe.shell.portal.com> Message-ID: <199311072317.AA05272@flubber.cc.utexas.edu> pierre at shell.portal.com (Pierre Uszynski) writes: > > From: Jim McCoy > > [regarding collisions on a dc-net and detection of them] > > Actually, it seems to me undetected collisions are not as likely as this > makes it appear: Every person trying to transmit is monitoring > at the same time to make sure the message they transmit does appear in > the "sum of differences". Yes and no. In theory undetected collisions are unlikely. In practice you need to design against them in certain areas because unless you are talking to someone on a true broadcast medium (ethernet, etc but not any internet protocols above the datalink layer...) you are going to have to fake the broadcast and depending on how you do this you could waste a significant chunk of time and bandwidth passing a "token" around until the collision is detected. There will always be a delay in the time between broadcast and reception so certain operations (like defining your channel in a multiplexed broadcast network or getting any token or other identifier necesary to let others know that someone is talking and they should not try to transmit, etc) need to include steps to make sure that collisions are detected early before significant effort and bandwidth is involved, where a collision could make an entire round of messages need to be repeated... > When you detected that your message collided, typically, you stop > transmitting. You then decide on a random time delay, wait for that > duration and try again if the way is clear (all zeroes carrier). And make sure that your backdown includes a bit of random wait added on or else two colliding speakers will constantly run into each other. A good example of how to deisgn and layout such a system can be found in CSMA/CD networks like enet (IEEE 802.3 i think...) or the satellite broadcasting networks, etc. The methods necessary to make such a system work most efficiently have already been designed by others for networks that share many common characteristics with a dc network, makes sense to use them, no? :) jim From eichin at paycheck.cygnus.com Sun Nov 7 18:48:14 1993 From: eichin at paycheck.cygnus.com (Mark W. Eichin) Date: Sun, 7 Nov 93 18:48:14 PST Subject: tapping hardware? (was re: Mark Abene (Phiber Optik) sentenced) In-Reply-To: <9311062120.AA09817@icm1.icp.net> Message-ID: <9311062339.AA18639@paycheck.cygnus.com> >> o the charges against MoD marked the first use of wiretaps to record both >> conversations and datacomm by accused hackers. This I find quite interesting... As a guess, if I were to attempt such monitoring, I would start with a pair of off-the-shelf modems, but I don't know the details of modern compression (v.42) or wire encodings to know how easy that would be to make work... Anyone have more details on how the tap was accomplished? _Mark_ ... just me at home ... From DOUGHTYD at Citadel.edu Sun Nov 7 20:28:14 1993 From: DOUGHTYD at Citadel.edu (Cdt Pvt Dan Doughty) Date: Sun, 7 Nov 93 20:28:14 PST Subject: to mark re: MoD tapping Message-ID: <01H51VAQ02MS8Y4ZAC@Citadel.edu> well from what I have read, an observer watched as one of the members loaded a program, called a local telephone system, (the utility was a phone utility produced by the phone company) and then whala he could hear the people voices or if data he could watch it scroll down his menu. I was amazed when I heard this. No tech available but I thought I should mention that it was a hardware utility available through the modem. Dan From szabo at netcom.com Sun Nov 7 20:58:14 1993 From: szabo at netcom.com (Nick Szabo) Date: Sun, 7 Nov 93 20:58:14 PST Subject: Mostly offline digicash In-Reply-To: <01H51I6RG58296WT1B@delphi.com> Message-ID: <199311080455.UAA20560@mail.netcom.com> Mike Ingle: > If someone swipes > your digi-coins, they can spend them hundreds of times For both the online and the mostly-offline system, only one one or a small number of fraudulent coins can be spent without online detection. Furthermore, digicash is much easier to lock up than cash; encrypt it with your secret key, following the normal procedure of keeping the secret key on a closely held floppy or smart card. > A few such heists could make > people back away from digicash. Why haven't people backed away from credit cards despite $10's of billions in fraud? Digital cash, implemented reasonably well, is probably going to lose orders of magnitude less to fraud per transaction than credit cards. The transaction costs may be much less than the 3-7% cut taken by credit card companies. One practical task will be thorough debugging before implemented on large scale, as there are plenty of people with (a) an ideological prejudice against cash that or (b) uncomfortable with their lack of understanding of the protocols, who will jump on the opportunity to flame it. (cf. current discussion on imp-interest with Detweiler & Co., for example). Nick Szabo szabo at netcom.com From kovar at nda.com Sun Nov 7 21:08:14 1993 From: kovar at nda.com (David Kovar) Date: Sun, 7 Nov 93 21:08:14 PST Subject: tapping hardware? (was re: Mark Abene (Phiber Optik) sentenced) In-Reply-To: <9311062339.AA18639@paycheck.cygnus.com> Message-ID: <199311080426.XAA29294@nda.nda.com> > >> o the charges against MoD marked the first use of wiretaps to record both > >> conversations and datacomm by accused hackers. > This I find quite interesting... As a guess, if I were to > attempt such monitoring, I would start with a pair of off-the-shelf > modems, but I don't know the details of modern compression (v.42) or > wire encodings to know how easy that would be to make work... > Anyone have more details on how the tap was accomplished? I'd just copy everything to tape as I'd been doing for years. You don't need anything new to tap the phone line to pick up the data. After that, you just need to figure out the baud rate, parity, and data compression (which could be done by trial and error pretty quickly) and then just play the tape into a modem that was set up correctly. Unless I'm missing something, it seems pretty simple. -David From doug at netcom.com Sun Nov 7 22:43:00 1993 From: doug at netcom.com (Doug Merritt) Date: Sun, 7 Nov 93 22:43:00 PST Subject: trusting software Message-ID: <199311080642.WAA02946@mail.netcom.com> ogr at wyvern.wyvern.com (Jason Plank) said: >Penned by Doug Merritt: >> Furthermore, even close reading won't absolutely *guarantee* the lack of >> backdoors in all cases, even if the reader is an expert on relevant >> subjects. > > Why not? Read *every* line of code and the spaces in between two or >three times. Surely. A certain percentage of people will. A certain percentage of people lack the expertise to do so. That was my primary point. My secondary point is that even those who *do* may not detect the presence of a backdoor. The decade-and-a-half controversy over whether DES has a backdoor, despite the fact that the alogorithm is public, is an example of this. The eventual answer to the question is less important than the period of debate...think about it. Reading source code is never a guarantee; it is only a *statistically* safe measure. Worse yet, the statistical issues tend to be hard to analyze, and in no case does one attain a 100% confidence. This is a limited response to a limited question; I'm aware that there are a million other issues as well. Doug From newsham at wiliki.eng.hawaii.edu Sun Nov 7 23:08:17 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Sun, 7 Nov 93 23:08:17 PST Subject: tapping hardware? (was re: Mark Abene (Phiber Optik) sentenced) In-Reply-To: <199311080426.XAA29294@nda.nda.com> Message-ID: <9311080705.AA15339@toad.com> > > I'd just copy everything to tape as I'd been doing for years. You don't > need anything new to tap the phone line to pick up the data. After that, > you just need to figure out the baud rate, parity, and data compression > (which could be done by trial and error pretty quickly) and then just > play the tape into a modem that was set up correctly. > > Unless I'm missing something, it seems pretty simple. I have heard that tapping high speed modems can be a little tricky because of the adaptive filtering done. The modems both have adaptive filters that adjust to the line as they see it. If you are tapping at some other point the filtering will not be optimimal for your case. I believe these filters take care of smearing and echos and things of that nature. Maybe someone in the know can elaborate and clear up all the bad data I probably just spewed :) Phil? > -David From blaster at rd.relcom.msk.su Mon Nov 8 00:23:00 1993 From: blaster at rd.relcom.msk.su (Victor A. Borisov) Date: Mon, 8 Nov 93 00:23:00 PST Subject: TV scremblers. Message-ID: Hi! How can I receive any information about TV scremblers (and hacking of one)? --- Victor A. Borisov aka blaster; Relcom R&D; Email: blaster at rd.relcom.msk.su; Phone: +7(095)-943-4735; +7(095)-198-9510; === Don`t panic! === From kelly at netcom.com Mon Nov 8 02:13:36 1993 From: kelly at netcom.com (Kelly Goen) Date: Mon, 8 Nov 93 02:13:36 PST Subject: tapping hardware? (was re: Mark Abene (Phiber Optik) sentenced) In-Reply-To: <9311062339.AA18639@paycheck.cygnus.com> Message-ID: <199311081013.CAA25398@mail.netcom.com> ... NOTE when Tapping and recording FAX or Hi-Speed MODEMS... A ANALOG recorder simply doesnt work.... BUT A modern SONY DAT works beautifully... the analog recorders have too much flutter and wow to reproduce the signal faithfully cheers kelly... -- From Lyle_Seaman at transarc.com Mon Nov 8 06:23:00 1993 From: Lyle_Seaman at transarc.com (Lyle_Seaman at transarc.com) Date: Mon, 8 Nov 93 06:23:00 PST Subject: Article in biz.clarinet.sample In-Reply-To: Message-ID: I don't know whether forwarding Clari articles posted to ...sample is permitted or not, so I am posting just a pointer. Trot on over to biz.clarinet.sample, and check out this article: > Subject: Software you can buy but can't sell > Message-ID: > Date: Sat, 6 Nov 93 18:08:02 PST > In mid-October, the House Subcommittee on Economic Policy, Trade and > Environment began a round of hearings on legislation to reauthorize the > Export Administration Act, which sets export control policy for the > United States. There's not a lot of information, but it's a favorable article. Peeve: I wish tech editors wouldn't insist on spelling out acronyms that nobody ever (ever! Well, except tech writers/editors) uses in their spelled out form. If they must spell them out, do it in parens, and bury it. I *hate* having to try to figure out what "the Transmission Control Protocol / Internet Protocol suite" is (eg). > It wasn't that Iraq's dictator had hired the world's best technical > wizards to work for him. It was because the technical minds which were > already in Iraq recognized the fact that standard Internet Protocol > routers were designed well. Knock one out and another takes over, > invisibly. The computer network keeps running. From nobody at cicada.berkeley.edu Mon Nov 8 06:53:02 1993 From: nobody at cicada.berkeley.edu (nobody at cicada.berkeley.edu) Date: Mon, 8 Nov 93 06:53:02 PST Subject: Remailer Abuse? Message-ID: <9311081451.AA11051@cicada.berkeley.edu> hh at cicada.berkeley.edu says: > Harassing other users is considered abuse, and sending chain letters is a > form of harassing other users. However, it's not a very serious form of > abuse. If I found conclusive evidence that someone were sending something > like childporn through my remailer, I would take some pretty drastic > actions. Interesting. I wonder what those drastic actions would be? People sending serious death threats and the like through anon remailers should be aware that those actions are considered seriously anti-social and may cause them some problems. But I don't view "kiddie porn" the same way. Its very definition is VERY ill-defined, and there is widespread disagreement on how much of an evil threat to truth, justice, and the American Way it really poses. This makes me start to think that borderline policies like this should be well publicized by the operator of the remailer. I don't support the kiddie porn witch hunt going on in the U.S. currently, and would not have assumed that posting what many people consider to be harmless photos of kids under 18 would get someone automatically turned in to the cops. (Again, keep in mind that the definition is very fuzzy. Some people who have been busted as kiddie pornographers have been busted for extremely mild and un-pornographic material that no reasonable person would consider harmful.) .....Cindy From gtoal at an-teallach.com Mon Nov 8 07:03:01 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 8 Nov 93 07:03:01 PST Subject: Mark Abene (Phiber Optik) sentenced Message-ID: <6230@an-teallach.com> In article <9311080705.AA15339 at toad.com> newsham at wiliki.eng.hawaii.edu writes: > I have heard that tapping high speed modems can be a little tricky > because of the adaptive filtering done. The modems both have > adaptive filters that adjust to the line as they see it. If you > are tapping at some other point the filtering will not be optimimal > for your case. I believe these filters take care of smearing and > echos and things of that nature. > > Maybe someone in the know can elaborate and clear up all the > bad data I probably just spewed :) Dunno if this is how they did it, but you get *perfect* data tapping if you record digitally off the exchange trunks... G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From pat at tstc.edu Mon Nov 8 07:53:00 1993 From: pat at tstc.edu (Patrick E. Hykkonen) Date: Mon, 8 Nov 93 07:53:00 PST Subject: pseudospoofing ad nauseam In-Reply-To: <9311060906.AA07563@longs.lance.colostate.edu> Message-ID: <9311081550.AA00789@tstc.edu> > there are these cypherpunks who have created an entire *religion* out > of *defying* and *sabotaging* whatever identification scheme is > invented. Let it be signatures, checks, birth certificiates, drivers > licenses, social security, etc. How many cypherpunks are reincarnated > thieves, anyway? What society do you people live in, anyway? do you > think that checks with your True Name invade your privacy? do you think > your bank, associates, or the government doesn't have a right to know > who you are? (Uh, rhetorical question. I know the answer.) Actually, I still do not think he knows the answer. However, the second part of the question is more relevant. No, the bank, my associates, or the government does not have the right to know who I am simply because I exist and do business with them. Those entities should only know what I tell them, nothing more. The current trend towards Big Brotherism in the *real* world is why I'm a cypherpunk. I wish to control my own information, not some faceless bank, credit beaurau, or other possibly wrong information provider. -- Pat Hykkonen ** N5NPL ** pat at tstc.edu ** CNSA -- (817) 867-4831 Disclaimer: This product may cause irritability in some users. In cases of allergic reaction, delete and consult a physician immediately. From mech at eff.org Mon Nov 8 08:38:23 1993 From: mech at eff.org (Stanton McCandlish) Date: Mon, 8 Nov 93 08:38:23 PST Subject: Bits-n-Bytes Online Message-ID: <199311081635.AA09758@eff.org> Anyone have the address of Bits-n-Bytes Online newsletter? I think Jay Machado is putting that out, but I don't recall... -- -=> mech at eff.org <=- Stanton McCandlish Electronic Frontier Foundation Online Activist & SysOp "A nation that is afraid to let its people judge the truth and falsehood of ideas in an open market is a nation that is afraid of its people." -JFK NitV-DC BBS 202-232-2715 Fido 1:109/1103 IndraNet 369:111/1, 14.4V32b 16.8ZyX Join EFF! For more information about membership, send mail to eff at eff.org From doug at netcom.com Mon Nov 8 09:33:00 1993 From: doug at netcom.com (Doug Merritt) Date: Mon, 8 Nov 93 09:33:00 PST Subject: ID of anonymous posters via word analysis? In-Reply-To: Message-ID: <199311081729.JAA16934@mail.netcom.com> "Perry E. Metzger" said: >Astonishing how far urban legends go. This keeps getting distorted >further and further. I've heard this go further and further and >further from the version I first heard. I wonder if there ever was a >real story to begin with. Good question. I just checked a terse history of machine translation, and it didn't mention any version of this. I suspect that its origin was as a hypothetical example of the kinds of problems that can arise, and that it didn't actually happen in any real life situation. Examples like that have always been common in linguistics papers on such subjects. Doug From arthurc at crl.com Mon Nov 8 09:48:23 1993 From: arthurc at crl.com (Arthur Chandler) Date: Mon, 8 Nov 93 09:48:23 PST Subject: Private and Public In-Reply-To: <9311081550.AA00789@tstc.edu> Message-ID: I'm sure that few folks want to unsheathe the pro- and con- spoofing arguments again. But Patrick's last post got me thinking: Does the government have the right to know how much money I make, and from what sources? The IRS says yes, absolutely. But Eric Hughes, in a talk given at San Francisco State University, said, in response to a question from an audience, that international digital banking will make it very difficult for a national government to track monetary exchanges, and thereby tax them. Furthermore, I deduced from the gleam in his eye that Eric thought that this was a Good Thing (correct me if I misconstrued you, Eric). Right now, there seems to be a kind of social contract between us and the government: it protects us, provides free schools, etc etc, in exchange for which we have to pony up a fair share of our earnings. It follows, doesn't it, that the government has a right to enforce its laws saying that everyone must pay that fair share of taxes? To enforce that rule, it has a right, under certain conditions, to rummage around in our records to see if we have hidden any income source from them. This may or may not be Big Brother. But it does seem to be the modus operandi of every government that ever was. The point: concerns of privacy often come in conflict with the larger obligations of public good. We can't say categorically that one must always predominate. What do you think? From pmetzger at lehman.com Mon Nov 8 10:18:23 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Mon, 8 Nov 93 10:18:23 PST Subject: Private and Public In-Reply-To: Message-ID: <9311081816.AA10013@snark.lehman.com> Arthur Chandler says: > Right now, there seems to be a kind of social contract between us and > the government: it protects us, provides free schools, etc etc, in > exchange for which we have to pony up a fair share of our earnings. It > follows, doesn't it, that the government has a right to enforce its laws > saying that everyone must pay that fair share of taxes? You are asking a political, not a technical, question. Personally, I don't believe there is such a thing as a social contract -- I never signed anything, and from what I can tell the terms on the social contract are ones I would never have accepted. I would be happy to purchase what the goverment give me on the open market -- I see no need for government to be involved in mail delivery or garbage collection or schools or any of the other things it runs -- from what I can tell all it touches turns to crap. However, this entire topic belongs on places like talk.politics.misc, not cypherpunks. I would suggest that it be conducted elsewhere. Perry From cman at IO.COM Mon Nov 8 10:28:23 1993 From: cman at IO.COM (Douglas Barnes) Date: Mon, 8 Nov 93 10:28:23 PST Subject: Private and Public In-Reply-To: Message-ID: <9311081822.AA15679@illuminati.IO.COM> > This may or may not be Big Brother. But it does seem to be the modus > operandi of every government that ever was. > Alas for the large nation-states, this is not the case. There are many small governments that don't have this notion, and in exchange for various considerations (primarily patronizing the financial services of their country), are more than willing to pay little or no attention to issues of how much money one makes, or where the it came from. The boon of secure, anonymous digital transactions is that it's not real clear exactly *where* they happen, and if the digital money to real world money interface takes place in one of these financial ports of convenience, it bodes ill for the taxability of these transactions. While I believe that it is A Good Thing, I also agree with you that the nation-states will not go down without a pretty good fight, and that this will have the effect in the near term of limiting the extent of this practice. Others believe that existing governments are sufficiently rotten and spent that they will just keel over under the weight of these activities; I'm not so sure. -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 448-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From blancw at microsoft.com Mon Nov 8 11:08:23 1993 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 8 Nov 93 11:08:23 PST Subject: Private and Public Message-ID: <9311081907.AB19513@netmail.microsoft.com> But of COURSE the government has a right to know how much money you make - It OWNS you; why else would it protect you and educate you? (Up Ahead - be prepared . . . you have now crossed into the Twilight Zone). Blanc ---------- From: Arthur Chandler Subject: Private and Public Date: Monday, November 08, 1993 9:31AM I'm sure that few folks want to unsheathe the pro- and con- spoofing arguments again. But Patrick's last post got me thinking: Does the government have the right to know how much money I make, and from what sources? The IRS says yes, absolutely. But Eric Hughes, in a talk given at San Francisco State University, said, in response to a question from an audience, that international digital banking will make it very difficult for a national government to track monetary exchanges, and thereby tax them. Furthermore, I deduced from the gleam in his eye that Eric thought that this was a Good Thing (correct me if I misconstrued you, Eric). Right now, there seems to be a kind of social contract between us and the government: it protects us, provides free schools, etc etc, in exchange for which we have to pony up a fair share of our earnings. It follows, doesn't it, that the government has a right to enforce its laws saying that everyone must pay that fair share of taxes? To enforce that rule, it has a right, under certain conditions, to rummage around in our records to see if we have hidden any income source from them. This may or may not be Big Brother. But it does seem to be the modus operandi of every government that ever was. The point: concerns of privacy often come in conflict with the larger obligations of public good. We can't say categorically that one must always predominate. What do you think? From wex at media.mit.edu Mon Nov 8 11:18:41 1993 From: wex at media.mit.edu (Alan (Gesture Man) Wexelblat) Date: Mon, 8 Nov 93 11:18:41 PST Subject: Mostly offline digicash In-Reply-To: <199311080455.UAA20560@mail.netcom.com> Message-ID: <9311081918.AA27998@media.mit.edu> Nick asks: > Why haven't people backed away from credit cards despite $10's of billions > in fraud? A very good question. The reason is largely because it's a very profitable business *for the card merchants* (banks, mostly). They get their percentage no matter what, and losses don't eat into it all that much. I agree with much of what Nick says, but I think we have to consider ways to help make digicash pay for its own implementation and enforcement, or it will not take hold. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request Try not to have a good time ... This is supposed to be educational. From hughes at ah.com Mon Nov 8 11:23:03 1993 From: hughes at ah.com (Eric Hughes) Date: Mon, 8 Nov 93 11:23:03 PST Subject: Private and Public In-Reply-To: Message-ID: <9311081918.AA09930@ah.com> >international digital banking will make >it very difficult for a national government to track monetary exchanges, >and thereby tax them. Furthermore, I deduced from the gleam in his eye >that Eric thought that this was a Good Thing I think that increasing the ability of parties to transact in private, such that neither the contents nor the existence of a transaction is revealed, is a Very Good Thing. I do not believe that it is prudent for governments to continue to fund themselves on transaction taxes, such as income tax. Government exists primarily because of the facts of geography, properties of territory and boundary. The digital world is not a geographic one, and the geographic model of government is not appropriate for it. Please respond to my personal email address. Eric From ebrandt at jarthur.Claremont.EDU Mon Nov 8 11:33:03 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Mon, 8 Nov 93 11:33:03 PST Subject: ID of anonymous posters via word analysis? In-Reply-To: <199311081729.JAA16934@mail.netcom.com> Message-ID: <9311081931.AA26917@toad.com> > Good question. I just checked a terse history of machine translation, > and it didn't mention any version of this. And in the alt.folklore.urban FAQ we find: F. Russian/Chinese mechanical translator translates "out of sight, out of mind" into "blind and insane". Also "Spirit is willing, but the flesh is weak" as "the drink is good but the meat is rotten." (The "F" means "known to be false") Eli ebrandt at jarthur.claremont.edu From huntting at glarp.com Mon Nov 8 11:48:23 1993 From: huntting at glarp.com (Brad Huntting) Date: Mon, 8 Nov 93 11:48:23 PST Subject: tapping hardware? (was re: Mark Abene (Phiber Optik) sentenced) In-Reply-To: <9311080705.AA15339@toad.com> Message-ID: <199311081947.AA09591@misc.glarp.com> > I have heard that tapping high speed modems can be a little tricky > because of the adaptive filtering done. The modems both have > adaptive filters that adjust to the line as they see it. If you > are tapping at some other point the filtering will not be optimimal > for your case. I believe these filters take care of smearing and > echos and things of that nature. Hmm... As part of the tap, introduce just enough distortion or noise to cause the modems to fallback to a slower bit rate. This is somewhat intrusive of course and so it might be noticed, but it could make taping a line much cheaper. brad From cfrye at ciis.mitre.org Mon Nov 8 11:53:04 1993 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Mon, 8 Nov 93 11:53:04 PST Subject: ID of anonymous posters via word analysis? Message-ID: <9311081958.AA00500@ciis.mitre.org> For the past few years I've looked at this issue (author identification through text content analysis) a bit from a psycholinguistic point of view. According to an occasional electronic digest coordinated by a woman from the UK named Blackwell (I apologize that I don't remember her name or have her email address handy), a technique that sums the probabilities of various word occurrences (CUSUM) has come under fire recently and, if I remember correctly, is not accepted in UK courts. A 1983 paper (which I also do not have the cite handy for) by Dr. Murray Miron of Syracuse University gave his equations for analyzing two texts (of roughly similar lengths) and establishing a probability that the two writings were produced by the same individual. In his paper, Dr. Miron related the story of a trial where he was summoned as an expert witness and was not allowed to testify as to whether an extortion note was authored by the defendant based on analysis of the note vis a vis a known letter from the defendant. However, the jury ended up finding the defendant guilty based on identical misspellings of a word in each message. Dr. Miron noted that the jury's decision agreed with the overall findings of the computer analysis; however, the jury returned a guilty verdict based on a single coincident misspelling that could happen (with relatively high probability) in any two random messages. The same idea applies here - for CUSUM or similar analysis to be valid, an analyst needs large volumes of messages where one of the authors is known (an anonymous id counts) and the documents compared are of similar lengths. One note a while back indicated that matching anonymous id's could be done through tracing misspellings and uncommon word usage. Definitely not true without a large base of known messages from both id's and a high score on an evaluation function as described in the literature. Curtis D. Frye cfrye at ciis.mitre.org "If you think I speak for MITRE, I'll tell you how much they pay me and make you feel foolish." From jthomas at pawpaw.mitre.org Mon Nov 8 11:58:23 1993 From: jthomas at pawpaw.mitre.org (Joe Thomas) Date: Mon, 8 Nov 93 11:58:23 PST Subject: Mostly offline digicash Message-ID: <9311081957.AA26361@pawpaw.mitre.org> Alan (Gesture Man) Wexelblat writes" > Nick asks: > > Why haven't people backed away from credit cards despite $10's of billions > > in fraud? > > A very good question. The reason is largely > because it's a very profitable business *for the > card merchants* (banks, mostly). They get their > percentage no matter what, and losses don't eat > into it all that much. > > I agree with much of what Nick says, but I think > we have to consider ways to help make digicash pay > for its own implementation and enforcement, or it > will not take hold. Hmmm. Couldn't digicash issuers simply charge up front for their digicash notes, adding a percentage on top like travellers checks? Let the people who want the convenience and anonymity of digital cash pay for it; let the merchants redeem it for free. Sound okay? Joe From arthurc at crl.com Mon Nov 8 12:13:03 1993 From: arthurc at crl.com (Arthur Chandler) Date: Mon, 8 Nov 93 12:13:03 PST Subject: Private and Public In-Reply-To: <199311081917.AA15324@crl.crl.com> Message-ID: Hmmm... my post may well ignite some flames; but I can't go along with the notion that this list is for purely tech discussion. Encryption is a social and political issue as well as a technical one, isn't it? I would think that it's more dangerous to ignore the social and political ramifications than to have them out publically. It seems to me that encryption poses LOTS of dilemmas for any government. I chose just one -- taxes -- for my post. And looks like there are quite a few viewpoints on that one, with regards to the government's right to examine your income sources. The fact the encryption schemes are classified as military (or military-type) material and so are subject to comparable controls by the State Department should alert us to this fact. So to insist that we stick to Greatest Primes and Modulo seems... unrealistic. Of course, if the discussion seems pointless or irrelevant to you... there's always the delete key. My :9&53xS+ (= digital $.02) worth. On Mon, 8 Nov 1993, Nick Papadakis wrote: > > > What do you think? > > I think you are inviting a political flame war on what is > supposed to be a technical list. Please take it to alt.privacy. > > - nick > From mg5n+ at andrew.cmu.edu Mon Nov 8 12:23:03 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Mon, 8 Nov 93 12:23:03 PST Subject: Tapping modem transmissions In-Reply-To: <9311080705.AA15339@toad.com> Message-ID: It's not too technically difficult to tap modem connections at low speed, I played around with it a few years back, and I was able to add a third modem onto a 300 or 1200 baud connection and view what was being transmitted. Using the modem as a dumb interpreter of the signal works well to analyze the raw data being transmitted at low speeds, but when you use v.42 and LAPM, things get a bit more complicated. You need special hardware/software to interpret and decode the compressed & checksummed data packets. From mech at eff.org Mon Nov 8 12:23:23 1993 From: mech at eff.org (Stanton McCandlish) Date: Mon, 8 Nov 93 12:23:23 PST Subject: UPDATE: Internet "whitepages" database of addresses Message-ID: <199311082022.AA14164@eff.org> _____ Begin forward ______________________________ Date: Wed, 03 Nov 1993 09:56:28 pst From: "JS McBride & Co. PostMaster" Subject: InterNet Mailing List Here is the CORRECT info on the InterNet Mailing List. Addresses are extracted from news feeds, list servers, and other sources. NO personal information is collected. The following is the ONLY information we collect. 1. Electronic mail address 2. User name 3. Search keywords 4. Date info was collected The search keywords are limited to products. Example: xwindows,unix,dos,ms-windows,emacs To have your name removed from the list, send a message to DELETE at NETMAIL.COM Please place ANY addresses that you wanted removed from the list in the body of the message. To get more info on how and why we are building the list, send a message to LISTINFO at NETMAIL.COM . [Just see next message. PGN] Comments should be sent to TMANNING at NETMAIL.COM Thank You, James McBride, NetMail, 415-949-4295 Date: Wed, 03 Nov 1993 22:11:07 From: "JS McBride & Co. PostMaster" Subject: Auto Reply [What you get from LISTINFO. PGN] Thank you for your mail to Jim McBride at JS McBride & Company. Due to the volume of mail be handled by this account, this is an automatic reply. PLEASE READ CAREFULLY!! 1. JS McBride is NOT collecting demographic information on email addresses. Due to the controversy surrounding this practice, we have discarded the product demographics we collected. We are however still collecting email addresses and user names. 2. The information collected (name and email address) will be offered in a printed white pages directory and in a white pages server on the net. 3. You DO NOT need to ask to have your name removed. BEFORE your name is used in the directory, you will receive mail asking for your permission. If you reply to the inquiry, your information will be used. If you do not reply, your name will NOT be used. 4. Comments regarding the white pages should be sent to Tom Manning at JS McBride & Company. 5. Mail to Jim McBride should be sent to 6. Information regarding the purchase of the white pages directory should be sent to or telephone us at 415-949-4295 Thank you for your time, Jim McBride Thanks to all of you (too many to note) who forwarded this to RISKS. PGN] ------------------------------ From wex at media.mit.edu Mon Nov 8 12:38:23 1993 From: wex at media.mit.edu (Alan (Gesture Man) Wexelblat) Date: Mon, 8 Nov 93 12:38:23 PST Subject: Private and Public In-Reply-To: Message-ID: <9311082033.AA07090@media.mit.edu> Boy I hope we don't start a Libertarian/Liberal flame war about taxes, the gov't, and the social contract (or lack thereof). I will just point out that it was the *founders* of the IRS who thought that the gov't had no right to know how much money you make. That's why the IRS was set up separately from the rest of the gov't, why it's supposed to not share data with the rest of the gov't (yeah, right), and why the income tax was ruled unconstitutional by the Supreme Ct... Of course, that's all dark history today that no one studies or takes seriously. Sigh. --Alan From pmetzger at lehman.com Mon Nov 8 12:43:03 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Mon, 8 Nov 93 12:43:03 PST Subject: Private and Public In-Reply-To: Message-ID: <9311082039.AA10125@snark.lehman.com> Arthur Chandler says: > Hmmm... my post may well ignite some flames; but I can't go along with > the notion that this list is for purely tech discussion. I'm sorry that "you can't go along" with that, but I'm afraid that you don't have much choice: it isn't your list. Many of us have gotten burned out from a number of very long arguments on this list, and politics was not part of the charter to begin with. If you insist on discussing it, might I suggest that there are many places where the discussion would be appropriate, like talk.politics.crypto, alt.privacy, talk.politics.misc, or many other places? .pm From nick at martigny.ai.mit.edu Mon Nov 8 12:43:23 1993 From: nick at martigny.ai.mit.edu (Nick Papadakis) Date: Mon, 8 Nov 93 12:43:23 PST Subject: Private and Public -- and Quiet! In-Reply-To: Message-ID: <9311082039.AA27786@toad.com> > Encryption is a > social and political issue as well as a technical one, isn't it? It is, and I think that aspect merits discussion. I'd simply like to see it occur in some other venue, where I can avoid it more easily. I just nearly signed off cypherpunks (and many good people did) because the list was clogged with pointless flaming. I don't want to see it happen again, and trying a bit of restriction based on technical content is one way to do that. Look at it this way: there are n places (alt.privacy, alt.security, extropians, sci.crypt) where you political types can flame merrily away. Where can I go for a rest from the flames? Let cypherpunks be that place. I'd like to see only high-quality technical posts, and occasional well-thought out commentary and pointers to the political developments elsewhere. I'm tired of the terrible tyranny of the voluble, where the debate becomes controlled by those with nothing better to do than type first and think later (if ever). Not that I mean to imply that's what your doing -- I'm just gun-shy. Cheers, - nick P.s. Some people get very upset if you quote private email publically without permission. I'm not one of those people, but I thought I'd let you know before you actually meet one. From tcmay at netcom.com Mon Nov 8 12:43:42 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 8 Nov 93 12:43:42 PST Subject: The "Nymalizer" and Shannon's Information Theory In-Reply-To: <9311081958.AA00500@ciis.mitre.org> Message-ID: <199311082043.MAA00486@mail.netcom.com> Curtis Frye and many others have written about the ways anonymous or pseuodonymous posts can be identified. Graham Toal's comments were especially cogent (even if he tweaked my for some of my characteristic writing patterns and whatnot (hint: I use "whatnot" more than most people here). I want to briefly mention another way of looking at this issue, and will use Curtis' comments to start: > For the past few years I've looked at this issue (author identification > through text content analysis) a bit from a psycholinguistic point of view. ... > A 1983 paper (which I also do not have the cite handy for) by Dr. Murray > Miron of Syracuse University gave his equations for analyzing two texts (of > roughly similar lengths) and establishing a probability that the two > writings were produced by the same individual. In his paper, Dr. Miron ... > The same idea applies here - for CUSUM or similar analysis to be valid, an > analyst needs large volumes of messages where one of the authors is known One can view this problem in terms of Shannon's theorem about the transmission of a message in the presence of noise: * Signal -- the identity of the poster (true name, pseudonym, whatever) - characteristic usage of words, of punctuation, and whatnot (see) - even the ideologies expressed (which LD incorrectly used to conclude Jamie Dinkelacker and I "must" be the same person) * Noise -- variations in spelling, usage, etc. - many people use similar constructions and whatnot (like this) Now Shannon's theorem, which can be applied here if some care is taken (that is, don't apply it too simplistically or too mechanistically), says that no matter how much noise is present, one can extract the signal if one samples enough. (Caveats: for a stationary sequence, etc., whereas one's writings may change with time, with the topic at hand, etc.) This means that one can "communicate" the "message"--which in this case is the message "I am Tim May" or "Jamie and Tim are distinct posters" and so forth--if enough messages are analyzed. But to Shannon's basic view one must also add _intereference_, whether deliberate (spoofing) or not. If I try to emulate the style of S. Boxx, for example, by writing in the form "I am becoming INCREASINGLY DISGUSTED by the blatant disregard for the Cypherpunks CAUSE and ...", then this "intereference" could greatly complicate the signal extraction. In fact, more obscure correlations would have to be looked at, ones which might require many more messages to analyze...possibly more message samples than exist. Text analysis tools have presumably gotten a lot more powerful than they were 30 years ago when the "Did Marlowe writes Shakespeare's plays?" question was being computer-analyzed. Anyway, like others have said, there are several programs available which do this kind of analysis, and I don't think it's paranoid to say that the CIA and the NSA must have extremely sophisticated tools for such analysis. An interesting area. Anybody else interested in building a "nymalizer" which sorts posts into likely bins? --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From GRABOW_GEOFFREY at tandem.com Mon Nov 8 12:48:23 1993 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Mon, 8 Nov 93 12:48:23 PST Subject: Public and private. Message-ID: <199311081251.AA26937@localhost> ARTHURC at CRL.COM writes: > But of COURSE the government has a right to know how much money you > make - It OWNS you; I prefer to think of myself as a shareholder in our government. Not that it is an entity unto itself and that I am "owned" by it. This may be a little self-deluding, but it lets me sleep nights. As to the gov't tracking every penny that I earn, the only alternative to an income tax is an extremly high sales tax. This is extremely unfair to those on the lower end of the wage scale. G.C.G. From rarachel at ishara.poly.edu Mon Nov 8 13:08:23 1993 From: rarachel at ishara.poly.edu (A1 ray arachelian (library)) Date: Mon, 8 Nov 93 13:08:23 PST Subject: If you've seen any of my posts Message-ID: <9311081702.AA03864@ishara.poly.edu> Guys, I'd like to ask you if you've seen any of my posts since Thursday night. If you have, they weren't from me, as I've been unable to log in to my account since then. Please forward them to me in email. One of two things has happened. a) I goofed and changed my password to something I forgot, or b) someone got into my account somehow. b) may be possible since I found the data on one of my directories has changed and I'm not sure if it's just the system`s time that`s wrong... Anyhow, I've had the sysadmin set me a new password so here I am again. From tcmay at netcom.com Mon Nov 8 13:08:41 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 8 Nov 93 13:08:41 PST Subject: IRS records, FINCEN, etc. In-Reply-To: <9311082033.AA07090@media.mit.edu> Message-ID: <199311082107.NAA02595@mail.netcom.com> .. > right to know how much money you make. That's why the IRS was set up > separately from the rest of the gov't, why it's supposed to not share data > with the rest of the gov't (yeah, right), and why the income tax was ruled > unconstitutional by the Supreme Ct... > > Of course, that's all dark history today that no one studies or takes > seriously. Sigh. > > --Alan The latest "Wired," 1.6, has an article entitled "Big Brother Wants to Look Into Your Bank Account (any time it pleases)." It describes how FinCEN, the Financial Crimes Enforcement Network, cross-refererence IRS records. (I've been curious about FinCEN since around early 1990, when I first heard about its formation--as a joint task force of Treasury, State, NSA, FBI, etc.--and this article in "Wired" has filled in a lot of gaps. Suffice it to say that FinCEN is likely _very_ interested in our schemes for money-laundering, tax evasion, black markets, and collapse of the U.S. and other governments.) By the way, I generally avoid here the well-trodden ground of libertarian politics, anarcho-capitalism, the "duties" one putatively owes the State, and so on. One should not take my unwillingness to "debate the basics" to mean assent for the views others express here. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From rarachel at ishara.poly.edu Mon Nov 8 13:08:47 1993 From: rarachel at ishara.poly.edu (A1 ray arachelian (library)) Date: Mon, 8 Nov 93 13:08:47 PST Subject: Tapping modem transmissions In-Reply-To: Message-ID: <9311081659.AA03819@ishara.poly.edu> > > It's not too technically difficult to tap modem connections at low > speed, I played around with it a few years back, and I was able to add a > third modem onto a 300 or 1200 baud connection and view what was being > transmitted. Using the modem as a dumb interpreter of the signal works > well to analyze the raw data being transmitted at low speeds, but when > you use v.42 and LAPM, things get a bit more complicated. You need > special hardware/software to interpret and decode the compressed & > checksummed data packets. > Actually, there's another way if you can tap into the RS-232 pipeline itself. I've seen a box in a catalog that offers a three way RS-232 split. What I would do with it is to actually build something like that myself and take the send/receive lines and hook them up to another machine to capture the transfer of info between them. I could then capture any data coming through the lines. Uses for this: if you suspect someone is breaking into your machine or some other machine via a dial up line and want to capture some proof of it. (Cliff Stoll did this with a printer.) You can't actually tap into the phone line with this of course.. :-) But there are better things to do. For one, you can buy a portable DAT walkman and a large capacity DAT tape, and dump everything to the tape, then have your modem decode the conversation, but you have to filter out one side or the other. While this may be hard for Joe Hacker, it wouldn't be hard for Joe Rockwell who works in a modem factory and can build a special box based on the Rockwell (or other) chipset to spy on the modem conversation. A long long time ago, when a friend of mine was running a BBS (at 300bps) and his machine was down, he put a 300bps recording of his modem writing "Sorry the BBS is down" on an answering machine. The timing was a bit screwey, but the message got through most of the time. :-) From an41418 at anon.penet.fi Mon Nov 8 13:43:04 1993 From: an41418 at anon.penet.fi (wonderer) Date: Mon, 8 Nov 93 13:43:04 PST Subject: Private and Public Message-ID: <9311082141.AA13758@anon.penet.fi> In response to Eric Hughs: I disagree that income tax is a bad thing. What other way does the government have of maintaining fairness across income tax levels. Someone who only makes 15k a year should not be expected to pay as much as someone who makes 200k. Income tax generates too much revenue to be that easily dispensed with. Given the financial trouble our country is already in, I hate to think of the consequences to the budget if income tax disappeared. Note: I do not enjoy paying this tax, but I'm glad to know that the people making a lot more than I am are contributing more. Wonderer ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From cfrye at ciis.mitre.org Mon Nov 8 13:58:24 1993 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Mon, 8 Nov 93 13:58:24 PST Subject: The "Nymalizer" and Shannon's Information Theory Message-ID: <9311082202.AA01748@ciis.mitre.org> Extending off Tim's comments: >I want to briefly mention another way of looking at this issue, and >will use Curtis' comments to start: > >> For the past few years I've looked at this issue (author identification >> through text content analysis) a bit from a psycholinguistic point of view. >... >> A 1983 paper (which I also do not have the cite handy for) by Dr. Murray >> Miron of Syracuse University gave his equations for analyzing two texts (of >> roughly similar lengths) and establishing a probability that the two >> writings were produced by the same individual. In his paper, Dr. Miron >... >> The same idea applies here - for CUSUM or similar analysis to be valid, an >> analyst needs large volumes of messages where one of the authors is known > >One can view this problem in terms of Shannon's theorem about the >transmission of a message in the presence of noise: > >* Signal -- the identity of the poster (true name, pseudonym, >whatever) >- characteristic usage of words, of punctuation, and whatnot (see) Absolutely true, though the question is whether or not this analysis provides a *unique* style signature for a given individual. Note how quickly jargon is passed around and how quickly you, in conversation, acquire new phrases from your surroundings. >- even the ideologies expressed (which LD incorrectly used to >conclude Jamie Dinkelacker and I "must" be the same person) This is where I begin to disagree. Suppose one or two individuals wanted to conduct a debate on a subject and steer the discussion to a predetermined issue space. By creating multiple identities (as Peter and Val did in _Ender's Game_ by Orson Scott Card, *shameless plug: GREAT BOOK*), one could achieve this or another goal by varying the ideologies expressed in the writing and foil this style of analysis. Also, there is a question about the reliability of context-sensitive text analysis engines. If the engine is knowledge base-driven, it is unreliable outside its realm of expertise; if it's a neural net-based package, the training collection is very important. > >* Noise -- variations in spelling, usage, etc. The Net doesn't place a lot of emphasis on spelling and most posts/messages aren't spell-checked, increasing the noise in the system. >- many people use similar constructions and whatnot (like this) Again, the "unique signature" problem. Perhaps one could determine regional background (New England, Deep South of the US etc.) from this reliably, though I'm not sure how much farther the analysis could be extended. > >Now Shannon's theorem, which can be applied here if some care is taken >(that is, don't apply it too simplistically or too mechanistically), >says that no matter how much noise is present, one can extract the >signal if one samples enough. > >(Caveats: for a stationary sequence, etc., whereas one's writings may >change with time, with the topic at hand, etc.) I would believe that these caveats are a significant barrier to establishng a unique signature. > >But to Shannon's basic view one must also add _intereference_, whether >deliberate (spoofing) or not. If I try to emulate the style of S. >Boxx, for example, by writing in the form "I am becoming INCREASINGLY >DISGUSTED by the blatant disregard for the Cypherpunks CAUSE and ...", >then this "intereference" could greatly complicate the signal >extraction. > >In fact, more obscure correlations would have to be looked at, ones >which might require many more messages to analyze...possibly more >message samples than exist. There is also the question of whether or not current text analysis programs are capable of making these distinctions/correlations and whether or not these distinctions can be communicated to the program overseers once they are established. My basic position is that text analysis packages are probably not advanced enough to reliably analyze more or less extemporaneous utterances transmitted in the form of email or posts. However, I second Tim's call for a text analysis on various messages, beginning with those of single authors to check the reliability of the system. I'm just an amateur and of no real help technically, but there's bound to be someone in one of the CS/AI departments around the world that could provide us with a reasonable text analysis engine. Curtis D. Frye cfrye at ciis.mitre.org "If you think I speak for MITRE, I'll tell you how much they pay me and make you feel foolish." From pdn at dwroll.dw.att.com Mon Nov 8 14:33:03 1993 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Mon, 8 Nov 93 14:33:03 PST Subject: Modem taps/Caller ID Message-ID: <9311082230.AA29752@toad.com> The recent discussions of tapping modem transmissions reminds me of a scrap of data I saw about Caller ID [the service provided by the phone company that displays the caller's phone number whenever your phone rings]. Supposedly, the phone company transmits the caller's number as a burst of 1200 or 2400 baud ASCII between the first and second rings; if your modem is set up 'just right,' you can capture the number with a PC. [Sorry there is so little data to go on; this tidbit appeared on a PC bulletin board and there was no follow-up discussion.] Does anyone here know more about this? I would dearly love to set up a program on the PC in my basement that could capture Caller ID data and log it in a database. Obnoxious callers (Olan Mills, local telemarketers, etc.) could be identified easily, and I could program the modem to pick up / hang up on those calls. Then, I could ignore the phone until the third ring; my PC would automatically dispose of nuisance callers as soon as the Caller ID data was processed. Also, I'd build up a database of names and phone numbers important to me - maybe I'd spend less time scrounging my pile of Post-It notes looking for phone numbers. ........................................................................ Philippe D. Nave, Jr. | The person who does not use message encryption pdn at dwroll.dw.att.com | will soon be at the mercy of those who DO... Denver, Colorado USA | PGP public key: by arrangement. From newsham at wiliki.eng.hawaii.edu Mon Nov 8 14:38:44 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Mon, 8 Nov 93 14:38:44 PST Subject: Private and Public In-Reply-To: Message-ID: <9311082238.AA29867@toad.com> > > Hmmm... my post may well ignite some flames; but I can't go along with > the notion that this list is for purely tech discussion. Encryption is a > social and political issue as well as a technical one, isn't it? I would > think that it's more dangerous to ignore the social and political > ramifications than to have them out publically. Encryption is a social a political issue. This list however is a collection of people interested in the technical aspects of using encryption to increase privacy (crypto-privacy). Some of the people on this list may be interested in discussing the social and political issues, some of the people on this list may not be interested in discussing the political and social issues. The *one* thing that all subscribers to this list have in common is an interest in the technical aspects of crypto-privacy. Lets keep on topic. Like someone has said to the list before we are a collection of people with different goals and views, lets work together as long as we have to and no longer. From wex at media.mit.edu Mon Nov 8 14:43:03 1993 From: wex at media.mit.edu (Alan (Gesture Man) Wexelblat) Date: Mon, 8 Nov 93 14:43:03 PST Subject: Mostly offline digicash In-Reply-To: <9311081957.AA26361@pawpaw.mitre.org> Message-ID: <9311082241.AA21513@media.mit.edu> Joe Thomas' proposal to have the digicash issuers charge for it up front sounds fine to me. My point was not that we needed a specific theory, but that we needed a coherent theory to present when we propose digicash in the first place. --Alan From mccoy at ccwf.cc.utexas.edu Mon Nov 8 14:48:24 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Mon, 8 Nov 93 14:48:24 PST Subject: Private and Public In-Reply-To: <9311082141.AA13758@anon.penet.fi> Message-ID: <199311082243.AA02986@tramp.cc.utexas.edu> Apologies for the political nature of this message. To compensate, here is a little ObTechincal: So far the Blum-Blum-Shub PRNG has been pointed out to me as one of the better ones availble. I have a copy of a version for bc and am considering recoding it in C. Has anyone already done so or is there something better I should consider? The goal of this is to generate random one time pads for a DC network (and the output rate of the BBS generator worries me a little, but I want to start with "secure" and work to "fast" in later versions. And now the political: an41418 at anon.penet.fi (wonderer) writes: > > I disagree that income tax is a bad thing. What other way > does the government have of maintaining fairness across > income tax levels. Someone who only makes 15k a year should > not be expected to pay as much as someone who makes 200k. Wny not? Are they consuming different amounts of government services? There are really two kinds of taxes, those that seek to tax people based upon thier use of certain items and services (which is fairly constant among all members of a society) and those that seek to tax people so that the governement can redistribute part of thier earnings to those who did not earn as much. The idea of "fairness" you cite is a very relative term. Life is not fair, so why should we try to pretend it is? The truth is, the people who really get screwed are those in the middle. The poor pay little in taxes, and the rich are either powerful enough (to get tax loopholes put into laws) or smart enough (or can hire someoen smart enough...) that they pay very little in taxes. That leaves the people in the middle to shoulder the burden. > Income tax generates too much revenue to be that easily > dispensed with. Given the financial trouble our country > is already in, I hate to think of the consequences to > the budget if income tax disappeared. Maybe the government would collapse and disappear. Not a pretty thought, but considering how much financial trouble to this country has been _cuased_ by a bloated government, maybe something to consider... :) > Note: I do not enjoy paying this tax, but I'm glad to know > that the people making a lot more than I am are contributing > more. Why? Are you jealous of thier wealth? Do you seek to vindicate some perceived wrong? Do you think they consume more services from the government than they would otherwise pay for through usage taxes? Just curious... jim From hughes at ah.com Mon Nov 8 14:58:24 1993 From: hughes at ah.com (Eric Hughes) Date: Mon, 8 Nov 93 14:58:24 PST Subject: Private and Public In-Reply-To: <9311082141.AA13758@anon.penet.fi> Message-ID: <9311082252.AA10214@ah.com> I specifically asked for responses to my morning's short note on tax to be directed to my own mailbox. I do not intend to discuss it in this forum. I post this message here to repeat my request. Eric From newsham at wiliki.eng.hawaii.edu Mon Nov 8 15:13:05 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Mon, 8 Nov 93 15:13:05 PST Subject: Modem taps/Caller ID In-Reply-To: <9311082230.AA29752@toad.com> Message-ID: <9311082312.AA00818@toad.com> > > The recent discussions of tapping modem transmissions reminds me of > a scrap of data I saw about Caller ID [the service provided by the > phone company that displays the caller's phone number whenever your > phone rings]. Supposedly, the phone company transmits the caller's > number as a burst of 1200 or 2400 baud ASCII between the first and > second rings; if your modem is set up 'just right,' you can capture > the number with a PC. The number is transmitted in ascii at 1200 bits per second. The standard used to transmit the data is not the "normal" 1200 bps mode of your modem. Normally 1200 bps is accomplished by sending 300 symbols per second where each symbol conveys 4 bits of information. The caller ID info is transmitted at 1200 bps by sending 1200 symbols per second where one symbol conveys 1 bit of information. The method used is FSK, one frequency is sent for a 1 bit, and another for a zero bit. I dont have the frequencies on me, but if you are really interested I can get them to you later. I have no idea how you would get your modem to go into the right mode (and how it would react to data on the line before it goes off hook). > Philippe D. Nave, Jr. | The person who does not use message encryption > pdn at dwroll.dw.att.com | will soon be at the mercy of those who DO... > Denver, Colorado USA | PGP public key: by arrangement. From pmetzger at lehman.com Mon Nov 8 15:23:06 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Mon, 8 Nov 93 15:23:06 PST Subject: Private and Public In-Reply-To: <9311082141.AA13758@anon.penet.fi> Message-ID: <9311082322.AA10161@snark.lehman.com> wonderer says: > In response to Eric Hughs: > > I disagree that income tax is a bad thing. What other way > does the government have of maintaining fairness across > income tax levels. Why should anyone have taxes at all? Anyway, this is politics, not crypto. Lets take it off this list. Perry From ljenkins at mv.us.adobe.com Mon Nov 8 15:28:26 1993 From: ljenkins at mv.us.adobe.com (Luis Jenkins) Date: Mon, 8 Nov 93 15:28:26 PST Subject: Taxes Message-ID: <9311082328.AA09541@albertus.mv.us.adobe.com> > I disagree that income tax is a bad thing. What other way > does the government have of maintaining fairness across I am a relative novice in taxation policies, and among other things, I would like to hear recommendations from people in this list about books and/or articles to read, but the bad thing about income taxes is that it "gives" the government the "right" to snoop into all your affairs because they have to know what your income is. Having grown up in another country and lived in other countries, (that also have income taxes), but don't intrude so much into your private life, I must say that I was shocked the first time that I had to file an income tax declaration in the USA! Of all the countries where I have lived (four or five), this is the only place where *individuals* need to keep ridiculously detailed records of everything! And the only country I know where individuals routinely have to hire an accountant to be able to file a tax return ... Is moving to a consuption-based tax system part of the solution or not? Luis PS: I realize that this is not exactly a cypher issue, so is there a better place to discuss it? From ljenkins at mv.us.adobe.com Mon Nov 8 15:28:45 1993 From: ljenkins at mv.us.adobe.com (Luis Jenkins) Date: Mon, 8 Nov 93 15:28:45 PST Subject: Modem taps/Caller ID Message-ID: <9311082332.AA09544@albertus.mv.us.adobe.com> > Does anyone here know more about this? I would dearly love to set up a > program on the PC in my basement that could capture Caller ID data and There is a number of modems that will do this for you automatically. The Supra comes to mind, and I believe the Zyxel also does it. I do have the specs for CID somewhere, but off the top of my head I don't recall how it is transmitted. There was an intersting thread in comp.dcom.telecom about something called the "Presto Chango!" box, that transmits bogus CID information after the call is answered, so you can easily confuse most CID boxes in the market. Luis From jon at balder.us.dell.com Mon Nov 8 15:28:54 1993 From: jon at balder.us.dell.com (Jon Boede) Date: Mon, 8 Nov 93 15:28:54 PST Subject: Modem taps/Caller ID Message-ID: <9311082326.AA20402@balder.us.dell.com> > The recent discussions of tapping modem transmissions reminds me of > a scrap of data I saw about Caller ID [the service provided by the > phone company that displays the caller's phone number whenever your > phone rings]. Supposedly, the phone company transmits the caller's > number as a burst of 1200 or 2400 baud ASCII between the first and > second rings; if your modem is set up 'just right,' you can capture > the number with a PC. I don't know if this is particularly true but you can purchase modems that recognize caller-id and distinctive ring data. The caller-id information is printed between the RING and CONNECT strings. In particular, I have re-written the UNIX getty program in order to take these strings and put them in an environment variable before calling login. Since the getty actually uses ATA to answer the phone rather than setting S0=1, we have considered building a database of known troublemakers' phone numbers and then have getty let the phone ring away to NO CARRIER when said tarbs call. ZyXEL makes such a modem. Jon From jon at balder.us.dell.com Mon Nov 8 15:33:06 1993 From: jon at balder.us.dell.com (Jon Boede) Date: Mon, 8 Nov 93 15:33:06 PST Subject: PC random number hardware Message-ID: <9311082331.AA20436@balder.us.dell.com> Does anyone know of a commerical source (or schematics) for a good random bitstream generator -- something that you hang off of COM1 and read random bytes from? Can anyone refute the claim that you can only generate truly random numbers using hardware? I recall seeing a proof that totally random numbers could only be generated by an infinitely large program. Jon From mg5n+ at andrew.cmu.edu Mon Nov 8 15:33:26 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Mon, 8 Nov 93 15:33:26 PST Subject: Modem taps/Caller ID In-Reply-To: <9311082230.AA29752@toad.com> Message-ID: Philippe Nave" asked: > Does anyone here know more about this? I would dearly love to set up a > program on the PC in my basement that could capture Caller ID data and > log it in a database. Obnoxious callers (Olan Mills, local telemarketers, > etc.) could be identified easily, and I could program the modem to pick > up / hang up on those calls. Supra offers CallerID as an option on their high speed modems. From mg5n+ at andrew.cmu.edu Mon Nov 8 15:33:45 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Mon, 8 Nov 93 15:33:45 PST Subject: ID of anonymous posters via word analysis? Message-ID: Just reading this list I'm sure it would be fairly clear that word analysis could be used to identify posters. Reread a few posts on the cypherpunks list. Note who spells out "government" and who abbreviates to "gov't". Some people consistently use one or the other. Count who uses "though" and who uses "tho". Also look at who refers to "anonymous posters" and who talks about "nyms". I think you will notice some definent patterns. Other possible word favoritisms: cypherpunks/c-punks cryptography/crypto cipher/encryption America/USA England/UK baud/bps DigiCash/digital cash Internet/"the net" information/info Mail/E-mail/Net-mail Just looking at the above list I'm sure some of you will realize how much you favor using certain terms, others probably without noticing it. Sorting by subject is possible too. Notice that there is only a certain group of users who consistently discuss DCnets. Another group consistently mentions the IRS, and taxes. A different group typically discusses anonymnity and anonymous postings. Others tend to avoid certain topics. Think about your own postings and realize what topics interest you most. I don't think it would be too hard to establish a "text fingerprint" of people based on what words they use. Maybe when I have some time I'll write a program to do it and see how many different patterns/styles I can identify. P.S. Also note the variations in text markings to express emphasis. Note who CAPITALIZES, *stars* _underscores_ or Capitalizes The First Letters. From jim at bilbo.suite.com Mon Nov 8 15:48:26 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Mon, 8 Nov 93 15:48:26 PST Subject: Modem taps/Caller ID Message-ID: <9311082345.AA29747@bilbo.suite.com> Practical Peripherals sells a modem that also captures Caller ID info and makes it available to your comm program. I've also seen devices that do this for sale in the back of BBS magazines. Jim_Miller at suite.com From ski_man at mindvox.phantom.com Mon Nov 8 16:28:45 1993 From: ski_man at mindvox.phantom.com (Christopher M. Wisnos) Date: Mon, 8 Nov 93 16:28:45 PST Subject: Need Info Message-ID: <2J2Pcc1w165w@mindvox.phantom.com> Hi all, I'm brand spanking new to this list but I need to ask a favor I am doing an independent study on Public Encryption next semester and need some background info for my prof before the school will ok the class. Thuss I need some anon ftp sites and the such to gather some info, any help will be greatly appreciated Thanx ski_man at mindvox.phantom.com ( Chris Wisnoski) p.s. you can also e-nail me any info you have From anagld!decode!system at uunet.UU.NET Mon Nov 8 17:03:08 1993 From: anagld!decode!system at uunet.UU.NET (System Operator) Date: Mon, 8 Nov 93 17:03:08 PST Subject: LAW: Wireless interception Message-ID: <7FaPcc1w165w@decode.UUCP> Fellow Cypherpunks, Here's a couple excerpts from this month's _Search and Seizure Bulletin_, relating to interception of telephone calls. The first reiterates that ECPA covers interception of cellular telephone calls, whether intentional or not, even by the authorities. The second repeats that there is no expectation of privacy with cordless telephones. Interesting reasoning here: "the reasonableness of a cordless telephone user's expectation of privacy depends on the specific technology involved." By that reasoning, does the use of the new 900 MHz digital telephones (i.e. the VTech Tropez, etc.) infer a greater expectation of privacy, even though they are still cordless telephones? Anyway, here they are: ======================================================================= Interception of Call to Seized Cellular Telephone-- Language Barrier (Hawaii) United States v. Kim, 803 F.Supp. 352 (1992) Drug Enforcement Administration (DEA) agents questioned two men who had bought one-way plane tickets with cash. One of the men was Kim, a man agents had caught with more than eight grams of methamphetamine a month earlier. During the first encounter Kim had cooperated with the police and signed a statement containing a "boiler plate" paragraph. The paragraph stated Kim had read and initialed the statement and agreed all corrections had been made and the statement was true and correct. During the second incident, Kim gave officers permission to a search him. Police found a cellular telephone and a large amount of cash. At this point, Kim was transferred to federal custody. Kim again gave a statement and a written summary, containing the same boiler plate paragraph, and was released. The DEA seized the cellular telephone under a statute which allowed forfeiture of equipment used to carry out drug deals. Two days after the telephone had been seized, an agent activated it to learn the number. Within the space of a few hours, two calls came in. The agent learned from the second caller a "deliveryman'' was arriving that day and needed to know which hotel to go to. The agents knew Kim was staying at the Outrigger Phoenix Hotel. Agents went to the hotel room, knocked on the door, identified themselves, and threatened to "bust it down." Kim was ill and sleeping inside. Menchavez was staying with him. She tried to wake Kim when the police knocked, but was barely able to rouse him. She opened the door and, confronted by four agents with guns drawn, stepped back to allow them in. The agents lifted the naked Kim out of bed, slapped him, slammed him against the wall, and shouted at him. A search of the immediate area revealed $85,000 in cash. After the cash was discovered, Kim was given a consent to search form, which he signed. A further search uncovered 348 grams of methamphetamine. Kim was arrested and signed a third state- ment the following day. Kim asked the court to suppress his written statements, evidence seized during his initial encounter with the DEA and from his car, and all evidence seized as a result of the intercepted cellular telephone call. DECISION: The three statements and all evidence obtained as a result of the telephone call interception were suppressed. Drugs seized during first encounter were admissible. The court said cellular telephone calls are protected under the Electronic Communications Privacy Act of 1986, just as standard telephone calls are, and cannot be intercepted with- out a warrant. Accordingly, the DEA agent's interception of the call to Kim -- although unplanned-- was illegal and all evidence seized as a result of the interception remained inadmissible. Even if the interception had been legal, the evidence would have been suppressed because 1) Menchavez did not give the agents permission to enter the hotel room--she stepped back from the door because agents had threaten to push it down and had weapons drawn; and 2) Kim, being sick, naked, and abused, did not voluntarily consent to a search of the hotel room. Because the entry and search were illegal, Kim's statement made the following day was inadmissible against him. Kim's first two written statements were suppressed. Given Kim's first language was Korean and evidence showed he had a limited understanding of the boiler plate paragraph, it could not be proved the statements were accurate. The methamphetamine taken from Kim during the DEA's first encounter with Kim was admissible. Kim consented to the search of his pockets. United States v. Gallo, 659 F.2d 110 (1981). ============================================================= Expectation of Privacy Cordless Telephone Conversations Monitored Without Warrant (Texas) United States v. Smith, 978 F.2d 171 (1992) Varing believed his next door neighbor, Smith, had burglarized his house. Varing used a scanner to monitor Smith's cordless telephone conversations. When Varing overheard Smith discussing drug deals, Varing contacted police. The police asked Varing to tape the conversations, provided cas- sette tapes, and were present during some of the monitoring. No warrant was obtained. As a result of the monitoring, Smith was arrested and charged with narcotics offenses. Smith argued the warrantless monitoring and recording of his telephone conversations vio- lated his Fourth Amendment rights and the Omnibus Crime and Control and Safe Streets Act of 1968 (Wire Statute). He was convicted and appealed. DECISION: Affirmed. Smith failed to produce evidence he reasonably expected his cordless telephone conversations would remain private. A violation of the Fourth Amendment occurs when government activity significantly intrudes on a person's reasonable expectation of privacy. Depending on the particular technology involved, it may or may not be reasonable for a cordless telephone user to expect his or her conversation will remain private. Early cordless telephones transmitted to commercial radio frequencies and conversations could be overheard inadvertently; some new cordless telephones cannot be monitored without very sophisticated equipment. Accordingly, the reasonableness of a cordless telephone user's expectation of privacy depends on the specific technology involved. Smith failed to offer any evidence that his belief his conversations would remain private was reasonable. The Wire Statute explicitly excludes cordless telephones from its scope. ===================================================================== _Search and Seizure Bulletin_ is published monthly by Quinlan Publishing Company, 23 Drydock Avenue, Boston, MA, 02210-2387. ISSN 0037-0193. I am operating under the assumption that relating these excerpts is covered under the fair use doctrine. Also, I have no connection with Quinlan Publishing Company other than as a satisfied customer. Dan -- system at decode.UUCP (System Operator) Cryptography, Security, Privacy BBS +1 410 730 6734 Data/FAX From mg5n+ at andrew.cmu.edu Mon Nov 8 18:08:28 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Mon, 8 Nov 93 18:08:28 PST Subject: Taxes In-Reply-To: <9311082328.AA09541@albertus.mv.us.adobe.com> Message-ID: ljenkins at mv.us.adobe.com (Luis Jenkins) wrote: > PS: I realize that this is not exactly a cypher issue, > so is there a better place to discuss it? If you're in favor of reducing or eliminating taxes, you might want to bring up the subject on libernet-d (libernet-d-request at dartmouth.edu), otherwise take it to one of the alt.politics groups. From tcmay at netcom.com Mon Nov 8 18:43:07 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 8 Nov 93 18:43:07 PST Subject: Wired 1.6 is not yet publically available Message-ID: <199311090242.SAA11545@mail.netcom.com> Cyphertentacles, A couple of you have asked about "Wired" and the availability of the new issue, 1.6. Especially as the first "monthly" issue, 1.5, has only been out a few weeks. (And it mentions a strange thing called "BlackNet" on page 32, as sharp observers have noted.) I've been told by Sandy Sandfort that the issue is not yet on the newstands, and may not even be sent out to contributor and subscribers for a couple more weeks....so no point in looking for it now. How'd I get one, then? Well, we found hundred of copies of 1.6 on our dinner tables Friday night at the Hackers Conference. The FinCEN article that I mentioned was thus a fine preparation for the Crypto panel later that evening. Speaking of which, it went quite well. Personally, I liked the panels on "agents and agoric computing," the talk on "algorithmic investing," and the demoes of some truly impressive virtual reality work at Sun. Maybe the crypto stuff is old hat to me. But lots of folks were extremely interested, many even claiming it was their favorite panel. The panelists were Peter Honeyman, Phil Karn, Eric Hughes, Mike Godwin, and John Draper, with me nominally as the moderator. A "BOF" ("birds of a feather," a SIG by another name) session was held in the early hours of Saturday, with even more interest. We may get another wave of new members on the list. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From 0811wksh at ties.k12.mn.us Mon Nov 8 19:08:28 1993 From: 0811wksh at ties.k12.mn.us (Wabasha-Kellogg High School) Date: Mon, 8 Nov 93 19:08:28 PST Subject: Tropez phones Message-ID: I'm new. Has anyone dissected one of the beasties yet & posted protocol, internals, etc? From 0811wksh at ties.k12.mn.us Mon Nov 8 19:08:45 1993 From: 0811wksh at ties.k12.mn.us (Wabasha-Kellogg High School) Date: Mon, 8 Nov 93 19:08:45 PST Subject: Caller ID Message-ID: I believe the frequencies used for Caller ID are per Bell 202, a straight FSK data standard. I have a copy around here somewhere & will post the appropriate numbers unless someone tells me it's NOT 202 before I find the spec ..... ... .. /s/ Bill From nobody at shell.portal.com Mon Nov 8 19:09:02 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Mon, 8 Nov 93 19:09:02 PST Subject: No Subject Message-ID: <9311090306.AA18162@jobe.shell.portal.com> i've heard rumors that one or more pgp key servers have been shut down due to lawyers letters from bidzos and/or pkp. anyone have any facts? From tcmay at netcom.com Mon Nov 8 19:33:07 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 8 Nov 93 19:33:07 PST Subject: TEMPEST, Van Eyck Radiation, and Eavesdropping Message-ID: <199311090331.TAA18597@mail.netcom.com> TEMPESTpunks, The theme of TEMPEST/RF/eavesdroping/Faraday cages/Van Eyck Radiation/etc. comes up on this list every month or so, nearly as often as the threads about generating random numbers in hardware. (If you don't know about eavesdropping on computer sessions by monitoring and decoding RF emissions by the computers, keep reading this list and the topic will pop up, as it just has!) Anyway, I found this item interesting. I'm not yet sure we need to become "Faraday-Cage-punks quite yet, but the articles and laws mentioned in this report might be useful for someone. From: mitchell at ncsa.uiuc.edu (myself) Newsgroups: talk.politics.crypto Subject: Re: illegal taps Date: 8 Nov 1993 22:39:54 GMT Distribution: world Reply-To: mitchell at ncsa.uiuc.edu (myself) In article <2bjdvm$6gh at vixen.cso.uiuc.edu>, trh42502 at uxa.cso.uiuc.edu (Dream Weaver) writes: |> I suggest that this be the last post here, as the topic is going well |> out of the groups charter. Please redirect, somewhere else. |> |> This officer was in the same way. He freely admited that he was monitoring |> cellular freqs. My reading of the posting as that he had no idea that this was |> illegal. BAD training, and/or lack of understanding of technology based laws! |> It needs to be emphasized to police that just because something is |> transmitted in the air does not mean they can listen to it! Ordinary |> telephone lines transmit, microwave repeaters for long distance & etc. |> Does anyone know if Tempest or any other non-visual surveillance is |> legal without a warrant? |> There is a file available from NIST discussing TEMPEST tech, and its legal status. It is quite an interesting read. Anonymous ftp to csrc.ncsl.nist.gov file /pub/secpubs/tempest.txt It summarizes the legal status of TEMPEST as follows: The use of TEMPEST is not illegal under the laws of the United States3, or England. Canada has specific laws criminalizing TEMPEST eavesdropping but the laws do more to hinder surveillance countermeasures than to prevent TEMPEST surveillance. In the United States it is illegal for an individual to take effective counter-measures against TEMPEST surveillance. This leads to the conundrum that it is legal for individuals and the government to invade the privacy of others but illegal for individuals to take steps to protect their privacy. The reason for the preventive equipment being illegal is that it is classified. (Shocker!) The eavesdropping is legal due to the fact that the radiation emitted in not considered to be a 'communication', and hence is not covered by ECPA, etc. I am leaving this followup in talk.politics.crypto due to the fact the as crypto gets better, the best way to 'crack' it will be through techniques such as TEMPEST. Even a one-time pad doesn't help if your opponent can read monitor from a half-mile away! Anyway, I highly recommend that everyone interested in this thread get a copy of the file. Curious that it should show up on an NIST server. Looks more like something EFF would be distributing. -David Mitchell |> Tom |> |> ______________________________________________________________________________ |> Tom Hilquist Internet:t-hilquist at uiuc.edu |> Disclamer: I didn't write this! Email for PGP Public Key |> PGP 2.3a Key fingerprint = 20 FF CA 46 1D B8 CD 55 F7 9D 71 B0 BD B7 B3 B5 From tcmay at netcom.com Mon Nov 8 19:48:29 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 8 Nov 93 19:48:29 PST Subject: (fwd) Clipper and Tipper on Route 666 Message-ID: <199311090345.TAA20358@mail.netcom.com> I was able to "christen" a brand new newsgroup, "alt.politics.datahighway," with this posting. For those of you who have announced that you do not like to see political points raised in the Cypherpunks group, that only serious discussion of the XJ9 e-mail protocols and their MIME compliance is a worthy topic, I say that a bit of politics is always appropriate. In any case, Cyperpunks believe in kill files, I hope. -Tim Newsgroups: alt.politics.datahighway From: tcmay at netcom.com (Timothy C. May) Subject: Clipper and Tipper on Route 666 Date: Tue, 9 Nov 1993 03:11:10 GMT The Clipper chip, introduced by the Clinton Administration to ensure that they can easily listen in on our phone conversations, is closely related to Albert Gore's "National Information Infrastructure." To ensure that the Net of the Future is safe for K-12 outings and field trips and that perverts and dissidents are kept off this national resource, a special chip has been developed which censors obscene speech, rock music lyrics, and non-Baptist religious speech. This chip is known as the "Tipper" chip. (Many other chips exist in this family of "X-ippper" chips, including the Navy's Flipper chip, RCA's Nipper chip, DEC's Pipper chip, and so on.) Perhaps we can encourage the "700 Club," which did an excellent attack piece on Clipper (yes, seriously, they did), to attack the ClintonNet "data superhighway." I suggest they call it "Route 666." As you may be able to tell from my satire here, I consider the Data Superhighway a boondoggle at best and a dangerous move toward centralilzed computing at worst. A few days ago, at the Hackers Conference, I expressed this view to Tom Kalil, of the White House. He apparently is one of the charmingly named "policy wonks" responsible for planning our digital future. A pleasant enough guy, but I don't want him or any other policy wonk planning the future of the networks. The free market has produced--and is continuing to produce at a breakneck speed--a diverse, vigorous international network. From local LANs to fiber to satellites to a variety of even faster links, there is no lack of alternatives. And unlike the National Interstate Highway System, to which the NII is often compared (perhaps wrongly...), there is absolutely no need for the government to get involved. No land is needed (as was the case in the 1950s when the Interstates were being built), and no centralized planning is needed. Do we want networks built and run by the equivalent of the Postal Service--or by the equivalent of FedEx and Airborne? A government effort will likely skew normal market forces, lay network lines in places they are not needed, be built by the pork barrel procurement policies that have given us so many other boondoggles, and will turn engineers into proposal-writing pigs at the public trough. I say we kill the Data Superhighway the way we killed the Supercollider. Except, this time let's do it before we spend a few billion bucks we don't have. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From warlord at MIT.EDU Mon Nov 8 20:38:32 1993 From: warlord at MIT.EDU (warlord at MIT.EDU) Date: Mon, 8 Nov 93 20:38:32 PST Subject: [alt.security.pgp] pgp.iastate.edu service discontinued Message-ID: <9311090437.AA11307@podge.MIT.EDU> This was sent over the net, and should answer your question about KeyServers. The other keyservers are all operational. -derek ------- Start of forwarded message ------- Newsgroups: alt.security.pgp From: explorer at iastate.edu (Michael Graff) Subject: pgp.iastate.edu service discontinued Organization: Iowa State University, Ames IA Date: Fri, 5 Nov 1993 21:08:12 GMT Due to circumstances I cannot control, I can no longer support a public key server on pgp.iastate.edu. Please use one of the other server sites for key exchanges. --Michael -- Michael Graff Speaking for myself, not Project Vincent Voice: (515)294-4994 for ISU or the ISUCC Iowa State Univ Comp Center Fax: (515)294-1717 Ames, IA 50011 -=*> PGP key on pgp-public-keys at pgp.iastate.edu <*=- ------- End of forwarded message ------- From doug at netcom.com Mon Nov 8 21:03:07 1993 From: doug at netcom.com (Doug Merritt) Date: Mon, 8 Nov 93 21:03:07 PST Subject: Mark Abene (Phiber Optik) sentenced Message-ID: <199311090503.VAA01852@mail.netcom.com> gtoal at an-teallach.com (Graham Toal) >Dunno if this is how they did it, but you get *perfect* data tapping >if you record digitally off the exchange trunks... "Perfect" reproduction of an analog signal that may be noisy and smeared, you mean. The original critique holds. Your argument applies if and only if the entire transmission is digital from one end to the other. Doug From doug at netcom.com Mon Nov 8 21:23:32 1993 From: doug at netcom.com (Doug Merritt) Date: Mon, 8 Nov 93 21:23:32 PST Subject: Private and Public In-Reply-To: Message-ID: <199311090524.VAA05639@mail.netcom.com> Arthur Chandler said: > Does the government have the right to know how much money I make, and >from what sources? The IRS says yes, absolutely. [...] > Right now, there seems to be a kind of social contract between us and >the government: it protects us, provides free schools, etc etc, in >exchange for which we have to pony up a fair share of our earnings. It >follows, doesn't it, that the government has a right to enforce its laws >saying that everyone must pay that fair share of taxes? > [...] What do you think? I'm a non-standard brand hybrid Libertarian plus other noncategorizable views, and I agree with the notion of the social contract, but I have critiques that fall outside anything you said, which cause me to view with pleasure the possibility of short-circuiting the previous government taxation schemes. I think that government supported infrastructure can be a good thing; I approve of having fire services which are not profit centers, for instance. On the other hand, I'm in favor of minimizing such things, whereas governments tend to maximize the number of "services" and therefore also taxes to support them. Governments and their bureaucracies and services and laws etc. appear to inescapably grow ever-larger over time, regardless of the impact of that bloating. I see online crypto-banking and related technologies/services as a trend that will force governments to downsize back to their appropriate role of providing only the most necessary of infrastructure. The precise nature of "most necessary" is highly controversial. But if they can only collect as much taxes as people are willing to pay in order to maintain minimum infrastructure, then it becomes a system that continues to stay in equilibrium rather than growing out of control. In other words, avoid the tyranny of the majority and of self-serving representative democracy, and create a world in which we get only that which we are willing to pay for. People will pay a lot for that which is truly valuable. At the moment we are a long way from getting what we pay for. Doug -- Doug Merritt doug at netcom.com Professional Wild-eyed Visionary Member, Crusaders for a Better Tomorrow Unicode Novis Cypherpunks Gutenberg Wavelets Conlang Logli Alife HC_III Computational linguistics Fundamental physics Cogsci SF GA VR CASE TLAs From doug at netcom.com Mon Nov 8 21:38:32 1993 From: doug at netcom.com (Doug Merritt) Date: Mon, 8 Nov 93 21:38:32 PST Subject: Private and Public In-Reply-To: Message-ID: <199311090536.VAA08446@mail.netcom.com> "Perry E. Metzger" said: >However, this entire topic belongs on places like talk.politics.misc, >not cypherpunks. I would suggest that it be conducted elsewhere. I very strongly disagree. The social, political, and economic impact of cryptographic techniques is at least as important as the technology itself. Pure algorithms can be discussed in sci.crypt, after all. Cypherpunks do not have a common agenda, but we do share an interest in how the future world will be shaped by cryptographic technology. >Personally, I don't believe there is such a thing as a social contract -- >I never signed anything, and from what I can tell the terms on the social >contract are ones I would never have accepted. Incorrect. You have complete freedom as to your citizenship. Any time that you choose, you are free to renounce your citizenship, and thereby reject the contract that citizenship gives you. Naturalized citizens of a country/government *very* explicitly enter into the contract; those of you born into citizenship tend to not to think about the subject very deeply, but basically you are simply being granted the privilege of skipping the formalisms, on the assumption that you either accept the contract, or will explicitly opt out. If you continue to accept the freely-granted citizenship you were born into, then you are also accepting the entire contract, like it or not. If you truly reject the contract that U.S. citizenship obligates you to, with all its positive and negative points, then go ahead and give it up. Put your money where your mouth is. Otherwise, accept that citizenship is a two-way street, and work within that system to change it to your tastes, rather than denying that the contract even exists. >I would be happy to >purchase what the goverment give me on the open market -- I see no >need for government to be involved in mail delivery or garbage >collection or schools or any of the other things it runs -- from what >I can tell all it touches turns to crap. I completely agree. But this is quite a different subject. Doug -- Doug Merritt doug at netcom.com Professional Wild-eyed Visionary Member, Crusaders for a Better Tomorrow Unicode Novis Cypherpunks Gutenberg Wavelets Conlang Logli Alife HC_III Computational linguistics Fundamental physics Cogsci SF GA VR CASE TLAs From doug at netcom.com Mon Nov 8 21:48:34 1993 From: doug at netcom.com (Doug Merritt) Date: Mon, 8 Nov 93 21:48:34 PST Subject: ID of anonymous posters via word analysis? In-Reply-To: Message-ID: <199311090544.VAA09471@mail.netcom.com> Eli Brandt said >And in the alt.folklore.urban FAQ we find: >F. Russian/Chinese mechanical translator translates "out of sight, out of mind" > into "blind and insane". Also "Spirit is willing, but the flesh is weak" > as "the drink is good but the meat is rotten." > >(The "F" means "known to be false") I think we were already agreeing that the folklore is false. The remaining question is 'where did it originate'? My hypothesis was that it came out of a linguistic research paper giving an example. Doug From doug at netcom.com Mon Nov 8 21:53:12 1993 From: doug at netcom.com (Doug Merritt) Date: Mon, 8 Nov 93 21:53:12 PST Subject: Private and Public In-Reply-To: Message-ID: <199311090553.VAA10667@mail.netcom.com> Arthur Chandler says: > Hmmm... my post may well ignite some flames; but I can't go along with > the notion that this list is for purely tech discussion. "Perry E. Metzger" said: >I'm sorry that "you can't go along" with that, but I'm afraid that you >don't have much choice: it isn't your list. Gee, Perry, too bad for you, but it isn't *your* list, either. You are assuming you speak for the list in your response. You're no spokesman. This list is as unmoderated as any newsgroup. Your tastes have no enforcement power. Arthur can and will post about whatever he likes. >Many of us have gotten >burned out from a number of very long arguments on this list, and >politics was not part of the charter to begin with. Tell you what...for the sake of all of us newcomers, why not quote the initial charter? Perhaps it would help us all focus. That could be a good thing. If no one does so, then you can expect people to continue posting about their own personal interests, whether or not it matches your view of appropriateness. Doug From doug at netcom.com Mon Nov 8 22:03:11 1993 From: doug at netcom.com (Doug Merritt) Date: Mon, 8 Nov 93 22:03:11 PST Subject: Public and private. Message-ID: <199311090600.WAA11575@mail.netcom.com> GRABOW_GEOFFREY at tandem.com said: >As to the gov't tracking every penny that I earn, the only alternative to an >income tax is an extremly high sales tax. This is extremely unfair to those >on the lower end of the wage scale. This can be avoided simply by exempting subsistence items, just as current food stamps pretend to do. This is *almost* a digression from the topics of the list, but not quite. The connection is that consequences like this and strategies to handle them are very much an issue when we talk about deploying new technologies. Crypto-technology will change the world, will he nil he; we can either shrug off the consequences, or we can plan for them. Doug From doug at netcom.com Mon Nov 8 22:18:33 1993 From: doug at netcom.com (Doug Merritt) Date: Mon, 8 Nov 93 22:18:33 PST Subject: PC random number hardware Message-ID: <199311090616.WAA14018@mail.netcom.com> jon at balder.us.dell.com (Jon Boede) said: >Can anyone refute the claim that you can only generate truly random numbers >using hardware? I recall seeing a proof that totally random numbers could >only be generated by an infinitely large program. Assuming a bit of leeway in interpretation, this is trivially true mathematically. There's a great von Neumann quote that goes something like "anyone who uses finite state machines to generate supposedly random numbers is, of course, living in a state of sin." Use of hardware random number generation does not automatically confer a state of grace, however. Such processes sample through an aperture and are subject to the Nyquist limit, the General Uncertainty Principle, and frequently the Central Limit Theorem as well, which is to say that you still have to mind your p's and q's quite carefully. Doug From nobody at shell.portal.com Mon Nov 8 22:33:11 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Mon, 8 Nov 93 22:33:11 PST Subject: TEMPEST Defenses and average Van Eck Gear... Message-ID: <9311090632.AA27475@jobe.shell.portal.com> Hi All.... #1 using personal countermeasures against emanation eavesdropping IS defnitely NOT illegal. #2 So few people have actual experience with Van Eck gear either the ConsumerTronics Model or the Pk Electronics German Device or the version made by a firm in england. First of all Van Eck Monitor Eavesdropping seems to be a deeply shrouded subject even for most engineers and for most c-punks. Its basically a system for reconstruction of the sync signal for monitor radiation received with a standard tuning mechanism... It is VERY similar to various Pay TV Decode Schemes mentioned and detailed in Radio Electronics over the past several years combined with a Monitor and a high gain amplified antenna... VERY specific plans are available from consumertronics for 25.00. And protecting against Van Eck can be extensive as a faraday cage or a subtle as conductive Wallpaper. floors, doors and windows... it really depends on the economic resources of your adversary and how much of a bother you are... Sam Hill p.s. Careful monitor placement if you have A LOT(at least 50) computers/ monitors can use noise data displayed on non-critical monitors to mask emanations of a single monitor where critical data IS handled.. $3-25k spent by a firm on acquiring the technology for internal survey can save LOTS of money from having to Faraday Cage an Entire Data Center... As for eavesdropping on bus/circuit emanation we will take that up at another time From rustman at netcom.com Mon Nov 8 23:03:11 1993 From: rustman at netcom.com (Rusty Hodge) Date: Mon, 8 Nov 93 23:03:11 PST Subject: TEMPEST, Van Eyck Radiation, and Eavesdropping Message-ID: <199311090703.XAA25150@mail.netcom.com> As FCC regulations become tighter, the issue of Van Eyck Radiation will go down some. In 1974, when we had a Motorola Exorbus 6800 development system; the neighbors could tell what we were doing on it by the RFI to their TV sets. My 1993 Quadra doesn't even totally wipe out a receiver sitting next to it. > First of all Van Eck Monitor Eavesdropping seems to be a deeply shrouded > subject even for most engineers and for most c-punks. > > Its basically a system for reconstruction of the sync signal for > monitor radiation received with a standard tuning mechanism... More reason to use a LCD panel or EL display. None of this messy sync radiation. > And protecting against Van Eck can be extensive as a faraday cage or > a subtle as conductive Wallpaper. floors, doors and windows... If you can still receive the AM broadcast band inside your conductive wallpapered room, I would not feel comfortable about attenuation being provided. ;-> -- Rusty H. Hodge A+Plus Technology & Design (714) 639-4949 1407 North Batavia Street, Suite 107, Orange, CA 92667 FAX (714) 639-3311 From greg at ideath.goldenbear.com Mon Nov 8 23:08:34 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Mon, 8 Nov 93 23:08:34 PST Subject: Nymalizer, politics on the list Message-ID: Will an input-oriented (recognition mode) Nymalizer be able to differentiate between the outputs of "actual people" (ha) and actual people as filtered through output-oriented (generation mode) Nymalizers? After all, once we discover that username 'x' posts using LOTS of CAPITALIZED words and phunny SPELLINGS and so forth, it doesn't seem so hard to turn a Nymalizer into a filter which would create (or at least describe to a human creator) text which would fit that pattern .. I'm pleased to see that Perry now supports moving politics off the list; his posts do make me wonder if he's being spoofed, as he cheerfully participated in the econ-flames of a month ago. Still, I wholeheartedly support either him or the spoofer in their call to take the politics somewhere else. -- Greg Broiles greg at goldenbear.com Baked, not fried. From nobody at shell.portal.com Tue Nov 9 01:03:32 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Tue, 9 Nov 93 01:03:32 PST Subject: No Subject Message-ID: <9311090903.AA10563@jobe.shell.portal.com> Re the Phiber Optik case. I understand that only vanilla, split-band modems (1200, 2400 baud) were tapped, on the analog loop. They were, and still are, common in the mundane telco world. Throw a bandpass filter on the upper half of the audio band, get the answer data. Throw a filter on the lower half, get the originate data. Much MUCH easier than tapping modern full-duplex full-band modems with echo cancellation and compression. I know some of the datacops involved, and I seriously doubt they have a clue about how to handle V.32 without help from the NSA, which DOES know how to intercept them. Of course, even if the modems had NSA-proof encryption built in, the victim could always intercept the decrypted data on the DTE connector... cracking is and will remain a risky and stupid thing to do... From ld231782 at longs.lance.colostate.edu Tue Nov 9 01:13:10 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 9 Nov 93 01:13:10 PST Subject: Real Identity: valid or worthless? Message-ID: <9311090910.AA05504@longs.lance.colostate.edu> Many have sent me mail along the lines, `the concept of real identity is fading away completely. It no longer has any meaning. You simply don't get it. There are no distinctions between imaginary and real identities.' But that is not my complaint, that you have an arsenal of imaginary identities to play with. It is when you wish to pretend that they are *real* that I object. Society actually tolerates anonymity and pseudonymity. They say, `if you are not willing to affix your name to your opinions, they WEIGH LESS than if you do.' (some may say they are `worthless' -- but that is their opinion, and they are entitled to it!) We cannot ever change that. That is a Universal Law. If I volunteer to be responsible for everything I write, that automatically carries far more intrinsic weight and `reputation capital' than any monster's tentacle or Medusa's snake. Identity, reputation, and value are interchangable! And the choice of whether I am responsible for my writing and actions *can* be made, recorded, and enforced! It is not allowable that anonymous opinions be *globally* censored, but it is entirely acceptable, and necessary, there be the capability for individual, *local* filtering. Many cypherpunks denigrating the value of *real* identity and blurring the distinction of real and imaginary identities are casting out wretched lies. They intrinisically recognize the implicit existence of the fundamental distinction between real and imaginary identities, and the extreme value of *real* identity between the two, while at the same time denying it all. The PSYCHOPUNKS seek to STEAL REAL REPUTATION with PSEUDOSPOOFING of IMAGINARY IDENTITIES. they would gain no profit if no one trusted any identity (the philosophy they simultaneously advocate and defame)! they only gain so long as the system of trust they rob from is in place! If no one trusted the system (as they exalt and defame, again, as the context suits them), they would no longer be able to rob from it! In their deceptive sham and confidence game, they *lie* that they are accountable for their opinions! And defraud all the investors who believe it! They understand: the distinction of real and imaginary identities is a an extremely powerful mechanism that involves intense levels of trust. And wherever there is value and trust, the criminals zoom in on! ``we can steal real reputation with imaginary identities by corrupting any system that distinguishes between real and imaginary identities.'' Nothing but the ancient criminal refrain, ``we can steal money from honest people with criminal means by corrupting any system that protects honest people's money.'' Or, in the root form, ``we can steal money by tricking honest people.'' pseudospoofers are nothing but REPUTATION THIEVES. of course they exalt the system they rob from! and deny that there is any way to embezzle gold from the treasury! they even deny the gold has any value! why, they are providing a valuable public service by relieving everyone of their gold who is too ignorant to realize it can be stolen! What utter, shameful, poisonous hypocrisy. I hope you all choke on your own poison. I have news for you, psychopunks, THE TREASURY IS BARE. From szabo at netcom.com Tue Nov 9 01:48:33 1993 From: szabo at netcom.com (Nick Szabo) Date: Tue, 9 Nov 93 01:48:33 PST Subject: (fwd) Clipper and Tipper on Route 666 In-Reply-To: <199311090345.TAA20358@mail.netcom.com> Message-ID: <199311090948.BAA19140@mail.netcom.com> Tim May suggests we called the "Data Superhighway" > "Route 666." In Unix file permissions 666 means the file is readable by world. Apropos for a panoptic net where encryption is banned or "Clipped". Nick Szabo szabo at netcom.com From frissell at panix.com Tue Nov 9 03:38:36 1993 From: frissell at panix.com (Duncan Frissell) Date: Tue, 9 Nov 93 03:38:36 PST Subject: Private and Public Message-ID: <199311091138.AA22014@panix.com> To: cypherpunks at toad.com A >the government: it protects us, provides free schools, etc etc, in A >exchange for which we have to pony up a fair share of our earnings. You should know that there are people out there who would use deadly force to resist government attempts to provide *their* children with free schools. To avoid a political argument which some may feel would be inappropriate for cypherpunks -- you should consider that social systems are dependent on the power relationships among individuals and groups in society. As technology changes, this balance of power changes. Social systems which depend upon the people being weak and the government strong, cannot survive an increase in the physical powers possessed by the people. This is a technological phenomenon. One of the public services that groups like cypherpunks can perform is to give both the rulers and the ruled some advance warning of the transformations that are on the horizon so that both groups can adjust their plans. Rather than debating whether or not the people owe the government information about themselves, you should argue about whether or not the government has the technological capability to discover information about people. In the absence of such capability, government "rights" to have the information are merely rhetoric. Duncan Frissell --- WinQwk 2.0b#1165 From m5 at vail.tivoli.com Tue Nov 9 06:38:39 1993 From: m5 at vail.tivoli.com (Mike McNally) Date: Tue, 9 Nov 93 06:38:39 PST Subject: ID of anonymous posters via word analysis? In-Reply-To: Message-ID: <9311091431.AA17374@vail.tivoli.com> Matthew J Ghio writes: > Just reading this list I'm sure it would be fairly clear that word > analysis could be used to identify posters. Though I agree with some other contributors that iron-clad identification may require substantial amounts of material, I think Mr. Ghio's point is correct to the extent that a party can satisfy itself informally that a particular anonymous post is from some well-known identity. Though the evidence may be useless in a legal sense, that's not a problem in some contexts. For example, if Bob Scum is posting anonymously some risky notes to a particular mailing list or newsgroup, it may be quite unfortunate for Bob if mere suspicion arises that the notes are from him. That suspicion need not be based on admissable-in-court evidence; if it's noted by someone that both Bob and the anonymous author routinely use the word "copacetic", things could heat up for poor Bob. If the risky notes involve some socially unacceptable topics like drug use or pornography, the fact that Bob can't actually be convicted is unimportant. -- Mike McNally From cfrye at ciis.mitre.org Tue Nov 9 07:53:12 1993 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Tue, 9 Nov 93 07:53:12 PST Subject: ID of anonymous posters via word analysis? Message-ID: <9311091556.AA06521@ciis.mitre.org> Mike McNally writes: >Though I agree with some other contributors that iron-clad >identification may require substantial amounts of material, I think >Mr. Ghio's point is correct to the extent that a party can satisfy >itself informally that a particular anonymous post is from some >well-known identity. Though the evidence may be useless in a legal >sense, that's not a problem in some contexts. > >For example, if Bob Scum is posting anonymously some risky notes to >a particular mailing list or newsgroup, it may be quite unfortunate >for Bob if mere suspicion arises that the notes are from him. That >suspicion need not be based on admissable-in-court evidence; if it's >noted by someone that both Bob and the anonymous author routinely use >the word "copacetic", things could heat up for poor Bob. If the risky >notes involve some socially unacceptable topics like drug use or >pornography, the fact that Bob can't actually be convicted is >unimportant. True, though the probability that two individuals would (over)use a particular word or phrase is high enough where "heating things up" would be unjustified, especially if spoofing were involved. Consider the reverse of the analytical process -- I want everyone to believe I'm Joe X, so I do a text analysis of his messages, write my own, analyze my message in comparison with Joe's, and modify it until the (or an) engine's algorithms spit out a score indicating that I'm Joe. Spoofing deluxe! I don't mean to say that informal analysis doesn't have its place, but we need to be careful about jumping to conclusions and potentially "heating things up" for innocent individuals or "convicting" them in the Court of Net.Opinion absent sufficient proof. I would agree that these analyses might form the basis for a reasonable suspicion that a particular individual is resposnible for bothersome anonymous posts, providing grounds for sysadmin notification. Curtis D. Frye cfrye at ciis.mitre.org "If you think I speak for MITRE, I'll tell you how much they pay me and make you feel foolish." From clark at metal.psu.edu Tue Nov 9 08:28:39 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Tue, 9 Nov 93 08:28:39 PST Subject: (fwd) Clipper and Tipper on Route 666 Message-ID: <9311091636.AA10566@metal.psu.edu> I must say I had never considered the possibility that the Data Superhighway itself might be a scam; but it's an interesting possibility. With all the hideous legislative work they cribbed from the Bush clan, a former CIA chief; how surprised would you be to find that the Data Superhighway AND Clipper Chip proposals were intended to be enacted almost simultaneously; to rein in the Internet. Perhaps the spooks have, as we all know, been buying CD-ROMS and grepping 'em. It could be a conspiracy to establish complete government surveillance of all computer equipment. I may simply be being paranoid, here, but in political situations which smack of unlikely coincidence; one must occasionally ask the rhetorical question _Cui bono_? In this case, a number of people stand to benefit; and, oddly, the people seem to be predominantly in the government. I'm not entirely serious about this theory, and I do present it semi-satirically, as a perspicacious few may have noted; but perhaps the topic shall stir up a bit of debate. "Route 666." I like that. How does one get hold of Pat Robertson's people? And get him to think we're good Christian boys, so they'll do it? I think Pat's _already_ pissed about this Clipper thing, and he'd be happy to talk about evil liberal perfidy in the White House. Anyone have their FAX numbers and addresses? ---- Robert W. F. Clark PGP Key Available Upon Request rclark at nyx.cs.du.edu clark at metal.psu.edu From 0811wksh at ties.k12.mn.us Tue Nov 9 08:43:11 1993 From: 0811wksh at ties.k12.mn.us (Wabasha-Kellogg High School) Date: Tue, 9 Nov 93 08:43:11 PST Subject: "Philosophical" politics in technical groups Message-ID: It seems to me the reason some "techies" insist on posting soft political discourse in thecnical groups is that no one will listen to them in the groups designed for soft politics, or flames them when they bring up "nuts & bolts" issues. Maybe we need a new news thread for people who want to argue soft politics only with technically oriented people so they don't have to put up with all those other people who disagree with them for no reason. From kinney at ucsu.Colorado.EDU Tue Nov 9 08:44:11 1993 From: kinney at ucsu.Colorado.EDU (W. Kinney) Date: Tue, 9 Nov 93 08:44:11 PST Subject: Cyphergurus: Advice needed Message-ID: <199311091643.AA11260@ucsu.Colorado.EDU> -----BEGIN PGP SIGNED MESSAGE----- I'm writing a Macintosh encryption application (nearing completion), which, when it encrypts a file, changes its file type and creator so that the encryption program will be launch when the file is double-clicked. I have to save four pieces of information about the original plaintext: file type, creator, data fork length, and resource fork length. These are placed in a resource in the encrypted file. What I'd like to get opinions on is _should I encrypt this header information_, since its format will be known to an attacker and, in many cases, its contents easy to guess? My inclination is to leave it plaintext, since the worst that can happen if a file type is known is the same type of attack that would _always_ be possible with an encrypted header. Thanks to all with thoughts on the subject. -- Will -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLN9hEPfv4TpIg2PxAQEZCwP9G2nysBI31CnD2UasTUHQb3itwc2S1juc TGJRvo5iB1WRFHwYwxyraae41Kf2Xsu6qiuHAQWEuvGhG4MyiZjXwZsE5FU9pxRR CV/pvSG4J/teXvJXv575Vr3lVxI6isDa4oZcMtv5rOS7ihIqF4ssuHnlOa6mHckU KW81MGB8nkQ= =cLCE -----END PGP SIGNATURE----- From pmetzger at lehman.com Tue Nov 9 09:03:39 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 9 Nov 93 09:03:39 PST Subject: Private and Public In-Reply-To: <199311090536.VAA08446@mail.netcom.com> Message-ID: <9311091703.AA15735@snark.lehman.com> Since Mr. Merritt has insisted, I will take a foray into this issue. I would suggest, however, that this is not the forum for this discussion. Doug Merritt says: > Incorrect. You have complete freedom as to your citizenship. Any time that > you choose, you are free to renounce your citizenship, and thereby > reject the contract that citizenship gives you. Mr. Merritt, this discussion is much like that of a Catholic peasant in 1500 trying to understand an atheist, with me in the role of the atheist. I don't believe that government has any legitimacy. Imagine an armed gang comes up to you and says "We are your government. You are a citizen of our government. We will now take half of all your money and protect you with it." How is this in any fundamental sense different from what the goverment does? They have a piece of paper called a "constitution". Fine. I can write a similar pretty piece of paper called a "constitution" if I want. They have a lot of nice marble buildings. I could buy some nice marble buildings. They have periodic "elections" in which they allow an arbitrary set of people they have selected to "vote". I could similarly hold periodic "elections". They say they are the legitimate rulers of the U.S. -- I could similarly simply claim to be the legitimate ruler of the U.S. Government controls because of a large collective delusion. To the peasant in 13th century Italy, disobeying a priest would be unthinkable -- he was delivering the word of God, after all. The notion that God does not exist didn't even occur to him. The power of the Catholic Church of the day was awesome because most people held the irrational belief system that said the Church spoke the word of a mythical "God". A peasant of that day could not have conceived of the notion that a man could live his life without any religion or a church to belong to. Similarly, the bulk of the people in our country believe in the legitimacy of the Government, largely because they believe it is somehow a legitimate entity that they require. People believe that they need the government the way that 13th century peasants believed that they needed God. Well, millions of people now understand that they can live happy comfortable lives without a church, and someday most people will understand that they can lead happy comfortable lives without the government. You claim that I've entered into a "social contract". I have never seen such a contract. I have no idea what it might say. You claim that I am free to renounce my citizenship -- but non-citizens resident in this country are also apparently members of this mythical "contract" because they too are forced to pay tribute to this gang calling itself the government. You claim that my staying in the land in which I was born is implicit acceptance of this "contract", but in what way is this different from a mafiosi claiming that because I continue to live in the neighborhood which he controls I must pay him protection money? > If you continue to accept the freely-granted citizenship you were born > into, then you are also accepting the entire contract, like it or not. As for your quaint theory that there is in fact a social contract, I suggest reading Lysander Spooner's "No Treason: The Constitution of No Authority", which you can FTP from think.com in the libernet directory tree. Spooner was a 19th century anarchist and legal scholar. Among his other accomplishments was demonstrating that the U.S. Postal monopoly was unnecessary by starting the American Letter Mail Company, which nearly drove the U.S. Postal Service out of any use by anyone before his company was banned by the Private Express Acts which were specifically targetted at him. Spooner had many other fascinating adventures, as an abolitionist and as a promoter of private monetary systems -- which were also banned, incidently. Perry From mg5n+ at andrew.cmu.edu Tue Nov 9 09:28:39 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 9 Nov 93 09:28:39 PST Subject: In-Reply-To: <9311090903.AA10563@jobe.shell.portal.com> Message-ID: An anonymous poster said: > Of course, even if the modems had NSA-proof encryption built > in, the victim could always intercept the decrypted data on the > DTE connector... cracking is and will remain a risky and > stupid thing to do... Most likely the DTE will be doing the encryption/decryption. Who would buy an expensive hardware encryption device when you can write terminal software to do it? Yeah, tapping 1200 and 2400 bps modems is prety easy to do. Actually you probably wouldn't even need to build filters or anything, just record the signal and connect it to a stock 2400 modem, then set the modem to originate or answer. The modem already has filters to decode the data, of course. You have to do it twice if you want to get both sides of the transmission tho. From jef at ee.lbl.gov Tue Nov 9 09:33:11 1993 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Tue, 9 Nov 93 09:33:11 PST Subject: CRYPTO DATA warning sign Message-ID: <9311091730.AA09623@ace.ee.lbl.gov> I posted this to alt.hackers last Thursday, and I just joined cypherpunks yesterday, so I don't know whether someone copied it to the list in the intervening days. If so, sorry for the duplication. If not... This is a warning sign in the style of the diamond-shaped ones that the Department of Transportation requires on the back of vehicles carrying hazardous loads. It will look pretty butch on your read bumper. I suggest printing it onto sticker paper and then overspraying with clear acrylic or polyurethane for weatherproofing. --- Jef %! dot_crypto.ps - draw a DOT cryptographic data warning symbol % % Copyright (C) 1989, 1993 by Jef Poskanzer . % % Permission to use, copy, modify, and distribute this software and its % documentation for any purpose and without fee is hereby granted, provided % that the above copyright notice appear in all copies and that both that % copyright notice and this permission notice appear in supporting % documentation. This software is provided "as is" without express or % implied warranty. /in { 72 mul } def /black { 0 setgray } def /white { 1 setgray } def /showcenter { % str -- dup stringwidth pop 2 div neg 0 rmoveto show } def % Disk - actual size, centered at 0,0. /disk_lw 0.03 in def % line width /disk_width 3.5 in def /disk_height 3.66 in def /disk_shadow 0.05 in def % Drop-shadow offset. /disk_cutoff 0.2 in def % corner cutoff size /disk_hole_width 0.18 in def /disk_hole_height 0.15 in def /disk_hole_xmargin 0.1 in def % x distange between right edges /disk_hole_ymargin 0.26 in def % y distange between bottom edges /disk_detail_radii 0.1 in def % radius of corners on details /disk_label_width 2.80 in def /disk_label_height 2.16 in def /disk_labelline_margin 0.1 in def /disk_labelline_width disk_label_width disk_labelline_margin 2 mul sub def /disk_labelline_yspacing disk_label_height 5 div def /disk_labeltext_size disk_labelline_yspacing 0.7 mul def /disk_labeltext_yoffset disk_labelline_yspacing 0.1 mul def /disk_detail_leftmargin disk_width disk_label_width sub 2 div def /disk_slidearea_width 2.38 in def /disk_slidearea_height 1.26 in def /disk_slide_width 1.87 in def /disk_slidehole_width 0.47 in def /disk_slidehole_height 0.99 in def /disk_slidehole_xmargin 0.3 in def % x distance between right edges /disk_slidehole_ymargin 0.175 in def % y distance between top edges /disk_wo2 disk_width 2 div def /disk_ho2 disk_height 2 div def /disk_outline { newpath disk_wo2 neg disk_ho2 neg moveto 0 disk_height rlineto disk_width disk_cutoff sub 0 rlineto disk_cutoff disk_cutoff neg rlineto 0 disk_height disk_cutoff sub neg rlineto closepath disk_wo2 disk_hole_xmargin sub disk_ho2 neg disk_hole_ymargin add moveto 0 disk_hole_height rlineto disk_hole_width neg 0 rlineto 0 disk_hole_height neg rlineto closepath disk_wo2 neg disk_hole_xmargin add disk_ho2 neg disk_hole_ymargin add moveto disk_hole_width 0 rlineto 0 disk_hole_height rlineto disk_hole_width neg 0 rlineto closepath } def /disk { % line1 line2 line3 line4 -- % Save args. /disk_line4 exch def /disk_line3 exch def /disk_line2 exch def /disk_line1 exch def % First draw drop-shadow. black gsave disk_shadow neg disk_shadow neg translate disk_outline fill grestore % Fill with white. white disk_outline fill % Draw outline. disk_lw setlinewidth black disk_outline stroke % Label area. newpath disk_wo2 neg disk_detail_leftmargin add disk_ho2 neg moveto disk_wo2 neg disk_detail_leftmargin add disk_detail_radii add disk_ho2 neg disk_label_height add disk_detail_radii sub disk_detail_radii 180 90 arcn disk_wo2 disk_detail_leftmargin sub disk_detail_radii sub disk_ho2 neg disk_label_height add disk_detail_radii sub disk_detail_radii 90 0 arcn disk_wo2 neg disk_detail_leftmargin add disk_label_width add disk_ho2 neg lineto stroke % Label lines and text. gsave 0 setlinewidth disk_wo2 neg disk_detail_leftmargin add disk_label_width add disk_ho2 neg translate 180 rotate /Times-Roman findfont disk_labeltext_size scalefont setfont newpath disk_labelline_margin disk_labelline_yspacing -1 mul moveto disk_labelline_width 0 rlineto stroke disk_labelline_margin disk_labelline_yspacing -1 mul disk_labeltext_yoffset add moveto disk_line1 show newpath disk_labelline_margin disk_labelline_yspacing -2 mul moveto disk_labelline_width 0 rlineto stroke disk_labelline_margin disk_labelline_yspacing -2 mul disk_labeltext_yoffset add moveto disk_line2 show newpath disk_labelline_margin disk_labelline_yspacing -3 mul moveto disk_labelline_width 0 rlineto stroke disk_labelline_margin disk_labelline_yspacing -3 mul disk_labeltext_yoffset add moveto disk_line3 show newpath disk_labelline_margin disk_labelline_yspacing -4 mul moveto disk_labelline_width 0 rlineto stroke disk_labelline_margin disk_labelline_yspacing -4 mul disk_labeltext_yoffset add moveto disk_line4 show grestore % Slide area. newpath disk_wo2 neg disk_detail_leftmargin add disk_ho2 moveto disk_wo2 neg disk_detail_leftmargin add disk_detail_radii add disk_ho2 disk_slidearea_height sub disk_detail_radii add disk_detail_radii 180 270 arc disk_wo2 neg disk_detail_leftmargin add disk_slidearea_width add disk_detail_radii sub disk_ho2 disk_slidearea_height sub disk_detail_radii add disk_detail_radii 270 0 arc disk_wo2 neg disk_detail_leftmargin add disk_slidearea_width add disk_ho2 lineto stroke % Slide. newpath disk_wo2 neg disk_detail_leftmargin add disk_slidearea_width add disk_slide_width sub disk_ho2 moveto disk_wo2 neg disk_detail_leftmargin add disk_slidearea_width add disk_slide_width sub disk_detail_radii add disk_ho2 disk_slidearea_height sub disk_detail_radii add disk_detail_radii 180 270 arc stroke % Slide hole. newpath disk_wo2 neg disk_detail_leftmargin add disk_slidearea_width add disk_slidehole_xmargin sub disk_ho2 disk_slidehole_ymargin sub moveto 0 disk_slidehole_height neg rlineto disk_slidehole_width neg 0 rlineto 0 disk_slidehole_height rlineto closepath stroke } def % DOT diamond - size 1, centered at 0,0. /DOT_lw 0.01 def % line width /DOT_inset 0.06 def % inset of inner border /DOT_bits_xspacing 0.012 def /DOT_bits_yspacing 0.020 def /DOT_bits_size 0.75 def /DOT_bits_xsize DOT_bits_xspacing DOT_bits_size mul def /DOT_bits_ysize DOT_bits_yspacing DOT_bits_size mul def /DOT_bits_nx 1 DOT_bits_xspacing div def /DOT_bits_ny 1 DOT_bits_yspacing div def /DOT_bits_xso2 DOT_bits_xsize 2 div def /DOT_bits_yso2 DOT_bits_ysize 2 div def /DOT_diskoffset 0.19 def % y-position of disk /DOT_diskscale 0.28 3.5 in div def % scale of disk /DOT_fontsize 0.09 def % size of lettering /DOT_wordoffset -0.06 def % y-position of "CRYPTO DATA" /DOT_numoffset -0.34 def % y-position of "10" /DOT_inner_outline { newpath -0.5 DOT_inset add 0 moveto 0 0.5 DOT_inset sub lineto 0.5 DOT_inset sub 0 lineto 0 -0.5 DOT_inset add lineto closepath } def /DOT_bits_0 { gsave DOT_bits_xso2 DOT_bits_yso2 scale newpath 0 0 1 0 360 arc stroke grestore }def /DOT_bits_1 { newpath 0 DOT_bits_yso2 neg moveto 0 DOT_bits_ysize rlineto stroke }def /DOT_bits { 0 setlinewidth gsave DOT_bits_nx DOT_bits_xspacing mul 2 div neg DOT_bits_ny DOT_bits_yspacing mul 2 div neg translate 0 1 DOT_bits_ny { gsave 0 exch DOT_bits_yspacing mul translate 0 1 DOT_bits_nx { gsave DOT_bits_xspacing mul 0 translate rand 2147483648 div 0.5 lt { DOT_bits_0 } { DOT_bits_1 } ifelse grestore } for grestore } for grestore } def /DOT { % Outer border. DOT_lw setlinewidth black newpath -0.5 0 moveto 0 0.5 lineto 0.5 0 lineto 0 -0.5 lineto closepath stroke % Fill inner area with 1's and 0's. gsave DOT_inner_outline clip DOT_bits grestore % Inner border. DOT_inner_outline stroke % Disk. gsave 0 DOT_diskoffset translate DOT_diskscale dup scale 45 rotate black (PGP public key) (1024 bits) () () disk grestore % "CRYPTO DATA". /Helvetica-Bold findfont DOT_fontsize scalefont setfont 0 DOT_wordoffset DOT_fontsize 0.4 mul sub moveto (CRYPTO DATA) showcenter % "10". 0 DOT_numoffset DOT_fontsize 0.4 mul sub moveto (10) showcenter } def % Main code. %/preview true def /preview false def preview { /m_x_offset 0.5 in def /m_y_offset 0.5 in def /m_x_count 1 def /m_y_count 1 def /m_size 7.5 in def /m_x_space 0 def /m_y_space 0 in def /m_angle 0 def } { /m_x_offset 0.375 in def /m_y_offset 0.75 in def /m_x_count 3 def /m_y_count 3 def /m_size 2.25 in def /m_x_space 0.50 in def /m_y_space 0.75 in def /m_angle 45 def % Use manual feed. { statusdict begin /manualfeed true def end } stopped pop } ifelse gsave m_x_offset m_y_offset translate 0 1 m_y_count 1 sub { gsave 0 exch m_size m_y_space add mul translate 0 1 m_x_count 1 sub { gsave m_size m_x_space add mul 0 translate m_size 2 div dup translate m_size dup scale m_angle rotate 1 m_angle cos div dup scale DOT grestore } for grestore } for grestore showpage From mg5n+ at andrew.cmu.edu Tue Nov 9 09:38:39 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 9 Nov 93 09:38:39 PST Subject: ID of anonymous posters via word analysis? In-Reply-To: <9311091556.AA06521@ciis.mitre.org> Message-ID: Curtis D. Frye wrote: > True, though the probability that two individuals would (over)use a > particular word or phrase is high enough where "heating things up" > would be unjustified, especially if spoofing were involved. Consider > the reverse of the analytical process -- I want everyone to believe I'm > Joe X, so I do a text analysis of his messages, write my own, analyze > my message in comparison with Joe's, and modify it until the (or an) > engine's algorithms spit out a score indicating that I'm Joe. Spoofing > deluxe! > > I don't mean to say that informal analysis doesn't have its place, but > we need to be careful about jumping to conclusions and potentially > "heating things up" for innocent individuals or "convicting" them in > the Court of Net.Opinion absent sufficient proof. I would agree that > these analyses might form the basis for a reasonable suspicion that a > particular individual is resposnible for bothersome anonymous posts, > providing grounds for sysadmin notification. You can use electronic equipment to disguise your voice on the phone too, it's just not particularily easy or convienient to do. Nobody's saying that this would be convicting evidence, it's like testifying that you recognized the voice of a caller on the phone. (Altho electronic analysis of anonymous callers voices have been used as evidence in court.) From jamie at netcom.com Tue Nov 9 09:58:39 1993 From: jamie at netcom.com (Jamie Dinkelacker) Date: Tue, 9 Nov 93 09:58:39 PST Subject: Nymalizer, politics on the list Message-ID: <199311091756.JAA11525@mail.netcom.com> greg at ideath.goldenbear.com (Greg Broiles) > I wholeheartedly support either >him or the spoofer in their call to take the politics somewhere else. > Try the Extropians list. Y'all come! -- ................................ Jamie Dinkelacker Palo Alto CA Jamie at netcom.com 415.941.4782 ................................ From pmetzger at lehman.com Tue Nov 9 09:44:17 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 9 Nov 93 10:44:17 -0700 Subject: Go away. Message-ID: <9311091744.AA10163@kublai.lehman.com> Go away and leave us alone. From tcmay at netcom.com Tue Nov 9 10:58:39 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 9 Nov 93 10:58:39 PST Subject: Is Clipper Almost Dead? (was: Clipper and Tipper on Route 666) In-Reply-To: <9311091636.AA10566@metal.psu.edu> Message-ID: <199311091856.KAA29306@mail.netcom.com> Clark Reynard writes: > I must say I had never considered the possibility that > the Data Superhighway itself might be a scam; but it's > an interesting possibility. I don't think it's a deliberate scam, just a Bad Idea. On the other hand, once the idea got rolling (Al Gore campaigned on the idea of the Data Superhighway), I'm sure the various government agencies made their comments and meshed their plans for Clipper, Skipjack, Capstone (data encryption, not just voice), and so forth, with the emerging ideas about subsidizing the Net to meet "national goals." By the way, the White House guy I mentioned, Tom Kalil, made much of the plans to tie the "single payer" health insurance system into his discussion, describing how one's "HealthCard" would be used to transfer medical records across the Nets to other hospitals and insurance company computers, how the NII would be used to "cut costs" by computerizing all records, etc. Very scary. (Duncan Frissell, over on Extropians wrote some great stuff on how one might avoid being issued one of these HealthCards...my favorite: "I thought I might be an illegal alien.") > Perhaps the spooks have, as we all know, been buying > CD-ROMS and grepping 'em. It could be a conspiracy Oh, can there be any doubt about this? The "Open Sources" plan just makes this official policy. > "Route 666." I like that. How does one get > hold of Pat Robertson's people? And get him > to think we're good Christian boys, so they'll > do it? I think Pat's _already_ pissed about > this Clipper thing, and he'd be happy to talk > about evil liberal perfidy in the White House. Thanks. My reference was of course to the well-known paranoia the Christian Right has to "the mark of the Beast" and the growing concern that an electronified Orwellian world would be the realization of this fear. Phil Karn brought a tape of the "700 Club" Clipper piece with him to Hackers. It was really amazing, honest. The news anchor, a black named Ben Kinchlow (sp?), was very well informed (contrast him with Dan Rather or the like) and was very agitated about the Clipper plans. Granted, the Christian Right does not subscribe to most of our views about other freedoms in society. I won't get into these topics here. But we may as well find allies where we can. The same goes for them RU-486-usin', pot-smokin' lesbos in Baghdad-by-the-Bay. That is, get folks on the Left _and_ the Right to fear what an Orwellian surveillance society would really mean for anyone not in power at the time and thus get them to side against the survelliance society planning per se. If you've read this far, here's a bonus news item (a reward for those who actually read my articles!): John Markoff, the reporter for the "New York Times" who has written many outstanding articles on crypto and computers, told me at Hackers that the Clipper debacle is unraveling: - that AT&T is pissed-off at the bad publicity they're getting, and at the confusion and delays in delivering the final version of the chips (sounds contradictory, but I think you can see how they'd be pissed that they're catching hell---and for nothing on their bottom line so far). - that heads may roll in the NSA/NIST world, with Clint Brooks, the point man on Clipper, being moved sideways or down to another job. Sounds like damage control is starting. - that Dorothy Denning is now almost isolated from her former colleagues, at least in terms of her reputation, and that she herself is trying to do some damage control (but several of us think she'll mainly be the "outside consultant" for the Feds for years to come...that is, she's cast her lot with the Feds). So, the efforts of the EFF, various corporate policy groups, security activists, and even our own group, seem to have paid off. Clipper/Capstone seems to be in a state of confusion. We may not have to push too much harder. I say we increase our attention on the Data Superhighway and try to kill it as well. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From mech at eff.org Tue Nov 9 11:03:11 1993 From: mech at eff.org (Stanton McCandlish) Date: Tue, 9 Nov 93 11:03:11 PST Subject: Suggested mod to PGP Message-ID: <199311091901.AA28675@eff.org> An interesting suggestion was passed to me from a FidoNet node, suggesting a way that might get PGP accepted in BBS-based networks a little easier: A new commandline switch that will cause PGP to produce it's clearsigning info, digital signature, etc, as part of a FTSC kluge line, most of which are "invisible" unless you really try to get at them (in much the same way that elm will filter out most of the headers, and you have to hit "h" to see them all). This would assuage fears of Fidomail becoming cluttered and unreadable with PGP output. This reminds me strongly of another recent proposal to have PGP use the headers, rather than the body of messages, for PG information in Internet/Usenet messages. Considering that these 2 similar ideas came from totally independent sources, this may be a good idea for developers to look at, since it seems to occur to a lot of people. -- -=> mech at eff.org <=- Stanton McCandlish Electronic Frontier Foundation Online Activist & SysOp "A nation that is afraid to let its people judge the truth and falsehood of ideas in an open market is a nation that is afraid of its people." -JFK NitV-DC BBS 202-232-2715 Fido 1:109/1103 IndraNet 369:111/1, 14.4V32b 16.8ZyX Join EFF! For more information about membership, send mail to eff at eff.org From an6077 at anon.penet.fi Tue Nov 9 11:44:13 1993 From: an6077 at anon.penet.fi (Bilbo Baggins) Date: Tue, 9 Nov 93 11:44:13 PST Subject: Q: Can anyone locate the ISS Message-ID: <9311091943.AA27913@anon.penet.fi> As the subject says, has anyone located the ISS (Internet Security Scan) on a ftp-site. I have seen the discussion about it, but not any sites mentioned. (I have tried archie to!) Thanks in advance. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From tcmay at netcom.com Tue Nov 9 11:48:39 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 9 Nov 93 11:48:39 PST Subject: Info on Clipper chip and fabrication of it Message-ID: <199311091947.LAA03093@mail.netcom.com> Clipperpunks (Not!), Someone in the know passed on some information to me about the Clipper/Skipjack stuff. Here it is: ***begin quote*** An ARM processor will be used as a controller inside the Skipjack & ?? chips (don't think it's currently used in Clipper). VLSI progammable logic (EEprom based?) is used to both store the keys, and provide some other logic functions, so you can't read anything if you take the chip apart. I don't think any other exotic technologies are used. Mykotronix designs the mask- they're fabricated at VLSI. ***end quote*** We knew all of this, except for the part about the ARM processor (formerly the "Acorn Risc Machine") being used in the core. The ARM is a high MIPS-per-watt processor that is being used in the Apple Newton and the 3DO game machine. (I'll leave it to you all to construct some theories about what this might mean--but probably doesn't--for Newtons and 3DO containing Skipkjack features.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From unicorn at access.digex.net Tue Nov 9 11:58:39 1993 From: unicorn at access.digex.net (Dark) Date: Tue, 9 Nov 93 11:58:39 PST Subject: Modem taps/Caller ID Message-ID: <199311091956.AA09885@access.digex.net> -> There was an intersting thread in comp.dcom.telecom about something called the "Presto Chango!" box, that transmits bogus CID information after the call is answered, so you can easily confuse most CID boxes in the market. Luis <- anyone have more info? -uni- (Dark) From chaos at aql.gatech.edu Tue Nov 9 12:13:13 1993 From: chaos at aql.gatech.edu (Paul Goggin) Date: Tue, 9 Nov 93 12:13:13 PST Subject: ISS location Message-ID: <9311092011.AA19053@toad.com> -----BEGIN PGP SIGNED MESSAGE----- Bilbo Baggins (an6077 at anon.penet.fi) queries: >As the subject says, has anyone located the ISS (Internet Security >Scan) on a ftp-site. I have seen the discussion about it, but not any >sites mentioned. (I have tried archie to!) As I have posted before and yet again.... Try aql.gatech.edu /pub/security/iss - -- R O All Comments Copyright by | Technofetishist A N Paul S. Goggin (1993) | Cypher, Cyber, Chaos V Information Broker | Ergoflux, Interzone E chaos at aql.gatech.edu | Carpe Diem: Stop the Clipper wiretap chip Finger account for latest _Phrack_ | Public Key: PGP and RIPEM available For anonymous communication:---> anon32940 at anon.penet.fi - ------------------------------------------------------------------------------ Title 18 USC 2511 and 18 USC 2703 Protected -- Monitoring Absolutely Forbidden -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLN/44Mjh5TPwiWbBAQHLzwP/Xnke5vfiD8C0GWw6MzfXPdSIQRvr+yUm mOIsx7FZbeEu78lI55jcgrDZ2Kz4mgROeHVfY3aEG3WnOfisDqH0bsKB6ddvdaW+ cmqRSazNAQkXtIbUYOLeAM+Sa5ziu1rKaBViBfFHWtcu7fHTfzatIxvDtkI1TZ/B XyavzNIz8Zk= =9cgw -----END PGP SIGNATURE----- From nate at VIS.ColoState.EDU Tue Nov 9 12:13:39 1993 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Tue, 9 Nov 93 12:13:39 PST Subject: Info on Clipper chip and fabrication of it In-Reply-To: <199311091947.LAA03093@mail.netcom.com> Message-ID: <9311092013.AA09822@vangogh.VIS.ColoState.EDU> -----BEGIN PGP SIGNED MESSAGE----- writes Timothy C. May: > >We knew all of this, except for the part about the ARM processor >(formerly the "Acorn Risc Machine") being used in the core. The ARM is >a high MIPS-per-watt processor that is being used in the Apple Newton >and the 3DO game machine. > Last I heard, hte model of the ARM series used in the Newton (the ARM 610 processor) cranked out about 30,000 Drystones and used _very_ little power. - -nate - -- +-----------------------------------------------------------------------+ | Nate Sammons nate at VIS.ColoState.Edu (303) 491-1578 | | Colorado State University -- Computer Visualization Laboratory | +-----------------------------------------------------------------------+ From clark at metal.psu.edu Tue Nov 9 12:23:13 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Tue, 9 Nov 93 12:23:13 PST Subject: Is Clipper Almost Dead? (was: Clipper and Tipper on Route 666) Message-ID: <9311092033.AA11285@metal.psu.edu> tcmay at netcom.com (Timothy C. May) writes: >I say we increase our attention on the Data Superhighway and try >to kill it as well. Does anyone wish to second the notion? I do. I think it would be very important if we could attempt to sway the Christian right into this; it is certain we probably don't agree on many issues, and the "700 Club" anti-Clipper piece was very effective, good video. If you don't believe me, watch it. They almost seem to agree with us entirely on the issue of cryptography. Perhaps it's time for a _new_ group; the cyphermonks. I nominate St. John the Divine as a patron saint. ---- Robert W. F. Clark PGP Key Available Upon Request rclark at nyx.cs.du.edu clark at metal.psu.edu From smb at research.att.com Tue Nov 9 12:28:39 1993 From: smb at research.att.com (smb at research.att.com) Date: Tue, 9 Nov 93 12:28:39 PST Subject: Q: Can anyone locate the ISS Message-ID: <9311092027.AA19328@toad.com> As the subject says, has anyone located the ISS (Internet Security Scan) on a ftp-site. I have seen the discussion about it, but not any sites mentioned. (I have tried archie to!) ftp.uu.net:/usenet/comp.sources.misc/volume39/iss From nate at VIS.ColoState.EDU Tue Nov 9 12:29:02 1993 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Tue, 9 Nov 93 12:29:02 PST Subject: Is Clipper Almost Dead? (was: Clipper and Tipper on Route 666) In-Reply-To: <199311091856.KAA29306@mail.netcom.com> Message-ID: <9311092025.AA09863@vangogh.VIS.ColoState.EDU> -----BEGIN PGP SIGNED MESSAGE----- writes Timothy C. May: > >- that AT&T is pissed-off at the bad publicity they're getting, and at >the confusion and delays in delivering the final version of the chips >(sounds contradictory, but I think you can see how they'd be pissed >that they're catching hell---and for nothing on their bottom line so >far). > >- that heads may roll in the NSA/NIST world, with Clint Brooks, the >point man on Clipper, being moved sideways or down to another job. >Sounds like damage control is starting. > >- that Dorothy Denning is now almost isolated from her former >colleagues, at least in terms of her reputation, and that she herself >is trying to do some damage control (but several of us think she'll >mainly be the "outside consultant" for the Feds for years to >come...that is, she's cast her lot with the Feds). > >So, the efforts of the EFF, various corporate policy groups, security >activists, and even our own group, seem to have paid off. >Clipper/Capstone seems to be in a state of confusion. > This is welcome news, indeed. I can see why AT&T would be pissed -- if it gets out that the Clipper/SkipJack/Capstone combo is a major step towards Big Brotherism, then their whole "You Will" commertial series will not be accepted as well as I think it has so-far. > >We may not have to push too much harder. > Maybe not, but we should not just say "Well, there... we've done it." and stop pushing all together. > >I say we increase our attention on the Data Superhighway and try to >kill it as well. > Agreed. > >--Tim May > - -nate sammons - -- +-----------------------------------------------------------------------+ | Nate Sammons nate at VIS.ColoState.Edu (303) 491-1578 | | Colorado State University -- Computer Visualization Laboratory | +-----------------------------------------------------------------------+ From tcmay at netcom.com Tue Nov 9 12:38:39 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 9 Nov 93 12:38:39 PST Subject: Are we gatewayed to Usenet? Message-ID: <199311092038.MAA06532@mail.netcom.com> Last night when I entered the newsgroups of my system (Netcom) I was given the choice of subscribing to a new newsgroup, "cypherpunks.list". I did with alacrity, to discover what was going on. Here's a sample of what's appeared so far (a screen in "tin"): ... 21 1 PC random number hardware Jon Boede 22 Need Info Christopher M. Wis 23 Wired 1.6 is not yet publically available Timothy C.Ma y 24 Caller ID Wabasha-Kellogg Hi 25 Tropez phones Wabasha-Kellogg Hi 26 1 TEMPEST, Van Eyck Radiation, and Eavesdroppin Timothy C. May 27 (fwd) Clipper and Tipper on Route 666 Timothy C. May 28 [alt.security.pgp] pgp.iastate.edu service di warlord at MIT.EDU 29 Mark Abene (Phiber Optik) sentenced Doug Merritt 30 TEMPEST Defenses and average Van Eck Gear... nobody at shell.porta 31 Nymalizer, politics on the list Greg Broiles 32 Test of this list... Timothy C. May I believe someone has gatewayed the list onto Netcom, which is available to many thousands of subscribers, including local POPs (points of presence) in Washington, D.C., Boston, Atlanta, Austin, and of course all up and down the West Coast. Is this such a good idea? And should it be unilaterally done? If there was discussion of this, I must've missed it somehow (which I doubt). It does look like it may've been a one-shot affair, as the recent messages to the List proper have not appeared in the newsgroup. Also, I posted a test message to the group, which appears above as item #32, but which appeared only in the newsgroup and not on the List proper (two hours have passed, so it may eventually appear). Certainly our List is not a deep, dark secret, and certainly we know the list is gatewayed into some local networks, but I really worry about everything we say hear being readable by anyone with a newsfeed. It also opens us up to more disruptive flaming and puerile argumentation. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From mnemonic at eff.org Tue Nov 9 12:43:13 1993 From: mnemonic at eff.org (Mike Godwin) Date: Tue, 9 Nov 93 12:43:13 PST Subject: Is Clipper Almost Dead? (was: Clipper and Tipper on Route 666) In-Reply-To: <9311092033.AA11285@metal.psu.edu> Message-ID: <199311092042.AA01584@eff.org> Robert Clark writes: > tcmay at netcom.com (Timothy C. May) writes: > > >I say we increase our attention on the Data Superhighway and try > >to kill it as well. > > Does anyone wish to second the notion? > > I do. Before this goes much further, it would be nice if Tim and Robert could explain which project, precisely, they want to kill. I am very hazy as to what you're talking about. --Mike From mg5n+ at andrew.cmu.edu Tue Nov 9 12:53:13 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 9 Nov 93 12:53:13 PST Subject: Cyphergurus: Advice needed In-Reply-To: <199311091643.AA11260@ucsu.Colorado.EDU> Message-ID: Will Kinney asked for advice on the following: > I'm writing a Macintosh encryption application (nearing completion), > which, when it encrypts a file, changes its file type and creator so > that the encryption program will be launch when the file is > double-clicked. I have to save four pieces of information about the > original plaintext: file type, creator, data fork length, and resource > fork length. These are placed in a resource in the encrypted file. > > What I'd like to get opinions on is _should I encrypt this header > information_, since its format will be known to an attacker and, in > many cases, its contents easy to guess? My inclination is to leave it > plaintext, since the worst that can happen if a file type is known is > the same type of attack that would _always_ be possible with an > encrypted header. So what you're saying is that you don't want to encrypt the header because it has a known format which would allow a cracker to surmize certain info about the plaintext which would facilitate decryption, but you don't want to leave the header in plaintext because it would convey information about the file format which would facilitate breaking the code. Solution: Perform a one-way hash of the data file and use the result of the hash to encrypt the header. Then encrypt the file. This means that the file would have to be decrypted before the header could be decoded. Breaking the code would therefore be more difficult because the file format would not be known. By the way, what encryption algorythm are you using? From ljenkins at mv.us.adobe.com Tue Nov 9 13:03:13 1993 From: ljenkins at mv.us.adobe.com (Luis Jenkins) Date: Tue, 9 Nov 93 13:03:13 PST Subject: Are we gatewayed to Usenet? Message-ID: <9311092102.AA11184@albertus.mv.us.adobe.com> > Is this such a good idea? And should it be unilaterally done? If there > was discussion of this, I must've missed it somehow (which I doubt). I think it is an spectacularly bad idea... Luis From tcmay at netcom.com Tue Nov 9 13:04:13 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 9 Nov 93 13:04:13 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311092042.AA01584@eff.org> Message-ID: <199311092104.NAA08980@mail.netcom.com> Mike Godwin writes: > Before this goes much further, it would be nice if Tim and Robert > could explain which project, precisely, they want to kill. I am very hazy > as to what you're talking about. Speaking for myself, natch, I object to nearly every aspect of the NII as I have seen it described in the EFF info, the "Whole Earth Review" article, the discussions with Kalil and Steele at Hackers, and the material that has appeared in the EFF newsgroups and the new group devoted to the Superhighway. My objections are philosophical and broad, not just targeted at specific proposals (e.g, the "equal access" provisions, the subsidizing of bandwidth, the support of various special interest groups). There is of course no real "Cypherpunks agenda," per se, so my comments that we should turn our attention toward killing the Clinton/Gore proposal are rhetorical. The various Nets, including "_the_ Net," should be further libertated from government control, not made part of a plan for a National Information Infrastructure. There are some parts of the proposal I could support, such as making it explicit that networks are common carriers and are not responsbile for content (Kalil mentioned this in passing, and Jim Warren enthusiastically agreed, as we all did). But this is more a matter of legal interpretation (court rulings), I would guess. Similarly, making government documents and such (laws, regulations, Congressional Record, etc.) available by ftp, gopher, WWW, etc., seems to be a Good Thing, and this could be done starting _today_. But most other parts I cannot support, especially the underpinning idea that the government needs to be involved in planning networks, and that various groups in society need "fair access" to such networks. And the idea that the government should set the specs for a network to tie in with the National Health Insurance Plan--a point repeatedly raised by Tom Kalil of the White House--is odious. Since many folks here on this List dislike political talk--Clipper was seen as an exception, I guess--perhaps this discussion should take place on the new group devoted to the "datahighway"? --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From jthomas at pawpaw.mitre.org Tue Nov 9 13:14:01 1993 From: jthomas at pawpaw.mitre.org (Joe Thomas) Date: Tue, 9 Nov 93 13:14:01 PST Subject: Are we gatewayed to Usenet? Message-ID: <9311092115.AA29343@pawpaw.mitre.org> Tim May wrote: > I believe someone has gatewayed the list onto > Netcom, which is available to many thousands of > subscribers, including local POPs (points of > presence) in Washington, D.C., Boston, Atlanta, > Austin, and of course all up and down the West > Coast. > > . . . > > It also opens us up to more disruptive flaming > and puerile argumentation. Chilling thought: strnlght at netcom.com A subscriber to Washington-based Digital Express recently asked on the digex.general group that the cypherpunks list be gatewayed to a newsgroup there, too. It hasn't shown up there, and I hope it doesn't. Mailing lists just "feel" a little more private, and their central administration makes possible some control over abusers. Has anyone sent mail to postmaster or news at netcom to ask them what they're doing? I'd feel a little funny doing so myself, since I'm not a subscriber. I have asked Digex not to gateway the list, though. Joe From mg5n+ at andrew.cmu.edu Tue Nov 9 13:18:40 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 9 Nov 93 13:18:40 PST Subject: Are we gatewayed to Usenet? In-Reply-To: <199311092038.MAA06532@mail.netcom.com> Message-ID: tcmay at netcom.com (Timothy C. May) wrote: > Last night when I entered the newsgroups of my system (Netcom) > I was given the choice of subscribing to a new newsgroup, > "cypherpunks.list". I did with alacrity, to discover what was > going on. ... > I believe someone has gatewayed the list onto Netcom, which is > available to many thousands of subscribers, including local POPs > (points of presence) in Washington, D.C., Boston, Atlanta, > Austin, and of course all up and down the West Coast. Well, I read the list here as a local newsgroup on cmu.edu, it's not uncommon at some sites to do this, as it cuts down on incoming mail. If it becomes a problem, we could restrict posting access to "registered" users, as is done on extropians, but I think it might be a bit premature or possibly counterproductive to take such a step on this list. I prefer reading it a local newsfeed, since there is no digest version availiable, and because it allows me to keep my personal mail seperate from the list. I would reccommend that if certain sites become a problem by attracting flamers, communists, liberals, or government authoritarian types, that we could remove them on a case-by-case basis. From mnemonic at eff.org Tue Nov 9 13:24:13 1993 From: mnemonic at eff.org (Mike Godwin) Date: Tue, 9 Nov 93 13:24:13 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311092104.NAA08980@mail.netcom.com> Message-ID: <199311092123.AA02417@eff.org> Tim May writes: > Speaking for myself, natch, I object to nearly every aspect of the NII > as I have seen it described in the EFF info, the "Whole Earth Review" > article, the discussions with Kalil and Steele at Hackers, and the > material that has appeared in the EFF newsgroups and the new group > devoted to the Superhighway. First of all, EFF's Open Platform says outright that the government is not going to build the data superhighway. Check again if you don't believe me. Second, I think it's possible that you may be conflating discussions of one kind of superhighway--a government-funded and -operated one--with discussions of what kind of superhighway we might ultimately have if private enterprise builds it. EFF does not the establishment of a big government operation--instead, it wants the government, since it's spending money on connectivity and bandwidth for its own purposes, to spend the money in a way that promotes an infrastructure that everyone can use. Since the money is going to be spent by government no matter what, why not get them to spend it in the right way? Furthermore, EFF wants a world of less regulation of communications providers, not more. But since we live in a highly regulated world now (witness telephone service and cable), the issue is how to get to a world with the least possible regulation and the most competition among private-enterprise providers, and yet keep the benefits of Universal Service and an open communications system. For EFF, the way to do that is to give communications conduit providers (who also will be content providers) incentives to keep the channels as open as the public highways are. This doesn't involve big, expensive government projects; what it requires is policies with a vision of an open market, built on an open infrastructure, in the 21st century. But don't think that, in the absence of EFF-supported policy, you don't get data superhighways. Tim, you're going to get those no matter what. The only question is whether you get something like what the interactive cable companies promoted at Hackers--just an enhanced version of the Home Shopping Network--or whether you get something like the current public switched network, in which individuals can use a phone line for whatever they like. --Mike From hughes at ah.com Tue Nov 9 13:48:40 1993 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Nov 93 13:48:40 PST Subject: ADMIN: Are we gatewayed to Usenet? In-Reply-To: <199311092038.MAA06532@mail.netcom.com> Message-ID: <9311092143.AA11837@ah.com> Gateways to local usenet groups are fairly common for the list. CMU is behind one, and there are several others. The most frequent reason given is that it is easier to read a large list with news software rather than mail software. (I am just passing this own; don't quibble with me over it.) What I find most interesting is that I cannot identify where netcom is getting their feed from. None of the netcom addresses on the distribution list appear to be gateway addresses, nor have I heard from any netcom administrator about making such a gateway. There are 34 netcom accounts on the list. Perhaps if enough of you asked where this distribution came from the answer would appear. Eric From pfarrell at netcom.com Tue Nov 9 13:53:13 1993 From: pfarrell at netcom.com (Pat Farrell) Date: Tue, 9 Nov 93 13:53:13 PST Subject: Are we gatewayed to Usenet? Message-ID: <60874.pfarrell@netcom.com> In message Tue, 9 Nov 93 12:38:52 PST, tcmay (Timothy C. May) writes: > I believe someone has gatewayed the list onto Netcom, which is > available to many thousands of subscribers, including local POPs > (points of presence) in Washington, D.C., Boston, Atlanta, Austin, and > of course all up and down the West Coast. > > Is this such a good idea? And should it be unilaterally done? If there > was discussion of this, I must've missed it somehow (which I doubt). I think this is a terrible idea. Yes, the list is not secret, and I expect that half the nyms on it are TLA employees, but converting the list to a feed on a commercial service such as netcom, delphi, or digex, is not what I want to see. IMHO, of course, but a bad idea. Since I'm a netcom user too, i'll fire up rn from the east coast. Pat Pat Farrell Grad Student pfarrell at netcom.com Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From jdblair at nextsrv.cas.muohio.EDU Tue Nov 9 13:53:41 1993 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Tue, 9 Nov 93 13:53:41 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311092104.NAA08980@mail.netcom.com> Message-ID: <9311092213.AA03580@ nextsrv.cas.muohio.EDU > Timothy May writes (in part of his posting), > But most other parts I cannot support, especially the underpinning > idea that the government needs to be involved in planning networks, > and that various groups in society need "fair access" to such > networks. And the idea that the government should set the specs for > a network to tie in with the National Health Insurance Plan--a point > repeatedly raised by Tom Kalil of the White House--is odious. I'm not sure what you mean by "various groups," but I do think that a very basic net connection, with minimal services (access to government records, public domain postings, and similar information) should be provided either free or at a very minimal cost. It is not difficult for me to envision a day when paper based sources of info (newspapers, magazines, etc.) may be impossible to recieve in paper format, and when participation in our political system will depend on having access just as much as it depends, for all practical purposes, on having a stable residence. Groups which cannot afford net connection in the future may very likely become a politically excluded group. Its important that we set the precedent now that these basic services not be dependant on a certain minimum economic standing. This is what I understand "fair access" to mean. -john. From tcmay at netcom.com Tue Nov 9 14:08:41 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 9 Nov 93 14:08:41 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311092123.AA02417@eff.org> Message-ID: <199311092206.OAA14884@mail.netcom.com> Mike Godwin makes his usual cogent points, even if one disagrees with him: > First of all, EFF's Open Platform says outright that the government is not > going to build the data superhighway. Check again if you don't believe me. For sure. I have "OP2.0" and have read it. But it is important that we not think that EFF's plan is identical to that of the White House. I have not called for us to kill the EFF plan. Rather, the "data superhighway" as it is being discussed all over town, and as White House spokeswonks are representing it. (Just one example: the need, expressed by Kalil, to ensure that K-12 students have "free access" to the Net. I brought up the fact that when a "K-12" group ("k12.chat.senior") appeared at my site, I dipped into to see what it was about. When I made some anti-D.A.R.E. comments, debunking some of the brainwashing about drugs, I was contacted by a site administrator who announced to me that my presence, as an adult, in "their" forum was unwelcome (fine) and could be construed (by whom?) as some form of harassment (or worse) of children. I told him to fuck off. This trend is what has me worried.) > Second, I think it's possible that you may be conflating discussions of one > kind of superhighway--a government-funded and -operated one--with discussions > of what kind of superhighway we might ultimately have if private > enterprise builds it. EFF does not the establishment of a big government > operation--instead, it wants the government, since it's spending money on > connectivity and bandwidth for its own purposes, to spend the money in a > way that promotes an infrastructure that everyone can use. > > Since the money is going to be spent by government no matter what, why not > get them to spend it in the right way? Why not work to change the first part of your statement, the "the money is going to be spent by government no matter what" part? I don't mean in the sense of completely eliminating government, but in the sense of just not spending significant amounts of money in the NII? In fact, the Net is already more privately subsidized than many of us realize (I don't have exact numbers). The NSF funding could vanish completely and I susepct the Net would become healthier. > Furthermore, EFF wants a world of less regulation of communications > providers, not more. But since we live in a highly regulated world > now (witness telephone service and cable), the issue is how to get to a > world with the least possible regulation and the most competition among > private-enterprise providers, and yet keep the benefits of Universal > Service and an open communications system. For EFF, the way to do that is to Well, I don't support the notion of "Universal Service." I don't expect Federal Express or Airborne to provide universal service, just ordinary for-profit service. (I won't belabor the point by listing a bunch of things people buy and sell--like cars, computers, stereos, food--and which could plausibly, using the NII reasoning, be provided as part of "universal service." These are the philosophical underpinnings of NII I cannot support. Others may support the NII or Open Platform in some way. I cannot. > But don't think that, in the absence of EFF-supported policy, you don't > get data superhighways. Tim, you're going to get those no matter what. > The only question is whether you get something like what the interactive > cable companies promoted at Hackers--just an enhanced version of the Home > Shopping Network--or whether you get something like the current public > switched network, in which individuals can use a phone line for whatever > they like. On the specific point of cable franchises, I agree that the current situation of forcing all households in a given area to have whatever the "franchise winner" provides is a disaster. I can think of several solutions: - throw out the very idea of cable and telephone franchises; fiber optic cables are so small and cheap that entire neighborhoods could be wired with N lines, with auctioned access to the head-end fiber distribution point. Or, stringing a fiber directly to one's home from the next branch up on the distribution tree is becoming feasible. - satellite dishes are coming (from two companies) which will further increase the selection; UseNet feeds are already available, with feedback via dial-up lines (one generally needs much less bandwidth in the reverse direction, naturally). - ISDN is coming, giving high bandwidth to other services (not enough for video). Things seem to be moving rather well. I'm not overly worred about the TCI-Atlantic Bell types of mergers, as they won't have any effect so far as I can see in accessing the services I now have and expect to have. In short, if it ain't broke, don't fix it. The OP2.0 stuff I fully support has to do with making sure there are no laws telling me I can't send encrypted files, can't receive them, etc. Beyond that, I don't want guaranteed access to other services, just as I would NOT want others to have guaranteed access to services (networks, bulletin boards, ftp sites, etc.) that I might provide. Freedom to associate, to pick one's friends and customers, and all that. Yes, I even support the radical idea that stores can refuse service to purple Martians, to Lesbian cats, to homeless bums, to blacks, whatever. We may not like it, but freedom to pick one's associates is as fundamental a right as one can imagine. Crypto anarchy will of course allow this in various ways. Though it may not be often used. As a a wonderful cartoon in "The New Yorker" so cogently put it: Two dogs. One dog says to the other, "The great thing about the Internet is that nobody knows you're a dog." --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From tcmay at netcom.com Tue Nov 9 14:28:43 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 9 Nov 93 14:28:43 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <9311092213.AA03580@ nextsrv.cas.muohio.EDU > Message-ID: <199311092227.OAA16955@mail.netcom.com> John Blair (I think) writes: > I'm not sure what you mean by "various groups," but I do think that a very > basic net connection, with minimal services (access to government records, > public domain postings, and similar information) should be provided either free > or at a very minimal cost. It is not difficult for me to envision a day when > paper based sources of info (newspapers, magazines, etc.) may be impossible > to recieve in paper format, and when participation in our political system > will depend on having access just as much as it depends, for all practical > purposes, on having a stable residence. Groups which cannot afford net > connection in the future may very likely become a politically excluded group. > Its important that we set the precedent now that these basic services not be > dependant on a certain minimum economic standing. This is what I understand > "fair access" to mean. But how is this any different from providing subsidized or free newspapers or news channels to the population? How is a Net connection any more usable than a free CNN channel? Or C-SPAN, which is in fact subsidized by the cable companies? If we decide that the government needs a subsidized channel or network to make avaiable its laws, its debate, its position, then we have just created a publically-funded propaganda channel for them. (Earlier, I took a position that making government docs available by ftp, gopher, WWW, etc., would be a good thing. I still do, but I worry that the channels would just be platforms for government bureaucrats to pitch their policies and plans. I have no doubt that when the commercial networks are reluctant to carry speeches and press conferences by Clinton, that he'd really like to have subsidized channels that _had_ to carry him. Of course, few would watch, but that's another topic.) So, if we need a National Information Infractructure, why not the same thing for newspapers, television, radio, etc.? Why not guarantee everyone a daily newspaper? After all, they need to be informed. (I don't want to drift into sarcasm about this, as I think Mike Godwin and others are making serious points. But bear in mind that the purported needs for communicating with the public are often the justification for "State Radio" and for the UNESCO-sponsored proposals to restrict the "private press" in many countries. Put it this way, do you really want President Robertson or President Perot to have his won subsidized channels of communication? Perot can of course _buy_ a couple of networks, but that's not the same as an official network.) CNN, the Clinton News Network. --Tim May P.S. I cancelled my entire cable t.v. subscription several weeks back. Too much shit, too little quality, too confusing a monthly bill. I have a sneaking feeling we're going to have about 500 channels soon, with a couple of hundred of them available cheaply enough. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From pdn at dwroll.dw.att.com Tue Nov 9 14:33:15 1993 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Tue, 9 Nov 93 14:33:15 PST Subject: Usenet: 'Resistance Is Futile' Message-ID: <9311092231.AA21883@toad.com> Regarding the recent question of whether the cypherpunks list is being gatewayed to Usenet: 1) So what? I have always assumed that anything distributed to a group of _any_ kind may wind up scattered all over the globe and may turn up in unusual places. If the data is sensitive, encrypt it! 2) [Disclaimer: I know just enough Unix to get in trouble..] From what I understand so far, all it takes is one cypherpunk and some magic mail routing code to bounce cypherpunks list postings anywhere else on the planet. If this cypherpunk bounced the traffic off an anonymous remailer, you would never even be able to tell who was feeding the other system. Unless I'm missing something, there seems to be no defense possible against this activity. 3) I agree with the concern expressed by Tim May that we may be opened up to 'disruptive flaming and puerile argumentation.' The only way to avoid this problem [as far as I can tell] is to limit postings to members of the mailing list. That's a tough one. Let us hope that our coffee shop is not overrun by screaming children... ........................................................................ Philippe D. Nave, Jr. | The person who does not use message encryption pdn at dwroll.dw.att.com | will soon be at the mercy of those who DO... Denver, Colorado USA | PGP public key: by arrangement. From pmetzger at lehman.com Tue Nov 9 14:33:42 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 9 Nov 93 14:33:42 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <9311092213.AA03580@ nextsrv.cas.muohio.EDU > Message-ID: <9311092229.AA16015@snark.lehman.com> jdblair at nextsrv.cas.muohio.edu says: > I'm not sure what you mean by "various groups," but I do think that > a very basic net connection, with minimal services (access to > government records, public domain postings, and similar information) > should be provided either free or at a very minimal cost. In New York City, the effective variable cost of an internet mail/news connection is $27 a month -- less than you can panhandle in about threen hours during rush hour, and I'm assuming you never use the phone for anything else and call a couple times a day. The cost is still dropping, and will doubtless be nearly invisible even without any government intervention within a few years. My poorest unemployed friend living in Hell's Kitchen in a fifth floor walkup apartment in roach-infested tenement (no joke) has an internet connection via Panix. I therefore see no reason for government guarantees of net access -- it is obvious that anyone with even minimal initiative can get one already, or will be able to within a few years. The cost of a net connection is far less than the cost of, say, smoking, and there are homeless people who still manage to smoke. Perry From 72114.1712 at CompuServe.COM Tue Nov 9 14:53:15 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Tue, 9 Nov 93 14:53:15 PST Subject: ROUTE 666 Message-ID: <931109214231_72114.1712_FHF12-1@CompuServe.COM> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort at attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Punksters, Tim May wrote: I say we increase our attention on the Data Superhighway and try to kill it as well. Sounds good to me, but if we succeed, would that be road kill? (I'm so ashamed), S a n d y >>>>>> Please send e-mail to: ssandfort at attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From alanr at media.mit.edu Tue Nov 9 15:03:17 1993 From: alanr at media.mit.edu (Alan Ruttenberg) Date: Tue, 9 Nov 93 15:03:17 PST Subject: Cyphergurus: Advice needed In-Reply-To: <199311091643.AA11260@ucsu.Colorado.EDU> Message-ID: <9311092301.AA22739@media.mit.edu> What I'd like to get opinions on is _should I encrypt this header information_, since its format will be known to an attacker and, in many cases, its contents easy to guess? My inclination is to leave it plaintext, since the worst that can happen if a file type is known is the same type of attack that would _always_ be possible with an encrypted header. Thanks to all with thoughts on the subject. -- Will I do think that you should encrypt this information. What if you embed the header at some random point in the file, with the last bytes of the file being a pointer to where the header is? You can then splice the header information out of the decrypted stream. Cryptoexperts: Does this make it harder to use the header information to decrypt the file? What if you embed a series of pointers: ie. Pointer to pointer to pointer to header, all of which get spliced out in the end. Or how about embedding the header in an out of band stream which is part of the file - Escape signals an out of band message and Escape-Escape the old Escape character. Then you could also place the header at a random point in the file. I suppose that you get information about the frequency of the escape character (since the file grows) but that can be masked by appending a random amount of extraneous data in all files). -alan From pmetzger at lehman.com Tue Nov 9 15:09:15 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 9 Nov 93 15:09:15 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <9311092229.AA16015@snark.lehman.com> Message-ID: <9311092308.AA16051@snark.lehman.com> "Perry E. Metzger" says: > > In New York City, the effective variable cost of an internet mail/news > connection is $27 a month -- less than you can panhandle in about > threen hours during rush hour, Thats "three hours". My assumption is based on the panhandling rates I've seen from homeless people on the subways. Perry From mnemonic at eff.org Tue Nov 9 15:28:43 1993 From: mnemonic at eff.org (Mike Godwin) Date: Tue, 9 Nov 93 15:28:43 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311092227.OAA16955@mail.netcom.com> Message-ID: <199311092324.AA04888@eff.org> Tim May writes: > How is a Net connection any more usable than a free CNN channel? For one thing, I get cypherpunks here. > So, if we need a National Information Infractructure, why not the same > thing for newspapers, television, radio, etc.? Why not guarantee > everyone a daily newspaper? After all, they need to be informed. I note that those who produce newspapers, television, radio, etc., also use the same highways and the same phone system. Good infrastructure design unleashes free markets. > (I don't want to drift into sarcasm about this, as I think Mike Godwin > and others are making serious points. But bear in mind that the > purported needs for communicating with the public are often the > justification for "State Radio" and for the UNESCO-sponsored proposals > to restrict the "private press" in many countries. Tim, I think one has to distinguish between "guaranteed access" along the Local Access Cable model and access along the "universal service" model. Local Access Cable is next to useless as a democratic medium, and EFF would not support any guarantee of access along those lines. But universal service, along the Theodore Vail model, is different. Remember, we have universal service now, but people still have to pay their phone bills. And when we get competition in the local loop (a competition that will require changes in the infrastructure), people's residential phone payments will, in general, pay for the cost of operation of their service. Ithiel de Sola Pool's discussions of how to get government-supported and -regulated monopolies to move to free-market models are extremely helpful here. Just sticking with the status quo is not enough. --Mike u Put it this way, do > you really want President Robertson or President Perot to have his won > subsidized channels of communication? Perot can of course _buy_ a > couple of networks, but that's not the same as an official network.) > > CNN, the Clinton News Network. > > --Tim May > > P.S. I cancelled my entire cable t.v. subscription several weeks back. > Too much shit, too little quality, too confusing a monthly bill. I > have a sneaking feeling we're going to have about 500 channels soon, > with a couple of hundred of them available cheaply enough. > > > -- > .......................................................................... > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at netcom.com | anonymous networks, digital pseudonyms, zero > 408-688-5409 | knowledge, reputations, information markets, > W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. > Higher Power: 2^756839 | Public Key: PGP and MailSafe available. > Note: I put time and money into writing this posting. I hope you enjoy it. > From jrk at sys.uea.ac.uk Tue Nov 9 16:08:44 1993 From: jrk at sys.uea.ac.uk (jrk at sys.uea.ac.uk) Date: Tue, 9 Nov 93 16:08:44 PST Subject: Are we gatewayed to Usenet? Message-ID: <26944.9311100009@zen.sys.uea.ac.uk> I also noticed the cypherpunks list show up at nyx.cs.du.edu as a Usenet newsgroup called mail.cypherpunks. -- ____ Richard Kennaway __\_ / School of Information Systems Internet: jrk at sys.uea.ac.uk \ X/ University of East Anglia uucp: ...mcsun!ukc!uea-sys!jrk \/ Norwich NR4 7TJ, U.K. From ferguson at icm1.icp.net Tue Nov 9 16:09:07 1993 From: ferguson at icm1.icp.net (Paul Ferguson x2044) Date: Tue, 9 Nov 93 16:09:07 PST Subject: Let "Common Sense" (tm) dictate the in-roads for NII In-Reply-To: <199311092324.AA04888@eff.org> Message-ID: <9311100004.AA21899@icm1.icp.net> Mike Godwin writes: > > Tim May writes: > > > How is a Net connection any more usable than a free CNN channel? > > For one thing, I get cypherpunks here. Good point. > > > So, if we need a National Information Infractructure, why not the same > > thing for newspapers, television, radio, etc.? Why not guarantee > > everyone a daily newspaper? After all, they need to be informed. > > I note that those who produce newspapers, television, radio, etc., also > use the same highways and the same phone system. Good infrastructure > design unleashes free markets. > Another good point to bear in mind is that networking technologies are "empowering" people to voice their opinions in a fashion previously unknown. Once the "empowerment" issue is _really_ discovered by "the masses" (tm), the need and desire for networking services will virtually be driven by this simple factor. The cart and the horse. Cheers, _____________________________________________________________________________ Paul Ferguson Mindbank Consulting Group fergp at sytex.com Fairfax, Virginia USA ferguson at icp.net From tr2n+ at andrew.cmu.edu Tue Nov 9 16:43:14 1993 From: tr2n+ at andrew.cmu.edu (Tony A Rippy) Date: Tue, 9 Nov 93 16:43:14 PST Subject: Usenet: 'Resistance Is Futile' In-Reply-To: <9311092231.AA21883@toad.com> Message-ID: Dear All, A little quote from Mr. Nave: "Let us hope that our coffee shop is not overrun by screaming children..." Excuse me if I get a tad bit offended by this. I am a computer science student at Carnegie-Mellon University and I read several internet b-boards. Most of the time I don't enter in arguments, or "petty bickering" as it has been called. I just like to read other people's ideas and see what's going on. I can see you guys getting frustrated with thousands of repetative messages and postings, but do you want to sanction of the rest of the world? I always thought (correct me if I'm wrong) that you guys advocated the open exchange of information and ideas via computer. Now you guys want to discuss the advantages of free computer forums while excluding anyone else from your little discussion? Sounds slightly hypocritical. A Screaming Child, Tony Rippy tr2n+ at andrew.cmu.edu From kinney at ucsu.Colorado.EDU Tue Nov 9 17:28:44 1993 From: kinney at ucsu.Colorado.EDU (W. Kinney) Date: Tue, 9 Nov 93 17:28:44 PST Subject: Thanks, cyphergurus In-Reply-To: Message-ID: <199311100126.AA29302@ucsu.Colorado.EDU> Thanks to all for the ideas. Matthew J Ghio writes in response to my question on Mac encryption: > Solution: Perform a one-way hash of the data file and use the result of > the hash to encrypt the header. Then encrypt the file. This means that > the file would have to be decrypted before the header could be decoded. > Breaking the code would therefore be more difficult because the file > format would not be known. Now THIS I like. There have been a couple of suggestions to use random numbers in one way or another, but one thing I've been trying to avoid is having to depend on a PRNG in any way (the same plaintext will always create the same ciphertext, then, but there seems to be nothing particularly weak about that -- correct me if I'm wrong). I don't trust the damn things, and REAL random numbers are just too hard to come by. As a matter of fact, I'm ALREADY MD5 hashing the plaintext to use as a key verification block (I posted about this a while ago). The first 4K of the plaintext is hashed and encrypted with the same key as the plaintext. That way, when the file is decrypted, it can be hashed again and the new hash compared to the old hash. If the hashes match, the key is good. So I guess I'm modifying my request to ask for critiques of this scheme: Encryption: (1) Prompt for a pass phrase (I allow 255 characters) (2) MD5 hash the pass phrase to get an IDEA encryption key (3) MD5 hash the plaintext to make a key verification block (4) Encrypt the header info (type, creator, fork lengths) with the key verification block. (5) Encrypt the plaintext and the key verification block with the IDEA key Decryption: (1) Get pass phrase as above and hash to an IDEA key (2) Decrypt the ciphertext with the IDEA key (3) MD5 hash the new plaintext to make a key test block (4) Decrypt the key verification block produced in (3) above with the IDEA key. (5) Compare the key test block with the key verification block -- if they match, the key is good. (6) Decrypt the header with the key verification block. Note that in practice, I'm encrypting the file 4K at a time, and only hashing the first 4K block to make the key verification block. The header info and the key verification block are stored in a RESOURCE. This is for local, symmetric encryption on a Mac, and there's no point in not using the tools available. You wanna talk to a DOS machine, use PGP -- that's what it's for. > > By the way, what encryption algorythm are you using? IDEA CBC, natch. The application is fully Mac (dialogs, alerts, whatnot), drag-and-drop, AppleEvent aware. Should be pretty easy to make an Alpha TCL module to call it. It does recursive encryption of directories or entire volumes, properly resolves aliases, and knows enough to keep you from encrypting your own system file. I've also got most of the work done on a compatible text editor which allows you to edit encrypted files without ever decrypting them to disk. All System 7 only. The only glaring omission in the initial version will be no data compression, but I'd rather get the thing out and add that later. Expect aroud a month, maybe two before it's ready for beta. It will be freeware, and come with source. I plan to post later to discuss establishing a PGP key for my "software company" pseudonym, for source/executable verification. Comments are solicited -- I'd be willing to modify or add things in response to cool flames... -- Will (Sorry -- no signature on this one...) From 0811wksh at ties.k12.mn.us Tue Nov 9 17:49:07 1993 From: 0811wksh at ties.k12.mn.us (Wabasha-Kellogg High School) Date: Tue, 9 Nov 93 17:49:07 PST Subject: Cost of Internet (was: Should we oppose ... Superhighway) Message-ID: Please don't confuse New York with the vast reaches of Rural America. ALL Internet access is a long distance call from many many location in the world, including here. I would *love to have a free national net available, 'cause I think I know how to use it. Others might abuse it, but I woul work the heck out of it. ---------- Forwarded message ---------- Date: Tue, 09 Nov 1993 17:29:18 -0500 From: "Perry E. Metzger" To: cypherpunks at toad.com Subject: Re: Should we oppose the Data Superhighway/NII? jdblair at nextsrv.cas.muohio.edu says: > I'm not sure what you mean by "various groups," but I do think that > a very basic net connection, with minimal services (access to > government records, public domain postings, and similar information) > should be provided either free or at a very minimal cost. In New York City, the effective variable cost of an internet mail/news connection is $27 a month -- less than you can panhandle in about threen hours during rush hour, and I'm assuming you never use the phone for anything else and call a couple times a day. The cost is still dropping, and will doubtless be nearly invisible even without any government intervention within a few years. My poorest unemployed friend living in Hell's Kitchen in a fifth floor walkup apartment in roach-infested tenement (no joke) has an internet connection via Panix. I therefore see no reason for government guarantees of net access -- it is obvious that anyone with even minimal initiative can get one already, or will be able to within a few years. The cost of a net connection is far less than the cost of, say, smoking, and there are homeless people who still manage to smoke. Perry From pmetzger at lehman.com Tue Nov 9 18:03:14 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 9 Nov 93 18:03:14 PST Subject: Cost of Internet (was: Should we oppose ... Superhighway) In-Reply-To: Message-ID: <9311100202.AA16445@snark.lehman.com> Wabasha-Kellogg High School says: > Please don't confuse New York with the vast reaches of Rural America. ALL > Internet access is a long distance call from many many location in the > world, including here. It won't be long distance in five years (probably not even in two years), and thats without any government help at all. Perry From jim at bilbo.suite.com Tue Nov 9 18:08:45 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Tue, 9 Nov 93 18:08:45 PST Subject: sarcastic quote Message-ID: <9311100205.AA23361@bilbo.suite.com> There is much to be said in favor of modern journalism. By giving us the opinions of the uneducated, it keeps us in touch with the ignorance of the community. - Oscar Wilde Seems an appropriate quote for today. ObRhetoricalClipper: How do the key escrow agencies confirm that the LEAF presented with a warrant is from a line that was legally tapped? Jim_Miller at suite.com From ld231782 at longs.lance.colostate.edu Tue Nov 9 18:23:14 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 9 Nov 93 18:23:14 PST Subject: the Amusements of Cypherpunks Message-ID: <9311100223.AA03194@longs.lance.colostate.edu> Mr. Metzger, premier cypherpunk, undoubtedly derived great ecstasy from mailing me 16 copies of the following letter, apparently in response to my complimenting & commending him on his recently released RSA toolkit... Who was it that said something about `striking a nerve'? Was that J. Dinkelacker? I forget. ===cut=here=== From tcmay at netcom.com Tue Nov 9 18:49:08 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 9 Nov 93 18:49:08 PST Subject: Gatewaying to Netcom fixed.... Message-ID: <199311100249.SAA10459@mail.netcom.com> The gatewaying of the List to Netcom has apparently been fixed, or soon will be. The message below describes what happened. This still does not explain the similar situations which others reported (unless they were just reporting purely local gatewaying). -Tim > Newsgroups: cypherpunks.list > Path: netcom.com!netnews > From: netnews at netcom.com (USENET Administration) > Subject: Re: Test of this list... > Message-ID: > Organization: Netcom Online Communications Services (408-241-9760 login: guest) > References: > Date: Wed, 10 Nov 1993 02:13:30 GMT > Lines: 36 > > In article tcmay at netcom.com (Timothy C. May) writes: > > > >I'm writing this as a _post" to a new newsgroup that appeared on > >Netcom yesterday, "cypherpunks.list." > > > >Who created this newsgroup? Do postings here appear on the e-mail list > >itself? (Hence this test.) > > > >I'm not sure that gatewaying our semi-private mailing list, containing > >candid remarks about smashing governments with strong crypto (as just > >one example), is such a great idea. It just makes it easier for "Them" > >to monitor us and for flamers to disrupt the group. > > > >Oh well. > > > > It was newgrouped at Netcom because it was showing up as one of the > top ten non-existent groups that were were nevertheless receiving > articles for. > > I just checked with the admin of the site that we were receiving > the articles from. It turns out that someone downstream of him > had gatewayed the mailing list into a newsgroup, but it was > supposed to stay local to that site! A minor configuration error > let the articles leak back upstream until they reached Netcom. > > The admin of the site gating the list to the newsgroup will be > patching the leak ASAP, so the list activity should dry up > in a day or two. At the end of the week, I'll close the group > down and that should be the end of it. > > Dont'cha just LOVE those funny leetle config files? ;-) > > > -- > Netcom Newsfeed Support -- (408) 554-8717 -- netnews at netcom.com > From mimir at u.washington.edu Tue Nov 9 19:23:14 1993 From: mimir at u.washington.edu (Grendel Grettisson) Date: Tue, 9 Nov 93 19:23:14 PST Subject: Is Clipper Almost Dead? (was: Clipper and Tipper on Route 666) In-Reply-To: <9311092033.AA11285@metal.psu.edu> Message-ID: On Tue, 9 Nov 1993, Clark Reynard wrote: > I think it would be very important if we could attempt to > sway the Christian right into this; it is certain we > probably don't agree on many issues, and the "700 Club" > anti-Clipper piece was very effective, good video. For those that watch the 700 Club. Personally, I'm opposed to anything that gives the Christian Right more power or puts them in the public eye more given their past track record. > If you don't believe me, watch it. They almost seem > to agree with us entirely on the issue of cryptography. > Perhaps it's time for a _new_ group; the cyphermonks. > > I nominate St. John the Divine as a patron saint. I thought the Christian Right didn't like Catholics or Saints either. It is a Protestant movement. Wassail, Al Billings (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*) | Al Billings aka Grendel Grettisson | "You are, each one, a priest, | | mimir at u.washington.edu | Just for yourself." | | Sysop of The Sacred Grove (206)322-5450 | | | Admin for Troth-L, The Asatru E-Mail List | -Noble Drew Ali- | (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*) From 9307905p at ntx.city.unisa.edu.au Tue Nov 9 19:48:45 1993 From: 9307905p at ntx.city.unisa.edu.au (CaHoS) Date: Tue, 9 Nov 93 19:48:45 PST Subject: unsubscribe 9307905p@ntx.city.unisa.edu.au Message-ID: <9311100346.AA12744@ntx.city.unisa.edu.au> ARRRRRRGGH.... Unsubscribe me. Im drowning..... 9307905p at ntx.city.unisa.edu.au --- F.R.J. Cichy B.CS U of SA, Australia From pdn at dwroll.dw.att.com Tue Nov 9 19:58:44 1993 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Tue, 9 Nov 93 19:58:44 PST Subject: 'Resistance Is Futile' In-Reply-To: Message-ID: <9311100357.AA27911@toad.com> > > Dear All, > A little quote from Mr. Nave: "Let us hope that our coffee shop is > not overrun by screaming children..." > Excuse me if I get a tad bit offended by this. I am a computer > science student at Carnegie-Mellon University and I read several > internet b-boards. Most of the time I don't enter in arguments, or > "petty bickering" as it has been called. I just like to read other > people's ideas and see what's going on. I can see you guys getting > frustrated with thousands of repetative messages and postings, but do > you want to sanction of the rest of the world? I always thought (correct > me if I'm wrong) that you guys advocated the open exchange of > information and ideas via computer. Now you guys want to discuss the > advantages of free computer forums while excluding anyone else from your > little discussion? Sounds slightly hypocritical. > > A Screaming Child, > Tony Rippy > tr2n+ at andrew.cmu.edu > You're right. That _was_ a particularly stupid remark. I apologize. ........................................................................ Philippe D. Nave, Jr. | The person who does not use message encryption pdn at dwroll.dw.att.com | will soon be at the mercy of those who DO... Denver, Colorado USA | PGP public key: by arrangement. From doug at netcom.com Tue Nov 9 20:03:14 1993 From: doug at netcom.com (Doug Merritt) Date: Tue, 9 Nov 93 20:03:14 PST Subject: Private and Public In-Reply-To: Message-ID: <199311100400.UAA06914@mail.netcom.com> --- Forwarded mail from pmetzger at lehman.com >From owner-cypherpunks at toad.com Tue Nov 9 09:15:40 1993 Return-Path: Received: from relay2.UU.NET by mail.netcom.com (8.6.4/SMI-4.1/Netcom) id JAA12727; Tue, 9 Nov 1993 09:15:36 -0800 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AA04858; Tue, 9 Nov 93 12:13:54 -0500 Received: by toad.com id AA17446; Tue, 9 Nov 93 09:03:39 PST Received: by toad.com id AA17443; Tue, 9 Nov 93 09:03:11 PST Received: from lehman.com ([192.147.66.1]) by toad.com id AA17438; Tue, 9 Nov 93 09:03:06 PST "Perry E. Metzger" said: >Since Mr. Merritt has insisted, I will take a foray into this issue. I >would suggest, however, that this is not the forum for this discussion. Ok...I'll desist after a brief comment: I actually don't disagree with any of the major points you make when you put it that way -- although some of the other things I call minor points you might call major points :-) I think I do have some quibbles which would probably turn *into* serious disagreement, but even I would say that raising those things would take us far afield, so I'll leave it at that. P.S. This is ad hominem...tsk, tsk: >Mr. Merritt, this discussion is much like that of a Catholic peasant >in 1500 trying to understand an atheist, with me in the role of the >atheist. Doug From doug at netcom.com Tue Nov 9 20:08:45 1993 From: doug at netcom.com (Doug Merritt) Date: Tue, 9 Nov 93 20:08:45 PST Subject: Info on Clipper chip and fabrication of it Message-ID: <199311100408.UAA07785@mail.netcom.com> tcmay at netcom.com (Timothy C. May) quoted someone else saying: >VLSI progammable logic (EEprom based?) is used to both >store the keys, and provide some other logic functions, so you can't read >anything if you take the chip apart. I don't think any other exotic >technologies are used. Mykotronix designs the mask- they're fabricated at >VLSI. What about triple layer metal interconnect? If they're serious about making it reverse-engineering-resistant, they'd do that even if it weren't functionally needed, simply to make it STM-opaque. I think (but am not sure) that VLSI has that technology in their current fab lines. I suppose that it's not quite "exotic" by now; maybe that's just assumed as obvious? Doug From doug at netcom.com Tue Nov 9 20:18:44 1993 From: doug at netcom.com (Doug Merritt) Date: Tue, 9 Nov 93 20:18:44 PST Subject: Are we gatewayed to Usenet? Message-ID: <199311100415.UAA08381@mail.netcom.com> tcmay at netcom.com (Timothy C. May) said: >Certainly our List is not a deep, dark secret, and certainly we know >the list is gatewayed into some local networks, but I really worry >about everything we say hear being readable by anyone with a newsfeed. > >It also opens us up to more disruptive flaming and puerile >argumentation. Agreed. There are a fair number of topics that I don't care to discuss in a newsgroup where J. Random Luser might briefly drop in, but that I'm willing to talk about in a mail list, where there is a psychological barrier plus time delay and general perceived effort etc to join. Doug From doug at netcom.com Tue Nov 9 20:33:15 1993 From: doug at netcom.com (Doug Merritt) Date: Tue, 9 Nov 93 20:33:15 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: Message-ID: <199311100431.UAA10101@mail.netcom.com> Mike Godwin said: >First of all, EFF's Open Platform says outright that the government is not >going to build the data superhighway. Check again if you don't believe me. Ah...do you mean "should not build", or do you really mean that it contains a discussion outlining the logic behind predicting that they *won't* build? >The only question is whether you get something like what the interactive >cable companies promoted at Hackers--just an enhanced version of the Home >Shopping Network--or whether you get something like the current public >switched network, in which individuals can use a phone line for whatever >they like. I skipped that session because I was already bored to tears with the prospect of "playing football from home while watching it on tv" and by that of 500 pay-per-view-channels. Were they really boosting HSN-type stuff? How completely evil! I'm still dismayed by the recent FCC decision that HSN channels are included in the category of (paraphrased) "for the public good". Was this due to corruption, or merely a sharp drop in collective FCC IQ? Doug From unicorn at access.digex.net Tue Nov 9 20:38:47 1993 From: unicorn at access.digex.net (Dark) Date: Tue, 9 Nov 93 20:38:47 PST Subject: Are we gatewayed to Usenet? Message-ID: <199311100437.AA05249@access.digex.net> This brings up the question, In the event _the net_ were centralized, and not a disperate entity, how might selective distrubution be affected? -> I would reccommend that if certain sites become a problem by attracting flamers, communists, liberals, or government authoritarian types, that we could remove them on a case-by-case basis. <- In the event this became a problem, how might a theoretically "private" or "psuedo-private" (constructively private?) newsletter/mailing list be restricted. Even today, what recourse do we have to keep the circulation of the list minimal, and (egads) filter the readers such to keep bandwidth low and flame / agitator disruption to a min.? Doesn't this smack of censorship, and if so where's the line between censorship and exclusivity, and is cypherpunks even really exclusive? It was nice before the summer when the list was a little less well known and it had that "private feel" that I think T. May was talking about. Is there a basic conflict between impact power of the list as a political sway force and that personal feel? From tcmay at netcom.com Tue Nov 9 20:48:47 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 9 Nov 93 20:48:47 PST Subject: Are we gatewayed to Usenet? In-Reply-To: <199311100437.AA05249@access.digex.net> Message-ID: <199311100447.UAA18671@mail.netcom.com> Some Dark thoughts: > Even today, what recourse do we have to keep the circulation > of the list minimal, and (egads) filter the readers such > to keep bandwidth low and flame / agitator disruption to a min.? > > Doesn't this smack of censorship, and if so where's the line > between censorship and exclusivity, and is cypherpunks > even really exclusive? It was nice before the summer when > the list was a little less well known and it had that > "private feel" that I think T. May was talking about. > > Is there a basic conflict between impact power of the list > as a political sway force and that personal feel? Some very good points. Eric reports that there are more than 550 subscribers. No doubt many will drop off, for a variety of reasons, but the number seems to be consistently edging higher. We can think of conflicting goals for the membership: * as many people as possible, to help spread the word, to get local groups formed, etc. * more selective, more elitist. Which is preferable? At what point does a group like ours get so extended, so large, that all sense of community is lost and we're just each doing our own thing? Hard questions to answer, so we'll probably just continue on as we are. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From doug at netcom.com Tue Nov 9 20:53:17 1993 From: doug at netcom.com (Doug Merritt) Date: Tue, 9 Nov 93 20:53:17 PST Subject: Should we oppose the Data Superhighway/NII?v Message-ID: <199311100450.UAA11942@mail.netcom.com> tcmay at netcom.com (Timothy C. May) >Freedom to associate, to pick one's friends and customers, and all >that. > >Yes, I even support the radical idea that stores can refuse service to >purple Martians, to Lesbian cats, to homeless bums, to blacks, >whatever. We may not like it, but freedom to pick one's associates is >as fundamental a right as one can imagine. On that subject: my company receives substantial money from a government agency (that prefers that we call it "DARPA" in public), to develop technologies that are up our alley but not otherwise commercially viable. That is, they're paying us to adapt our commercial technology to applications that don't pay off in the market place, because they want those non-viable applications for their own use. As a result of this, it turns out that the government requires all contractors and subcontractors to undergo not just financial audits, but also Equal Opportunity Employment audits. In preparing for an audit of that sort, we discovered that, not only is it a Bad Thing to discriminate on the basis of race, sex, etc, etc, which we all know by now, but it is also a Bad Thing to discriminate on the basis of *personality*. To turn away an interviewee because they would not fit into the existing group personality-wise apparently is a Very Bad Thing Indeed. I was flabbergasted. I had no idea that political correctness of this extreme had been enshrined into federal policy. On the flip side of the issue, I admit that I can see the point that even...ah...personality-challenged people need to work so they can eat. But still...yikes! There go your "fundamental rights". Granted this (as far as I know) only applies to government contractors at the moment. But what do you want to bet but that this will soon apply to all businesses? Doug From unicorn at access.digex.net Tue Nov 9 20:58:48 1993 From: unicorn at access.digex.net (Dark) Date: Tue, 9 Nov 93 20:58:48 PST Subject: Clipper/ Dead? Message-ID: <199311100455.AA09340@access.digex.net> From: nate at vis.colostate.edu (CVL staff member Nate Sammons) -> This is welcome news, indeed. I can see why AT&T would be pissed -- if it gets out that the Clipper/SkipJack/Capstone combo is a major step towards Big Brotherism, then their whole "You Will" commertial series will not be accepted as well as I think it has so-far. <- Time to pat myself on the back. :) Way back just before Clipper was announced loudly, AT&T (who knew very well at the time that they were going to actively back Clipper) was running the individual plan ads. You know the ones, with Aretha Franklin chanting out "Freedom....Freedom...FREEDOM." Individual plan? Freedom? You Will? AT&T knew all along it might be a damage control project. Same way Dow Chemical began running ads before their new project on Binary weapons was outed. What you have here is a company that is trying to portray itself as a maverick in liberating technology that talks out of both sides of its corporate mouth. I mentioned it at the time too here. (You heard it here first.) :) -uni- (Dark) From mnemonic at eff.org Tue Nov 9 21:13:47 1993 From: mnemonic at eff.org (Mike Godwin) Date: Tue, 9 Nov 93 21:13:47 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311100431.UAA10101@mail.netcom.com> Message-ID: <199311100513.AA13045@eff.org> Doug writes: > Mike Godwin said: > >First of all, EFF's Open Platform says outright that the government is not > >going to build the data superhighway. Check again if you don't believe me. > > Ah...do you mean "should not build", or do you really mean that it contains > a discussion outlining the logic behind predicting that they *won't* > build? Nobody seriously thinks the government's going to build a Data Superhighway. EFF's interested in seeing the private sector do it. > I skipped that session because I was already bored to tears with > the prospect of "playing football from home while watching it on tv" > and by that of 500 pay-per-view-channels. Were they really boosting > HSN-type stuff? How completely evil! Well, you should have stayed to watch me rabble-rouse. --Mike From ld231782 at longs.lance.colostate.edu Tue Nov 9 22:33:16 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 9 Nov 93 22:33:16 PST Subject: How long before Mr. Hughes CENSORS me? Message-ID: <9311100629.AA08037@longs.lance.colostate.edu> From hughes at ah.com Tue Nov 9 22:53:47 1993 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Nov 93 22:53:47 PST Subject: How long before Mr. Hughes CENSORS me? In-Reply-To: <9311100629.AA08037@longs.lance.colostate.edu> Message-ID: <9311100652.AA12723@ah.com> I have forwarded the recent ld231782 posting to the relevant postmaster. There is no need for others to do likewise, although at this point I definitely think other complaints are in order. Eric From ld231782 at longs.lance.colostate.edu Tue Nov 9 23:03:17 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 9 Nov 93 23:03:17 PST Subject: put me in your kill file Message-ID: <9311100701.AA08606@longs.lance.colostate.edu> Earlier I suggested that Mr. Hughes had put me in his kill file. I actually had misinterpreted another message from another eminent cypherpunk (involved in MacPGP developement) who quoted Mr. Hughes and then his own indication that he was putting me in his kill file in my mail. Sorry for the confusion. Quite to the contrary, as recent events demonstrate, Mr. Hughes has had the great courtesy and kindness to continue to listen to my posts, even though I'm obviously very personally rattled and these postings obviously upset him a great deal. A true model of humanity and compassion to a troubled soul. My personal and humble thanks, Mr. Hughes. You've been a guiding light and an inspiration to me these last few weeks. For everyone else who can't stand me, let me suggest that putting me in your kill files will save you lots of exasperation. I certainly believe it is a far more mature and sensible approach than a puerile stunt like mini-mailbombing me. I fear that others are escalating a sensitive but frivolous situation to rather extreme and inappropriate levels, with a lot of intense emotionalism. BTW, there is no need to inform me that I am in your kill file. That would be rather pointless and defeat the purpose of defeating communication! ===cut=here=== --------------------------------------------------------------------------- The following has nothing to do with writing code, but hopefully posting this will get me back on track.... I wrote this several weeks ago and have been sitting on it ever since. L. Detweiler's contributions of late have made me re-examine my feelings on a variety of email- and cyberspace-related issues. I very strongly believe that everyone has an inaliable right to express themselves, as long as that expression doesn't harm others or impede their ability to express *themselves*. Up to now the amount of trash-mail (as I determine it) has been less than ten percent of my mail, an amount I equate with the real-world equivalent of billboards and junk-mail. L. Detweiler's uncanny ability to craft flame-bait and get the CypherPunks to respond has increased the trash-mail percentage to the point where it's entered my awareness. Torn between respect for someone who has a reputation for having made contributions, worry about someone who seems to have a slim grasp on the reality I'm experiencing, and annoyance at getting scores of ranting incoherent messages, I've made a decision that I've never made before: to put someone (L. Detweiler) into my kill-file. This bothers me a great deal. But there it is. ---------------- To L. Detweiler: I'm sorry, but your style, content, and quantity values have gotten to the point where it seems unrewarding to deal with you. The decision to banish you bothers me a great deal, but not as much as reading your mail does. If you're sincere about the biblical amount of pain you are in, I gently suggest (in my capacity as an EMT with some crisis-intervention experience) that you talk about your pain to a qualified person, perhaps an MFCC. If you're doing all this to get a reaction (for maybe a book) like Don Novello's Lazlo character of the last three decades (and several books), then congratulations. From sesquive at mailbox.syr.edu Tue Nov 9 23:13:16 1993 From: sesquive at mailbox.syr.edu (Bill) Date: Tue, 9 Nov 93 23:13:16 PST Subject: UN-subscribe Message-ID: Please Unsubscribe me tanx ****************************************************************************** Bill Sulouff sesquive at mailbox.syr.edu __________________________________/-----------\______________________________ From hughes at ah.com Tue Nov 9 22:23:29 1993 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Nov 93 23:23:29 -0700 Subject: the Amusements of Cypherpunks Message-ID: <9311100622.AA12657@ah.com> Posting private mail you have received, however rude, onto the cypherpunks list is unwelcome and annoying behavior. Please do not continue to do this and other disruptive behavior. Eric From ld231782 Tue Nov 9 22:27:32 1993 From: ld231782 (L. Detweiler) Date: Tue, 9 Nov 93 23:27:32 -0700 Subject: the Amusements of Cypherpunks In-Reply-To: <9311100622.AA12657@ah.com> Message-ID: <9311100627.AA07964@longs.lance.colostate.edu> Mr. Hughes, I was myself subject to `rude and unwelcome and annoying behavior' -- a mini mail bomb, which I attempted to shame the sender into refraining from in reporting it to the mailing list as a whole. You explicitly condone such atrocious behavior in your outrageous response to myself and my postmaster. From szabo at netcom.com Tue Nov 9 23:54:12 1993 From: szabo at netcom.com (Nick Szabo) Date: Tue, 9 Nov 93 23:54:12 PST Subject: Welcome to the Data Highway In-Reply-To: <199311091856.KAA29306@mail.netcom.com> Message-ID: <199311100754.XAA06086@mail.netcom.com> Welcome to the Information Highway. Please obey the posted opinion limits. Our Internet Fairness Doctrine ensures that both sides of an argument will be heard. Our poster's licensing system ensures that the undemocratic practice of "pseudospoofing" is eliminated from the data highways, just as driver's licensing ensures maximimum safety and minimum pollution of our vehicular highways. Remember, posting on the Highway is a privilege, not a right. Gore/Detweiler in '00, -- Nick Szabo szabo at netcom.com From unicorn at access.digex.net Wed Nov 10 02:13:17 1993 From: unicorn at access.digex.net (Dark) Date: Wed, 10 Nov 93 02:13:17 PST Subject: put me in your kill file Message-ID: <199311101010.AA04957@access.digex.net> ld231782 -> BTW, there is no need to inform me that I am in your kill file. That would be rather pointless and defeat the purpose of defeating communication! <- Pointless is this entire endevor. And people wonder why cypherpunks has deteriorated. -uni- (Dark) From cdmorgan at mosaic.uncc.edu Wed Nov 10 05:33:21 1993 From: cdmorgan at mosaic.uncc.edu (Charles D Morgan) Date: Wed, 10 Nov 93 05:33:21 PST Subject: unsubscribe Message-ID: <9311101331.AA09761@mosaic.uncc.edu> please unsubscribe me cdmorgan at unccsun.uncc.edu From gtoal at an-teallach.com Wed Nov 10 05:33:56 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Wed, 10 Nov 93 05:33:56 PST Subject: Info on Clipper chip and fabrication of it Message-ID: <6864@an-teallach.com> In article <9311092013.AA09822 at vangogh.VIS.ColoState.EDU> nate at vis.colostate.edu writes: > Last I heard, hte model of the ARM series used in the Newton (the > ARM 610 processor) cranked out about 30,000 Drystones and used > _very_ little power. Oh boy, wait till the guys on comp.sys.acorn hear about this! I can tell why the arm was chosen: it comes as a drop-in circuit that manufacturers can use in their own designs. Not many of the other low-power fast CPUs are available like this. And its very small, and blindingly fast. G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From paul at poboy.b17c.ingr.com Wed Nov 10 06:18:57 1993 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Wed, 10 Nov 93 06:18:57 PST Subject: 'Resistance Is Futile' Message-ID: <199311101415.AA07199@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- Philippe makes another in a series of good points about our crypto coffee shop: it is vulnerable to disruption by "screaming children." Of course, not all usenet readers are screaming children; Tony Rippy, in a cogent post, proves that he belongs in that happy group. However, I present as counterexamples David Sternlight, John De Armond, and John Palmer. Those who have an interest in this subject will find the list, and we should welcome them here. USENET gatewaying makes it waaay too easy for the casual flamers and empty-headed arguers to drop in to visit us. Enjoy your coffee, - -Paul - -- Paul Robichaux, KD4JZG | Caution: cutting edge is sharp. Avoid contact. Intergraph Federal Systems | Be a cryptography user - ask me how. ** Of course I don't speak for Intergraph. ** -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOD3ZiA78To+806NAQEs2gQAqvv4wO/rZitLagECTOkzND6K41V8gCny m21pebPdYyLmLlhaDVKV3zbBa4r+ZcrIe0Soc8r1xzC9PZq3CxD6rjjb6XzubzY3 42vwR/RJANuUnECJ7JV9nkftdNNvd+4N+Dq6U6HQQqbwHJb2YAOjS3uBmyD9jziV 4wr1+RC4phM= =Fz98 -----END PGP SIGNATURE----- From pmetzger at lehman.com Wed Nov 10 06:23:20 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 10 Nov 93 06:23:20 PST Subject: the Amusements of Cypherpunks In-Reply-To: <9311100223.AA03194@longs.lance.colostate.edu> Message-ID: <9311101417.AA21809@snark.lehman.com> I'm sending him fourty copies of the next one. Four hundred of the one after that. Its no secret. I dont like getting crap mailed to me by imbeciles. If he doesn't want me to to reply to him, he can stop sending me personal mail. Perry "L. Detweiler" says: > Mr. Metzger, premier cypherpunk, undoubtedly derived great ecstasy from > mailing me 16 copies of the following letter, apparently in response to > my complimenting & commending him on his recently released RSA toolkit... > > Who was it that said something about `striking a nerve'? Was that J. > Dinkelacker? I forget. > > ===cut=here=== > > >From pmetzger at lehman.com Tue Nov 9 10:44:21 1993 > Return-Path: > Received: from Lehman.COM by longs.lance.colostate.edu (5.65/lance.1.5) > id AA16044; Tue, 9 Nov 93 10:44:17 -0700 > Received: from relay.lehman.com by lehman.com (8.6.4/LB 0.1) > id MAA02706; Tue, 9 Nov 1993 12:44:11 -0500 > Received: from kublai.lehman.com by relay.lehman.com (4.1/LB-0.6) > id AA16204; Tue, 9 Nov 93 12:44:09 EST > Received: from snark.lehman.com by kublai.lehman.com (4.1/SMI-4.1) > id AA10163; Tue, 9 Nov 93 12:44:08 EST > Date: Tue, 9 Nov 93 12:44:08 EST > From: pmetzger at lehman.com (Perry E. Metzger) > Message-Id: <9311091744.AA10163 at kublai.lehman.com> > Received: by snark.lehman.com (4.1/SMI-4.1) > id AA15756; Tue, 9 Nov 93 12:44:08 EST > To: "L. Detweiler" > Subject: Go away. > Reply-To: pmetzger at lehman.com > X-Reposting-Policy: redistribute only with permission > > Go away and leave us alone. > > From cdmorgan at mosaic.uncc.edu Wed Nov 10 06:44:17 1993 From: cdmorgan at mosaic.uncc.edu (Charles D Morgan) Date: Wed, 10 Nov 93 06:44:17 PST Subject: unsubscribe Message-ID: <9311101443.AA13114@mosaic.uncc.edu> unsubscribe me please Thank you From jon at balder.us.dell.com Wed Nov 10 07:38:58 1993 From: jon at balder.us.dell.com (Jon Boede) Date: Wed, 10 Nov 93 07:38:58 PST Subject: Should we oppose the Data Superhighway/NII? Message-ID: <9311101535.AA04293@balder.us.dell.com> Mike writes: > Doug writes: >> Mike Godwin said: >> >First of all, EFF's Open Platform says outright that the government is not >> >going to build the data superhighway. Check again if you don't believe me. >> >> Ah...do you mean "should not build", or do you really mean that it contains >> a discussion outlining the logic behind predicting that they *won't* >> build? > > Nobody seriously thinks the government's going to build a Data > Superhighway. EFF's interested in seeing the private sector do it. I thought we already had a data superhighway and what congress (et Al) is really talking about is a national system of on-ramps and off-ramps? Jon -- ,,, (o o) Jon Boede ----ooO-(_)-Ooo---- jon at dell.com +1 512 728-4802 Engineering, Dell Computer Corp. Server OS Development Austin, TX "When I was 10, mean old man Miller's house burned down. We put home plate where his toilet once stood -- his garden became our center field... and in these ways, the laws of karma were revealed." From paul at poboy.b17c.ingr.com Wed Nov 10 08:08:57 1993 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Wed, 10 Nov 93 08:08:57 PST Subject: Ever buy encryption software? YOU WILL! Message-ID: <199311101608.AA07903@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- I found this on comp.dcom.telecom and have elided some marketing material. My editorial comments are enclosed in brackets. Amazing. _AT&T_, the same folks that were trying to bring us Clipper, are going to sell DES over-the-counter. I'd be happier with triple-DES, but this blows my tiny little mind. I have a call in to Dave Arneke, who's listed as the contact person for this release. When I can extract some details from him, I'll post them. Some key points: - products include DES (single or triple?) and SHA, an encrypting version of ZMODEM, and unnamed RSA-based products - the products have been available in the gov't market for > 1 year - AT&T is marketing them; they were developed by another company. X-Submissions-To: telecom at eecs.nwu.edu X-Administrivia-To: telecom-request at eecs.nwu.edu X-Telecom-Digest: Volume 13, Issue 745, Message 1 of 10 ... We'll be demonstrating these and other data security products at COMDEX next week (we're in the NCR booth). We have a variety of secure communications products in our line, hardware and software, voice, data, fax, video and wireless. I'll keep the information coming as we put it out. Thanks again. Sincerely, David Arneke Media Relations Manager, AT&T Secure Communications Systems 919 279-7680 david.arneke at att.com AT&T INTRODUCES SECURITY SOFTWARE TO PROTECT PC, WORKSTATION DATA AND COMMUNICATIONS GREENSBORO, North Carolina -- AT&T is introducing software programs that protect a variety of laptop, PC and workstation applications. The shrink-wrapped programs, announced today, provide data privacy, digital signatures and secure data transmission. They are the first in a series that will provide end-users with public key cryptography capabilities. AT&T Secure Communications Systems has previously developed a multilevel secure UNIX software package. The products announced today are its first security-related offerings in the DOS/Windows and Macintosh markets. [ ... marketing talk from Bill Franklin, business development manager for AT&T Secure Communications Systems, deleted ] The first programs in the series are: -- AT&T SecretAgent (R), which implements the Digital Encryption Standard for privacy and the Digital Signature Algorithm and Secure Hash Standard to protect the integrity of files stored on or transmitted from personal computers. It operates transparently to e-mail systems. -- AT&T dsaSIGN (TM), which provides authentication and data integrity assurance for electronic documents through use of the Digital Signature Algorithm and Secure Hash Standard. -- AT&T SecureZMODEM (TM), which encrypts data on the fly as it is transmitted using the ZMODEM communications protocol. Additional software products based on RSA public-key technology are also available. "We will also introduce access control products, com- patible with the products we're announcing today, for PCs, workstations and networks in the coming months," Franklin said. All three programs were developed for AT&T by Information Security Corporation of Deerfield, Illinois. They are available exclusively from AT&T and its distributors. ISC will be AT&T's primary representative in the government market for these and related products. The programs use proven technology that has been available in the government market for more than a year. "All three have gained strong acceptance among government computer users," said Tom Venn, president of Information Security Corporation. The single-copy price for AT&T SecretAgent is $329.95; for AT&T dsaSIGN, $149.95; and for AT&T SecureZMODEM, $99.95. Site and enterprise licenses and volume discounts are available. All programs are available now directly from AT&T Secure Communications Systems and its distributors. Customers can get more information on AT&T software security programs by calling 1 800 203-5563. For media inquiries, call David Arneke at AT&T Secure Communications Systems, 919 279-7680. - -Paul - -- Paul Robichaux, KD4JZG | Caution: cutting edge is sharp. Avoid contact. Intergraph Federal Systems | Be a cryptography user - ask me how. ** Of course I don't speak for Intergraph. ** -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOERoyA78To+806NAQHlLQQArzWzEqpqO+EoYEqShkQJmqAI3y1O9sBD yBbBElXylpmJ+yf6WofUWXCci2sEDw0JSE8RSYoTSe0HGtx16pAjh1fkK6UA+8XW 2ZsyzHiuPm1OYMM63iFDRMHTnIYLowmc5GPIXRGnweyCuiWgVNTkHxClnbNo2vGb uaDI2O5X9dI= =FTwT -----END PGP SIGNATURE----- From pfarrell at netcom.com Wed Nov 10 08:23:19 1993 From: pfarrell at netcom.com (Pat Farrell) Date: Wed, 10 Nov 93 08:23:19 PST Subject: Should we oppose the Data Superhighway/NII? Message-ID: <40905.pfarrell@netcom.com> Tim May asks if we cypherpunks should oppose the NII. I think we probably should, but not on cypherpunks. A suitable list for discussing this topic is 'com-priv at psi.com' which addresses the political and economic issues of the commercialization of the pure and pristine Internet. The US Federal government already has a huge infrastructure of networking. For example, the VA has two independant nationwide networks. On connects the administrative folks that handle VA loans, college benefits, etc. and the other connects the VA hospitals. The DOT has a huge net for air traffic control. The Federal Courts have their own network. Interior, thru USGS has a huge network, with BLM and other agencies trying to make it bigger. Social Secutrity has a net, Agriculture has a net and a large payroll center in New Orleans. I think 'punks are smart enuff to see a pattern here. Followups via email are fine. Otherwise I'm moving this to com-priv. Pat -- former consultant to VA, DOT, SSN, Treasury, Interior, Courts, etc. Pat Farrell Grad Student pfarrell at netcom.com Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From wex at media.mit.edu Wed Nov 10 08:23:57 1993 From: wex at media.mit.edu (Alan (Gesture Man) Wexelblat) Date: Wed, 10 Nov 93 08:23:57 PST Subject: Personality BS (was: Should we oppose the Data Superhighway/NII?) In-Reply-To: <199311100450.UAA11942@mail.netcom.com> Message-ID: <9311101620.AA19827@media.mit.edu> Hunh. Doug, I'm sorry to oppose you on this, but I think that the sort of bullshit pry-into-your-personal-life stuff that companies are resorting to these days is *exactly* the sort of stuff that cypherpunks would want stopped! Have you ever had to take one of these tests? Have you seen the questions they ask? I have been handed a test (in an all-too-recent interview) and after looking at the test I told them flat-out I would not take the test and if they hired people based on it then I wouldn't work at their company. [The questions have to do with all kinds of shit like "Have you ever had a homosexual experience?" and "Have you ever shoplifted anything?" and "How do you feel about XXX?". Totally unrelated to my job skills.] Of course, they reacted with the same sort of shock and surprise that I got from Texas Instruments when I told *them* I wouldn't piss into their cup on demand and that they could shove *that* job. No one had ever even objected to taking the test before, let alone to the fact that the company keeps the database of all the answers of all the applicants ever. (Unencrypted, on a PC in the president's office, as it happened.) It's a total load of crap and should be illegal. I, for one, am glad the gov't is telling its contractors NOT to do that. Sorry this is so strident, but I see cryptography and privacy-enhancement as technological branches of the same tree as this stuff. Appropriate data in appropriate places, and nothing more. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request Try not to have a good time ... This is supposed to be educational. From mnemonic at eff.org Wed Nov 10 08:38:57 1993 From: mnemonic at eff.org (Mike Godwin) Date: Wed, 10 Nov 93 08:38:57 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <9311101535.AA04293@balder.us.dell.com> Message-ID: <199311101637.AA18473@eff.org> Jon writes: > I thought we already had a data superhighway and what congress (et Al) is > really talking about is a national system of on-ramps and off-ramps? Not exactly. Not everyone recognizes the need and value of on and off ramps. More importantly, the NII is not about building more trunk lines so much as it is about ensuring that the resulting infrastructure allows everyone to be an information provider as well as consumer. There's money to be made here, and lots of entrepreneurial opportunities, if the thing is done right. You know, I was just thinking of Tim's comment about how he punted his cable service. One of the reasons that cable is just "a vaster wasteland" is that it follows the old cable/broadcaster paradigm--get a government-supported, government-regulated monopoly in place, and let a single provider (or a small set of providers) funnel their product into the home. But cable service would be far more valuable to me (and I'd pay more for it) if I could, say, upload a video of my little girl taking her first steps and send it to Tim. (Not that he'd necessarily pay for that privilege, but you get the idea.) --Mike From doug at netcom.com Wed Nov 10 08:48:58 1993 From: doug at netcom.com (Doug Merritt) Date: Wed, 10 Nov 93 08:48:58 PST Subject: Personality BS (was: Should we oppose the Data Superhighway/NII?) In-Reply-To: Message-ID: <199311101649.IAA15443@mail.netcom.com> "Alan (Gesture Man) Wexelblat" said: >Hunh. Doug, I'm sorry to oppose you on this, but I think that the sort of >bullshit pry-into-your-personal-life stuff that companies are resorting [...] >[The questions have to do with all kinds of shit like "Have you ever had a >homosexual experience?" and "Have you ever shoplifted anything?" and "How >do you feel about XXX?". Totally unrelated to my job skills.] We're not in opposition, I very strongly agree. It's just that we're talking about slightly but importantly different things. The thing you're referring to is indeed outrageous. So are the presumption-of-guilt drug tests that I understand that 80% of all Fortune 1000 companies now require. (The latter is particular heinous, since all tests have a non-zero false-positive rate, for one thing.) But what I was referring to was the common interviewing strategy of trying to figure out whether someone will get along with the existing group, not by prying into their personal life or giving them personality tests, but just by the age-old method of discussing everyone's impressions of the candidate. This all by itself is what we were told is unacceptable discrimination (against the personality-challenged, presumably. :-) >It's a total load of crap and should be illegal. I, for one, am glad the >gov't is telling its contractors NOT to do that. Sorry, but I am pretty sure that giving personality tests is quite ok, so long as they are one of those bullshit Supposedly Scientific things based on Meyers Briggs or the Minnesota Multiphasic Aptitude Test or some such, and as long as they are uniformly given to all candidates. So they're outlawing the reasonable and allowing the unreasonable, the worst of both worlds. Doug From smb at research.att.com Wed Nov 10 08:53:57 1993 From: smb at research.att.com (smb at research.att.com) Date: Wed, 10 Nov 93 08:53:57 PST Subject: Ever buy encryption software? YOU WILL! Message-ID: <9311101653.AA08623@toad.com> -----BEGIN PGP SIGNED MESSAGE----- I found this on comp.dcom.telecom and have elided some marketing material. My editorial comments are enclosed in brackets. Amazing. _AT&T_, the same folks that were trying to bring us Clipper, are going to sell DES over-the-counter. I'd be happier with triple-DES, but this blows my tiny little mind. Disclaimer: I'm speaking for myself, not AT&T. I've said this before, but it's worth repeating. For the most part, corporations exist to make money. They don't take moral stances. (Aside: I'm not saying that this is good or bad; rather, I'm saying that it just is.) If you offer a company a way to make money, it will probably do it. Unified visions, of the sort you're implying AT&T had on encryption, are generally seen as long-term ways to make money, i.e., if the company picks some standard, it will be easier or cheaper to make or sell some future set of products. In the case of Clipper, there was a clear market: the government wanted to buy Clipperphones. AT&T already sells secure phones (STU-III's) to the government; the question here (and I wasn't privy to any of the discussions) was whether or not it would cost more to develop the phone than the potential profits. But Clipper isn't, and can't be, the be-all for encryption, even apart from the moral questions. See if you can dig up AT&T's response to the proposed key escrow FIPS. I suspect you'd be surprised. I don't think I have it handy, but it points out things like the unsuitability of key escrow for software implementations -- and the products you describe are exactly that. Yes, AT&T as a company thinks that there is a market for privacy devices. (And it's no secret that the defense market is drying up, due to budget cuts.) Clipper can't fill certain market niches. DES -- or triple DES, or IDEA, or RC2, or whatever -- can. From tien at well.sf.ca.us Wed Nov 10 09:03:57 1993 From: tien at well.sf.ca.us (Lee Tien) Date: Wed, 10 Nov 93 09:03:57 PST Subject: hearing on Nov. 15 at 10 am in Gilmore v. NSA case Message-ID: <9311101702.AA08712@toad.com> Many of you know of John Gilmore's Freedom of Information Act lawsuit against NSA, which was written up in WIRED. In September, Judge Henderson dismissed the case, ruling that there was no claim for an injunction against NSA for its regular, routine failure to respond to FOIA requests within the time limits provided by the law. John has moved for reconsideration of the dismissal on a variety of legal grounds. The hearing on Monday 11/15 10 a.m. is in Courtroom 12, on the 19th floor of the U.S. Courthouse, 450 Golden Gate Ave., San Francisco. Lee Tien From mnemonic at eff.org Wed Nov 10 09:08:57 1993 From: mnemonic at eff.org (Mike Godwin) Date: Wed, 10 Nov 93 09:08:57 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <9311101654.AA21967@snark.lehman.com> Message-ID: <199311101705.AA18927@eff.org> Perry writes: > Mike Godwin says: > > But cable service would be far more valuable to me (and I'd pay more for > > it) if I could, say, upload a video of my little girl taking her first > > steps and send it to Tim. (Not that he'd necessarily pay for that > > privilege, but you get the idea.) > > Why do we need government for this? We don't. We need private providers for this. > Seems to me that bandwidth is > going to be nearly free in both directions in a few years whether > government intervenes or not. I agree about the potential for it to be free, but, I gotta tell you, the monopolists running the cable systems in this country have no inclination to share that nearly free bandwidth with you, even if you're willing to pay for access to it. In order to get to a world in which free markets can meet our demand for high-bandwidth connectivity, we have to dig ourselves out from the market-failure position we're in now. And because government is part of the problem, changing government policy is part of the solution. So, that's one of the major thrusts of EFF's NII policy. --Mike From pmetzger at lehman.com Wed Nov 10 09:14:18 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 10 Nov 93 09:14:18 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311101705.AA18927@eff.org> Message-ID: <9311101712.AA21990@snark.lehman.com> Mike Godwin says: > I agree about the potential for it to be free, but, I gotta tell you, the > monopolists running the cable systems in this country have no inclination > to share that nearly free bandwidth with you, even if you're willing to > pay for access to it. Wouldn't the solution then be to eliminate the capacity of local municipalities to grant cable monopolies? Fiber is compact -- five or even twenty cable companies could coexist happily in New York (where I live) if the city didn't grant "franchises", which it charges exhorbitantly for. With large scale competition between cable companies, monopolies would no longer be a problem. > In order to get to a world in which free markets can meet our demand for > high-bandwidth connectivity, we have to dig ourselves out from the > market-failure position we're in now. Isn't the problem in question the result of government granted, rather than natural, monopolies? Isn't it thus wrong to call it a "market failure"? Seems more like yet another government failure. Perry From oseiler at unixg.ubc.ca Wed Nov 10 10:14:29 1993 From: oseiler at unixg.ubc.ca (Oliver Seiler) Date: Wed, 10 Nov 93 10:14:29 PST Subject: Cost of Internet (was: Should we oppose ... Superhighway) In-Reply-To: Message-ID: > Please don't confuse New York with the vast reaches of Rural America. ALL > Internet access is a long distance call from many many location in the > world, including here. > > I would *love to have a free national net available, 'cause I think I know > how to use it. Others might abuse it, but I woul work the heck out of it. > I think the question should be: Do I want my taxes to pay for somebody elses Internet connection? I would answer no... (a moot point though, since for one, I'm Canadian, and for another, the government would probably do it anyway, whether you want it or not...) This attitude tends to put me on the opposition for government supplied networks. Hell, I currently have 5 unix accounts scattered here and there in cyberspace... I think the main problem is that most people *don't* see the benefits they would get (I think e-mail probably being the biggest) since most people are fairly computer illiterate, and even many of the ones who can handle themselves quite well on a computer don't know the first thing about the benefits of a network... (These attitudes were gleaned from working about a year and a half in a computer store... Wonderful places to meet all sorts of redundant people :) -Oliver | Oliver Seiler + Erisian Development Group + Amiga Developer + | oseiler at unixg.ubc.ca +-------------Reality by the Slice--------------+ | oseiler at nyx.cs.du.edu | (604) 683-5364 | | ollie at BIX.com | POB 3547, MPO, Vancouver, BC, CANADA V6B 3Y6 | From mnemonic at eff.org Wed Nov 10 10:28:59 1993 From: mnemonic at eff.org (Mike Godwin) Date: Wed, 10 Nov 93 10:28:59 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <9311101712.AA21990@snark.lehman.com> Message-ID: <199311101826.AA19786@eff.org> > Wouldn't the solution then be to eliminate the capacity of local > municipalities to grant cable monopolies? That might be one solution. It certainly will be part of the ultimate solution. > Fiber is compact -- five or > even twenty cable companies could coexist happily in New York (where I > live) if the city didn't grant "franchises", which it charges > exhorbitantly for. With large scale competition between cable > companies, monopolies would no longer be a problem. Which cable company has to eat the cost of digging the original groundwork? Or are you saying that every new cable entity will have to lay its own infrastructure? The capital costs of that create an immense barrier to market entry, and ease of market entry is a pre-requisite for free-market competition. The only reason the first cable companies even invested in laying cable is that they were guaranteed a local monopoly. Since government, in effect, participated in the creation of that part of the infrastructure, there are serious issues as to whether the first cable provider in a local area should continue to profit from a government-granted incentive while new potential providers are left high and dry. These are the kinds of issues that need to be addressed as we move from monopoly to free-market competition--how do we correct for the distortions caused by the initial government intervention in the market? > Isn't the problem in question the result of government granted, > rather than natural, monopolies? Isn't it thus wrong to call it a > "market failure"? Seems more like yet another government failure. "Market failure" is a term of art. It refers to a condition, which may in fact be caused by government, in which market mechanisms have been prevented from ensuring competition. --Mike From Postmaster at cproject.com Wed Nov 10 10:38:58 1993 From: Postmaster at cproject.com (Andrew Hammer) Date: Wed, 10 Nov 93 10:38:58 PST Subject: Fwd: [gtoal@an-teallach.com (Graham Toal)]Info on Clipper chip and fabrication of it Message-ID: <0E062001.gd0de3@cproject.cproject.com> In article <9311092013.AA09822 at vangogh.VIS.ColoState.EDU> nate at vis.colostate.edu writes: > Last I heard, hte model of the ARM series used in the Newton (the > ARM 610 processor) cranked out about 30,000 Drystones and used > _very_ little power. Oh boy, wait till the guys on comp.sys.acorn hear about this! I can tell why the arm was chosen: it comes as a drop-in circuit that manufacturers can use in their own designs. Not many of the other low-power fast CPUs are available like this. And its very small, and blindingly fast. G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From talon57 at well.sf.ca.us Wed Nov 10 10:39:28 1993 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Wed, 10 Nov 93 10:39:28 PST Subject: Should we build the Data Superhighway/NII Message-ID: <199311101839.KAA19331@well.sf.ca.us> DISCLAIMER; This is for the private reading of the members of the Cypherpunks list, and may not be redistributed without permission. The opinions expressed are strictly my own and do not necessarily reflect the views of Ameritech or it's alliance partners. My two bits on the data highway; - on universal access Ameritech, the consortium of the five regional midwest RBOC's filed a plan for complete deregulation and access to the local loop the first week in March under the title of "Advanced Universal Access" The gist of it? If you remove the regulations against us competeing in everyone elses markets, we will allow and provide complete unbundled access to the local loop. Number plan the whole bit, right to the copper pair if you want. My two bits? we don't have any problem with any and all forms of competition. Do you want "Universal Access"? Then all participants have to share the costs involved. In Illinois alone there are more than 30 companies providing local loop service, each functions as a "Monopoly" within it's geographic area. Sprint the long distance company owns and is a "Local Loop Monopoly" in about 8 areas that I recall,(This was the result of there purchase of Centel) GTE, all the big boys are here. Large corporate customers are directly connected with long distance carriers without touching the local loop. - Bell Atlantic and TCI merger? couldn't care less, bring them on! I am involved with a number of projects that pertain to the "Data Highway" concept. - The Extended classroom, part of the "Superschools" project. This will provide E-mail services and basic info services to K-12 students. The next stage calls for Internet/Usenet Access and interactive MultiMedia (Hyperlearning) access. - Health services network, this is already providing shared info between various medical agencies and hospitals, it is limited right now by regulatory restrictions. - Announced just this morning....Ameritech has announced an alliance with Citibank to provide for "Display Telephone" access to Citibank financial services, this will also provide access to directory services and advanced telephone services. This is basically a variation of the French "Minitel" system from the look of it. I intend on pushing for Internet/Usenet access as well. Of course this is only the start, got an idea for a service? give us a call. All are welcome, I expect to see numerous "Garage" startups providing content of all sorts. - Video Dialtone, basically a piece of cake if you have the bandwidth, currently works well down to T-1 speeds (1.54 MPS) The Battle to build the "Superhighway" has been called the battle of 250 million trenches. This refers to the notion that 250 million sections of local loop will have to be replaced with fiber eventually. It's true that ISDN can play a part and ADSL (Asymetrical digital subscriber loop) which has been successfully tested at 3MPS over UTP and should clear 6MPS in the next 6 months will help fill the gaps. Some Cable companies will have their own offerings, as will various "Telecosm" pioneers we've yet to see. The cost of building the initial "Fibersphere" has been estimated at 250 billion dollars. Who's going to foot the bill? The existing cable plant is more than sufficient for the services the telco's are currently permitted to offer. We've made our point clear ( see the FCC filing "Advanced Universal Access") Turn us loose, and we'll build it, or at least contribute to it, ;) and equal access will be provided to all competitors. We're going to build it anyway, " Are you with me men!" Brian Williams Cypherpatriot Extropian * Telecosm and Fibersphere are from the works of futurist George Gilder, his work is highly recommended. * Hyperlearning is from the work of Lewis J. Perelman particularly "Schools Out, Hyperlearning, the new technology, and the end of education." Also highly recommended. From cme at sw.stratus.com Wed Nov 10 10:49:19 1993 From: cme at sw.stratus.com (Carl Ellison) Date: Wed, 10 Nov 93 10:49:19 PST Subject: Are we gatewayed to Usenet? Message-ID: <199311101848.NAA16511@ellisun.sw.stratus.com> I think there's a difference between a gateway into USENET and a gateway from USENET. The latter would give us a feed from Sternlight, Pope, et al. - Carl From an41418 at anon.penet.fi Wed Nov 10 10:53:21 1993 From: an41418 at anon.penet.fi (wonderer) Date: Wed, 10 Nov 93 10:53:21 PST Subject: Applications of cryptography Message-ID: <9311101851.AA00120@anon.penet.fi> My apologies for getting caught up in the political momentum of the Private vs. Public debate on income tax. It was too tempting... Anyway, back to wondering. I am trying to compile information about the different applications of cryptography. I would like to create something like the handbook of cryptography. Some examples that come to mind are: digital cash, DC nets, coin flipping, mental poker, digital signatures, secure communication, encrypted file systems, etc. Any help will be appreciated. If people respond to me directly, I will post a summary to the list, and maybe distribute the handbook if it is a successful project in a few months. Thanks, Wonderer ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From cme at sw.stratus.com Wed Nov 10 10:54:17 1993 From: cme at sw.stratus.com (Carl Ellison) Date: Wed, 10 Nov 93 10:54:17 PST Subject: oops Message-ID: <199311101853.NAA16531@ellisun.sw.stratus.com> please ignore the previous message (I must be tired). Access from the net to cpunx is already trivial. so much for that. From tcmay at netcom.com Wed Nov 10 10:59:28 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 10 Nov 93 10:59:28 PST Subject: Big Mother can't protect our privacy In-Reply-To: <9311101620.AA19827@media.mit.edu> Message-ID: <199311101900.LAA22288@mail.netcom.com> Alan Wexelblat writes: > Hunh. Doug, I'm sorry to oppose you on this, but I think that the sort of > bullshit pry-into-your-personal-life stuff that companies are resorting to > these days is *exactly* the sort of stuff that cypherpunks would want > stopped! > > Have you ever had to take one of these tests? Have you seen the questions > they ask? I have been handed a test (in an all-too-recent interview) and > after looking at the test I told them flat-out I would not take the test and > if they hired people based on it then I wouldn't work at their company. > > [The questions have to do with all kinds of shit like "Have you ever had a > homosexual experience?" and "Have you ever shoplifted anything?" and "How > do you feel about XXX?". Totally unrelated to my job skills.] Simple solution: If you don't want to take the MMPI test (*), don't work for that company. (* MMPI is the Minnesota Multiphasic Personality Index test, which sounds like the test described here. It has a couple of thousand of these questions. Without defending the analytical powers of this test, let me say that the intent is psychological, not political. The famoous questions about believing in God, having homosexual experiences, washing one's hands, and so on, are devised by shrinks, not designed to ferret out atheists and homos. The MMPI has been in wide use since the 1950s, though it's use is declining as people file lawsuits over it.) > It's a total load of crap and should be illegal. I, for one, am glad the > gov't is telling its contractors NOT to do that. > > Sorry this is so strident, but I see cryptography and privacy-enhancement as > technological branches of the same tree as this stuff. Appropriate data in > appropriate places, and nothing more. I can understand Alan's stridency, but if for whatever reason I ask a potential employee to take a test--call it Tim's Multiphasic Personality Index, the TMPI--does he really want me thrown in jail? That's what saying that this "should be illegal" generally implies. Most Cypherpunks I know would rather just demonstrate their competency and tell the potential employer to screw themselves. Not surprisingly, most employers will then get the message and drop such tests. (The MMPI, designed in the conformist 50s and only occasionally updated since, is a pretty crummy test of talent or ambition, in my unprofessional opinion. A girlfriend who was an MFCC (Marriage, Family, and Child Counselor, a shrink) agree it was flawed.) All I'm saying is that interfering with my practices or with those of others, to make certain things illegal, is not what most Cypherpunks are after. Sorry if this is political, but Cypherpunks should not be looking for laws and regulations to protect someone's idea of privacy. In Britain, in case there are some of you out there who haven't heard about this, they got concerned about corporations compiling records on people. Sounds like a valid concern, right? Well, the result was the Data Privacy Act (or somesuch), which outlaws such records unless the compiler notifies _all_ of the targets _and the government_. The result is that anyone who saves computer files--like this list, which of course contains e-mail addresses of hundreds of people--is technically in violation of the law. Companies are finding it tough to go about their business. And so on. Cypherpunks protect their own privacy, they don't depend on Big Mother to do it for them. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From pdn at dwroll.dw.att.com Wed Nov 10 11:03:22 1993 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Wed, 10 Nov 93 11:03:22 PST Subject: AT&T encryption software Message-ID: <9311101901.AA10042@toad.com> Well, well, well. I should have guessed that we [AT&T] would scramble onto the encryption software bandwagon sooner or later. Buried in the bowels of the PBX business, I haven't heard anything about the product yet, but that's about par for the course. I would like to strongly encourage anybody who can get a copy of this product to examine it thoroughly; my gut feel is *bad*, but I'll need some concrete facts if I am to present a dissenting view. Sooner or later, the PC lab guys will probably be installing this thing on our PCs and we'll be the 'vanguard of the future' (again!). I am particularly interested in whether this package is interoperable with PGP- for some reason, I tend to doubt it . [If any of you were wondering whether or not I 'speak for AT&T', this posting should remove all doubt..] ........................................................................ Philippe D. Nave, Jr. | The person who does not use message encryption pdn at dwroll.dw.att.com | will soon be at the mercy of those who DO... Denver, Colorado USA | PGP public key: by arrangement. From pmetzger at lehman.com Wed Nov 10 11:03:59 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 10 Nov 93 11:03:59 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311101826.AA19786@eff.org> Message-ID: <9311101859.AA22080@snark.lehman.com> Mike Godwin says: > > Fiber is compact -- five or > > even twenty cable companies could coexist happily in New York (where I > > live) if the city didn't grant "franchises", which it charges > > exhorbitantly for. With large scale competition between cable > > companies, monopolies would no longer be a problem. > > Which cable company has to eat the cost of digging the original > groundwork? Or are you saying that every new cable entity will have > to lay its own infrastructure? Well, in NYC, the utility tunnels are municipal, so its a question of leasing a slot from the city. (Frankly I wish the tunnels were privately held, but thats another story.) In most rural and suburban areas in the US utility poles are still used and its a question of leasing slots from the owners of those (which is easy since fiber is quite lightweight, is typically strong when kevlar reinforced, and presents little or no lightning hazard.) In some areas it might mean digging new infrastructure -- modern cable laying equipment has dramatically reduced the cost of this, especially for buried fiber optics. In practice, none of this is a real problem. Many areas DO have two or more cable companies because there is no local prohibition on competition, and a few areas even have multiple electric companies because there are enlightened governments that permit such heretical violation of the "natural" (read, government granted) monopoly thesis. > The capital costs of that create an immense barrier to market entry, > and ease of market entry is a pre-requisite for free-market > competition. Its not a real barrier. Capital costs for such structures are typically sunk via mortgage bonds -- its possible for most utilities to raise vast amounts of money in the debt markets. If you wish, I can direct you to people at the Cato Institute who can give you plenty of good data on why there is no legitimate reason why two or more phone, cable, electrical, or even gas and water companies couldn't operate in most areas -- I mean hard data down to the costs involved and potential profits and the way that competitive utilities have functioned in areas permitting them. The reasonable conclusion the data leads to is that the only reason such things don't happen much in the U.S. is that in most places competition is prohibited by law. > The only reason the first cable companies even invested in laying cable is > that they were guaranteed a local monopoly. Well, the fact that multiple cable companies do in fact exist in many places gives lie to this premise. The fact that multiple phone companies used to operate in the early days of the century before the government put a legal end to that also tends to discount this thesis. I've heard the argument given time and again about dozens of industries that "The X industry requires a government monopoly to operate" or "The Y industry needs subsidies or we would be left without a Y industry" and the like. I've checked up on many such claims, and have yet to see one where the numbers or the facts actually backed up the claim. The practice of granting monopolies was started in England under the Tudors as a way of earning money for the crown (which it still is in many states if you look at franchise fees and utility tax structures). There was initially no pretense about the practice being needed to preserve certain businesses -- that, of course, eventually arose as an excuse and is perpetually the monopolists argument for why competition should not be permitted. Ultimately, one must ask the hard question of the monopolists. "If competition is impossible in this industry, or if competitors could not raise money for infrastructure, why do you need legal protection from competition? If competition it would render the business unprofitable, why would people seek to compete with you?" > These are the kinds of issues that need to be addressed as we move from > monopoly to free-market competition--how do we correct for the distortions > caused by the initial government intervention in the market? Eliminate the intervention by stopping the monopoly? Perry From tcmay at netcom.com Wed Nov 10 11:23:21 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 10 Nov 93 11:23:21 PST Subject: NII and the Need for XXX-rated Porn In-Reply-To: <199311101637.AA18473@eff.org> Message-ID: <199311101923.LAA24616@mail.netcom.com> Now that I have your attention... (Warning: This post discusses hard-core XXX-rated material of no socially redeeming value. Transmission on the National Information Infratructure is thus forbidden. Do so at the risk of asset forfeiture.) Mike Godwin writes: > You know, I was just thinking of Tim's comment about how he punted his > cable service. One of the reasons that cable is just "a vaster wasteland" > is that it follows the old cable/broadcaster paradigm--get a > government-supported, government-regulated monopoly in place, and let a > single provider (or a small set of providers) funnel their product into > the home. > > But cable service would be far more valuable to me (and I'd pay more for > it) if I could, say, upload a video of my little girl taking her first > steps and send it to Tim. (Not that he'd necessarily pay for that > privilege, but you get the idea.) I might, if there was a market in alt.binaries.pictures..... Just kidding, Mike! Seriously, Mike's comments about cable being a "vaster wasteland" (a nice EFF paraphrase of the famous FCC Commissioner's comments in the 60s), is important. I dropped my cable because paying $55 a month for a bunch of crap was getting to be too much. Let me be very blunt: I would certainly resume my cable if certain "interesting" channels could be provided. X-rated, as just one example. A telling situation: Why are X-rated movies (I mean X-rated, as you find in video rental places, not the soft-core stuff that "Playboy" and "Spice" offer) not offered? A combination of FCC rules (for broadcast throught the air and--maybe--for cablecast, but I'm not sure what sway the FCC has over cable) and various lawsuits. A couple of years ago the _satellite_ channel, "American XXXcstacy," or somesuch (I never got it and only read about the cases), was knocked off the air by prosecutions or threats of prosecutions in certain Bible Belt areas. (There are many issues we could discuss here: "forum shopping," selective prosecution, RICO laws, etc.) Does anyone expect the NII will offer hard-core porn on its networks? Just one example. I don't know what the solution is, except that I'm naturally skeptical about the government having _anything_ to do with it. (I've read the CPSR pitch on NII and it scares the crap out of me. I've read the NII articles in "Whole Earth Review" and elsewhere and I have the same reaction. I've read the Open Platform proposal from EFF and find it better, but still overly oriented toward government solutions. Finally, I'm still trying to dig out the NII docs themselves, the ones Tom Kalil has pointed us to.) The link to Cypherpunks is clear: most of us are opposed to Big Mother choosing what we read, watch, or talk about. Strong crypto makes this bypassing of Big Mother and Big Brother possible. Strong crypto fundamentally collides with many of the stated public policy goals surrounding the National Information Infrastructure. Which do we want to win? --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From mnemonic at eff.org Wed Nov 10 11:28:59 1993 From: mnemonic at eff.org (Mike Godwin) Date: Wed, 10 Nov 93 11:28:59 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <9311101859.AA22080@snark.lehman.com> Message-ID: <199311101926.AA20523@eff.org> > Well, in NYC, the utility tunnels are municipal, so its a question of > leasing a slot from the city. Is that true? How many slots are there? Is access to the slot unregulated? > In some areas it might mean > digging new infrastructure -- modern cable laying equipment has > dramatically reduced the cost of this, especially for buried fiber > optics. The question is less one of creating new conduits than of seeing that the conduits already in place (invariably under a government regulatory regime, if not an outright monopoly) get used to their fullest potential. Perry, you think that just letting things happen alone means that someone's going to give you purchasable video uplink. I'm glad to hear it, but I don't share you belief. Where we do agree, of course, is that access to the cable part of the infrastructure (whether by building new conduits or allocating sections of existing ones) shouldn't be subsidized by government money, except of course to the extent that the government is buying such services for itself. > In practice, none of this is a real problem. Many areas DO have two or > more cable companies because there is no local prohibition on > competition .... I wouldn't say this is accurate. Even in multiple-cable areas, I understand, the cable companies have government licenses and operate under government regulation. In the Boston area, there are multiple cable companies, but you can't choose which one your particular home will use if you subscribe to cable. >, and a few areas even have multiple electric companies > because there are enlightened governments that permit such heretical > violation of the "natural" (read, government granted) monopoly thesis. Do those electric companies each have different wires? So that if I move into the house where you used to live, and you bought power from company X, I can call up company Y and say "You're supplying power here now"? How is this implemented. I don't think discussion of "natural monopolies" is relevant here, because it doesn't matter whether the monopolies that exist are natural or not. They're here in any case. > > The capital costs of that create an immense barrier to market entry, > > and ease of market entry is a pre-requisite for free-market > > competition. > > Its not a real barrier. Capital costs for such structures are > typically sunk via mortgage bonds -- its possible for most utilities > to raise vast amounts of money in the debt markets. I disagree that it's possible for all cable utilities to do this. If you're the second cable system in a duopoly, maybe. But I don't know of a debt market that will buy the bonds of the tenth cable company to lay cable in a certain area. If you know of one, let's start it together--lots of money to be made in cable! > If you wish, I can > direct you to people at the Cato Institute who can give you plenty of > good data on why there is no legitimate reason why two or more phone, > cable, electrical, or even gas and water companies couldn't operate in > most areas -- I mean hard data down to the costs involved and > potential profits and the way that competitive utilities have > functioned in areas permitting them. I regularly read Cato Institute publications and white papers. > > The only reason the first cable companies even invested in laying cable is > > that they were guaranteed a local monopoly. > > Well, the fact that multiple cable companies do in fact exist in many > places gives lie to this premise. I overgeneralized. But the scenario I mention here is the most common one. > The fact that multiple phone > companies used to operate in the early days of the century before the > government put a legal end to that also tends to discount this thesis. They used the same wires, Perry. > I've heard the argument given time and again about dozens of > industries that "The X industry requires a government monopoly to > operate" or "The Y industry needs subsidies or we would be left > without a Y industry" and the like. This seems to be a digression. No one around here is arguing for government monopolies. At least not so far as I can tell. --Mike From mnemonic at eff.org Wed Nov 10 11:53:21 1993 From: mnemonic at eff.org (Mike Godwin) Date: Wed, 10 Nov 93 11:53:21 PST Subject: NII and the Need for XXX-rated Porn In-Reply-To: <199311101923.LAA24616@mail.netcom.com> Message-ID: <199311101950.AA20732@eff.org> Tim May writes: > Seriously, Mike's comments about cable being a "vaster wasteland" (a > nice EFF paraphrase of the famous FCC Commissioner's comments in the > 60s), is important. I proudly take credit for "a vaster wasteland"--a phrase that occurred to me in a flash of insight as I was doing a revision of the Open Platform paper. I hope that if I repeat it a lot, it will become a self-perpetuating meme. > Does anyone expect the NII will offer hard-core porn on its networks? In the long run, I expect it will, yes. On a properly designed NII, it would be impossible to prevent, although of course anyone could bar it at his or her home. > I don't know what the solution is, except that I'm naturally skeptical > about the government having _anything_ to do with it. (I've read the > CPSR pitch on NII and it scares the crap out of me. I've read the NII > articles in "Whole Earth Review" and elsewhere and I have the same > reaction. I've read the Open Platform proposal from EFF and find it > better, but still overly oriented toward government solutions. Well, we knew we weren't going to please the purest Libertarians, but we did try to make it palatable to them--after all, we have genuine entrepreneurs on our Board of Directors, and they *do* believe in free markets. Open Platform is our way of getting there from here. > Finally, I'm still trying to dig out the NII docs themselves, the ones > Tom Kalil has pointed us to.) Did he say they were online? If this has been discussed before, I missed it. > Strong crypto fundamentally collides with many of the stated public > policy goals surrounding the National Information Infrastructure. I don't think it collides with EFF's public policy goals, although it may collide with Tom Kalil's. --Mike From cfrye at ciis.mitre.org Wed Nov 10 11:54:00 1993 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Wed, 10 Nov 93 11:54:00 PST Subject: Big Mother can't protect our privacy Message-ID: <9311101959.AA19156@ciis.mitre.org> Tim writes: > >(* MMPI is the Minnesota Multiphasic Personality Index test, which >sounds like the test described here. It has a couple of thousand of >these questions. Without defending the analytical powers of this test, >let me say that the intent is psychological, not political. The >famoous questions about believing in God, having homosexual >experiences, washing one's hands, and so on, are devised by shrinks, >not designed to ferret out atheists and homos. The MMPI has been in >wide use since the 1950s, though it's use is declining as people file >lawsuits over it.) > It should also be noted that the MMPI is designed to diagnose abnormal personalities, while the California Personality Inventory (CPI) is designed to diagnose more or less normal personality traits. It seems that companies indiscriminately giving the MMPI to individuals without suspision of neurotic/ psychotic tendencies would open themselves up for a solid thumping in court. P.S. - I noticed a book on the statistical basis of the MMPI in the psychology section of Border's Bookstore in Tysons Corner, VA, a few months ago. If there's interest, I could look for a citation on my next trip there. Curtis D. Frye cfrye at ciis.mitre.org "If you think I speak for MITRE, I'll tell you how much they pay me and make you feel foolish." From hughes at ah.com Wed Nov 10 12:03:21 1993 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Nov 93 12:03:21 PST Subject: Applications of cryptography In-Reply-To: <9311101851.AA00120@anon.penet.fi> Message-ID: <9311101959.AA17774@ah.com> >I am trying to compile information about the different >applications of cryptography. There's no need. Go out and buy Bruce Schneier's new crypto book whose title I forget. I has exactly the selection of articles you want and comes with source code. Cody's here in Berkeley has four copies on order; I'll bet they sell out in a week once they arrive. Bruce was offering to send people copies in exchange for a check; details were on sci.crypt. I'm sure there are interesting topics in there that you'd want covered, but there's no need to duplicate the effort of a fellow who's worked on this for a couple of years. Eric From pmetzger at lehman.com Wed Nov 10 12:13:28 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 10 Nov 93 12:13:28 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311101926.AA20523@eff.org> Message-ID: <9311102009.AA22170@snark.lehman.com> Mike Godwin says: > > Well, in NYC, the utility tunnels are municipal, so its a question of > > leasing a slot from the city. > > Is that true? How many slots are there? Is access to the slot unregulated? Well "slots" is a misnomer. There is space in the tunnels. They were designed for holding lots of phone cable, much of which has dried up since the copper has started to be replaced with fiber. Fiber takes up extraordinarily little space, so unless hundreds of companies wanted to use the same space there wouldn't be real trouble. The space is both directly and indirectly owned by the city -- some of it is in the form of subway tunnels and subway access tunnels that are officially controlled by the MTA, but are de facto controlled by the city. And no, they have to like you to let you use them. > > In some areas it might mean > > digging new infrastructure -- modern cable laying equipment has > > dramatically reduced the cost of this, especially for buried fiber > > optics. > > The question is less one of creating new conduits than of seeing that the > conduits already in place (invariably under a government regulatory > regime, if not an outright monopoly) get used to their fullest potential. > Perry, you think that just letting things happen alone means that > someone's going to give you purchasable video uplink. I'm glad to hear it, > but I don't share you belief. I can buy one now. It expensive, but the price is falling. Lehman can purchase lines from Nynex, Teleport, Metrofiber, and several other vendors. Vendors WANT to be in the business -- it makes them money, after all. Car companies don't conspire to avoid selling people cars, and I doubt deregulated carriers would spend their days trying to find ways looking for methods to avoid selling people services. What IS a problem is that many of these carriers can't yet gain access to customers because of regulations. Manhattan Cable has fiber to every block in the city -- but was forbidden by the city from competing with the phone companies for data transmission services. Indeed, the only companies I ever see looking for ways to avoid having to provide services are regulated monopolies. > Where we do agree, of course, is that access to the cable part of > the infrastructure (whether by building new conduits or allocating > sections of existing ones) shouldn't be subsidized by government > money, except of course to the extent that the government is buying > such services for itself. Yes. > > In practice, none of this is a real problem. Many areas DO have two or > > more cable companies because there is no local prohibition on > > competition .... > > I wouldn't say this is accurate. Even in multiple-cable areas, I > understand, the cable companies have government licenses and operate under > government regulation. > > In the Boston area, there are multiple cable companies, but you can't > choose which one your particular home will use if you subscribe to > cable. The same is true in New York, where there are multiple companies serving distinct areas of the city. This is not universally true, however. There are some areas where multiple cable companies provide overlapping service areas. > >, and a few areas even have multiple electric companies > > because there are enlightened governments that permit such heretical > > violation of the "natural" (read, government granted) monopoly thesis. > > Do those electric companies each have different wires? I believe so, since it would otherwise be difficult to meter the power usage. If both companies shared a customer grid, how could you know who's power was being used? (Power companies do have a grid for transfering power between their generators, but thats another story.) > So that if I move into the house where you used to live, and you > bought power from company X, I can call up company Y and say "You're > supplying power here now"? Apparently. > How is this implemented. I imagine its much like the way one switches heating from oil to gas -- someone comes to your house and does a bit of physical work, usually leaving the old infrastructure in place. > I don't think discussion of "natural monopolies" is relevant here, because > it doesn't matter whether the monopolies that exist are natural or not. > They're here in any case. Ah, but it is important. If a monopoly is an artificial creature of government, and not natural, that means that prices are being artificially kept high BY THE GOVERNMENT. That also means that your dream of universal access is being blocked. > > > The capital costs of that create an immense barrier to market entry, > > > and ease of market entry is a pre-requisite for free-market > > > competition. > > > > Its not a real barrier. Capital costs for such structures are > > typically sunk via mortgage bonds -- its possible for most utilities > > to raise vast amounts of money in the debt markets. > > I disagree that it's possible for all cable utilities to do this. If > you're the second cable system in a duopoly, maybe. But I don't know of a > debt market that will buy the bonds of the tenth cable company to lay > cable in a certain area. You are certainly correct -- but thats part of the way the free market works. When you can't get financing for your project it probably means people don't believe there is a market any more. The first five cable companies get business, and profits shrink as price wars occur, and then few new players enter the market. I suspect the first several players will get money, and thats all you need. Hell, nothing is more expensive in capital costs than starting an airline -- and yet people get financing for airlines all the time. I'd leave the worries about how to finance these things to the investors, who are after all the people who's money is at risk. > > If you wish, I can > > direct you to people at the Cato Institute who can give you plenty of > > good data on why there is no legitimate reason why two or more phone, > > cable, electrical, or even gas and water companies couldn't operate in > > most areas -- I mean hard data down to the costs involved and > > potential profits and the way that competitive utilities have > > functioned in areas permitting them. > > I regularly read Cato Institute publications and white papers. Then I would suggest calling them up and asking them for something on utility regulation. > > The fact that multiple phone > > companies used to operate in the early days of the century before the > > government put a legal end to that also tends to discount this thesis. > > They used the same wires, Perry. Nope, they didn't. If necessary, we can dig up references. > > > I've heard the argument given time and again about dozens of > > industries that "The X industry requires a government monopoly to > > operate" or "The Y industry needs subsidies or we would be left > > without a Y industry" and the like. > > This seems to be a digression. No one around here is arguing for > government monopolies. At least not so far as I can tell. Ah, but you have been arguing against the elimination of state granted cable monopolies, haven't you? If not, please let me know because then there is no reason for me to argue. Perry From jdblair at lust.cas.muohio.EDU Wed Nov 10 12:28:59 1993 From: jdblair at lust.cas.muohio.EDU (John Blair) Date: Wed, 10 Nov 93 12:28:59 PST Subject: cypherpunks hardware list Message-ID: <9311102034.AA13898@ lust > To all of those interested in the cypherpunks hardware list: I apoligize for the delay- I expected to have it on-line by now. It is really close to running, I'm just getting some errors from the ListProc software that my SysAdmin is ironing out right now. It should be running within 24 hours. later, -john. From mike at NetAcsys.com Wed Nov 10 12:33:21 1993 From: mike at NetAcsys.com (mycal) Date: Wed, 10 Nov 93 12:33:21 PST Subject: Modem taps/Caller ID Message-ID: <2ce13a75.acsys@NetAcsys.com> On Mon, 8 Nov 1993 13:05:58 -1000 (HST), "Timothy Newsham" wrote: > The number is transmitted in ascii at 1200 bits per second. The > standard used to transmit the data is not the "normal" 1200 bps > mode of your modem. Normally 1200 bps is accomplished by sending > > I have no idea how you would get your modem to go into the right > mode (and how it would react to data on the line before it goes > off hook). > The 1200 bps it uses is called bell 202, kinda reminds me of the old days with an apple, an apple cat modem, and first disfer then catsend and catfer... Hmmm maybe I can dust off that apple cat modem and use it for caller ID :) The apple cat modem is the only modem I know of that supported this flavor of 1200bps, which was great for short bursts of data with little syncronization neccary. mycal From mnemonic at eff.org Wed Nov 10 12:43:21 1993 From: mnemonic at eff.org (Mike Godwin) Date: Wed, 10 Nov 93 12:43:21 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <9311102009.AA22170@snark.lehman.com> Message-ID: <199311102040.AA21328@eff.org> Perry Metzger writes: > I imagine its much like the way one switches heating from oil to gas > -- someone comes to your house and does a bit of physical work, > usually leaving the old infrastructure in place. This doesn't sound like a true free market to me--there are barriers other than mere price to switching among power providers. It will be cheaper in terms of opportunity costs to stay with the same provider. Contrast this with long-distance services, where competition forces providers to give you incentives to switch. > Ah, but it is important. If a monopoly is an artificial creature of > government, and not natural, that means that prices are being > artificially kept high BY THE GOVERNMENT. That also means that your > dream of universal access is being blocked. I just don't see how whether we agree on the existence of natural monopolies or not has to do with this discussion. We both think the monopolies and government subsidies should end. > > I disagree that it's possible for all cable utilities to do this. If > > you're the second cable system in a duopoly, maybe. But I don't know of a > > debt market that will buy the bonds of the tenth cable company to lay > > cable in a certain area. > > You are certainly correct -- but thats part of the way the free market > works. When you can't get financing for your project it probably means > people don't believe there is a market any more. Okay, now let's look at Tim May's hypothetical case. Tim wants X-rated cable. But the first nine cable companies don't want to provide it. And the Metzger-Godwin Cable operation, which would provide it, can't get financing. There's a market for it, but there's also a barrier to entry. If the only way to reach that market is to invest independently in one's own infrastructure, then that market simply goes unsatisfied--no reasonable entrepreneur would bother. I leave to your imagination what happens in the event that we *do* start the P-G Cable company, but content providers won't sell other programming to us so Tim is forced to choose between only X-rated cable--us--and cable services that provide other kinds of programming. (Tim may have no problem with this, but lots of other people in our market will want to watch CNN as well as X-rated videos.) And don't forget that the cable infrastructure we're talking about duplicating here includes coax to the individual home. So, when Tim decides to switch over to P-G, we've got to go out to his house and install a brand-new cable and yank out the old one--we can't just turn on the existing cable. This is the consequence of duplicating cable infrastructure. My understanding, by the way, is that cable in multi-provider areas is not duplicated--that when a municipality awards a contract to a new cable bidder, they don't yank out the old cable or add a whole new cable infrasture. Instead, they turn the existing infrastructure over to a new provider. > The first five cable > companies get business, and profits shrink as price wars occur, and > then few new players enter the market. So, what happens when, in a system in which the only way one can enter as a competitor is to invest in a whole new infrasture, and nobody will fund it, and the existing cable companies won't carry your service? How does the market, in a world that treats cable in the ground as somebody's private conduit rather than as true infrastructure, provide Tim his X-rated cable service? Wouldn't it be better to live in a world in which the cable infrastructure, like the telephone infrastructure, could be serviced by competing providers, and at the individual level? We already have this with long-distance--if I want, I can have Sprint, MCI, *and* AT&T accounts and use them all from the same phone. Ultimately we'll have it in the local loop. In this world, Tim could contract with Warner Cable to get some of their programming, and with P-G Cable to get that little something Xtra that helps him get through the day. > Hell, nothing is more expensive in capital costs than starting an > airline -- and yet people get financing for airlines all the time. All this illustrates is the inadequacy of comparing air providers to infrasture providers. > > I regularly read Cato Institute publications and white papers. > > Then I would suggest calling them up and asking them for something on > utility regulation. Why? I've already read their stuff. Reading is not the same thing as agreeing. > > > The fact that multiple phone > > > companies used to operate in the early days of the century before the > > > government put a legal end to that also tends to discount this thesis. > > > > They used the same wires, Perry. > > Nope, they didn't. If necessary, we can dig up references. Oh, you're saying that one couldn't make a phone call from one local phone company to another? > > This seems to be a digression. No one around here is arguing for > > government monopolies. At least not so far as I can tell. > > Ah, but you have been arguing against the elimination of state granted > cable monopolies, haven't you? If not, please let me know because then > there is no reason for me to argue. I'm not. I think they should be eliminated. --Mike From mccoy at ccwf.cc.utexas.edu Wed Nov 10 12:49:18 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Wed, 10 Nov 93 12:49:18 PST Subject: Applications of cryptography In-Reply-To: <9311101959.AA17774@ah.com> Message-ID: <199311102048.AA10536@flubber.cc.utexas.edu> hughes at ah.com (Eric Hughes) writes: > > >I am trying to compile information about the different > >applications of cryptography. > > There's no need. Go out and buy Bruce Schneier's new crypto book > whose title I forget. I has exactly the selection of articles you > want and comes with source code. The title is: Applied Cryptography: Protocols, Algorithms, and Source Code in C Author: Bruce Schneier Publisher: J. Willey and Sons ISBN 0-471-59756-2 I got mine on Monday :) jim From owen at autodesk.com Wed Nov 10 12:58:59 1993 From: owen at autodesk.com (D. Owen Rowley) Date: Wed, 10 Nov 93 12:58:59 PST Subject: (fwd) Clipper and Tipper on Route 666 Message-ID: <9311102050.AA00348@lux.YP.acad> > To: tcmay at netcom.netcom.com (Timothy C. May) > Tim May suggests we called the "Data Superhighway" > > > "Route 666." > > In Unix file permissions 666 means the file is readable by > world. Apropos for a panoptic net where encryption is banned > or "Clipped". There is an actual route 666, its in New Mexico or Arizona. A t shirt manufacturer here in SF prints up a version of the sign on a black shirt. one of my favorite *cruising* shirts BTW :-) LUX ./. owen From davehart at microsoft.com Wed Nov 10 13:04:18 1993 From: davehart at microsoft.com (Dave Hart) Date: Wed, 10 Nov 93 13:04:18 PST Subject: Dr. Dobb's editorial on PGP Message-ID: <9311102104.AC08031@netmail.microsoft.com> The December Dr. Dobb's Journal has an editorial on the current PGP legal wrangling. I'll quote the last sentence: More importantly, the First Amendment guarantees us the right to speak in an encrypted way and insidious attempts to douse public access to cryptography, cloaked under the guise of software-export investigations, appear to stifle these rights. -------------------------------------- DaveHart at microsoft.com The opinions expressed are personal and do not necessarily agree with the opinions of Microsoft Corporation. Microsoft has its own opinions, one of which is "disclaimers are a good thing". From fnerd at smds.com Wed Nov 10 13:48:59 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Wed, 10 Nov 93 13:48:59 PST Subject: Deconstructing DH/NII (was: Should we oppose...?) Message-ID: <9311102133.AA07425@smds.com> Mike Godwin asks what Tim May is against when he says he's against the NII ("National Information Infrastructure"), or DH ("Data Superhigh- way.") Mike also points out that EFF is not into government funding or regulation, but (I paraphrase) as long as the govt is going to be involved, why not try to convince them to be involved in the right way? One way he mentions is providing incentives to steer the industry in good directions since we're going to [future tense] have *some* kind of data superhighway anyway. Mike is certainly right that there are directions it would be nice to steer the government in in these issues, and I'm sure grateful for his (and EFF's) efforts on that front. I think this "that's not what we meant...but why not..." situation that Mike finds himself in is due to the nature of "initiatives" like NII. We are afloat in connotations, suggestions and perverse pep. The phrases "National Information Infrastructure" and "Data Super- highway" do not conjure an anarchist vision. They do not suggest companies and people working independently in parallel, free from centralized interference. They do not convey the idea that the net is what you make of it, what your exploring and connecting bring together for you, out of a hodgepodge of methods, links, databases and groups of friends. The fact that NII and DH are new terms, and that they are talked about as future goals, does not convey the fact that the data superhighway is here today. I'm understating, of course. These terms connote all the opposite things. Centralization, government funding, premature standar- dization, regulation--and finally a decent data network as a result. I'm not being unfair. These connotations are there because that's exactly what many of the people using these terms mean. They want all the wrong things, and all the wrong ideas attach themselves to national project proposals like this. There's an additional misleading connotation, that there is some watershed mark that we're all talking about, some point--in the future--when we'll finally have "enough" or the "right" communi- cations underpinning*. This is partly just boosterism--Clinton and Gore wanting to be JFK going to the moon--but also there's the hint that once the big guys implement the right way to do things, we consumers shouldn't complain. I mean there's an implication in terms like "infrastructure" of experts knowing what is needed. And of course this discounts the efforts of the people who have brought us to where we are. There's a hint that what we've got is fine for hackers, but it's not, well, *organized* enough to be suitable for the real world. (Partly true but still an insult and a backhanded dismissal of the purposefulness of our anarchy.) (*There is no watershed. You can get a T1 line now. Prices will go down, bandwith up, ubiquity and commonness up, standardization and ease of use up, complication down, I hope--continuously for the forseeable future as they have been doing so far.) Still it's all only connotations and impressions, and anyone in particular may not mean this or that. But given that there are lots of people who really *do* intend the bad ideas, I wish people who come from a whole different point of view would make that really really clear. Starting by not using the same slogans. So, we need some alternatives. Slogans for how the real network is: Hmm, the anarchic data backroad (adb--nope, taken)... Or, "The Network's Fine" (as in, "Come on in...")--TNF. You Are Here---YAH... Or we can invent slogans for what the DH/NII really mean: Or, "Drag The Government Kicking and Screaming Into The Eighties" (or do I mean the seventies, a la ethernet and UUCP?)--DG8. The Federal Technical Catchup (FTC--oops, another one taken)... No, I know--the Federal Communications Catchup... Big Brother with a Human Face... Work with me on this, folks. -fnerd at smds.com quote me -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvtoxiQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2toust1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hanC0R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From wex at media.mit.edu Wed Nov 10 14:08:59 1993 From: wex at media.mit.edu (Alan (Gesture Man) Wexelblat) Date: Wed, 10 Nov 93 14:08:59 PST Subject: Should we build the Data Superhighway/NII In-Reply-To: <199311101839.KAA19331@well.sf.ca.us> Message-ID: <9311102207.AA22836@media.mit.edu> The business about replacing copper with optical fibre and who's going to pay for it is a total red herring. Currently, it's much cheaper for the RBOCs to lay fiber than copper. Over the whole nation, about 5% of the wiring is replaced annually. For at least the last two years, that replacement has been 100% fiber and (IMNVHO) that trend will continue. In ~20(*) years the whole country will be fiber without anyone doing anything out of the ordinary. (*) It's a little more than 20 years because there is some overlap in the areas that get replaces; I.e. it's not a new 5% each year, but the overlap is well under 1%. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request Try not to have a good time ... This is supposed to be educational. From abootch at sfsuvax1.sfsu.edu Wed Nov 10 14:19:01 1993 From: abootch at sfsuvax1.sfsu.edu (Bokum Bop Till You Drop) Date: Wed, 10 Nov 93 14:19:01 PST Subject: Hardware for Sale Message-ID: <9311102215.AA11909@sfsuvax1.sfsu.edu> FYI -- Noticed in new ish of 2600 an ad for Consumertronics in NM selling Tempest, Van Eck systems, KX Radar Emitter -- and more (of course). No free catalog, tho'. -- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAizdNhgAAAECAKYlJfK4YQoaRYtiywdgR7OQmsS23oRFr3QYZf4mE1pQTvPg DGB7xVx2mfRjsqUdQsar4vdWyNZmXLMmHNdez9UABRG0K0FuZHkgSS4gTWF0aW5v ZyA8YWJvb3RjaEBzZnN1dmF4MS5zZnN1LmVkdT4= =KJFP -----END PGP PUBLIC KEY BLOCK----- From owen at autodesk.com Wed Nov 10 15:13:28 1993 From: owen at autodesk.com (D. Owen Rowley) Date: Wed, 10 Nov 93 15:13:28 PST Subject: Is Clipper Almost Dead? (was: Clipper and Tipper on Route 666) Message-ID: <9311102113.AA00419@lux.YP.acad> > From: Clark Reynard > I think it would be very important if we could attempt to > sway the Christian right into this; it is certain we > probably don't agree on many issues, and the "700 Club" > anti-Clipper piece was very effective, good video. > > If you don't believe me, watch it. They almost seem > to agree with us entirely on the issue of cryptography. > Perhaps it's time for a _new_ group; the cyphermonks. > > I nominate St. John the Divine as a patron saint. Don Corleone taught his son Michael to *keep his friends close, and his enemys closer*. meanwhile, don't forget for a second that the christian right *will* toss your anarchic ass on the pyre where they *will* roast pagan faggots like myself after they've squeezed you for your support. Religion has it's protection clearly enumerated in the constitution, and a clear agenda to keep everyone elses freedom from being similary enumerated. Caveat emptor, and carry a loaded flamethrower, because the first chance they get to cut you out of the deal you will need it. Me, I plan to be long gone into the "Inner Zone (TM)". LUX ./. owen From unicorn at access.digex.net Wed Nov 10 15:19:00 1993 From: unicorn at access.digex.net (Dark) Date: Wed, 10 Nov 93 15:19:00 PST Subject: Privacy, Property, Cryptography (long) Message-ID: <199311102317.AA19232@access.digex.net> -----BEGIN PGP SIGNED MESSAGE----- I guess this is particularly political, but I thought it interesting enough to attach to cypherpunks. Subject matter appropriateness flames by E-Mail please. Questions of Privacy and Property: How Encryption narrows the focus. - -> There is no right to privacy in this country. The much touted "Right to privacy" is a common law conception and invention that, for the most part, has little foundation. There are constitutional provisions that _suggest_ privacy, but none that "assure" it. To enforce a right to privacy in court, judges have to do a lot of reaching. I can't recall who it was, but some cypherpunk mentioned that they had not consented to the "social contract" or "convention" that gave the government the right to "violate" their "privacy" or collect data on them. I agree with you on principal (oh, unnamed privacy patron) but unfortunately logically I can't. Your natural rights approach to the rights of privacy is limited in that, unlike other rights founded in a Natural Rights / Victorian legal thought fashion, privacy has no logical precedent in the state of nature. When you see assertions of Natural Rights concepts, they tend to work down from grand principals. In the past, these principals have their root in a concept of the "State of Nature" or the Creation myth. e.g., Property exists and is enforceable because God created the Earth for common use, and what you take, and can reasonably put to use, becomes yours by means of the labor you put into it (Locke). How to find these precedents with regards to privacy is quite beyond me. It seems almost ingrained in the culture of Natural Rights that the Divine was all knowing. It leaves little basis to find a protection for privacy in Natural Rights theory. So move to the more progressive social convention theories. These are almost always more empowering to the judicial system, with a concept that the judge was not just a tool to enforce law, but to shape it as well. In the 1920's-30's we begin to see more and more frequent legal applications of nebulous "balancing tests" to replace the bright line rules as a result. Unfortunately the departure of the formalist approach takes with it the notion of the public and private spheres distinction. The progressive movement began to blend the spheres, and what distinction was left between them was gelded by the notion that the public sphere was the larger and more important of the two. Farewell individual rights, hello good of the collective. I think this is much of the reason that the appeal to the absolute right of privacy gets little attention today. Instead we see privacy taking a back seat to public elements like the war on drugs and national security. Avoiding for a moment the basic conflict between security and liberty, so long as the "establishment" can assert that a particular action is for the good of the public, it will justify the removal of any right or privilege. Turn for a second to the nature of right and privilege. Privacy is really not a right to begin with but a privilege. Before you get up in arms, and make analogies to driver's licenses, consider the following, courtesy of Hohfield. Every entitlement is either a right or a privilege. All rights have corresponding duties, (by definition in Hohfield's explanation) privileges by contrast are met on the other side by the existence of a no-right. For example: If I verbally assault Tom on the street, he has no legal recourse. I have the privilege of verbal assault, and Tom has a no-right relationship with my privilege. He has no right to redress. If I burn down Tom's house, Tom has had his right (to use and enjoyment of land) violated, and as a result, I have a duty not to infringe on that right. Privacy in the past has fit nicely into the privilege hole. It wasn't that you had a right to privacy, but rather that everyone else had no-right to pry. Privacy was in a Hohfieldian manner, a privilege. Today this changes. Privacy, or more accurately LACK OF PRIVACY, is now a duty. The social security administration has a RIGHT to assign you a number. The IRS has a RIGHT to poke around. The FBI has a RIGHT to tap your phone (with cause, [or not]). We have gone from a privilege to the opposite side of a right, a duty in effect. Enter cryptography. Now we have the means to protect our information. Technology makes it easier to avoid the "duty" of disclosure. One way or another, something will give. Privacy is on the fence right now with a movement to a government entitlement against it. Cryptography will either force the hand, or force a backdown. Which one is a matter of conjecture. Personally I would like to see the elements of privacy become guarded by right to privacy, with the typical bundle of property rights that follows such a designation. Right to use, right to exclude, right to transfer the property of information, personal or proprietary. This opens the door for more radical injunctive and money damage relief for the violation of these rights than is currently available. It is with this goal in mind that I approach my support of cypherpunks and cryptography. No one in my mind has a right to intrude and it is entirely counterintuitive to expect citizens to submit to a duty of disclosure as is the current practice and direction. Even with respect to business and banking, the only reason identity has become important is with the rise of the credit transaction. There is simply no need for identity disclosure with cash transactions. Numbered bank accounts and even lines of credit exist and will continue to prosper. Thank you for your time and attention. :) - -uni- (Dark) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLOFzGxibHbaiMfO5AQHSqAP/Z/yfWAOAA7vh1+KqaRbBgiRa2wnt59As 2Y+K0KvhZCdwBScR/Ft4ewAvHnu3JFKG4NYUSJ1IYlasQ23YjYZOkE0YxatDMY35 X/P2AF5oX3WTV0zGNsMFX88uUeJUTx83yCt24o+ZgX+FxM5aNDuNME1LDH2voatP mFdiGatQhS4= =7SjQ -----END PGP SIGNATURE----- From trestrab at GVSU.EDU Wed Nov 10 15:33:26 1993 From: trestrab at GVSU.EDU (BETH TRESTRAIL) Date: Wed, 10 Nov 93 15:33:26 PST Subject: Wired 1.6 is not yet publically available Message-ID: <9310107529.AA752984927@GVSU.EDU> Tim May (tcmay at netcom.com) wrote: >A couple of you have asked about "Wired" and the availability of the >new issue, 1.6. Especially as the first "monthly" issue, 1.5, has >only been out a few weeks. (And it mentions a strange thing >called "BlackNet" on page 32, as sharp observers have >noted.) >I've been told by Sandy Sandfort that the issue is not yet on the >newstands, and may not even be sent out to contributor and >subscribers for a couple more weeks....so no point in >looking for it now. How'd I get one, then? "Wired" 1.6 was on the newstands in West. Michigan today. Jeff -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From cme at sw.stratus.com Wed Nov 10 15:44:00 1993 From: cme at sw.stratus.com (Carl Ellison) Date: Wed, 10 Nov 93 15:44:00 PST Subject: random dot stereo code Message-ID: <199311102343.SAA17966@ellisun.sw.stratus.com> I have just uploaded to soda a file of code for generating random dot stereograms, as well as the following short description file. This is the code to which I referred a month ago or so. I'm going to play with the code myself as soon as I have time, but because of the expressed interest, I thought I'd give the rest of the list a crack at it as soon as I got permission. - cme ==================================================================== The file stereo.tar.gz holds code for generating random dot stereograms which I discussed earlier on the list. This code is not mine. I received it from a friend of the man who wrote it. She assures me that he doesn't care who uses the code or for what. I haven't run this code myself. - Carl cme at sw.stratus.com From mpjohnso at nyx10.cs.du.edu Wed Nov 10 15:59:00 1993 From: mpjohnso at nyx10.cs.du.edu (Michael Johnson) Date: Wed, 10 Nov 93 15:59:00 PST Subject: MPJ2 Encryption Algorithm Message-ID: <9311102355.AA06521@nyx10.cs.du.edu> For a sneak preview of the MPJ2 Encryption Algorithm article I just submitted to the IEEE Transactions on Information Theory, anonymous ftp to csn.org and look in the mpj directory or call my BBS at 303-938-9654. I used the same mechanism used by rsa.com to isolate the nonexportable stuff (source code, programs) from the Constitutionally protected publication (article describing the algorithm). Seems strange to me, but if it works for the Department of State and rsa.com thinks it won't get them in trouble, then I guess I'm not sticking my neck out too far. Any technical types among you want to take a look at the algorithm and tell me what you think about its security? I've been trying to break it for several years, but I'm just an amateur who reads a lot. Why MPJ2 and not just IDEA or 3DES? Never put all your crypto eggs in one basket. Besides, MPJ2 is royalty-free. Go build some useful code or hardware. (MPJ2 is faster and simpler in hardware, once the key is set up). Mike Johnson mpj at csn.org (aka mpjohnso at nyx.cs.du.edu) Never thumb your nose at a giant, but don't let the giant intimidate the life out of you. -- Jack's Goose. From hatzm at bigbird.cso.gtegsc.com Wed Nov 10 16:13:26 1993 From: hatzm at bigbird.cso.gtegsc.com (Mike Hatz) Date: Wed, 10 Nov 93 16:13:26 PST Subject: Elm Filtering on CC??? Message-ID: <9311110020.AA17743@bigbird.cso.gtegsc.com> Is it possible to get Elm's filter to pick out messages that are cc'd to the cypherpunks list? I would like to keep all the cypherpunk mail in one place and have no trouble getting it properly copied when the message is "to" the cypherpunks list. I'm just not sure how to work on the CC part. Thanks! Mike From fnerd at smds.com Wed Nov 10 17:59:35 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Wed, 10 Nov 93 17:59:35 PST Subject: Should we oppose the Data Superhighway/NII? Message-ID: <9311110120.AA08393@smds.com> Mike Godwin sez > In order to get to a world in which free markets can meet our demand for > high-bandwidth connectivity, we have to dig ourselves out from the > market-failure position we're in now. And because government is part of > the problem, changing government policy is part of the solution. So, > that's one of the major thrusts of EFF's NII policy. As I understand it, for both telephones and cable TV, it is still common for local governments to "grant" "franchises" to single companies for phone and cable wires. If there were one thing to change, that would be it. In other words, the "market failure" you're talking about is in a situation where the law forbids a market. And the change required is that the government not be involved. It would be nice if that were how EFF stated its NII policy: Yankee Go Home. Also, isn't the FCC is somehow involved in defining cable and telephone services, and what combinations of services companies are allowed to offer? Or am I thinking of "information providers" vs....something? Here again, the limitation is merely in what's legal. -fnerd at smds.com quote me -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvtoxiQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2toust1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hanC0R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From frissell at panix.com Wed Nov 10 18:44:37 1993 From: frissell at panix.com (Duncan Frissell) Date: Wed, 10 Nov 93 18:44:37 PST Subject: New Cash Card Announced Message-ID: <199311110244.AA14107@panix.com> Today's WSJ reports that VISA USA intends to launch a "prepaid" travel card for use in ATMs and POS terminals. The card, meant as an electronic travelers check, would be yet another form of cash substitute. This would, in reality, be a Visa card you could purchase for cash. Presumably US sales of these cards would be subject to cash transaction reporting rules but not those in other countries. Interesting scenario. I buy one of these babies for $100,000 in Switzerland. I arrange to have it not yet "turned on." (Many of the new prepaid phone cards must be activated before they can be used.) I enter the US carrying a card worth $0. I order it activated. Suddenly I have a $100,000 cash card in the US without having imported $100,000 into the US. The nice thing about the explosion of payment forms that is going on right now is that the regulators tend to get swamped. It is hard to regulate things with 10 different payment forms (cash, checks, money orders, travelers checks, credit cards, ATM cards, debit cards, bank wires, consumer electronic money transfers, and bill payment services). When these new cards hit and all of the new electronic banking payment systems are up and running, the Feds will be hard pressed to even keep up with the bare outline of the payments system much less regulate it closely. Duncan Frissell "Dowd's the name, Elwood P. Here, let me give you one of my cards. Don't use that phone number it's the old one use the other number. I'd like you to meet a friend of mine. His name's Harvey. He's a Pooka." --- WinQwk 2.0b#1165 From stewab at us0750tb.oakland.NCR.COM Wed Nov 10 19:13:27 1993 From: stewab at us0750tb.oakland.NCR.COM (Bill Stewart) Date: Wed, 10 Nov 93 19:13:27 PST Subject: AT&T Encryption Product Message-ID: <9311102212.ag09356@ncrhub1.NCR.COM> NCR - An AT&T Company ____________________________________INTRA CORPORATION From: Bill Stewart Location: Pleasanton District To: cypherpunks at toad.com Location: The Real World,or at least Cyberspace Subject: AT&T Encryption Product Well, it was interesting to see Philippe Nave's posting about an AT&T encryption software product (using the government's digital signature and secure hash standards instead of RSA and MD-5, so it won't be PGP- or PEM-compatible). Prices seemed a bit high, though not bad for AT&T, who are cutting some new market turf as well as typically pricey, and the encrypted Zmodem software may be useful. Does anybody know if there are any other SHA / government-signature products out? (I'm assuming there won't be much freeware because of the patent issue; people who don't mind violating RSA's patent generally use PGP.) Bill From stewab at us0750tb.oakland.NCR.COM Wed Nov 10 19:14:03 1993 From: stewab at us0750tb.oakland.NCR.COM (Bill Stewart) Date: Wed, 10 Nov 93 19:14:03 PST Subject: Newsgroups, Sternlight-bashing and screaming children Message-ID: <9311102212.ah09356@ncrhub1.NCR.COM> NCR - An AT&T Company ____________________________________INTRA CORPORATION From: Bill Stewart Location: Pleasanton District To: cypherpunks at toad.com Location: cyberspace Subject: Newsgroups, Sternlight-bashing and screaming children I consider the Sternlight-bashing suggestions to be unreasonable; Sternlight may rave from a warped, pro-government viewpoint, but he is capable of carrying on civilized conversations, even when he's (continually) grinding the same axe. The coffee-house analogy is a very good one, and there *is* occasionally a screaming-children problem on usenet; I assumed the original poster was referring more to the perpetual-newbie types rather than to the newly arrived, chronologically-deficient college students, most of whom are either quiet, productive, or both (though a college student and the author apparently felt otherwise :-) I still prefer having this as a mailing list, in spite of the volume; I can read sci.crypt when I want to, though I'll probably have to get a netcom account rather than keep telnetting into my old system now that I've moved. Thanks; Bill From ebrandt at jarthur.Claremont.EDU Wed Nov 10 20:29:24 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Wed, 10 Nov 93 20:29:24 PST Subject: rant pointer Message-ID: <9311110429.AA18475@toad.com> L. Detweiler has a rather hefty essay in the latest Risks on the subject of `pseudospoofing', social parasites, "a criminal group called the CryptoAnarchists" (with members such as "Eric May" and "T.C. Hughes"), and such matters. I will not forward it to the list, unh unh, no way. PGP 2 key by finger or e-mail Eli ebrandt at jarthur.claremont.edu From ld231782 Wed Nov 10 19:53:33 1993 From: ld231782 (L. Detweiler) Date: Wed, 10 Nov 93 20:53:33 -0700 Subject: the Amusements of Cypherpunks In-Reply-To: <9311101417.AA21809@snark.lehman.com> Message-ID: <9311110353.AA09938@longs.lance.colostate.edu> apparently you are so clueless as to never have heard of a kill file. or are too insane to implement one yourself if your software doesn't have one. please, join the rest of society. don't be such an incredible jerk. it wouldn't be so bad if you just left me alone, but the whole point of your venemous rudeness is that you ASSAULT PEOPLE. I really do feel sorry for you. From ld231782 Wed Nov 10 19:54:48 1993 From: ld231782 (L. Detweiler) Date: Wed, 10 Nov 93 20:54:48 -0700 Subject: P. Metzger Message-ID: <9311110354.AA09957@longs.lance.colostate.edu> Assuming you are not P. Metzger, please help him to understand how to implement a kill file rather than assaulting me with mailbombs. ===cut=here=== [insert minimailbomb here] From unicorn at access.digex.net Wed Nov 10 21:23:26 1993 From: unicorn at access.digex.net (Dark) Date: Wed, 10 Nov 93 21:23:26 PST Subject: smuggling currency Message-ID: <199311110522.AA14630@access.digex.net> -----BEGIN PGP SIGNED MESSAGE----- - -> Interesting scenario. I buy one of these babies for $100,000 in Switzerland. I arrange to have it not yet "turned on." (Many of the new prepaid phone cards must be activated before they can be used.) I enter the US carrying a card worth $0. I order it activated. Suddenly I have a $100,000 cash card in the US without having imported $100,000 into the US. <- I wish it were so, Looks to me like this violates the following: 18 USCS 1001 18 USCS 1956 31 USCS 5316 The basic thrust is this: You can't transport a monetary instrument worth more than $ 10,000 without filling out the appropriate customs report. The real killer here is the title 31 code. Which reads liberally enough to bite you. Specific language reads something like "...shall not construct a transaction to evade reporting requirements...." The fine provision allows for $500,000 or twice the value of the monetary instrument. Hefty indeed. I think they take this seriously. If you bring the money in with the intent to avoid taxes, you have a second count, and could be in it for up to four times the amount you smuggled. I like the thinking, the court is less likely to. All your transaction does (unfortunately) is delay the importation of the "currency" until after the plane trip. You're still required to report the transaction, the card just makes it easier to get away with it. - -uni- (Dark) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLOHKfhibHbaiMfO5AQFlBwQAvubWG5DkEdILWMae3JGD4NG+fQaxcIpz T6GALRxZLRBxKGVpSYPLNH9j/4ys3c5Q/2mIc7RIa4ew4hb7Tlv9mKEnoi+7fMcs ihc6umAtJs+nMNTuL1qguw9hwtwslDt/jrPc+UefBw09ZIcsTiQ1WGOeRripwxw5 7tHsWSR9swY= =HYhE -----END PGP SIGNATURE----- From ld231782 at longs.lance.colostate.edu Wed Nov 10 22:23:27 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 10 Nov 93 22:23:27 PST Subject: The Depravities of Cypherpunks Message-ID: <9311110619.AA12976@longs.lance.colostate.edu> I did not understand Mr. Metzger at first. When he sent me messages in the form `go away and leave us alone' I thought he was suggesting I be censored from the cypherpunks mailing list. Apparently he is only objecting to personal email from me. Well, after receiving 40 messages with the concatenated contents of other messages from him and myself over the matter, in response to the following two, I certainly will not do so. Mr. Metzger did say it was OK for me to post to the Cypherpunks list, for which I wish to express my heartfelt gratitude in his allowing me his permission. He threatened to send me 400 letters the next time I sent him personal mail however, and of course he is certainly capable of it. I mailed postmaster at lehman.com, asking him to encourage Mr. Metzger to learn how to use a kill file instead of sending me mailbombs in response to his obvious intense mental anguish at seeing my name , but unfortunately Mr. Metzger is the postmaster at his site. Mr. Hughes is quite perplexed at my sheer rage at Mr. Metzger's unsurpassed childishness. He didn't approve of me attempting to shame Mr. Metzger (a close personal friend, I suppose) into refraining from sending me mailbombs and dealing with his own insanity in a more proactive manner -- like figuring out how to implement a kill file in his mail -- by informing the cypherpunk world of his puerile prank. I told Mr. Hughes that it was likely that Mr. Metzger was his own site administrator (I was not positive at this point, alas). Mr. Hughes has not responded to that letter. Mr. Hughes is also quite puzzled why I should violate Mr. Metzger's privacy in revealing his `private' mailbomb to other members of the community he (supposedly) resides in. I guess he believes that mailbombs, like everything else, are a private matter. My apologies, Mr. Hughes, for what you consider an inappropriate use of your mailing list. My personal opinion is that I had essentially no other recourse, and even the `recourse' I chose was obviously ineffective! I asked Mr. Hughes to condemn Mr. Metzger's behavior. So far his only comment is that it was `rude'. Maybe he will have another opinion upon learning of Mr. Metzgers 40 letter bomb just received, or his 400 letter threat. Or maybe he thinks that Mr. Metzger is just another patriotic cypherpunk, perhaps even deserving of a medal! Also, I have mail from Mr. Jason Zions (jazz at hal.com) also complaining that I violated Mr. Metzger's privacy in revealing his mailbomb to me to the list as a whole. This strange code of cypherpunk chivalry I am not familar with. I am quite bewildered! Perhaps someone can point me to an FTP site housing the Cypherpunk Code of Chivalry. I looked on soda.berkeley.com and found the Cypherpunk Charter (By E.Hughes) talking a lot about things like privacy and software, but it didn't really seem to address the issue of mailbombing. Maybe the basic idea is just privacy *everywhere*, even with cyberspacial assault and societal criminals. I guess I did miss the point. If all the other cypherpunks condone or applaud Mr. Metzger's behavior, please let me know. I'm not really sure what the consensus is on this. (Of course, here, no one can really be sure of the consensus on *anything*! ) I certainly haven't heard from anyone I respect yet, assuming these people are still on the list. BTW -- I do get the impression that the list membership is down. Perhaps Mr. Hughes can reveal that directly. Some people have been blaming me for the `deterioration of the list' lately. Another person told me that the list had `quite improved since I stopped posting'. I'm not sure what to make of all this -- unless both were tentacles, I suppose that might explain it all. Frankly, I have been posting very little lately compared to my Golden Cypherpunk Days. (ah, the carefree and naive life of youth.) Also, Mr. Hughes has always advocated software solutions like kill files, and if anyone objects to my presence, please put me in yours. It is silly to continually be offended by me! The people who are interested in listening will not plonk me, and those that are inflamed by my postings *will* -- what could be simpler? That certainly couldn't be a problem for anyone, could it? I mean, if what I am saying has no merit, people will immediately recognize that, right? To paraphrase somebody else, `There is only a message'. * * * P.M., after the 40 letter mailbomb >If you insist on 400 detweiler, I'll send them to you. Last warning. Mr. Metzger, I assure you an apocalypse in cyberspace will happen before I will ever send a message to the address pmetzger at lehman.com. In fact, perhaps you could tell me all your other addresses, so I do not inadvertently send mail to them. For example, I had a glimmer of hope that postmaster at lehman.com was not you, and paid dearly for it with your 40 letter mailbomb. Mr. Metzger, Do you pseudospoof? This could be a problem. What if I inadvertently send something to one of your tentacles? Does that count? Will you mailbomb me in that case, or just forgive me for my stark ignorance? I have to ask a favor, if you don't--perhaps you could give me a list of all the addresses you post from. I mean, that would compromise the pseudoanonymous security of your identities, but on the other hand I have absolutely no desire to be subject to another explosion in my mailbox when I open my mail! I guess in this case, you might have to decide which is worth more, your hatred for me and insane desire that you not see any communication from me in any form, or your passionate goal of further undetected, secret pseudospoofing. You have to forgive me for my instinct of replying to the letters in my mailbox. It has served me well until now. I assure you I will now make an exception in your case! For example, my response to your last letterbomb threat might have been `please don't do it!' but I now realize that would have gotten me `nowhere' (or wherever it is that bomb victims go) thanks to the previous two mailbombs! Thanks for the valuable education in cyberspacial netiquette! (All my habits and perceptions in cyberspace have been radically altered lately in response to changing circumstances, and your mailbombing is just the latest incarnation, so I certainly shouldn't be complaining!) HOWEVER -- I will continue to post to the cypherpunks list, since you, Mr. Metzger, have so kindly given me permission and I am still not being censored yet. Please, please, please Mr. Metzger, do not interpret this as sending you private mail! I certainly have NO DESIRE WHATSOEVER to be subject to your 400 LETTER MAILBOMB. Perhaps some other cypherpunks, who have no objections to your behavior so far, and criticize me for taking a stand by condemning it publicly, would like to VOLUNTEER IN MY PLACE. So, here is what bought me the 40 letter mailbomb: ===cut=here=== From jkreznar at ininx.com Wed Nov 10 22:29:02 1993 From: jkreznar at ininx.com (John E. Kreznar) Date: Wed, 10 Nov 93 22:29:02 PST Subject: Privacy, Property, Cryptography (long) In-Reply-To: <199311102317.AA19232@access.digex.net> Message-ID: <9311110628.AA17830@ininx> > No one in my mind has a right to intrude and it is entirely > counterintuitive to expect citizens to submit to a duty of > disclosure as is the current practice and direction. And this intuition of yours seems to be reflected in law and statute to a greater degree than you're allowing elsewhere in your essay. For example, U.S. Supreme Court Justice Louis Brandeis said that the "right to be left alone is the most comprehensive of rights and the right most valued by civilized men."[1] Yet your opening lines are > There is no right to privacy in this country. > The much touted "Right to privacy" is a common law > conception and invention that, for the most part, has little > foundation. There are constitutional provisions that _suggest_ > privacy, but none that "assure" it. To enforce a right to > privacy in court, judges have to do a lot of reaching. It's hard to believe that support for privacy is _this_ lacking in law or statute. (Of course, the foregoing notwithstanding, I embrace the cypherpunks position that securing privacy is one's own responsibility.) Elsewhere you state > Privacy was in a Hohfieldian manner, a privilege. Hohfield sounds like an interesting read. Can you give a reference? [1] Quoted in ACLU Briefing Paper Number 5, "Drug Testing in the Workplace", published by the Department of Public Education, American Civil Liberties Union, 132 West 43rd Street, New York, NY 10036, (212) 944-9800. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. From hughes at ah.com Wed Nov 10 22:39:02 1993 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Nov 93 22:39:02 PST Subject: L. Detweiler's latest rant on comp.risks Message-ID: <9311110637.AA19911@ah.com> I would suggest that everyone with any interest at all in the latest L. Detweiler rant, which appears on comp.risks, to send a short message to RISKS attesting to the separate existence of the following individuals, as listed by LD at the end: >I thank the following eminent Cypherpunks for ideas in this article, >although it should not be construed to be representative of their >opinions, and neither can I provide any guarantee they represent >unique people: >G.Broiles, A.Chandler, J.Dinkelacker, H.Finney, E.Hughes, M.Landry, >T.C.May, N.Szabo In particular, I'd like to see short messages from each of the above people to RISKS attesting to their own individuality. Also, if LD has accused you in public or private of not existing, please send a message stating this. The address is risks at csl.sri.com Keep your comments short and polite, and mention "L. Detweiler" in each of them. We need everyone who has been involved to send a message. Please speak out. Thanks. Eric From ld231782 at longs.lance.colostate.edu Wed Nov 10 22:53:27 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 10 Nov 93 22:53:27 PST Subject: Waving the White Flag Message-ID: <9311110652.AA13691@longs.lance.colostate.edu> Gosh, it has been very unpleasant lately. I have never been subject to mailbombs, and my postmaster has never been harassed over my postings anywhere (by an Eminent Cypherpunk Leader, no less), before yesterday and today. Yes, I really thank all the cypherpunks for their valuable lessons on the internet and cyberspace. Now we really *can* believe that pseudospoofing inherently promotes a sense of community trust and harmony! All this time, and all the rancor on the list, all our stellar successes in media penetration and identity-subversion protocols can be chalked up to the Joy of Pseudospoofing. I really am grateful for you all in showing me your vision of cyberspace, and how it is superior to all those Orwellian and `Dossier Society' schemes that involve those oppressive identification protocols. shew. Anyway, this letter is an attempt to find a topic that someone will not flame me about, and is relevant to the cypherpunk list as I understand it! Phiber Optik -- I have been watching the trial of Mark Abene, aka Phiber Optik, closely, and I think I even fowarded articles on it to the cypherpunks once. This is a very fascinating trial. We learn, for example, of the first use of wiretaps for digital data (modem communications) for a successful prosecution. Also, we learned about how LOD (Legion of Doom) -- or was it MOD, Masters of Deception, I get all these criminal organizations mixed up! -- infiltrated phone systems. I think I even heard in one news report that some in the group performed illicit wiretaps. I find this *fascinating*. Can anyone elaborate to me the wiretapping that was going on? who did they wiretap? how did they do it? how did they avoid detection? more importantly, have the phone systems been upgraded or modified to be protected from this kind of extremely insidious crime? I read in `Cyberpunk' by K.Hafner and J.Markoff (the latter my favorite cyberspatial writer) that K. Mitnick in California also had this capability of wiretapping, and used it in an extremely sophisticated way. Apparently he actually tapped the lines of police stations and knew when they were coming, or knew when they had detected or `sniffed' his own illegal wiretapping. Did this happen? or is all of this rumor? I remember Phiber Optik posting to *this list* on the subject of phone wiretapping. I think he might have been a bit too knowledgeable for his own good, eh? What ever happened to K. Mitnick, anyway? He did serve federal time, I know that. I remember reading that story and thinking -- here is someone we should keep our eyes on, even after he is out of prison, *especially* when he is out! Conspiracy Charges -- Another question. I understand that Mr. Abene was charged with `conspiracy' or at least that was one of the charges involved in the whole affair, perhaps against others. My question: what is the legal criterion for a `conspiracy'? what are the penalties? did Abene actually get successfully prosecuted for `conspiring'? what was the conspiracy? Did it have anything to do with the wiretapping?what are famous conspiracy cases? I'm sure that some cypherpunks may be knowledgeable on these subjects. I sincerely hope I haven't offended anyone in asking. Mr. Finney posted some outstanding analyses of the ITAR (which I subsequently incorporated into a RISKS article), for example, so there is definitely some strong legal background here. please cc: your replies to me or I may not see them. From doug at netcom.com Wed Nov 10 23:09:02 1993 From: doug at netcom.com (Doug Merritt) Date: Wed, 10 Nov 93 23:09:02 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: Message-ID: <199311110705.XAA04155@mail.netcom.com> Mike Godwin said: >Perry writes: >> Seems to me that bandwidth is >> going to be nearly free in both directions in a few years whether >> government intervenes or not. > >I agree about the potential for it to be free, but, I gotta tell you, the >monopolists running the cable systems in this country have no inclination >to share that nearly free bandwidth with you, even if you're willing to >pay for access to it. I hate to disagree, considering that I prefer to agree with the philosophy here, but it *can't* work that way, regardless of what we wish. The problem is that bandwidth is a highly limited resource, just like real estate is a limited resource. Eventually we will complete saturate network bandwidth no matter what technology is used. This has been discussed in various forums for many years. Once optical fiber optic bandwidth peaks, you have to move to ultraviolet for greater channel capacity. Then that is exhausted, and we will continue pushing...gamma ray bandwidth fiber optic (or line of sight transmission) will eventually be a target, despite its extreme difficulties even in theory. At the same time we will be laying fiber and raising dishes to beat the band. But no matter how well all that goes, we will *very* quickly reach a saturation point of facilities as each new technology is introduced. These days it's easy to be optimistic, because bandwidth is growing geometrically. The problem is that there is no way in hell that that trend can continue indefinitely. One or two decades hence we will saturate theoretical limits. Bandwidth is and will always remain a scarce and precious resource. On the other hand, if you mean "slow channels by comparison with state of the art channels," then yeah, *that* may as well be free at any given point. Right this instant one could make an argument for 110 baud channels being free. >In order to get to a world in which free markets can meet our demand for >high-bandwidth connectivity, we have to dig ourselves out from the >market-failure position we're in now. And because government is part of >the problem, changing government policy is part of the solution. So, >that's one of the major thrusts of EFF's NII policy. I agree, but this seems to be a subject change. Doug From hughes at ah.com Wed Nov 10 23:19:02 1993 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Nov 93 23:19:02 PST Subject: A short response to L. Detweiler: 'I exist as myself.' Message-ID: <9311110714.AA19967@ah.com> L. Detweiler's recent article on the RISKS of confusing an online identity with a potentially knowable physical one are quite interesting, if hypothetical. I would be interested in hearing of situations where this practice has actually occurred. If any RISKS members know of any such incidents from first-hand experience, please share them with the readership. Unfortunately, I think he really believes that the cypherpunks mailing list has been dominated by a small cabal who have been using multiple identities who talk with each other on the list in order to enforce concensus and to suppress disagreeing positions, namely his. It just ain't so. Therefore, to set the record straight I feel I ought to make the following public statement: I, Eric Hughes, have never posted or communicated in any name other than my own. I can personally testify that I am not the same as any of the other people listed at the end of L. Detweiler's post, and I can testify from personal experience that Arthur Chandler, Hal Finney, Tim C. May, and Nick Szabo are all different people. I also decline to answer, point by point, the numerous defamatory innuendos made by L. Detweiler against the members of the cypherpunks mailing list. Might I also observe that none of the statements are specific enough to actually count as accusation, but merely as general slander? Eric From hughes at ah.com Wed Nov 10 23:29:02 1993 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Nov 93 23:29:02 PST Subject: On my recent Bcc: to cypherpunks Message-ID: <9311110727.AA20008@ah.com> I just forwarded my own contribution to the RISKS digest. Please, do not reply to the risks at csl.sri.com address unless you are submitting something for publication! I realized too lat what a blind carbon copy would do to repliers on the mailing list. Aack. Eric From doug at netcom.com Wed Nov 10 23:29:24 1993 From: doug at netcom.com (Doug Merritt) Date: Wed, 10 Nov 93 23:29:24 PST Subject: Personality BS (was: Should we oppose the Data Superhighway/NII?) Message-ID: <199311110725.XAA07571@mail.netcom.com> arromdee at blaze.cs.jhu.edu said: >One problem is that if you just sit around and discuss everyone's impressions >of the candidate, you've probably got some people who automatically get >negative impressions of all candidates who are black, or Asian, or Jewish, or >gay, or in the wrong political party. True. And even aside from extreme examples like that, it is notoriously hard to judge such things, even given people who are reasonable and operating on the basis of good will. On the flip side, ideally one would not have hired bigots in the first place, so there wouldn't be such people making such judgements. (I haven't stopped to do a head count, but as a white male I may actually be in the minority in my group. Our V.P. is female and Jewish, as one example of that. We're probably atypical. ;-) And lastly, every method of interviewing anyone has ever conceived of has its bad side. Nothing's perfect. Therefore this particular interchange of ours is really merely a digression. Doug From hughes at ah.com Wed Nov 10 23:29:37 1993 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Nov 93 23:29:37 PST Subject: Meeting Saturday 13 Nov 93 Message-ID: <9311110725.AA19994@ah.com> Bay Area Cypherpunks Meeting Date: Saturday, 13 Nov 93, the second Saturday of the month as always Time: 12:00 noon - 6:00 p.m. Where: Cygnus Support Offices, Mt. View, CA This month we have planned so far the following: -- Scott Collins on the Newton. Scott is bringing some fellow Apple folk down to talk about the development environment. Since the Newton might be a good platform for a private key holder, we'll examine it. -- The new Schneier book has just hit the bookstores. I just got a copy and will be talking about it. -- The usual announcements and topics from the floor. Eric [Directions to Cygnus provided by John Gilmore. -- EH] Cygnus Support 1937 Landings Drive Mt. View, CA 94043 +1 415 903 1400 switchboard +1 415 903 1418 John Gilmore Take US 101 toward Mt. View. From San Francisco, it's about a 40-minute drive. Get off at the Rengstorff Ave/Amphitheatre Parkway exit. If you were heading south on 101, you curve around to the right, cross over the freeway, and get to a stoplight. If you were heading north on 101, you just come right off the exit to the stoplight. The light is the intersection of Amphitheatre and Charleston Rd. Take a right on Charleston; there's a right-turn-only lane. Follow Charleston for a short distance. You'll pass the Metaphor/Kaleida buildings on the right. At a clump of palm trees and a "Landmark Deli" sign, take a right into Landings Drive. At the end of the road, turn left into the complex with the big concrete "Landmark" sign. Follow the road past the deli til you are in front of the clock tower that rises out of one of the buildings, facing you. Enter through the doors immediately under the clock tower. They'll be open between noon and 1PM at least. (See below if you're late.) Once inside, take the stairs up, immediately to your right. At the top of the stairs, turn right past the treetops, and we'll be in 1937 on your left. The door is marked "Cygnus". If you are late and the door under the clock tower is locked, you can walk to the deli (which will be around the building on your left, as you face the door). Go through the gate in the fence to the right of the deli, and into the back lawns between the complex and the farm behind it. Walk forward and right around the buildings until you see a satellite dish in the lawn. Go up the stairs next to the dish, which are the back stairs into the Cygnus office space. We'll prop the door (or you can bang on it if we forget). Or, you can find the guard who's wandering around the complex, who knows there's a meeting happening and will let you in. They can be beeped at 965 5250, though you'll have trouble finding a phone. Don't forget to eat first, or bring food at noon! I recommend hitting the burrito place on Rengstorff (La Costen~a) at about 11:45. To get there, when you get off 101, take Rengstorff (toward the hills) rather than Amphitheatre (toward the bay). Follow it about ten blocks until the major intersection at Middlefield Road. La Costen~a is the store on your left at the corner. You can turn left into the narrow lane behind the store, which leads to a parking lot, and enter by the front door, which faces the intersection. To get to the meeting from there, just retrace your route on Rengstorff, go straight over the freeway, and turn right at the stoplight onto Charleston; see above. See you there! John Gilmore From ld231782 at longs.lance.colostate.edu Wed Nov 10 23:32:55 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 10 Nov 93 23:32:55 PST Subject: the Tragedies of Pseudospoofing Message-ID: <9311110726.AA14246@longs.lance.colostate.edu> I wrote another essay, `the Joy of Pseudospoofing', which I have been refining and evolving, and will be glad to email it to anyone who is interested. For now, I would like to address briefly the issue, `The Tragedies of Pseudospoofing.' Knowledge & Friendship -- Consider the basis of friendship. In many ways, knowledge is friendship. The more you know about someone, the closer you feel. And in fact if you don't know certain things, about someone you consider a close friend, you might be surprised or upset. `I never knew that! why didn't you tell me?' or `you've been holding out on me! I'm upset!' Also, many of our metaphors about friendship involve its basis in knowledge, like thses. The whole idea of sharing knowledge is inherent to the idea of trust that is so critical in true friendship. We trust our friends not to betray us with sensitive information about ourselves to our enemies. There are plenty of classic situations about this. One really hilarious example, I recall, is that told in one Seinfeld story, where Jerry (is that right?), in the middle of some `hot and heavy' activity tries to talk dirty to a girlfriend that was Elayne's (his close personal friend) secretary. It backfires, the girlfriend/secretary is incredibly upset and offended. Jerry, in total desperation, as a last ditch effort, says, `now, of course, beyond everything else, this is just between you and me.' The girlfriend storms out the room. Later, Jerry hears that Elayne promoted the secretary, or the secretary was leaving her office. He drops all kinds of hints. `Was that *all* she said?' He didn't want to be embarrassed by a frivolous girlfriend in front of his true friend. Elayne shows no sign that she heard of anything embarassing. But, later after she was walking out the door, she snidely quotes the exact lines of Jerry's backfired dirty talk! Jerry was betrayed by *both* the girlfriend and Elayne. And Elayne in an extremely callously, manipulative way! She dangled the knowledge above him, like someone teases and tortures an animal. So, the point of all this is that `information control' is one of the most crucial aspects of friendship. Pseudospoofing & Friendship -- Now, consider the ingredient of pseudospoofing, and how it completely destroys all this trust. First, suppose that no one knows I am posting under Jim Riverman. They would be really aghast to find out later, even if everything said under Jim Riverman was wholly respectable (or perhaps, especially in that case!). That is part of friendship: exploring all the nooks and crannies of each other's personalities. Its because of friendship that people say, `I want to get to *know* you' or `you think you *know* someone...'When we come upon locked boxes, the trust evaporates. Also, consider that I write a lot of outstanding material on software engineering under Jim Riverman. Everyone might get the impression that L. Detweiler doesn't know squat about software engineering. And L. Detweiler might even go to a job interview, where the interviewer was also on the Software Engineering mailing list. `I'm sorry Mr. Detweiler, your experience as I've seen on the list just doesn't cut it. On the other hand, that Jim Riverman really knows what he is talking about, but all he could do was recommend that you come. I really am disappointed. Please have him come himself.' In fact, if Jim Riverman did all the posting, people might think that L. Detweiler didn't know squat about *anything*, when in fact L. Detweiler was posting his brains out under another identity (so to speak!). They might become alienated. `What has that L. Detweiler done for the Software Engineering Mailing List, anyway?' To bring this home, consider the following. Suppose that E.Hughes was actually posting as H.Finney (my apologies to both of you, please just grin and bear this, I need the effect). We would be startled to find out that E.Hughes had such extensive legal experience with the ITAR or capability in presenting outstanding articles and tutorials to newcomers. In fact, people might even become disillusioned with, or criticize, E.Hughes because they don't see the `leadership' posting anything that helps newcomers, when in fact they are `posting their brains out' (so to speak!). Yet More Tragedies -- Another problem with pseudospoofing is that of publishing. Suppose that E.Hughes now wished to write a big article for RISKS about the ITAR. He could not do so except under H. Finney without potentially compromising a `crossing' (where someone discovers the correlation). So he would have to post as H.Finney. But this would be a problem, because people might send mail to H.Finney after seeing the great RISKS posting. `Please come give a talk to our university for $10K'. H. Finney, if he had the audacity to respond, might say, `I'm sorry, I can't make it, but my friend E.Hughes can. I taught him everything I know.' If the university even responds, it might be something in the form `why can't *you* do it?' or `sorry, we're not interested.' H.Finney at the same time craves reputation, but abhors recognition. A hellish life indeed. Also, consider the problem of phone numbers. People like to maintain relationships over the phone. Cyberspace just seems too impersonal at times. What happens when someone asks for the phone number of a tentacle? Does Medusa say, `gee, my phone service is really bad, and if you are looking for ways of getting in touch with me, the phone is the worst of all. please send me a fax instead.' If the person trying to maintain a friendship didn't go away right then, they'd be *un*lucky. But in any case, they would feel quite upset and alienated. Any way you look at it, they have been betrayed. The only question is, to what extent? I think that this `cyberspace thing' is not about building *reputations*, but about building *friendships*. A reputation is nothing but condensed admiration that is synonymous with friendship. And looking over the idea of pseudospoofing, I can't see how anyone who practices it could conceivably have *any* friends, because of all the details they have to hide from others. (Does a person with Multiple Personality Disorder or a pathological liar have any friends?) But, at the same time, I'm sure I will hear from many snakes and claiming it *is* possible, and that *they* have friends. Maybe they are referring to all their `friends' as the other tentacles around them! What a pity. Like I was telling someone recently, `I really feel sorry for you.' From mccoy at ccwf.cc.utexas.edu Thu Nov 11 01:04:02 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Thu, 11 Nov 93 01:04:02 PST Subject: Austin Cypherpunks Meeting Message-ID: <199311110903.AA08348@tramp.cc.utexas.edu> Digital Freedom: By any means necessary. Austin Cypherpunks November Meeting November 13, 1993 3:00 pm 4th Floor Austin Public Library (800 Guadalupe St.) The Austin Cypherpunks chapter will be holding its November meeting on Saturday the 13th of November from 3 to 5 pm in a meeting room on the 4th floor of the downtown branch of the Austin Public Library. I have been told the room we will be using is "the first thing you see when you get off the elevator..." The theme of this meeting will be an introduction to PGP and public key cryptography in general. We will be explaining how PGP and other public-key cryptography systems work, and will go over some basic details regaring getting such software packages and how to properly use them. Bring your public-key on a disk of you have one, if not we will try to have a machine available for you to use to generate your own public-key. Additonal agenda items for this meeting include -Education/Information Disks The HoHoCon will be held in December in Austin and this should prove to be a good place for us to spread crypto technology and information about encryption in general. To this end we will be discussing possible files, programs, and news clippings to include in a disk of CryptoInfo and one of CryptoPrograms that we can distribute at conferences such as this. -TCP/IP Protocols and Encryption One possible project for us to consider is that of adding encryption to some of the most commonly used TCP/IP protocols (particularly those that otherwise broadcast account names and passwords in cleartext...) We will toss around a few ideas and see if this is something to try. -Digital Credit Union Project We will get up to date on this project and brainstorm some possible membership questions/ideas that we did not get around to at the last meeting. To subscribe to our full mailing list or our announcement-only mailing list, send mail to: listproc at mcfeeley.cc.utexas.edu Put the line "subscribe austin-cypherpunks [real name or nym]" in the BODY of the message to subscribe to the full list and "subscribe austin-cypherpunks-announce [real name or nym]" in the body of the message to subscirbe to the announcements list. Our file archives are available in /pub/cypherpunks via anonymous ftp at: ftp.cc.utexas.edu Cypherpunks: There is safety in numbers... large primes. Local contacts for your questions...: Jim McCoy Doug Barnes From andrew at cubetech.com Thu Nov 11 01:53:27 1993 From: andrew at cubetech.com (Andrew Loewenstern) Date: Thu, 11 Nov 93 01:53:27 PST Subject: whisper for NeXTSTEP Message-ID: <9311110950.AA24198@valinor.cubetech.com> Hi! If there are any cypherpunks with access to a NeXTSTEP box on the net who want to help me test out a little chatter app, please let me know. The app lets multiple people chat securely over the net using DistributedObjects and the IDEA cipher from PGP. It has no whizbang features like trading unique session keys with RSA (just distribute a pass-phrase through e-mail with PGP) or rich-text support, although these could be added if there was demand... I really want to find out if it works ok between NS/i and black hardware... thanks, andrew From unicorn at access.digex.net Thu Nov 11 02:29:04 1993 From: unicorn at access.digex.net (Dark) Date: Thu, 11 Nov 93 02:29:04 PST Subject: The Depravities of Cypherpunks Message-ID: <199311111028.AA21417@access.digex.net> Look, I have sympathy, Really I do. But we are all really tired of hearing about it. Take it somewhere else. I shouldn't HAVE to use my killfile on a mailing list. Christ. -uni- (Dark) From unicorn at access.digex.net Thu Nov 11 02:34:04 1993 From: unicorn at access.digex.net (Dark) Date: Thu, 11 Nov 93 02:34:04 PST Subject: Privacy, Property, Cryptography (long) Message-ID: <199311111033.AA21654@access.digex.net> -> And this intuition of yours seems to be reflected in law and statute to a greater degree than you're allowing elsewhere in your essay. For example, U.S. Supreme Court Justice Louis Brandeis said that the "right to be left alone is the most comprehensive of rights and the right most valued by civilized men."[1]Yet y our opening lines are <- The only statues giving any kind of "Right to privacy" that have any weight at all are full of holes. For the most part a right to privacy has been EXTRACTED from them, usually without much basis. Even Brandeis has his reservations (International News Service v. Associated Press) Again, the right to privacy is not constitutionally reserved, and is almost entirely a construction of common law. > Privacy was in a Hohfieldian manner, a privilege. Hohfield sounds like an interesting read. Can you give a reference? <- Let me dig up the bio on him and drop it here. -uni- (Dark) From lear35!mdbomber at nebula.acs.uci.edu Thu Nov 11 03:13:29 1993 From: lear35!mdbomber at nebula.acs.uci.edu (Matt Bartley) Date: Thu, 11 Nov 93 03:13:29 PST Subject: Elm & PGP Message-ID: <9311110647.AA19765@lear35.vlpa.ca.us> -----BEGIN PGP SIGNED MESSAGE----- I'm having some trouble using the morepgp filter program that's in the contrib/elm_nn directory of the PGP distribution. It works nicely in most respects. However, I haven't been able to choose a good pager program for morepgp to send its output to. If I tell morepgp to use the 'more' program, it will page through the mail message until it gets to the end. When that happens, elm suddenly retakes control and clears the screen. The last screenful of the message is therefore on the screen only an instant. This is unacceptable. A lesser problem is when the mail message has a PGP signature. As pgp works on it, it will say something to the effect of good signature from at However, it immediately passes control to more, which doesn't pause the screen until the "good signature" message has already scrolled off the screen. At least in an xterm window I can scroll back. Speaking of less, that's the default pager for morepgp, but it has problems also. It has the same problem as more where the pgp signature information scrolls off the screen before it can be read. However, since less clears the screen between each screenful, there is no way to scroll back using the scroll bars of an xterm window. Thus I only get a few miliseconds to read whether whose signature was on that mail message I just read... I haven't found any command line options for less that disable the screen clears. Does anyone have any solutions to this problem? -----BEGIN PGP SIGNATURE----- Version: 2.3a iQBVAgUBLOHgEjSSmvXojb+5AQH1/wH6A7j1dZalFHIIZXLxl0OW4K/CgA/hAZ0G SV2RAe5k5fDIY52JCJoFgtwL7fam0YQ+eifveIoCkkLV2EOP4ZXtUg== =4ctR -----END PGP SIGNATURE----- From frissell at panix.com Thu Nov 11 03:19:04 1993 From: frissell at panix.com (Duncan Frissell) Date: Thu, 11 Nov 93 03:19:04 PST Subject: The Depravities of Cypher Message-ID: <199311111115.AA03337@panix.com> L.>Mr. Hughes is quite perplexed at my sheer rage at Mr. Metzger's L.>unsurpassed childishness. He didn't approve of me attempting to shame L.>Mr. Metzger (a close personal friend, I suppose) This is a joke -- right? DCF --- WinQwk 2.0b#1165 From frissell at panix.com Thu Nov 11 03:19:28 1993 From: frissell at panix.com (Duncan Frissell) Date: Thu, 11 Nov 93 03:19:28 PST Subject: Should we oppose the Message-ID: <199311111115.AA03340@panix.com> D >The problem is that bandwidth is a highly limited resource, just like D >real estate is a limited resource. Eventually we will complete D >saturate network bandwidth no matter what technology is used. This has D >been discussed in various forums for many years. Then why have telecoms prices been declining for years? A three minute phone call from the US to England cost $25 in 1955 (in 1955 dollars). Where in the current comms spectrum do you see saturation and rising prices? It seems to me that in most resources we get predictions of shortages for centuries but those shortages never appear because the market eliminates or dodges them. DCF --- WinQwk 2.0b#1165 From frissell at panix.com Thu Nov 11 04:43:31 1993 From: frissell at panix.com (Duncan Frissell) Date: Thu, 11 Nov 93 04:43:31 PST Subject: smuggling currency Message-ID: <199311111240.AA08117@panix.com> U>The basic thrust is this: You can't transport a monetary instrument U>worth more than $ 10,000 without filling out the appropriate customs U>report. Of course they have to be able to prove that you did so. Cash cards raise real proof problems. U>If you bring the money in with the intent to avoid taxes, you have a U>second count, There are no tax consequences to cash per se. The issue is whether the cash constitutes unreported income or not. A separate issue. U>All your transaction does (unfortunately) is delay the importation U>of the "currency" until after the plane trip. You're still required U>to report the transaction, the card just makes it easier to get U>away with it. However, by spreading the "importation" out over time, cash cards reduce the chances that a "structuring" count could be proved against you. The whole cash card thing really mixes up the exact location of the money. What if you are overseas and buy a VISA USA cash card and then bring it into the US. Is this a reportable transaction? Presumably the payment for the card was wired by your overseas institution to VISA USA, a bank wire is not reportable. In any case, the overseas institution may not link you with its purchase of a VISA Cash Card from the US. Complications. DCF --- WinQwk 2.0b#1165 From djw at eff.org Thu Nov 11 05:13:31 1993 From: djw at eff.org (Daniel J. Weitzner) Date: Thu, 11 Nov 93 05:13:31 PST Subject: Government Accounting Office Report on Communications Privacy Message-ID: <199311111310.AA29819@eff.org> A few days ago, the Government Accounting Office (GAO) -- a pretty sharp internal gov't investigative organization that's about a lot more than accounting -- issued a report on communications privacy. (Much of what's in the report will probably raise of big "duh, we've been saying this for a decade," from cypherpunks and other digerati, but it's still very important to have the GAO saying this stuff.) The report makes four very important findings: 1. Privacy-protecting technology (crytopgraphy) is increasingly important for protecting the security of business communications and personal information. But federal policy is getting in the way of this technology. "Increased use of computer and communications networks, computer literacy, and dependence on information technology heighten US industries risk of losing proprietary information to economic espionage. In part to reduce the risk, industry is more frequently using hardware and software with encryption capabilities. However, federal policies and actions stemming from national security and law enforcement concerns hinder the use and the export of U.S. commercial encryption technology and may hinder its development." 2. The NSA's role in this area is has been extensive, and possibly beyond the spirit of the Computer Security Act. "Although the Computer Security Act of 1987 reaffirmed NIST's reponsibility for developing federal information-processing standards for security of sensitive, unclassified information, NIST follows NSA's lead in developing certain cryptographic standards" 3. Opportunity for public input in the standards process has been insufficient, leading to proposals like Clipper which lack public support. "These policy issues are formulated and announced to the public, however, with very little input from directly affected business interests, academia, and others." The report draws no specific policy conclusions, but provides excellent ammunition for those of us who are trying to open up the standards process and get export controls lifted. Full text of the report (GAO/OSI-94-2 Communications Privacy: Federal Policy and Actions) is supposed to be made available by ftp from GAO. As soon as it is, I'll let people know where it is. ...................................................................... Daniel J. Weitzner, Senior Staff Counsel Electronic Frontier Foundation 202-347-5400 (v) 1001 G St, NW Suite 950 East 202-393-5509 (f) Washington, DC 20001 *** Join EFF!!! Send mail to membership at eff.org for information *** From mnemonic at eff.org Thu Nov 11 05:33:32 1993 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 11 Nov 93 05:33:32 PST Subject: Privacy, Property, Cryptography (long) In-Reply-To: <9311110628.AA17830@ininx> Message-ID: <199311111329.AA29910@eff.org> John Kreznar writes: > Supreme Court Justice Louis Brandeis said that the "right to be left alone is > the most comprehensive of rights and the right most valued by civilized men."[1] > > [1] Quoted in ACLU Briefing Paper Number 5, "Drug Testing in the Workplace", > published by the Department of Public Education, American Civil Liberties Union, > 132 West 43rd Street, New York, NY 10036, (212) 944-9800. This quotation needs to be debugged a little bit. The actual quotation reads as follows: "They [the framers of the Constitution and the Bill of Rights] conferred, as against the government, the right to be let alone--the most comprehensive of rights and the right most valued by civilized men." Olmstead v. United States, 227 U.S. 438, 478 (1928). (Note in particular that it's "let," not "left.") --Mike From ferguson at icm1.icp.net Thu Nov 11 05:39:08 1993 From: ferguson at icm1.icp.net (Paul Ferguson x2044) Date: Thu, 11 Nov 93 05:39:08 PST Subject: Government Accounting Office Report on Communications Privacy In-Reply-To: <199311111310.AA29819@eff.org> Message-ID: <9311111338.AA01658@icm1.icp.net> > > A few days ago, the Government Accounting Office (GAO) -- a pretty sharp [...] Not to pick nits, but the GAO is the General Accounting Office, not "Government" Accounting Office. Cheers, ____________________________________________________________________________ Paul Ferguson Sprint Managed Router Network Engineering tel: 703.904.2437 Herndon, Virginia USA e-mail: ferguson at icp.net From mnemonic at eff.org Thu Nov 11 05:39:31 1993 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 11 Nov 93 05:39:31 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311110705.XAA04155@mail.netcom.com> Message-ID: <199311111337.AA29933@eff.org> Doug Merritt writes: > Mike Godwin said: > >Perry writes: > >> Seems to me that bandwidth is > >> going to be nearly free in both directions in a few years whether > >> government intervenes or not. > > > >I agree about the potential for it to be free, but, I gotta tell you, the > >monopolists running the cable systems in this country have no inclination > >to share that nearly free bandwidth with you, even if you're willing to > >pay for access to it. > > I hate to disagree, considering that I prefer to agree with the philosophy > here, but it *can't* work that way, regardless of what we wish. > > The problem is that bandwidth is a highly limited resource, just like > real estate is a limited resource. Doug, I think you may be under the impression that we're talking about a single fiber-optic or coax cable. You can have a single (or double or triple) infrastructural network, but add bandwidth to each one. I think the notion of "scarcity" doesn't apply to cable any more than it applies to personal computers. > Eventually we will complete saturate > network bandwidth no matter what technology is used. This has been discussed > in various forums for many years. Once optical fiber optic bandwidth > peaks, you have to move to ultraviolet for greater channel capacity. Or you add a new cable. Not hard. Nothing I have ever read has suggested that "scarcity," as that term is normally used in reference to a resource, applies in any meaningful way to cable. I believe that Perry's prediction is closer to the truth than yours. --Mike From mnemonic at eff.org Thu Nov 11 05:43:30 1993 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 11 Nov 93 05:43:30 PST Subject: Privacy, Property, Cryptography (long) In-Reply-To: <199311111033.AA21654@access.digex.net> Message-ID: <199311111342.AA29975@eff.org> Dark writes: > The only statues giving any kind of "Right to privacy" that have > any weight at all are full of holes. For the most part a right > to privacy has been EXTRACTED from them, usually without much basis. > > Even Brandeis has his reservations (International News Service v. > Associated Press) Again, the right to privacy is not constitutionally > reserved, and is almost entirely a construction of common law. As I recall, Dark, INS v. AP is copyright/First Amendment case, not a privacy case. (International News Service was cribbing from AP stories.) What does Brandeis say in this case that seems to be a reservation about privacy rights? --Mike From pmetzger at lehman.com Thu Nov 11 06:33:32 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 11 Nov 93 06:33:32 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311110705.XAA04155@mail.netcom.com> Message-ID: <9311111430.AA28017@snark.lehman.com> Doug Merritt says: > I hate to disagree, considering that I prefer to agree with the philosophy > here, but it *can't* work that way, regardless of what we wish. > > The problem is that bandwidth is a highly limited resource, just like > real estate is a limited resource. Eventually we will complete saturate > network bandwidth no matter what technology is used. Lets see whether this is reasonable. A single fiber optic strand has enough capacity in theory to carry the equivalent of every call made in the U.S. during the peak capacity utilization period on Mother's Day. A single fiber can carry more data than can be transmitted by the entire radio spectrum from low frequency AM to Ku band satelite. Thats bandwidth for literally thousands of simultaneous video signals. Using switching technology rather than shared access LAN style technology, every person in the world could concievably be sending and receiving that much at once. I don't know about you, but I personally can't produce more than 750 simultaneous videos at once for network distribution, so I suppose I'm uninteresting, but even the people who can do more than that are likely going to be fine. If they aren't, well, I suppose they could get TWO fibers coming into their home, or maybe even TEN or ONE HUNDRED if necessary. > These days it's easy to be optimistic, because bandwidth is growing > geometrically. The problem is that there is no way in hell that that > trend can continue indefinitely. One or two decades hence we will saturate > theoretical limits. I suspect that we have a wee bit longer to go than that. When people start faxing themselves regularly we may have to go to slightly more exotic technologies. Perry From gtoal at an-teallach.com Thu Nov 11 06:49:10 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 11 Nov 93 06:49:10 PST Subject: Big Mother can't protect our privacy Message-ID: <7110@an-teallach.com> In article <199311101900.LAA22288 at mail.netcom.com> tcmay at netcom.com writes: > let me say that the intent is psychological, not political. The > famoous questions about believing in God, having homosexual > experiences, washing one's hands, and so on, are devised by shrinks, > not designed to ferret out atheists and homos. The MMPI has been in > wide use since the 1950s, though it's use is declining as people file > lawsuits over it.) Read 'The straight dope' on how these questions are scored. Anyone who doesn't believe in God, for example, comes off very badly. There are many very nasty assumptions all through it that reflect the prejudices of the shrinks you refer to. It might as well have been written by god-freaks and gay-bashers. (Usually the same thing in my experience) > In Britain, in case there are some of you out there who haven't heard > about this, they got concerned about corporations compiling records on > people. Sounds like a valid concern, right? Well, the result was the > Data Privacy Act (or somesuch), which outlaws such records unless the > compiler notifies _all_ of the targets _and the government_. Close but your wording is misleading. People compiling lists in this country do *not* notify the people on the lists. The latter have to know who is compiling data on them, then put in a request (like a FOIA request) asking to be told what that data is. The public register just says 'company X keeps data' - it doesn't say on whom. In order to find out who is holding data on you, you would have to request it off every company registered with the DPA - and at about 10 pounds per request, that's a good way to go broke fast. The Data Protection Act would be better renamed the Data Secrecy Act - it primarily protects the large list of exempt bodies who not only do not register but are also immune from seaches; and any searches by other means are illegal. For instance, town councils, the police, banks, ... - just about anyone you would actually want to find out what they have on you. > The result is that anyone who saves computer files--like this list, > which of course contains e-mail addresses of hundreds of people--is > technically in violation of the law. Companies are finding it tough to > go about their business. And so on. This may well be true; it's been posited that anyone with a usenet feed should be registered since people post personal details in .sigs, and the data can be searched automatically in the mail spool. No-one to my knowlege has done so though, and no-one is asking them to. It's a big bone of contention at the moment whether BBSes should register - some see it as a way of squeezing them out of the BBS game. Again, most of them don't, and no-one complains. However it's always at the back of peoples' minds that the DPA could be used against them as an excuse if they were ever targeted for other reasons (such as unpopular political speech). G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From gtoal at an-teallach.com Thu Nov 11 06:53:33 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 11 Nov 93 06:53:33 PST Subject: L. Detweiler's latest rant on comp.risks Message-ID: <7111@an-teallach.com> In article <9311110637.AA19911 at ah.com> hughes at ah.com writes: > >G.Broiles, A.Chandler, J.Dinkelacker, H.Finney, E.Hughes, M.Landry, > >T.C.May, N.Szabo Hey, can't I be somebody too, pretty please?!!! G (aka Sy Verpunc, until he installed procmail) -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From gtoal at an-teallach.com Thu Nov 11 06:59:11 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 11 Nov 93 06:59:11 PST Subject: A short response to L. Detweiler: 'I exist as myself.' Message-ID: <7112@an-teallach.com> In article <9311110714.AA19967 at ah.com> hughes at ah.com writes: > L. Detweiler's recent article on the RISKS of confusing an online > identity with a potentially knowable physical one are quite > interesting, if hypothetical. > > I would be interested in hearing of situations where this practice > has actually occurred. If any RISKS members know of any such > incidents from first-hand experience, please share them with the > readership. I can tell a fascinating tale about spoofed identities that happened on a mailing list I was on a couple of years ago; but it's a *very* long story and I haven't the time. Maybe if I'm idle over the christmas holidays I'll pull up a log, sit down, and tell the story (if I'm bribed with enough drinks first :-) ) G (For anyone else here who's on that list, it's the story of Mahalingam et al...) PS Also I'm aware of quite a culture of 'she-males' in certain groups and IRC where men pose as women - usually lesbians - usually to get other real lesbians to confide in them (for the purposes of their own arousal...) -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From mnemonic at eff.org Thu Nov 11 07:39:11 1993 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 11 Nov 93 07:39:11 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <9311110120.AA08393@smds.com> Message-ID: <199311111535.AA02116@eff.org> Steve Witham writes: > As I understand it, for both telephones and cable TV, it is still common > for local governments to "grant" "franchises" to single companies for > phone and cable wires. If there were one thing to change, that would be > it. > > In other words, the "market failure" you're talking about is in a > situation where the law forbids a market. And the change required is > that the government not be involved. It would be nice if that were > how EFF stated its NII policy: Yankee Go Home. It's not that simple, unfortunately. Once monopolies have been created with government support, removing government intervention doesn't automatically make competition happen. Compare it to strip-mining: once a strip mine has dug up the landscape, the mere decision to stop mining doesn't automatically restore the land to the status quo ante, or even to an environment in which any kind of ecosystem can flourish. --Mike From djw at eff.org Thu Nov 11 08:09:11 1993 From: djw at eff.org (Daniel J. Weitzner) Date: Thu, 11 Nov 93 08:09:11 PST Subject: Government Accounting Office Report on Communications Privacy Message-ID: <199311111605.AA03469@eff.org> At 8:38 AM 11/11/93 -0500, Paul Ferguson x2044 wrote: >> >> A few days ago, the Government Accounting Office (GAO) -- a pretty sharp > >[...] > > >Not to pick nits, but the GAO is the General Accounting Office, not >"Government" Accounting Office. > Thanks for the correction. That's what happens when I post too early in the morning. ...................................................................... Daniel J. Weitzner, Senior Staff Counsel Electronic Frontier Foundation 202-347-5400 (v) 1001 G St, NW Suite 950 East 202-393-5509 (f) Washington, DC 20001 *** Join EFF!!! Send mail to membership at eff.org for information *** From pmetzger at lehman.com Thu Nov 11 08:24:11 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 11 Nov 93 08:24:11 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311111535.AA02116@eff.org> Message-ID: <9311111622.AA28106@snark.lehman.com> Mike Godwin says: > It's not that simple, unfortunately. Once monopolies have been created > with government support, removing government intervention doesn't > automatically make competition happen. > > Compare it to strip-mining: once a strip mine has dug up the landscape, > the mere decision to stop mining doesn't automatically restore the land to > the status quo ante, or even to an environment in which any kind of > ecosystem can flourish. However, its not like strip mining. So long as regulations are in place, the market is not functioning in a maximally efficient manner, and further distortions are occuring. Many modern economists, from Public Choice school to Austrian school, would hold that any attempt by the government to "fix" what it has done axiomatically are further distortions of the market, and that the market will settle most rapidly into a properly functioning state if government control is removed as quickly and thoroughly as possible. Theory in fact matches practice. Observe, for example, the difference between places like Hungary (we will be kind and not use Russia as an example) in which gradualist government guided conversions to the market are practiced, versus Poland, where a radical "shock therapy" liberalization occured. Poland was the only nation in Eastern Europe to experience economic growth following the inception of its program, its inflation rate is down to acceptable levels, and over half the country's workers are now in the private sector. I understand the impulse to use metaphors like strip-mining, but metaphors are a way of explaining theory, not a way to reason. I could, for example, analogise the infrastructure to a car, which is zooming along fine now but might run out of gas without fueling. However, this metaphor is inapplicable -- it has nothing to do with the situation. Concretely observed, there is no obstacle to the sort of national network we want other than the government. In spite of the belief that "monopolists" will take over, there is no evidence that competition is slowing down (in fact, it is speeding up as fast as the government will allow it to) and in spite of the belief that the network will "control programming and work only one way" the truth seems to be that the cable companies and everyone else want to get into digital two-way services as soon as possible and that the government is all that is standing in the way. Perry From root at decvax.dec.com Thu Nov 11 08:29:11 1993 From: root at decvax.dec.com (ME) Date: Thu, 11 Nov 93 08:29:11 PST Subject: OMNI CARD Message-ID: <199311111121.AA00503@visgraph.uucp> I just got this from last night's edition of "BEYOND 2000" on the discovery channel.... A Eurpoean banking system is experimenting and using a new card they call the OMNI CARD. What this does is provides some form of authentication aside from the PIN number. The procedure: 1) You place your phone call to the bank and make your request. 2) You type in your PIN number into the OMNI card (sort of a hacked calculator card, I suppose) 3) The OMNI card generates a number from this which you verbally read to the bank. 4) The bank clerk responds with a "Challenge Number" which you type into the OMNI card. 5) The OMNI card generates a result from this number which you verbally read to the bank clerk. If all is in check, this is proper authentication of who you are. The purpose is to avoid having to read your actual PIN number aloud, or type it in where someone can see you. The OMNI card uses a random formula to calculate its numbers in conjunction with the challenge number; supposedly this is different for each transaction. A sample number which was displayed was: Challenge Number: 28385180 Result : 572738 The technology was sold to "two major US computer companies" recently. I suppose this is some metamorphicly generated checksum. Until someone gets ahold of one of these OMNI cards and takes it apart... Just FYI... From Martin.Greifer at f28.n125.z1.FIDONET.ORG Thu Nov 11 08:33:31 1993 From: Martin.Greifer at f28.n125.z1.FIDONET.ORG (Martin Greifer) Date: Thu, 11 Nov 93 08:33:31 PST Subject: modem taps/caller id Message-ID: <4110.2CE1DFEC@shelter.FIDONET.ORG> > From kumr!toad.com!owner-cypherpunks > Practical Peripherals sells a modem that also captures Caller ID info > and makes it available to your comm program. I've also seen devices > that do this for sale in the back of BBS magazines. The question is, how does a caller block this feature? ___ Blue Wave/QWK v2.12 -- Martin Greifer - via FidoNet node 1:125/1 UUCP: ...!uunet!kumr!shelter!28!Martin.Greifer INTERNET: Martin.Greifer at f28.n125.z1.FIDONET.ORG From mnemonic at eff.org Thu Nov 11 09:34:11 1993 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 11 Nov 93 09:34:11 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <9311111622.AA28106@snark.lehman.com> Message-ID: <199311111733.AA04581@eff.org> Perry writes: > However, its not like strip mining. So long as regulations are in > place, the market is not functioning in a maximally efficient manner, > and further distortions are occuring. It's like strip mining in this sense: stopping the intervention doesn't restore the healthy previous condition automatically. Merely ending regulation doesn't make the distortions go away. > I understand the impulse to use metaphors like strip-mining, but > metaphors are a way of explaining theory, not a way to reason. Just so. If you really believe that merely stopping regulation, *without anything else*, would restore competition to a market that's been dominated by a government-supported monopoly or duopoly, then we simply must agree to disagree. > Concretely observed, there is no obstacle to the sort of national > network we want other than the government. Untrue. The cable providers often are putting up obstacles of their own, as are telco providers. The impossibility of Tim May's X-rated cable channel illustrates this point. The market can't function--Tim and those like him who want a certain type and variety of programming--unless there is access to the information infrastructure. Telling every would-be X-rated cable viewer to build his own cable system is not a solution. According to standard free-market theory, the existence of demand (Tim and friends) for an affordable product ought to stimulate a supplier for that product. But that will never happen if all we do is say to the cable and telco providers "Well, we've given you these markets and allows you to profit enormously and to have absolute ability to use nonmarket mechanisms to squash any hint of serious competition, and now we're going to just dust off our hands and walk away." --Mike From jim at bilbo.suite.com Thu Nov 11 09:39:11 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 11 Nov 93 09:39:11 PST Subject: cypherplonks mailing list Message-ID: <9311111736.AA28612@bilbo.suite.com> A couple of weeks ago someone jokingly proposed creating a parallel mailing list for flames, rants, and other non-crypto posts. If that ever happens, I propose calling it the "cypherplonks" mailing list. Jim_Miller at suite.com From paul at poboy.b17c.ingr.com Thu Nov 11 09:39:32 1993 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Thu, 11 Nov 93 09:39:32 PST Subject: AT&T Encryption Product In-Reply-To: <9311102212.ag09356@ncrhub1.NCR.COM> Message-ID: <199311111737.AA01959@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- > Well, it was interesting to see Philippe Nave's posting about an AT&T > encryption software product (using the government's digital signature > and secure hash standards instead of RSA and MD-5, so it won't be PGP- > or PEM-compatible). I got a call from David Arneke of AT&T yesterday. He was able to answer a few questions for me: namely, that the reason no RSA-based products are available is that they aren't finished yet! AT&T Secure Systems put on a big push to have products ready to show at COMDEX, and the DES/SHA/DSS-based products were ready first. Arneke did say that they will be forthcoming. - -Paul - -- Paul Robichaux, KD4JZG | Caution: cutting edge is sharp. Avoid contact. Intergraph Federal Systems | Be a cryptography user - ask me how. ** Of course I don't speak for Intergraph. ** -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOJ4NSA78To+806NAQGT8gQAjCpcoS1fXuVWpl1blQbmWMab4dogq8XR Vdp3CXbhBiouXFQdlgW/CwqNzuZj0ghYQYFwuQUB2/NklAkPepP8kUi4fxqtkn/F BoOzHofmpHFILWG6xhLLUlW8pX/GtFPaRkJsB2gKL5r+NrzLg5xCPN8xAHVDvdpw /yNWT3ituHc= =2+dY -----END PGP SIGNATURE----- From gtoal at an-teallach.com Thu Nov 11 09:53:33 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 11 Nov 93 09:53:33 PST Subject: Are we gatewayed to Usenet? Message-ID: <7161@an-teallach.com> In article <199311092038.MAA06532 at mail.netcom.com> tcmay at netcom.com writes: > I believe someone has gatewayed the list onto Netcom, which is > available to many thousands of subscribers, including local POPs > (points of presence) in Washington, D.C., Boston, Atlanta, Austin, and > of course all up and down the West Coast. > > Is this such a good idea? And should it be unilaterally done? If there > was discussion of this, I must've missed it somehow (which I doubt). There is absolutely nothing wrong with a local redistribution of a mailing list. It probably isn't bidirectional, but even if it is, so what? What you're really saying is you don't want too many people reading who you can't keep tabs on, isn't it? Or are you really just rankled that *Sternlight* can read cypherpunks and you won't know about it? I guess that must be it because we've *lots* of local redistributions signed up for this list. (Anyone who wants to see the complete direct membership list merely has to telnet to toad.com's smtp port and EXPN the real list name) I have a great deal of sympathy about 'private space', but if you want to make this list in some way semi-private, then you *must* issue a policy notice when anyone signs on the list, saying what the conditions are, eg that it is not to be quoted in other forums or reposted to local lists etc. Otherwise people (unethical people, I mean) can do what they like with our posts whether we approve or not. I could show you some of the warnings I've seen elsewhere, except I'd be in breach of those lists rules by reposting them :) [no, really, I just don't have one handy...] In fact, the truly paranoid would make list membership a two-stage process where you first sent out the rules, then waited for a mail accepting them... I *don't* advicate this course by the way. I'm happy with things as they are, until DS turns up :-) Graham From lex at mindvox.phantom.com Thu Nov 11 10:09:11 1993 From: lex at mindvox.phantom.com (Lex Luthor) Date: Thu, 11 Nov 93 10:09:11 PST Subject: Phiber, The MOD, and The LOD. Message-ID: "L. Detweiler" writes: > >Anyway, this letter is an attempt to find a topic that someone will not >flame me about, and is relevant to the cypherpunk list as I understand it! > >Phiber Optik >-- > >I have been watching the trial of Mark Abene, aka Phiber Optik, >closely, and I think I even fowarded articles on it to the cypherpunks >once. This is a very fascinating trial. We learn, for example, of the >first use of wiretaps for digital data (modem communications) for a >successful prosecution. Also, we learned about how LOD (Legion of Doom) >-- or was it MOD, Masters of Deception, I get all these criminal >organizations mixed up! -- infiltrated phone systems. I think I even >heard in one news report that some in the group performed illicit wiretaps. Although some people on this list could care less about the details, since you confused the two ex-hacking groups, I feel the need to set the record straight. It was MOD *not* LOD that phiber has been recently affiliated with. MOD was in my opinion a malicious group of hackers who used their knowlege and abilities to relentlessly harass people, wreak havoc on computer systems and networks by shirking the 'hacker ethic' of not causing damage, and allegedly to perpetrate various forms of fraud and theft. Please note that Phiber Optik was probably the most mellow one of the MOD and having spoke with him a number of times, it seems that he is not a malicious type. IMHO his mistake was teaching his 'friends' in the group how to do certain things without regard to what they intended to do with that knowlege. LOD was a whole different type of group. If you want to classify us as a criminal organization due to gaining unauthorized access into various computers and networks over the years, fine. But the LOD maintained a high standard of ethical behavior in the way of not intentionally causing damage to computer system, not violating people's privacy for the sole purpose of harassment or fraud, and the overall mentality of spreading knowlege and information to those who were interested. Obviously those ethics were warped as none of the ex-members that I am in contact with (erik bloodaxe - editor of Phrack, the marauder, Lord Digital and Deal Lord - Mindvox owners, etc.) believe that unauthorized access to computers is/was right nor legal. I am not defending what we did all those years ago, but just clarifying the degree to which we were involved. To make this clear, gaining unauthorized access to computer systems is illegal and wrong under just about any circumstance. Violating a person or company's privacy is wrong also, even if it was done out of curiousity or a thirst for knowlege. One other thing, it was reported in the press a number of times that there was some sort of war between hacker groups. I think this is silly and although I had 'retired' by 1989 which was about the time a lot of the alleged MOD activity took place, my version is that there was no 'war'. There are always personality conflicts between people and arguements between erikb and phiber appears to have been blown way out of proportion as usually happens when things get reported by the press. >I find this *fascinating*. Can anyone elaborate to me the wiretapping >that was going on? who did they wiretap? how did they do it? how did >they avoid detection? more importantly, have the phone systems been >upgraded or modified to be protected from this kind of extremely insidious >crime? One of the things some MOD members allegedly did was gain access to certain key computer systems that controlled various functions of BT's Tymnet packet switching network. There are some systems that allow a privileged user to monitor network traffic (XRAY for example), by gaining access to these systems and knowing the correct commands, one can 'wiretap'. It should be noted, if you read through the old hacker BBS message bases (which you can do if you contact lod communications who is compiling messages from the very first phreak boards such as Modem Over Manhattan and 8BBS circa 1980 up through boards such as the Phoenix Project circa 1989/1990, see the review of the project in Autumn 1993 issue of 2600 or CuD #5.39 for more details or email lodcom at mindvox.phantom.com) that the LOD had access to those same systems years before MOD was around, and no one was the wiser simply because it was more of an exploration of the systems as opposed to an exploitation of the systems. I for one operated on the premise that if I didn't know what a certain command did, I did not type it in. That kind of caution allows you to explore and learn as safely as possible by helping to avoid accidental damage. As for tapping phone lines, most any reader of the cypherpunks list can do this physically. What the MOD *may* have done (or use the word allegedly if you like), is to gain access to certain phone company systems, such as LMOS (Loop Maintenance Operating System) which allow a person who has a privileged account and the correct commands and syntax, to REMOTELY monitor phone lines. The phone company does this for repair and maintenance reasons and not to spy on subscribers. As we all know, most technologies can be used for reasons other than for what they were originally intended, this being a classic example. As for avoiding detection, if one had access to the Switching Control systems, they would be able to do a whole host of other things from putting traces on subscribers served by the particular switch to seeing if there were any 'traces' on their lines. In addition, putting call forwarding onto a network access port number and then forwarding calls to their computer, would allow the perpetrator to gain untold amounts of usernames/passwords for systems on whichever network they forwarded the calls from. >I read in `Cyberpunk' by K.Hafner and J.Markoff (the latter my favorite >cyberspatial writer) that K. Mitnick in California also had this >capability of wiretapping, and used it in an extremely sophisticated >way. Apparently he actually tapped the lines of police stations and >knew when they were coming, or knew when they had detected or `sniffed' >his own illegal wiretapping. >Did this happen? or is all of this rumor? Back in 1984 or so, a fellow lod member, The Blue Archer, dealt a lot with Mitnick (using the handle The Condor if I remember correctly). I specifically recall speaking with Blue Archer when he told me to not discuss certain things for fear that Condor was listening to his line remotely. Not only this, but Condor gave Blue Archer a phone number in California that forwarded to his real phone number which was located 1000 miles east. This number lasted for a long time and somehow there was never any billing associated with this long distance forwarding situation. Therefore, I believe the above happened and was not rumor. What is interesting is that he was capable of this type of technology manipulation nearly a decade ago. Condor/Mitnick was one of the 'best' there ever was, but it appears that he used his knowlege and abilities in ways that he probably should not have. >I remember Phiber Optik posting to *this list* on the subject of phone >wiretapping. I think he might have been a bit too knowledgeable for his >own good, eh? What ever happened to K. Mitnick, anyway? He did serve >federal time, I know that. I remember reading that story and thinking >-- here is someone we should keep our eyes on, even after he is out of >prison, *especially* when he is out! > >Conspiracy Charges >-- > >Another question. I understand that Mr. Abene was charged with >`conspiracy' or at least that was one of the charges involved in the >whole affair, perhaps against others. My question: what is the legal >criterion for a `conspiracy'? what are the penalties? did Abene >actually get successfully prosecuted for `conspiring'? what was the >conspiracy? Did it have anything to do with the wiretapping?what are >famous conspiracy cases? I'm sure that some cypherpunks may be >knowledgeable on these subjects. I sincerely hope I haven't offended >anyone in asking. Mr. Finney posted some outstanding analyses of the >ITAR (which I subsequently incorporated into a RISKS article), for >example, so there is definitely some strong legal background here. > >please cc: your replies to me or I may not see them. > Reply was cc'd to you. Lex From tcmay at netcom.com Thu Nov 11 10:19:11 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 11 Nov 93 10:19:11 PST Subject: (fwd) Netcom adds access in Denver area Message-ID: <199311111815.KAA05545@mail.netcom.com> Cyphertentacles and Extropiates, Here's a convenient list of the latest Netcom sites, which span the U.S. I've been happily using it (well, they changed to a new emacs yesterday and now my autowrap doesn't work....I hate having to spend a couple of hours on such a trivial matter) for a year and a half and I conservatively estimate I've influenced at least 30 people to sign up for it....too bad I don't get any usage credits for it. The best things about it: flat monthly fee ($17.50), unlimited connect time, full range of services (much better than most universities have, folks tell me), and--best of all--your Netcom account won't change when you change jobs! And posting with Netcom presumably won't run the risk of angering your employer. I'm thrilled that Netcom is expanding so rapidly. --Tim Newsgroups: netcom.general,co.general,ba.internet,alt.internet.access.wanted From: glee at netcom.com (Glee Harrah Cady) Subject: Netcom adds access in Denver area Distribution: netcom,usa Date: Thu, 11 Nov 1993 17:22:36 GMT NETCOM On-line Communication Services, Incorporated is pleased to announce the expansion of the NETCOM backbone into the Denver, CO metropolitan area. To reach the service, using a VT100 terminal emulator dial 303-758-0101 with your modem set to 8,1,N, and hardware flow control. Denver's new Point of Presence (POP) joins our nationwide backbone in supporting a full range of network services including: o Internet Connections (T1 & 56kb, dedicated and dialup) o News/Mail feeds with Domain service o Business Dial-up access (news / mail / ftp / telnet / shell) o Host dial access (International and National News, news / mail / ftp / telnet / shell) o Personal Network (SLIP or PPP) Connections (PNC) o FrameConnect Internet Services NETCOM can be your gateway to economical global communications. A connection to the NETCOM state-of-the-art network will deliver connectivity at very affordable prices. NETCOM offers Internet connections, news feeds, electronic mail, local access points throughout the United States, source archives, telecommunications consulting, discounts on purchases of communication equipment, and other services. NETCOM offers a guest account to provide more information about its services. To access the guest account via your modem and personal computer, dial a local access number from the list below. After you connect, at the Login: prompt, type "guest". You need not type in a password. Remember, you must use lower case letters. If you prefer, you can also log in via telnet to netcom.netcom.com or to the IP address of 192.100.81.100. Here are a few of the local access 1200/2400/9600 V.32/V.42 numbers: 206-547-5992 Seattle 214-753-0044 Dallas 310-842-8835 Los Angeles 303-758-0101 Denver 404-303-9765 Atlanta 408-241-9760 San Jose 408-459-9851 Santa Cruz 415-328-9940 Palo Alto 415-985-5650 San Francisco 503-626-6833 Portland 510-426-6610 Pleasanton 510-865-9004 Alameda 617-237-8600 Boston 619-234-0524 San Diego 703-255-5951 Washington DC 714-708-3800 Irvine 818-585-3400 Pasadena 916-965-1371 Sacramento VOICE: (408) 554-8649 FAX: (408) 241-9145 Local Access Numbers: (800) 488-2558 _____________________________________________________________________________ - info at netcom.com (408) 554-8649 NETCOM On-line Communication Services, Inc. From brendan at lisa.cygnus.com Thu Nov 11 10:34:11 1993 From: brendan at lisa.cygnus.com (Brendan Kehoe) Date: Thu, 11 Nov 93 10:34:11 PST Subject: meetings at Cygnus Message-ID: <4653.753042932@lisa.cygnus.com> On behalf of a bunch of people at Cygnus, I've a small request to make of the Cypherpunks. When you bring chairs into the conference room for your meeting, *please* remember where you got them. That way, at the end of the meeting, they can go back where they came from, and we don't have to spend Monday morning trying to find our chairs around the office. Thanks, Brendan -- Brendan Kehoe brendan at cygnus.com Cygnus Support, Mountain View, CA +1 415 903 1400 From lefty at apple.com Thu Nov 11 10:43:32 1993 From: lefty at apple.com (Lefty) Date: Thu, 11 Nov 93 10:43:32 PST Subject: OMNI CARD Message-ID: <9311111839.AA14681@internal.apple.com> >I suppose this is some metamorphicly generated checksum. Until someone >gets ahold of one of these OMNI cards and takes it apart... We use SecurID cards, which sound very similar, as a security measure on some of our remote access connections. BTW, you can't take the cards apart. They fry themselves if you try. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From frissell at panix.com Thu Nov 11 10:44:11 1993 From: frissell at panix.com (Duncan Frissell) Date: Thu, 11 Nov 93 10:44:11 PST Subject: Should we oppose the Message-ID: <199311111839.AA10010@panix.com> To: cypherpunks at toad.com M >Just so. If you really believe that merely stopping regulation, M >*without anything else*, would restore competition to a market that's M >been dominated by a government-supported monopoly or duopoly, then we M >simply must agree to disagree. You mean to tell me that if the Feds just said -- the Local Loop monopoly no longer exists, we'll auction all the frequencies and get out of the business of regulating telecoms, no market would spring up. Right now, there are 6 count them 6 possible suppliers for the Local Loop: 1) TPC 2) Cable 3) The Electric Company (yes the Electric Company) 4) Cellular 5) PCS 6) Digital Mobile Radio (you all saw the stories about Nextel?) There are probably others I haven't heard of. Looks like tons of suppliers to me. M >Untrue. The cable providers often are putting up obstacles of their M >own, as are telco providers. The impossibility of Tim May's X-rated M >cable channel illustrates this point. The market can't function It seems to me that many of the alt.sex.whatever subscribers are using the PSTN to satisfy their desires. As long as we have a switched network to the home or office, we can switch whatever we like over it. How can a provider stop a porno enterprise network from supplying encrypted signal to subscribers. It won't even be able to tell it's going on. M >Telling every would-be X-rated cable viewer to build his own cable M >system is not a solution. That's just what we do every day on the PSTN or Internet. DCF --- WinQwk 2.0b#1165 From mnemonic at eff.org Thu Nov 11 11:29:12 1993 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 11 Nov 93 11:29:12 PST Subject: Should we oppose the In-Reply-To: <199311111839.AA10010@panix.com> Message-ID: <199311111927.AA06278@eff.org> frissell writes: > M >Just so. If you really believe that merely stopping regulation, > M >*without anything else*, would restore competition to a market that's > M >been dominated by a government-supported monopoly or duopoly, then we > M >simply must agree to disagree. > > You mean to tell me that if the Feds just said -- the Local Loop monopoly > no longer exists, we'll auction all the frequencies and get out of the > business of regulating telecoms, no market would spring up. Right now, > there are 6 count them 6 possible suppliers for the Local Loop: First, I wasn't talking about the local-loop competition. I was talking about cable. I don't doubt that in *some* monopoly situations, mere reduction or elimination of regulation can allow markets to spring up. I just don't think this is true with regard to telcos and cable. Secondly, and as I mentioned, there are non-market tactics that a supplier can use to prevent competition from arising. For example, why should a local telco decide on its own to be interoperable with, say, the Electric Company? What market share can a monopoly gain by giving access to competition? None. It can only *lose* market share. > 1) TPC > 2) Cable > 3) The Electric Company (yes the Electric Company) > 4) Cellular > 5) PCS > 6) Digital Mobile Radio (you all saw the stories about Nextel?) It's always a mistake to confuse technical feasibility for competition. What's to prevent the dominant one or two providers (TPC and Cellular, let's say) from closing out the others by refusing to be interoperable? --Mike From pmetzger at lehman.com Thu Nov 11 11:39:32 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 11 Nov 93 11:39:32 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311111733.AA04581@eff.org> Message-ID: <9311111937.AA28165@snark.lehman.com> Mike Godwin says: > > Concretely observed, there is no obstacle to the sort of national > > network we want other than the government. > > Untrue. The cable providers often are putting up obstacles of their own, as > are telco providers. The impossibility of Tim May's X-rated cable channel > illustrates this point. The market can't function--Tim and those like him > who want a certain type and variety of programming--unless there is access > to the information infrastructure. Telling every would-be X-rated cable > viewer to build his own cable system is not a solution. X-Rated movies are a huge business. I suspect cable companies would love to broadcast them. However, there are government impediments to transmitting them -- fears of lawsuits, FCC intervention, and criminal charges being among them. Of course, this is comparing apples and oranges -- when TV channels per se cease to exist, which is inevitable, it will be difficult if not impossible for bluenoses to detect when such services are in use. > According to standard free-market theory, the existence of demand > (Tim and friends) for an affordable product ought to stimulate a supplier > for that product. Of course it would, BARRING LEGAL OBSTACLES. Again, as before, the market is not currently free -- the obstacles are government created. Perry From mnemonic at eff.org Thu Nov 11 11:49:12 1993 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 11 Nov 93 11:49:12 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <9311111937.AA28165@snark.lehman.com> Message-ID: <199311111947.AA06606@eff.org> Perry writes: > X-Rated movies are a huge business. I suspect cable companies would > love to broadcast them. Right. And the telcos would love to carry phone-sex services. Your suspicion would be incorrect. Current providers tend not to want to carry sexually explicit services because it hurts their image. For example, the telcos didn't want to support 900-number phone-sex services, in spite of the fact that there is a very clear market for them, because they didn't want to do any business for and with the phone-sex companies. See, e.g., Sable Communications v. FCC. If your characterization were correct, the phone companies would be dying to carry phone-sex services. In real life, however, they keep petitioning regulatory bodies to allow them not to carry them. > Of course it would, BARRING LEGAL OBSTACLES. Again, as before, the > market is not currently free -- the obstacles are government created. Thanks for the capital letters--I am getting a little nearsighted in my old age. But your analysis hear assumes that, given a clear and profitable market, any rational provider would cater to it. Even in the absence of legal sanctions, this isn't true, as Sable Communications and other cases clearly show. --Mike From warlord at MIT.EDU Thu Nov 11 11:53:31 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 11 Nov 93 11:53:31 PST Subject: ANNOUNCE: Boston Area Cypherpunks Meeting Message-ID: <9311111950.AA04886@toxicwaste.media.mit.edu> This is to inform you about the November Boston Area Cypherpunks Meeting. This meeting will be held in MIT room 1-115 on Saturday, November 13, from 12 - 6PM. Topics will range from PGP tutorial and informatioon, key signing, mathematical explanations, digital cash, and other topics from the attendees. If you have any questions, please mail me personally. All further information will be sent to "cypherpunks-east at MIT.EDU". To get on this list, send mail to "cypherpunks-east-request at MIT.EDU" See you Saturday. -derek PS: It has been suggested that we attempt an audio feed to California. My response is that if we can obtain the hardware here we can attempt it, but I'm not sure how well it will help the meeting move along. Directions: T: Red line to Kendall Sq. Walk away from the Marriott (across the street). Walk down the road until the next road, Amhurst, and take a right. There keep walking. You will cross Ames St. Keep walking forward until you pass the "Great Sail", then bear right. Walk up the steps and then keep walking straight. Follow the signs for 1-115 Bus: #1 to 77 Mass Ave. Walk up the stairs and follow the signs. Car: Get to Cambridge. Find somewhere to park around Mass Ave between Memorial Drive and Vassar St. You may want to try an MIT parking lot. Enter MIT at 77 Mass Ave and follow the signs. From pmetzger at lehman.com Thu Nov 11 11:59:12 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 11 Nov 93 11:59:12 PST Subject: Should we oppose the In-Reply-To: <199311111927.AA06278@eff.org> Message-ID: <9311111954.AA28183@snark.lehman.com> Mike Godwin says: > It's always a mistake to confuse technical feasibility for competition. > What's to prevent the dominant one or two providers (TPC and Cellular, > let's say) from closing out the others by refusing to be interoperable? Why did virtually all the railroads in the northern U.S. use the same rail gauge BEFORE regulation of the railroads? Why do most of the commercial internet providers (except for the government subsidized ANS) agree to exchange packets with each other freely? Why do open standards do better in the market than closed standards? The answer is "its in their interest to cooperate, thats why." There was actually a really nice article in Forbes recently on game theory and competition vs. cooperation... Perry From huggins at eecs.umich.edu Thu Nov 11 11:59:32 1993 From: huggins at eecs.umich.edu (Jim Huggins) Date: Thu, 11 Nov 93 11:59:32 PST Subject: Clipper and the "Christian Right" Message-ID: <199311111959.AA04662@quip.eecs.umich.edu> Grendel Grettisson writes: > On Tue, 9 Nov 1993, Clark Reynard wrote: > > I think it would be very important if we could attempt to > > sway the Christian right into this; it is certain we > > probably don't agree on many issues, and the "700 Club" > > anti-Clipper piece was very effective, good video. > For those that watch the 700 Club. Personally, I'm opposed to anything > that gives the Christian Right more power or puts them in the public eye > more given their past track record. You mean "their past track record that I don't agree with." Sure, many excesses have been committed in the name of the "Christian Right" (whatever that is ... I'm supposedly a part of it and I've never seen a coherent definition of what it is). But the "Agnostic Left" has probably committed a few excesses in its day, too. Frankly, a coalition with people from a wide variety of political backgrounds can only help to make the anti-Clipper cause seem more respectible. Otherwise, the anti-Clipper folks might end up sounding like just another liberal protest group, and be treated just like any other lobbying group. > > If you don't believe me, watch it. They almost seem > > to agree with us entirely on the issue of cryptography. > > Perhaps it's time for a _new_ group; the cyphermonks. > > I nominate St. John the Divine as a patron saint. > I thought the Christian Right didn't like Catholics or Saints either. It > is a Protestant movement. Not really. From my experience, the "Christian Right" is composed of conservative Christians -- both Protestant and Catholic. It's only in certain parts of the country where conservative Protestants and Catholics are unfriendly ... --Jim Huggins From huggins at eecs.umich.edu Thu Nov 11 12:03:32 1993 From: huggins at eecs.umich.edu (Jim Huggins) Date: Thu, 11 Nov 93 12:03:32 PST Subject: Clipper and the "Christian Right" Message-ID: <199311111959.AA04683@quip.eecs.umich.edu> Owen Rowley > From: Clark Reynard > > I think it would be very important if we could attempt to > > sway the Christian right into this; it is certain we > > probably don't agree on many issues, and the "700 Club" > > anti-Clipper piece was very effective, good video. > meanwhile, don't forget for a second that the christian right > *will* toss your anarchic ass on the pyre where they *will* roast > pagan faggots like myself after they've squeezed you for your > support. > Religion has it's protection clearly enumerated in the constitution, > and a clear agenda to keep everyone elses freedom from being similary > enumerated. > Caveat emptor, and carry a loaded flamethrower, because the first > chance they get to cut you out of the deal you will need it. Oh, come on now. You give the "Christian Right" (and I still don't know what that means) far more power than they have. There is this popular notion that the "Christian Right" has some master agenda that all conservative Christians buy into blindly. That simply ain't so ... just as there isn't a single master cypherpunks agenda agreed on in this list (complaints by Mr. Detweiler notwithstanding). Clark Reynard has rightly pointed out that some in the Christian Right agree with the cypherpunks on the need for legal cryptography and that they might be able to help in the fight against things like Clipper. Why that should bring out deep-seeded hatred against the Christian Right for unrelated offenses or differences of opinion is beyond me. Isn't it enough that we could agree on this one issue? Let's try to make this issue non-partisan, OK? --Jim Huggins From GRABOW_GEOFFREY at tandem.com Thu Nov 11 12:19:12 1993 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Thu, 11 Nov 93 12:19:12 PST Subject: Fractal cryptography? Message-ID: <199311111223.AA16697@localhost> Greetings all, I've come up with an idea that uses the chaotic nature of fractals to perform some very secure encryption. Does anybody know if this has already been done? The programs I've already written seem to be very secure. Any info is appreciated, G.C.G. From mdiehl at triton.unm.edu Thu Nov 11 12:39:12 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Thu, 11 Nov 93 12:39:12 PST Subject: Clipper and the "Christian Right" In-Reply-To: <199311111959.AA04683@quip.eecs.umich.edu> Message-ID: <9311112035.AA25997@triton.unm.edu> According to Jim Huggins: > > Clark Reynard has rightly pointed out that some in the Christian Right > agree with the cypherpunks on the need for legal cryptography and that they > might be able to help in the fight against things like Clipper. > Why that should bring out deep-seeded hatred against the Christian Right > for unrelated offenses or differences of opinion is beyond me. Isn't > it enough that we could agree on this one issue? I might add that I'm a "member" of the Christian Right. I also like to think that I've contributed to the "Cypherpunk Cause." I believe that encryption is a right, and I believe that government should stay out of most things I'm involved with. Just my $.02 Lagers, J. Michael Diehl ;^) |*The 2nd Amendment is there in case the mdiehl at triton.unm.edu | Government forgets about the 1st! Mike.Diehl at f29.n301.z1 |*God is a good Physicist, and an even .fidonet.org | better Mathematician. al945 at cwns9.ins.cwru.edu|*I'm just looking for the opportunity to (505) 299-2282 (voice) | be Politically Incorrect! Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703. From mnemonic at eff.org Thu Nov 11 12:59:12 1993 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 11 Nov 93 12:59:12 PST Subject: Should we oppose the In-Reply-To: <9311111954.AA28183@snark.lehman.com> Message-ID: <199311112058.AA07980@eff.org> Perry writes: > Why did virtually all the railroads in the northern U.S. use the same > rail gauge BEFORE regulation of the railroads? Partly because there was no pre-existing railroad monopoly that was blocking them from the market. Of course, railroad interoperability is trivial, and can't easily be altered to block entry. But it should be noted that "using the same rail gauge" is only part of interoperability. I leave it to you to guess what the other part is, and how a railroad monopoly can prevent entry of new competition. > Why do most of the commercial internet providers (except for the > government subsidized ANS) agree to exchange packets with each other > freely? > > Why do open standards do better in the market than closed standards? > > The answer is "its in their interest to cooperate, thats why." Please explain, specifically, how it's in a local telco's interest to cooperate with an upstart Electric Company telco provider. > There was actually a really nice article in Forbes recently on game > theory and competition vs. cooperation... That's nice. But don't assume I'm not knowledgeable on these subjects. --Mike From smb at research.att.com Thu Nov 11 13:03:32 1993 From: smb at research.att.com (smb at research.att.com) Date: Thu, 11 Nov 93 13:03:32 PST Subject: Should we oppose the Message-ID: <9311112100.AA01913@toad.com> Why did virtually all the railroads in the northern U.S. use the same rail gauge BEFORE regulation of the railroads? Ah -- you specify the ``northern'' U.S. The situation in the south was very different. And even in the north, the Pennsylvania Railroad was so large (they're the ones who billed themselves as ``the standard railroad of the world) that other folks had to follow if they came near the PRR. It was near-monopoly that created that situation, not any desire for co-operation. In Europe, there are still a variety of different gauges, electrical standards, loading gauges, etc. (Actually, the latter two are problems in the U.S. as well.) From pmetzger at lehman.com Thu Nov 11 13:09:12 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 11 Nov 93 13:09:12 PST Subject: Should we oppose the In-Reply-To: <199311112058.AA07980@eff.org> Message-ID: <9311112106.AA28293@snark.lehman.com> Since the discussion is endless, I'm going to take my latest arguments to private mail with Mike. Perry From pmetzger at lehman.com Thu Nov 11 13:19:12 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 11 Nov 93 13:19:12 PST Subject: Should we oppose the In-Reply-To: <199311112100.QAA24989@lehman.com> Message-ID: <9311112114.AA28312@snark.lehman.com> This has gone on too long -- I'm writing a last reply here in public and then I would ask that we take this to private mail. smb at research.att.com says: > Why did virtually all the railroads in the northern U.S. use the same > rail gauge BEFORE regulation of the railroads? > > Ah -- you specify the ``northern'' U.S. The situation in the south > was very different. Yes, the south had fewer railroads and they followed a different gauge -- this is to be expected in such situations. > And even in the north, the Pennsylvania Railroad > was so large (they're the ones who billed themselves as ``the standard > railroad of the world) that other folks had to follow if they came near > the PRR. It was near-monopoly that created that situation, not any > desire for co-operation. I once read a wonderful account of how enraged J.P. Morgan was one day when, while relaxing at his country home on the Hudson in upstate New York, he heard the sounds of a railroad construction gang driving through a railroad competing with the Penn Central line which he effectively controlled via the Vanderbilts. No attempt to set up a railroad cartel or monopoly worked until the ICC was formed, you know -- a government agency created largely so monopolists would have a legal way of enforcing rate fixing. > In Europe, there are still a variety of different gauges, electrical > standards, loading gauges, etc. Yes. Such things typically occur for a while when people aren't geographically proximate and don't interact much -- the north and south were such an example. However, in regions where people do interact standards quickly enforce themselves. Look around you at the computer industry for example. Perry From MJMISKI at macc.wisc.edu Thu Nov 11 13:24:46 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Thu, 11 Nov 93 13:24:46 PST Subject: OMNI CARD Message-ID: <23111113581263@vms2.macc.wisc.edu> With re to Root's comments: The OMNI Card appears to be the incarnation of D. Chaum's SmartCardComputers. If its what it sounds like it is a public key encryption/digital signature computing device. DigiCash...er...Digital Cash (Im not good at avoiding a pseudospoof) is on its way boyz. --Matt ______________________________________________________________________________ In defense of liberty, encrypt for all purposes, civil and professional. In defense of privacy, encrypt all correspondence, personal and professional. In defense of sanity, do not encrypt your dry cleaning invoice! ++++++++--------mjmiski at macc.wisc.edu (c)1993 From jim at bilbo.suite.com Thu Nov 11 13:34:12 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 11 Nov 93 13:34:12 PST Subject: CUD 5.84 Message-ID: <9311112133.AA01867@bilbo.suite.com> The following was recently posted to sci.crypt. I would like to get a copy of the referenced issue of CUD and check out the "DES: Broken!" article. I looked in the EFF ftp site, but they only have CUD up to issue 5.76. Anybody know where I can get CUD 5.84? Thanks, Jim_Miller at suite.com ------------- From: pwilk at reed.edu (The Cannibal) Newsgroups: sci.crypt Subject: Computer underground Digest Sun Nov 7 1993 Volume 5 : Issue 84 Message-ID: <2bn1u8$gt0 at scratchy.reed.edu> Date: 9 Nov 93 03:14:16 GMT Organization: Reed College, Portland, Oregon Lines: 29 Thought you might like to know: Computer underground Digest Sun Nov 7 1993 Volume 5 : Issue 84 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2 at NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copy Eatitor: Etaoin Shrdlu, III CONTENTS, #5.84 (Nov 7 1993) File 1--Computers, Freedom, and Privacy '94 Conference File 2--CFP '94 Scholarship Announcements File 3--Korea 94: Call for Papers File 4--CPSR NII Paper File 5--DES: Broken! <----------------------------- File 6--NAFTA mandates software patents (fwd) File 7--Phiber Optik Sentenced to One Year in Prison read it. check it out. -- The _O_ "Darkness may cover me: midnight may steal along my living veins; Cannibal | yea and the ultimate futility, the ghastly nothing on which all things play may break ice-thin crust and freeze my soul" pwilk at reed.edu -=public key available on finger=- - John Cowper Powys From abootch at sfsuvax1.sfsu.edu Thu Nov 11 15:03:35 1993 From: abootch at sfsuvax1.sfsu.edu (Bokum Bop Till You Drop) Date: Thu, 11 Nov 93 15:03:35 PST Subject: modem taps/caller id In-Reply-To: <4110.2CE1DFEC@shelter.FIDONET.ORG> Message-ID: <9311112303.AA19607@sfsuvax1.sfsu.edu> > > Practical Peripherals sells a modem that also captures Caller ID info > > and makes it available to your comm program. I've also seen devices > > that do this for sale in the back of BBS magazines. > > The question is, how does a caller block this feature? > ___ Blue Wave/QWK v2.12 > -- You can press *67 (or *69? in some places) to keep the receiver from getting your phone number but your phone number is still sent - just not displayed - more info in current ish of 2600. -- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAizdNhgAAAECAKYlJfK4YQoaRYtiywdgR7OQmsS23oRFr3QYZf4mE1pQTvPg DGB7xVx2mfRjsqUdQsar4vdWyNZmXLMmHNdez9UABRG0K0FuZHkgSS4gTWF0aW5v ZyA8YWJvb3RjaEBzZnN1dmF4MS5zZnN1LmVkdT4= =KJFP -----END PGP PUBLIC KEY BLOCK----- From abootch at sfsuvax1.sfsu.edu Thu Nov 11 15:13:35 1993 From: abootch at sfsuvax1.sfsu.edu (Bokum Bop Till You Drop) Date: Thu, 11 Nov 93 15:13:35 PST Subject: tel news Message-ID: <9311112312.AA21315@sfsuvax1.sfsu.edu> FYI ---- (sorry if this is re-hash) Today's SF CHRON reports: Pac's Baby Bell will spend 15 billion installing fiber optics throughout California. ATT will supply ATM switchers to convert the video signals... And PacTel Cellular will offer Bay Area cell users CDPD - faster and more efficient cell data transmittion - it transmits the data in packets during "the idle milliseconds of voice conversations carried on cell. phone systems". So its compressed and.... -- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAizdNhgAAAECAKYlJfK4YQoaRYtiywdgR7OQmsS23oRFr3QYZf4mE1pQTvPg DGB7xVx2mfRjsqUdQsar4vdWyNZmXLMmHNdez9UABRG0K0FuZHkgSS4gTWF0aW5v ZyA8YWJvb3RjaEBzZnN1dmF4MS5zZnN1LmVkdT4= =KJFP -----END PGP PUBLIC KEY BLOCK----- From frissell at panix.com Thu Nov 11 15:39:17 1993 From: frissell at panix.com (Duncan Frissell) Date: Thu, 11 Nov 93 15:39:17 PST Subject: Should we oppose the Message-ID: <199311112337.AA10372@panix.com> To: cypherpunks at toad.com M >First, I wasn't talking about the local-loop competition. I was M >talking about cable. I don't doubt that in *some* monopoly situations, M >mere reduction or elimination of regulation can allow markets to spring M >up. I just don't think this is true with regard to telcos and cable. Hasn't it occurred to everyone that the local loop is cable and cable is the local loop. There's no difference. Any way of squishing gobs of zeros and ones down a channel to you is the Local Loop and the Trunk and the Cable and everything. M >Secondly, and as I mentioned, there are non-market tactics that a M >supplier can use to prevent competition from arising. For example, why M >should a local telco decide on its own to be interoperable with, say, M >the Electric Company? In this Age of Open Systems? Anyway if they won't connect each other, I will with my own switch just like International Discount Telecommunications and the other companies are smashing the ITU monopoly pricing of international phone calls. M >It's always a mistake to confuse technical feasibility for M >competition. What's to prevent the dominant one or two providers (TPC M >and Cellular, let's say) from closing out the others by refusing to be M >interoperable? M >--Mike Sweden approved 5 national cellular franchises by far the most of any country. Sweden has the most market penetration of cellular by any country. No coincidence. Duncan Frissell --- WinQwk 2.0b#1165 From strick at versant.com Thu Nov 11 16:43:35 1993 From: strick at versant.com (strick -- henry strickland) Date: Thu, 11 Nov 93 16:43:35 PST Subject: MATH: new number Message-ID: <9311120044.AA23664@versant.com> And now for something completely relevant: Newsgroups: rec.arts.sf.written From: daveb at harlqn.co.uk (Dave Berry) Organization: Harlequin Ltd, Cambridge, UK Date: Thu, 4 Nov 1993 19:15:59 GMT > It was mentioned on CNN that the new prime number discovered > recently is four times bigger then the previous record. > -- John Blasik Mathematicians at Cambridge University announced today that they have discovered a new whole number between 27 and 28. "We don't know much about its properties", said a spokesman, "but it is causing lots of bother in equations. However, we do know that it's divisible by 6 - but only once". -- "On the hour", BBC Radio. From chaos at aql.gatech.edu Thu Nov 11 18:13:34 1993 From: chaos at aql.gatech.edu (Paul Goggin) Date: Thu, 11 Nov 93 18:13:34 PST Subject: CUD 5.84 In-Reply-To: <9311112133.AA01867@bilbo.suite.com> Message-ID: <9311120212.AA07613@toad.com> >Anybody know where I can get CUD 5.84? It is available from aql.gatech.edu /pub/eff/cud/cud >File 5--DES: Broken! <----------------------------- This is old news though, it has appeared on the cypherpunks list about 4-6 weeks ago (if memory serves). -- R O All Comments Copyright by | Technofetishist A N Paul S. Goggin (1993) | Cypher, Cyber, Chaos V Information Broker | Ergoflux, Interzone E chaos at aql.gatech.edu | Carpe Diem: Stop the Clipper wiretap chip Finger account for latest _Phrack_ | Public Key: PGP and RIPEM available For anonymous communication:---> anon32940 at anon.penet.fi ------------------------------------------------------------------------------ Title 18 USC 2511 and 18 USC 2703 Protected -- Monitoring Absolutely Forbidden From sameer at uclink.berkeley.edu Thu Nov 11 18:24:17 1993 From: sameer at uclink.berkeley.edu (Sameer) Date: Thu, 11 Nov 93 18:24:17 PST Subject: Mounting a "Secure" filesystem in UNIX Message-ID: Right now I'm running Linux with SLIP at home, and with telnetd disabled, I feel very secure keeping my PGP secret key on the system. The drawback inherent in this system, however, of course, is that I can't connect to my home system and collect mail/do work/etc. remotely. (That's why I have all mail going to uclink, from which point it goes both to my home machine and netcom.) I was wondering if it was possible to mount a "secure" filesystem/partition using Linux or some other free version of UNIX, so that it's inaccessible if logged in remotely, but accessibly when logged in locally. That way I can store my PGP secret key on the "secure" filesystem, and keep telnetd enabled. Any thoughts? Thanks, Sameer From opus at xstablu.com Thu Nov 11 18:33:34 1993 From: opus at xstablu.com (Opus Outland) Date: Thu, 11 Nov 93 18:33:34 PST Subject: Cancel me. Message-ID: Please cancel my subscription. Thanks. From jim at bilbo.suite.com Thu Nov 11 18:34:17 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 11 Nov 93 18:34:17 PST Subject: Brady Bill and Instant Check system Message-ID: <9311120231.AA06445@bilbo.suite.com> I think I heard on CNN last night the the Brady Bill passed the House and is on its way to the Senate. I think part of the Brady Bill calls for the development within 5 years of a nationwide computer system for performing "instant" checks on people attempting to purchase handguns. Without getting into a discussion on the issues of gun ownership (I'm *very* in favour of it), how do you suppose this Instant Check system will work? How will they index into the database? SSN? Health Security ID number? Fingerprints? I know TRW has developed a pilot fingerprint identification system for the San Jose Police Department. It's called C.O.N.F.I.R.M. (COunty-wide Networked Fingerprint Identification Remote Match. I'm not suggesting that CONFIRM was designed for the Instant Check system, just that the technology to create a nationwide fingerprints database exists, if the Gov'mnt were to decide that was a good thing. What can be done to insure that this Instant Check database idea doesn't get out of hand? (If it's not already too late.) Can personal cryptography prevent the accumulation of information on people who are arrested (regardless of whether or not they are convicted)? I doubt it. Only the elimination of the function of a police force would achieve that! A related, and more philosophical question is: Is there any room in Cypher-topia for databases containing information that can be used to identify convicted "rights-violators"? Jim_Miller at suite.com P.S. let me know if none of this is appropriate for the Cypherpunks list. I'm still new to this list. From sameer at uclink.berkeley.edu Thu Nov 11 18:39:51 1993 From: sameer at uclink.berkeley.edu (Sameer) Date: Thu, 11 Nov 93 18:39:51 PST Subject: (fwd) Netcom adds access in Denver area In-Reply-To: <199311111815.KAA05545@mail.netcom.com> Message-ID: > > Cyphertentacles and Extropiates, > > Here's a convenient list of the latest Netcom sites, which span the U.S. > > I've been happily using it (well, they changed to a new emacs > yesterday and now my autowrap doesn't work....I hate having to spend a > couple of hours on such a trivial matter) for a year and a half and I > conservatively estimate I've influenced at least 30 people to sign up > for it....too bad I don't get any usage credits for it. > > The best things about it: flat monthly fee ($17.50), unlimited connect > time, full range of services (much better than most universities have, > folks tell me), and--best of all--your Netcom account won't change > when you change jobs! And posting with Netcom presumably won't run the > risk of angering your employer. > > I'm thrilled that Netcom is expanding so rapidly. > I don't want to bash netcom here.. I have an account and I'm *quite* happy with it. (The accounts I have at my university are very nice, but when 20 people have root, there's *no* security.) I have doubts, however, about how good a thing it is to have *one* public access provider with such a wide net. It *is* a great thing that now a netcom account doesn't mean that much about where I'm located, so further privacy is available through that indirection. (Of course, where I'm located is available via finger, but I provide that information myself.) The problem I fear is a centralization of the net. If netcom is the major provider for the entire country, then there's much more risk of "network-disaster" if netcom dies for some reason. (Not Imminent Death of the Net, but if, say, 20% of all users of the internet who use a commercial provider use netcom, then a death of netcom would be a serious blow to the net-population.) There's some aesthetic beauty, I think, in localized network providers, but I can't root out a rational basis for that one. The fact, however, that I can be in any major city and *still* have access to my netcom account with a local (or rather cheap) phone call, is a *very* good thing, however. I *have* heard, though, that the POPs outside the bay area only have 56K connections to the netcom computers.. (From ping times to these sites, a friend of mine who runs an *excellent* public access network site in Chicago, estimated these things.) Has anyone who used both the Bay Area POPs and long-distance POPs noticed a difference? File transfers? (Those in Chicago looking for network access, should look into MCSNet-- Personally I prefer the level of service there to netcom, but I've been with the guy for multiple years, so there's a level of bias in there. [And I *think* there's a reference credit on MCSnet.. for every person I get to subscribe for 3 months I think I get 2 weeks or something like that.] 312-248-0900.. He will soon have a T1 and T1 POPs all over the Chicago area.) From arthurc at crl.com Thu Nov 11 19:19:18 1993 From: arthurc at crl.com (Arthur Chandler) Date: Thu, 11 Nov 93 19:19:18 PST Subject: (fwd) Netcom adds access in Denver area In-Reply-To: Message-ID: As someone who has gotten some pretty crusty mail for posting issues related to the social and cultural aspects of encryption -- "stay on the subject! this place is about encryption, not politics!" -- may I ask -- very politely, of course -- what these plugs for netcom are doing here? I'm using a different provider, and am very happy with them. But should I be plugging them (or dinging them) on this list? From an41418 at anon.penet.fi Thu Nov 11 19:23:35 1993 From: an41418 at anon.penet.fi (wonderer) Date: Thu, 11 Nov 93 19:23:35 PST Subject: Fractal cryptography? Message-ID: <9311120321.AA06790@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- I would be interested in more information on this! Wonderer -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLOKnzR1kTJuroDD9AQEnJAH/cpHuXA/+xdhHZtSxiD7iawDQMwgQTHDw 8t4oFRF/o98lWztuoiq0Dl3aDYEtcFcJI4NV6qAOjMVsQoDIOgVemQ== =saSN -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From tcmay at netcom.com Thu Nov 11 20:23:34 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 11 Nov 93 20:23:34 PST Subject: Politics on the List? In-Reply-To: Message-ID: <199311120422.UAA28483@mail.netcom.com> Arthur Chandler writes: > As someone who has gotten some pretty crusty mail for posting > issues related to the social and cultural aspects of encryption -- "stay > on the subject! this place is about encryption, not politics!" -- may I > ask -- very politely, of course -- what these plugs for netcom are > doing here? I'm using a different provider, and am very happy with them. > But should I be plugging them (or dinging them) on this list? As you all may have noticed, I discuss political issues here on the List when I think the topic is appropriate. I notice others do as well. Yes, some folks complain when non-technical stuff comes up, when the discussion moves away from Mersenne primes and thermite bombs. Yes, the mantra of "Cypherpunks write code" is oft-repeated. Of course, I notice that very few of us are writing any code these days. Some of the remailer wizards are still revising their code, and a few C-punks are trying to implement DC-Nets in code. But the vast majority of the 500+ folks on this List are either not writing crypto code, or are keeping silent about it. The intent of the "Cypherpunks write code" line, if I can venture a motivation (it was of course Eric's line), is that we are more interested in seeing the Brave New Crypto World happen than in just jawboning about export laws, the Zimmmermann case, and whether libertarians are right and socialists are wrong. Some of us are socialists, some are anarcho-capitalists, some of us are Trotskyites, and so on. So what else is new? The kind of political rancor we have largely been successful in avoiding is the traditional libertarian vs. everyone else debate that afflicts so many other groups. I am pleasantly surprised by this. Crypto has massive implications, for so many areas: privacy, taxation, national borders, data havens, export laws, redistribution of income, and on and on. Cypherpunks should write code, if they can, but in any case they ought to have some idea of where they're going. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From kone at COURIER1.SHA.CORNELL.EDU Thu Nov 11 20:29:20 1993 From: kone at COURIER1.SHA.CORNELL.EDU (kone at COURIER1.SHA.CORNELL.EDU) Date: Thu, 11 Nov 93 20:29:20 PST Subject: Instant check system Message-ID: <2CE33AED@COURIER1.SHA.CORNELL.EDU> Jim Miller asked about the "Brady Bill" instant check system. In the House version no deadline is set for the nation wide system. As for fingerprints, it is one of the ways the bill authorizes to check back grounds. My over payed earrend boy, Congressman Hinchy, got a copy of the bill for me and two of my Cornell pre-law friends looked it over. We still don't know what they want in the end. (not counting the total ban.) The bill did refer to an "individual number" a lot. It is not clear if the "individual number" is your SS number or the serial number of the weapon. I personly like the idea of instant check, if my privacy can be preserved. The last thing I want is either a convicted "rights-violator" with a weapon or someone keeping track on what I buy or don't buy. I have been trying to keep my life out of as many records as possable, and am a bit worried by the vage instant check program. (is visiting a srink for depresion a sign of mental instablity?) Ther should be a way for individuals to check on their own record, as often as they want, yet not alowing for others to check. i.e. the sellor types in your number (public key) and the confuser says OK or NOT OK. You type in your private key and see your arest record and such. One final item, I do agree that weapon ownership is not the issue we should talk to, but how can we protect our privacy yet keep "rights-violators" from open access to weapons. William Kone "I have trained over a thousand young men to eat, sleep, and shoot with their weapon. But, I still get worried the first time I give them the rifels." From mlinksva at netcom.com Thu Nov 11 20:59:22 1993 From: mlinksva at netcom.com (Michael R Linksvayer) Date: Thu, 11 Nov 93 20:59:22 PST Subject: New magazine: Meta Message-ID: <199311120457.UAA03092@mail.netcom.com> Dear cypherpunks, The premier issue of Meta, a monthly for-profit electronic magazine, is now available in PostScript and Replica formats. This issue contains some crypto news and commentary (none of which will be new to someone on this list), and subsequent issues will have more. Generic info follows: Meta is a monthly electronic magazine that covers issues of particular interest to the net community, including, but not limited to: cryptography, electronic publishing, free software development, intellectual property, internet commercialization, privacy and virtual communities. Meta is available via email and ftp, and is freely redistributable. ftp: ftp.netcom.com:/pub/mlinksva meta1193.ps (PostScript) meta1193.ps.gz (gzip'd PS) meta1193.rpl (Replica - requires MS-Windows and Replica viewer) meta1193.exe (Replica with embedded Replica viewer) mail: send mail to mlinksva at netcom.com with a subject of: send1193ps send1193rpl send1193exe to obtain the PS, Replica and embedded Replica versions respectively. -- Mike Linksvayer mlinksva at netcom.com +1 415 431 0775 voice Publisher, Meta +1 415 327 7629 fax From doug at netcom.com Thu Nov 11 22:43:37 1993 From: doug at netcom.com (Doug Merritt) Date: Thu, 11 Nov 93 22:43:37 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: Message-ID: <199311120641.WAA15638@mail.netcom.com> Mike Godwin said: >Doug, I think you may be under the impression that we're talking about a >single fiber-optic or coax cable. You can have a single (or double or >triple) infrastructural network, but add bandwidth to each one. I think >the notion of "scarcity" doesn't apply to cable any more than it applies >to personal computers. I understand. I think that we're looking at different sides of the same coin. I'm taking the long view, where you're taking the short view. For the next several years, I agree that bandwidth will continue to increase even as cost-per-bit-per-second continues to fall. My previous comments were directed at the long term view, which may be inappropriate to discuss at the moment, since naturally the long term has no immediate pragmatic import. Just keep those comments in mind 5 or 10 years from now. ;-) Doug From doug at netcom.com Thu Nov 11 22:44:22 1993 From: doug at netcom.com (Doug Merritt) Date: Thu, 11 Nov 93 22:44:22 PST Subject: Privacy, Property, Cryptography (long) In-Reply-To: Message-ID: <199311120644.WAA16116@mail.netcom.com> Mike Godwin said: >This quotation needs to be debugged a little bit. The actual quotation [...] >as against the government, the right to be let alone--the most [...] >(Note in particular that it's "let," not "left.") It's always nice to get quotations down correctly, but surely the original "let" translates in today's speech to "left"? If not, I'd like to hear about the difference. Doug From doug at netcom.com Thu Nov 11 22:59:23 1993 From: doug at netcom.com (Doug Merritt) Date: Thu, 11 Nov 93 22:59:23 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: Message-ID: <199311120659.WAA17915@mail.netcom.com> "Perry E. Metzger" said: >A single fiber optic strand has enough capacity in theory to carry the >equivalent of every call made in the U.S. during the peak capacity >utilization period on Mother's Day. This is a nice reduction to theory; the current optical modulation rates fall vastly short of the theoretical limits, but yes, at their maximum it would be something on that order. >I don't know about you, but I personally can't produce more than 750 >simultaneous videos at once for network distribution, so I suppose I'm >uninteresting, but even the people who can do more than that are >likely going to be fine. If they aren't, well, I suppose they could >get TWO fibers coming into their home, or maybe even TEN or ONE >HUNDRED if necessary. Heh. Well. By today's standards, theoretical-capacity fiber optic will be indeed be overkill; there would be plenty left over. Keeping in mind that we're talking about the medium to long term future rather than the immediate future, though: needs tend to grow easily as fast as does capacity to meet needs. In the past one can point to 1950's quotes about how many computers would ever be needed worldwide, or to 1970's arguments about why GUI interfaces would never be realistic, or even to Bill Joy's late 1980's Nanotech Conf. talk when he coined the unit of VAX-MIPS-Millenia, which he thought would be useless even if available. Counterexamples to Joy's thesis are trivially found in cryptography, and less obviously in things like computer generated holography. The latter might easily become a GUI standard of the future, and will indeed require VAX-MIPS-millenia of computation to compute in real time. They would also require similarly astronomical amounts of bandwidth to transmit. By today's standards, that's ridiculous to assume. But by the standards of 10 years hence, two dimensional video may well appear as primitive as 110 baud text transmission does to us today. Judging the future by today's standards tends to leave one's predictions high and dry. Doug From doug at netcom.com Thu Nov 11 23:14:52 1993 From: doug at netcom.com (Doug Merritt) Date: Thu, 11 Nov 93 23:14:52 PST Subject: Should we oppose the Data Superhighway/NII? Message-ID: <199311120715.XAA20441@mail.netcom.com> Lyle_Seaman at transarc.com said: >I think Doug believes that demand for bandwidth due to new >technologies (image, higher definition audio, etc etc) will grow >faster than the ability to provide more bandwidth. Perhaps, but I >don't envision running out of aggregate bandwidth in my lifetime. You >can put a lot of optical fibers in a very small space. I only ask that you remember my bizarre prediction over the next decade. I believe that history will vindicate me. The problem is that history has vindicated me a number of times in the last 15 years, but no one remembers by the time that the future rolls around. Clearly I'm not taking the right approach even now, given that. I'll keep working on it. Doug From hfinney at shell.portal.com Thu Nov 11 23:49:23 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Thu, 11 Nov 93 23:49:23 PST Subject: Fractal cryptography Message-ID: <9311120740.AA19589@jobe.shell.portal.com> There have been some discussions on sci.crypt within the past few months on nonlinear/chaotic algorithms and their use in cryptography. Fractal cryptography sounds like it might be related. The problem is that unless an algorithm was SPECIFICALLY DESIGNED to prevent an intelligent adversary from defeating it, the chances of it being an effective cryptosystem are limited. Just because nonlinear systems produce complex-looking results does not mean that these results are unpredictable given enough data. Now, maybe this particular fractal cryptosystem idea will actually work well. I don't know; I haven't seen it. But the point is that these complex types of systems have not provided a good foundation for crypto- graphy in the past. sci.crypt messages are available on (at least) ripem.msu.edu, in /pub/crypt/sci.crypt. In that directory there is a file "subjects", which lists all the subject lines by message number, as well as a collection of files each of which holds a couple of months' worth of messages. You can grep the subjects file to find those messages which might be i{terested. The archives appear to go back a couple of years. Hal From unicorn at access.digex.net Thu Nov 11 23:59:23 1993 From: unicorn at access.digex.net (Dark) Date: Thu, 11 Nov 93 23:59:23 PST Subject: privacy/property Message-ID: <199311120757.AA23496@access.digex.net> -----BEGIN PGP SIGNED MESSAGE----- - -> As I recall, Dark, INS v. AP is copyright/First Amendment case, not a privacy case. (International News Service was cribbing from AP stories.) What does Brandeis say in this case that seems to be a reservation about privacy rights? <- Although the basis for the case was superficially a copyright case, because it involved injunctive relief, the Justices had to reach for a protection of property rights to uphold the injunction. This was my point, that privacy should be linked to property rights so as to open the way for more than simple forced transactions by entitlement and monetary damages in relief. Consider Justice Brandeis' comments at the beginning of his dissent: No question of statutory copyright is involved. The sole question for our consideration is this: Was the International News Service properly enjoined from using, or causing to be used gainfully, news of which it acquired knowledge by lawful means [...] _International News Service v. The Associated Press_, 248 U.S. 215, at 249 (Brandeis, J., Dissenting). As for the hook in on property and privacy, consider: The general rule of law is, that the noblest of human productions - - knowledge, truths ascertained, conceptions, and ideas - become, after voluntary communication to others, free as the air to common use. Upon these incorporeal productions the attribute of property is continued after such communication only in certain classes of cases where public policy has seemed to demand it. _International News Service_, 248 U.S. 215 at 250 (Brandeis, J., Dissenting). This is just in 1918. Even here we see the public sphere taking the lead role. Enter the progressives of the 20's. This was a touch beyond my point, however. My focus was more that even back then there was a recognition that intellectual production had to be guarded with property rights. Applying the law of capture to intellectual pursuits like the news? If privacy rights existed, why go so far? Business and proprietary news protected by a long stretch of property rights? To me this is just a bridge to jump the missing privacy rights gap. Granted this is not an ideal case, but it illustrates the attitude (and it was the only Brandeis case that jumped to mind when replying quickly to your note :) ) - -uni- (Dark) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLONAHRibHbaiMfO5AQFiGAP/Ud06AWsAgqXQSYX5P3DNxtTgqv7HO+OJ QZnj93GuzQSETJmWNBaVCEbD/5xPQC3MKt1h9gbPY9Fai9rx+8djiocWKWF1UXFH i/4tkKEUN4YwcOJWPoO6EFS/ykgLo25NRiJkLEbhxm4ge/34VX3CxQ5FfNSdRI3o m5Be07dvFJk= =fsg8 -----END PGP SIGNATURE----- From gtoal at an-teallach.com Fri Nov 12 04:39:28 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 12 Nov 93 04:39:28 PST Subject: (fwd) Netcom adds access in Denver area Message-ID: <7321@an-teallach.com> In article <199311111815.KAA05545 at mail.netcom.com> tcmay at netcom.com writes: > The best things about it: flat monthly fee ($17.50), unlimited connect > time, full range of services (much better than most universities have, > folks tell me), and--best of all--your Netcom account won't change > when you change jobs! And posting with Netcom presumably won't run the > risk of angering your employer. Unfortunately, your netcom account also won't change when you change internet vendors. What everyone should have is their own domain name; netcom offers this service (a la david at sternlight.com) for, I think, $45/month. Anyone who's interested in a better deal might like to check out internet.com who offer your own domain (and a single user id) for $75/year. You get your mail rewritten by them to your ordinary account elsewhere (eg tcmay at netcom.com) and can move the domain with you should you ever be dissatisfied with internet.com's service. Apologies, btw, for not talking about code, but I guess if Perry hasn't flamed Tim yet he's not going to flame me for posting this either :) > I'm thrilled that Netcom is expanding so rapidly. I'd be more thrilled if they were doing what demon do and putting people's own sites on the net under SLIP for a flat rate (with demon it's 10 pounds per month - call it 15 bucks) and just ordinary phone- call costs on top. [If netcom now does this, apologies - it's been some time since I looked into the US slip culture] This *is* a cypherpunks related goal IMHO, because everyone having their own site at home rather than just using their PCs as terminals to systems like netcom means they can *much* more easily integrate pgp into their routine mailing life. (Uploading and downloading pgp mail is such a hassle for some people - like prz himself - that they just don't do it...) G From gtoal at an-teallach.com Fri Nov 12 04:49:31 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 12 Nov 93 04:49:31 PST Subject: Mounting a "Secure" filesystem in UNIX Message-ID: <7322@an-teallach.com> In article sameer at uclink.berkeley.edu writes: > I was wondering if it was possible to mount a "secure" > filesystem/partition using Linux or some other free version of UNIX, > so that it's inaccessible if logged in remotely, but accessibly when > logged in locally. > That way I can store my PGP secret key on the "secure" > filesystem, and keep telnetd enabled. > > Any thoughts? I think the best you can do is to create a secure chroot subshell which anyone logging in anywhere but from the console gets put into. [When I wrote such a shell as an experiment, I found it very difficult to do properly when the system had multiple partitions - I could only get it to work on a machine that had a single pack. So if you're starting from scratch, my suggestion is to use netbsd and start off with your entire disk on a single partition - don't have the traditional small root partition. If you get that far I have some code I can mail you.] G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From gtoal at an-teallach.com Fri Nov 12 04:59:33 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 12 Nov 93 04:59:33 PST Subject: Politics on the List? Message-ID: <7323@an-teallach.com> In article <199311120422.UAA28483 at mail.netcom.com> tcmay at netcom.com writes: > Of course, I notice that very few of us are writing any code these > days. Some of the remailer wizards are still revising their code, and > a few C-punks are trying to implement DC-Nets in code. But the vast > majority of the 500+ folks on this List are either not writing crypto > code, or are keeping silent about it. Just FYI, I'm working on integrating pgp to the mailer that comes with 386bsd. I hacked it first a long time ago, and never gave it out because it had a lot of loose ends - now I'm tidying them up so that I can give it out and people won't have to be careful what they type to avoid some of the misfeatures... > The intent of the "Cypherpunks write code" line, if I can venture a > motivation (it was of course Eric's line), is that we are more > interested in seeing the Brave New Crypto World happen than in just > jawboning about export laws, the Zimmmermann case, and whether > libertarians are right and socialists are wrong. The intent of 'Cypherpunks write code' is that Perry can dump on people talking about anything other than code ;-) (When we *do* talk about practical stuff he tells us its impractical or been done before or pointless, or that we should stop *talk*ing about it and go away and do it...) I'm surprised we bother running a list at all actually. We should all be locked away in our garrets hacking I guess. (What I'm really saying is that this list clearly serves a purpose, and it is evolving into its own character, whatever that may be, despite the efforts of the early founder members to keep it on some tightly defined track that they once conceived it as. I don't see this evolution as being a problem, and I'm slightly (though not to Detweilerian proportions) annoyed whenever people like Tim or Perry pull rank and try to limit the topics of discussion, when on closer inspection they're just as bad as the rest of us at drifting 'off topic'.) G From an12070 at anon.penet.fi Fri Nov 12 05:03:44 1993 From: an12070 at anon.penet.fi (S. Boxx) Date: Fri, 12 Nov 93 05:03:44 PST Subject: Dinkelacker II Message-ID: <9311121302.AA07765@anon.penet.fi> WHO is ARTHUR CHANDLER?! ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From gtoal at an-teallach.com Fri Nov 12 05:09:32 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 12 Nov 93 05:09:32 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <9311111430.AA28017@snark.lehman.com> Message-ID: <753109212snz@an-teallach.com> In article <9311111430.AA28017 at snark.lehman.com> pmetzger at lehman.com writes: >A single fiber optic strand has enough capacity in theory to carry the >equivalent of every call made in the U.S. during the peak capacity >utilization period on Mother's Day. A single fiber can carry more data >than can be transmitted by the entire radio spectrum from low >frequency AM to Ku band satelite. Thats bandwidth for literally >thousands of simultaneous video signals. "All the world's comms needs can be met with a single fibre" contrast this with a famous quotation from history... "All the country's computing needs can be met with a single computer" :-) G (It'll be a nice one to quote to my grandchildren in years to come...) From clark at metal.psu.edu Fri Nov 12 05:24:46 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Fri, 12 Nov 93 05:24:46 PST Subject: Bandwidth limitations Message-ID: <9311121335.AA15471@metal.psu.edu> pmetzger at lehman.com (Perry Metzger) writes: >Doug Merritt says: >> I hate to disagree, considering that I prefer to agree with the philosophy >> here, but it *can't* work that way, regardless of what we wish. >> >> The problem is that bandwidth is a highly limited resource, just like >> real estate is a limited resource. Eventually we will complete saturate >> network bandwidth no matter what technology is used. >I don't know about you, but I personally can't produce more than 750 >simultaneous videos at once for network distribution, so I suppose I'm >uninteresting, but even the people who can do more than that are >likely going to be fine. If they aren't, well, I suppose they could >get TWO fibers coming into their home, or maybe even TEN or ONE >HUNDRED if necessary. >I suspect that we have a wee bit longer to go than that. When people >start faxing themselves regularly we may have to go to slightly more >exotic technologies. Apparently, information-theoretically, there is a limit to the bandwidth available in any given area of space before overlapping of signal occurs. While I don't agree that it is likely to occur soon, eventually we will hit an information bottleneck; probably somewhere after we manage to use subquantal particles as signal-carriers. Our current system would, indeed, allow people to fax themselves regularly; in fact, I occasionally fax things to myself already. However, when people start doing genuinely exotic things, such as emailing their entire genome to their doctor; or emailing vast files on self-administered MRI tests to the hospital; or transmitting graphical images of components for something as simple as factory work; then we'll seriously have to think about theoretical bandwidth limitations. However, with any luck we'll be off the planet, and will have the infinite bandwidth we need by the time we need it. ---- Robert W. F. Clark PGP Key Available Upon Request rclark at nyx.cs.du.edu clark at metal.psu.edu From gg at well.sf.ca.us Fri Nov 12 05:29:30 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Fri, 12 Nov 93 05:29:30 PST Subject: Should we oppose the Data Superhighway/NII? Message-ID: <199311121328.FAA25705@well.sf.ca.us> RE "killing route 666," my primary objection is that there seems to be very little emphasis on increasing access at the grassroots level; the way things are going it will be 500 channels of commercial TV with "interactive" limited to Home Shopping and other trivial bullshit. I'm all in favor of common carrier status, guaranteed access for all, etc; but the current govt and private proposals & general moves like Bell/TCI, seem to miss the mark widely. -gg From clark at metal.psu.edu Fri Nov 12 05:43:43 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Fri, 12 Nov 93 05:43:43 PST Subject: Are we gatewayed to Usenet Message-ID: <9311121351.AA15525@metal.psu.edu> Never. I don't _ever_ want to see this made into a 'semi-private' mailing list. Extropians, for example, does this, and it's ended up being an incestuous, closed group, with extremely low signal-to-noise ratio; as the same groups of people chatter and blather about the same subjects to no end. I'd rather have the list the way it is. At least the noise is usually _new_ noise; and new signal comes in constantly. I even prefer it with L. Detweiler; perhaps he'll cease his rather garbled rants and return to being a constructive poster. In any case, if this sort of thing were ever to be put to a vote, I'd be emailing everyone I knew not to have anything to do with such a giddy, doomed proposal. ---- Robert W. F. Clark PGP Key Available Upon Request rclark at nyx.cs.du.edu clark at metal.psu.edu From clark at metal.psu.edu Fri Nov 12 05:53:41 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Fri, 12 Nov 93 05:53:41 PST Subject: Phiber Optik, and miscellaneous ramblings Message-ID: <9311121404.AA15560@metal.psu.edu> lex at mindvox.com (Lex Luthor) writes: >Please note that >Phiber Optik was probably the most mellow one of the MOD and having spoke with >him a number of times, it seems that he is not a malicious type. IMHO his >mistake was teaching his 'friends' in the group how to do certain things >without regard to what they intended to do with that knowlege. True; after reading a number of the charges against him, it appears they just threw whatever they could at him, in the hopes that something would stick. I find it oddly revolting that if a gang of teenage hoodlums were to enter a school and vandalize it, physically destroying the computers with hammers and spray paint, they would be considered harmless 'wild boys' and probably get a fine. Reform school at most. This is fine by me, however; if a fucking _smart_ kid just _accesses_ the piece of shit PCs that schools use, and alters his grade, then, in most states, that is considered a hideous crime worthy of federal crime. Granted, Phiber did a good deal more than that, but was he a _serious_ criminal? Did he make huge wads of cash? Is he living in some kind of fucking mansion from his vast profits? In my case, I'm disgusted by the data cops making more-or-less harmless rich kids with high-tech and inventive curiosity; perhaps a streak of malice; and too much time, into some kind of demonic threat to the nation. No wonder our smart kids are practically last in the civilized world, when we punish kids for being too smart and throw them in jail for being too dumb, while slashing education budgets. [As the astute reader may have gathered, the Author of this article has, himself, been busted for thoughtcrime; however, he's doing fine now, so don't worry.] Thanks for clearing the issue up, Lex; and consider me in wholehearted agreement. ---- Robert W. F. Clark PGP Key Available Upon Request rclark at nyx.cs.du.edu clark at metal.psu.edu From geoffw at nexsys.net Fri Nov 12 07:03:43 1993 From: geoffw at nexsys.net (Geoff White) Date: Fri, 12 Nov 93 07:03:43 PST Subject: (fwd) Netcom adds access in Denver area Message-ID: <9311121455.AA09451@nexsys.nexsys.net> > I'd be more thrilled if they were doing what demon do and putting > people's own sites on the net under SLIP for a flat rate (with demon > it's 10 pounds per month - call it 15 bucks) and just ordinary phone- > call costs on top. [If netcom now does this, apologies - it's been > some time since I looked into the US slip culture] Well InterNex is hooking people up via ISDN using PPP. This is a full 56 kbps link with domain name registration, and nntp feed for $150/month (plus your ISDN bill which will run $28/month + $.01 per minute) I have this installed in my house (nexsys.net) and it's great, there's never any need to leave my Sun at home, except for meetings and such, if your interested you can ftp their stuff from ftp.internex.net. From pmetzger at lehman.com Fri Nov 12 08:19:32 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 12 Nov 93 08:19:32 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311120641.WAA15638@mail.netcom.com> Message-ID: <9311121616.AA03341@snark.lehman.com> Doug Merritt says: > I understand. I think that we're looking at different sides of the same > coin. I'm taking the long view, where you're taking the short view. For > the next several years, I agree that bandwidth will continue to increase > even as cost-per-bit-per-second continues to fall. > > My previous comments were directed at the long term view, which may > be inappropriate to discuss at the moment, since naturally the long term > has no immediate pragmatic import. > > Just keep those comments in mind 5 or 10 years from now. ;-) Just one question, Doug -- in what sort of "Long Term" do you envision individuals needing to be able to send MORE than several thousand video signals worth of data simultaneously? Even if you put a camera facing every corner of every nook of your house, transmitted high quality audio from every square meter, wired every square inch with strain gauges and other sensors and was simultaneously transfering the entire contents of the library of congress over and over and over, you couldn't exhaust the potential bandwidth of a single fiber. If you need a bit more, you get two fibers. What applications do you envision that would require more bandwidth than this, even in twenty or thirty years? This is not to say that I don't believe that we won't eventually need something better -- if humans upload into computers and start operating billions of times faster such links will seem slow -- but at that point you aren't really talking about humans any more. What I want to know is what sort of applications do you envision that HUMANS might want more bandwidth for. Perry From sommerfeld at orchard.medford.ma.us Fri Nov 12 08:23:42 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Fri, 12 Nov 93 08:23:42 PST Subject: OMNI CARD In-Reply-To: <9311111839.AA14681@internal.apple.com> Message-ID: <199311121608.LAA00480@orchard.medford.ma.us> BTW, you can't take the cards apart. They fry themselves if you try. Uhh. Well, not exactly. The cards don't fry, but presumably the *key* inside them does. I've seen a SecurID card which had been pried apart; when you put the two halves back together, the LED went on again, apparantly into some "initialization mode". One assumes that the internal key had apparantly been fried; it was, however, apparantly possible to reinitialize the card with a new key. This may not defeat their security, but it may make it possible to recycle their old cards instead of buying new ones.. - Bill From sommerfeld at orchard.medford.ma.us Fri Nov 12 08:24:32 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Fri, 12 Nov 93 08:24:32 PST Subject: Politics on the List? In-Reply-To: <199311120422.UAA28483@mail.netcom.com> Message-ID: <199311121616.LAA00496@orchard.medford.ma.us> But the vast majority of the 500+ folks on this List are either not writing crypto code, or are keeping silent about it. There are undoubtedly a fair number of the latter; probably better than 50% of the cypherpunks subscribers I know around here (including myself) get paid to (among other things) work on software related to network security through cryptography. Random Rant (preaching to the choir, but..): The same day that I spent far too many hours attempting to get our DES-using products in synch with what we believe is a correct interpretation of the export regulations, I saw a post in sci.crypt from someone in Italy announcing that he had a copy of my HP48SX DES implementation (which is available for anonymous FTP from soda.berkeley.edu; disclaimer: it does ECB encrypt mode only, that's all I needed). - Bill From pmfitzge at fitz.b30.ingr.com Fri Nov 12 08:24:47 1993 From: pmfitzge at fitz.b30.ingr.com (Patrick M. Fitzgerald) Date: Fri, 12 Nov 93 08:24:47 PST Subject: Instant check system In-Reply-To: <2CE33AED@COURIER1.SHA.CORNELL.EDU> Message-ID: <199311121624.AA15772@fitz.b30.ingr.com> kone at COURIER1.SHA.CORNELL.EDU writes: > > Jim Miller asked about the "Brady Bill" instant check system. In > the House version no deadline is set for the nation wide system. An amendment was passed before voting that sunsets the Brady Bill to five years. So, effectively, there is a five-year deadline in the House version. This ignores the fact that the Feds have admitted that they cannot *force* states to perform the instant check. The Brady Bill only *suggests* that states implement an instant check. > I personly like the idea of instant check, if my privacy can be > preserved. The last thing I want is either a convicted > "rights-violator" with a weapon [...] Instant check will initially have some effect on criminals getting guns, but certainly won't stop them. From memory, I think the FBI estimates that over 80% of criminals get their guns from places other than gun shops (for example, from theft, private sale). And as the instant check is implemented, I imagine that the black market will grow further. But this doesn't belong on cypherpunks, so I'll shut up. > There should be a way for individuals to check on their own record, > as often as they want, yet not alowing for others to check. [...] I agree, this is important. In the Virginia instant-check system, which is a de-facto registration (since they also have a stupid "one gun a month" law), you cannot check your status unless you actually try to buy a gun. Recently, a law-abiding citizen mistakenly tried to purchase a gun after only 28 days. He failed the instant check. After a couple weeks, troopers showed up at his house and tried to arrest him. Seems that he had "made a false statement" on his paperwork, which is a felony. Luckily, he did some fast talking and they later decided to drop all charges. This whole business make me sick. -- Patrick M. Fitzgerald, pmfitzge at ingr.com ______ / ___ ) [The United States] can't be so fixed on our / __)/ /__ desire to preserve the rights of ordinary (_/it(_____) Americans ... - President William Clinton, March 1, 1993, during a press conference in Piscataway, NJ, as reported by "The Boston Globe", 3/2/93, pg 3 From pmetzger at lehman.com Fri Nov 12 08:29:32 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 12 Nov 93 08:29:32 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311120659.WAA17915@mail.netcom.com> Message-ID: <9311121626.AA03349@snark.lehman.com> Doug Merritt says: > Counterexamples to Joy's thesis are trivially found in cryptography, > and less obviously in things like computer generated holography. The latter > might easily become a GUI standard of the future, and will indeed require > VAX-MIPS-millenia of computation to compute in real time. > > They would also require similarly astronomical amounts of bandwidth to > transmit. By today's standards, that's ridiculous to assume. But by the > standards of 10 years hence, two dimensional video may well appear as > primitive as 110 baud text transmission does to us today. > > Judging the future by today's standards tends to leave one's predictions > high and dry. Three dimensional video would not require bandwidths that would make fiber optics wince -- even at the limits of human perceptional capacities. (Holography encapsulates the three dimensional image in a very high resolution piece of two-dimensional film. A digital analog would only require a large boost in resolution -- large by our standards, but not large by the standards of the bandwidth of fiber optic cable.) Given that even your best scenario for "expensive big application" comes up short, I don't see what the problem will be. I can easily envision what I would do with a computer ten thousand times more powerful than the one I have now. I can't see what I could do with a communication channel ten thousand times wider than what a bunch of fiber optics can in theory give me. Perry From tcmay at netcom.com Fri Nov 12 08:39:32 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 12 Nov 93 08:39:32 PST Subject: Politics on the List? In-Reply-To: <7323@an-teallach.com> Message-ID: <199311121636.IAA08573@mail.netcom.com> Graham Toals writes: > (What I'm really saying is that this list clearly serves a purpose, > and it is evolving into its own character, whatever that may be, despite > the efforts of the early founder members to keep it on some tightly > defined track that they once conceived it as. I don't see this > evolution as being a problem, and I'm slightly (though not to > Detweilerian proportions) annoyed whenever people like Tim or Perry > pull rank and try to limit the topics of discussion, when on closer > inspection they're just as bad as the rest of us at drifting 'off topic'.) The point of my last article was exactly this, that I drift "off topic" all the time. Far from "pulling rank" and limiting the topics (how could this be done? Eric has only twice, that I recall, called for a halt in some especially unproductive topic, one that Perry and I were involved in, ironically). It is true that we see messages of the form "Let's not waste time on topic foo, let's stick to our charter bar. Cypherpunks write code." I try to avoid this form, as my interests are all over the map. The political, legal, and economic issues surrounding crypto seem to me to be fair game for this list. More basic debates about the validity of taxation, the abortion/antiabortion debate, and religious arguments about Christians vs. pagans (or whatever) seem generally unfruitful and probably would be a waste of list bandwidth. (Which doesn't mean, I think, that they shouldn't come up now and again. It's just that back-and-forth arguments that are nothing more than restatements of initial postions are pointless.) On a more recent topic, the NII, I have several things to say that connect with this thread. First, I dropped out of the debate with Godwin and Perry and others when it seemed to reach a point of repeating initial positions. Second, I now have all three major NII position papers (Kalil's NII docs, the EFF Open Platform paper, and the CPSR position paper) and am rereading them with a more analytical eye, trying to figure out what the _real datahighway_ is intended to be....it's not at all clear. Third, the NII could have profound implications for crypto. For example, suppose the various law enforcement and business regulation goals (NII will be a business infrastructure, too) are used to limit strong crypto? Perhaps data packets will have to be tagged, analogously to license plates and to business licenses (have to be able to trace packets to ensure NII laws are complied with, that the originator has hired sufficient numbers of persons of color, and so on). (I can construct many plausible worries, and will do so in a longer piece.) So, I don't use the "Cypherpunks write code" mantra as anything more than a kind of ideal goal. Let a thousand flowers bloom. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From pmetzger at lehman.com Fri Nov 12 08:49:32 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 12 Nov 93 08:49:32 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <753109212snz@an-teallach.com> Message-ID: <9311121645.AA03366@snark.lehman.com> Graham Toal says: > In article <9311111430.AA28017 at snark.lehman.com> pmetzger at lehman.com writes: > >A single fiber optic strand has enough capacity in theory to carry the > >equivalent of every call made in the U.S. during the peak capacity > >utilization period on Mother's Day. A single fiber can carry more data > >than can be transmitted by the entire radio spectrum from low > >frequency AM to Ku band satelite. Thats bandwidth for literally > >thousands of simultaneous video signals. > > "All the world's comms needs can be met with a single fibre" > > contrast this with a famous quotation from history... > > "All the country's computing needs can be met with a single computer" You didn't understand the point. Not a SINGLE fiber. Each person would have their own fiber into a switched fabric the way everyone has their own phone line into a switched fabric. Each person would have all that capacity TO HIMSELF. If he needed more, he could get two, or even ten, not that he'll need more than one. Perry From pmetzger at lehman.com Fri Nov 12 08:53:41 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 12 Nov 93 08:53:41 PST Subject: Are we gatewayed to Usenet In-Reply-To: <9311121351.AA15525@metal.psu.edu> Message-ID: <9311121652.AA03383@snark.lehman.com> Clark Reynard says: > Never. I don't _ever_ want to see this made into a > 'semi-private' mailing list. Extropians, for example, > does this, and it's ended up being an incestuous, > closed group, with extremely low signal-to-noise > ratio; as the same groups of people chatter and > blather about the same subjects to no end. The participants would say that they have a very high signal to noise ratio. The fact that you didn't like the signals and would prefer different ones means you were not suited to the interests discussed on that list, not that the experiment has not been a success. Perry From pmetzger at lehman.com Fri Nov 12 08:54:32 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 12 Nov 93 08:54:32 PST Subject: Bandwidth limitations In-Reply-To: <9311121335.AA15471@metal.psu.edu> Message-ID: <9311121650.AA03375@snark.lehman.com> Clark Reynard says: > However, when people start doing genuinely exotic things, such > as emailing their entire genome to their doctor; The human genome fits nicely in 1GB. Mere Gigabit networks could allow you to send your whole genome in seconds -- and fiber can do many orders of magnitude better than that. > or emailing > vast files on self-administered MRI tests to the hospital; A complete MRI scan can be sent on a gigabit network in mere moments, too, and again, fiber can do far better than that. > or transmitting graphical images of components for something > as simple as factory work; If you can send a thousand video signals down your fiber at once, sending complete plans for a factory to build Fords, and the complete plans for the cars, will likely take a wink of an eye. Perry From hfinney at shell.portal.com Fri Nov 12 08:54:48 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Fri, 12 Nov 93 08:54:48 PST Subject: (fwd) Netcom adds access in Denver area Message-ID: <9311121654.AA07885@jobe.shell.portal.com> Unfortunately, netcom's nearest point-of-presence is a $.10/minute nighttime long distance call away from me. So this "free" service would cost me about $6/hour. There are several services which provide access via packet-switching networks which have hundreds of POP's, including some local to me. Two of these networks are Sprintnet and Compuserve's network (which is separate from the Compuserve service itself). These networks charge $2-$3/hour off-prime, so they are a better deal. But the carrying capacity of these networks seems somewhat limited, and you don't get the full throughput of your baud rate. There are resources available on the net, the "pdial" and "nixpub" lists, which provide lists of service providers for Internet access. I don't have access information handy.... Well, I just grabbed some info. Here is an excerpt from alt.internet.services FAQ: > *** 3.1: WHERE CAN I GET INTERNET ACCESS IN MY AREA? > Check out PDIAL, a list of public access service providers offering > dialup access to Internet connections. PDIAL lists both free and pay > services all around the world. The PDIAL list is posted semi-regularly > to alt.internet.access.wanted, alt.bbs.lists, ba.internet, and > news.answers. > > To receive PDIAL via e-mail, send mail with a subject line of > "Send PDIAL" to "info-deli-server at netcom.com". To receive future > editions as they are published, send email with the subject > "Subscribe PDIAL" to the same address. The most recent PDIAL is also > available by sending mail with a message body of > "send usenet/news.answers/pdial" to "mail-server at rtfm.mit.edu". To get > PDIAL via FTP: > ftp.netcom.com:/pub/info-deli/public-access/pdial > rtfm.mit.edu:/pub/usenet/alt.internet.access.wanted/P_D_I_A_L_(P) > > For more information about service providers and getting on the > Internet, read "FYI: Searching for Treasure" (FTP info at the end of > this document.) > > Another list of service providers, and tips on getting Internet access, > is provided in the "alt.bbs.internet" FAQ, available via FTP as > rtfm.mit.edu:/pub/usenet/news.answers/inet-bbs-faq.Z > > Access provider information from the book "Internet: Getting Started," > (detailed in the final section of this document) is available via > anonymous FTP as > ftp.nisc.sri.com:/netinfo/internet-access-providers-us.txt > ftp.nisc.sri.com:/netinfo/internet-access-providers-non-us.txt > > If you are a college student or faculty, check with your campus computer > center to learn about the online facilities available to you. Many > schools offer free accounts to students and staff. > > Next, turn to the Usenet community for assistance. Find out if there is > a local newsgroup for your area or state. For instance, Columbus, Ohio > users can check on the "oh.general" and "cmh.general" newsgroups. Many > other areas have regional newsgroups. Ask the locals questions about the > area - who better to know the answers? > > If all else fails, post your plea on the Usenet newsgroup > "alt.internet.access.wanted". Note that such requests aren't looked > kindly upon if posted elsewhere. > > *** 3.2: I NEED A BBS (ON THE INTERNET OR IN MY AREA)! > This is covered extensively in the "alt.bbs.internet" FAQ, available on > the Usenet group "alt.bbs.internet" or via FTP as > rtfm.mit.edu:/pub/usenet/news.answers/inet-bbs-faq.Z > > Also look for information on the Usenet newsgroups > "alt.internet.access.wanted" and "alt.internet.services". Get the PDIAL > list, mentioned at the end of this document. > > Also available is NIXPUB, a listing of over 100 free and pay-for-play > accessible systems. It is posted regularly to the Usenet newsgroups > "comp.misc", "comp.bbs.misc", and "alt.bbs". Retrieval information near > the end of this document. > > Also, for BBS information for your area code or specific interest, FTP > to: > wuarchive.wustl.edu:/mirrors/msdos/bbslists > I check these lists every so often, hoping to find cheaper access, but still no luck. But I agree with Graham Toal that a much better setup would be smarter software on my home PC, with an intelligent protocol for communication with the net service provider. I wouldn't care if it was UUCP, POP, SLIP, or whatever, at this point; it's probably better than semi-automated ZMODEM. I hope that these facilities become more widely available at a price of around $20-$30 a month or less. Paying hundreds of dollars a month for these capabilities is far beyond my budget. I can't understand why England is so far ahead of the U.S. in this regard. No offense intended, but I always thought of their telecommunications and computing infrastructure as being several years behind the U.S. Hal From cme at sw.stratus.com Fri Nov 12 09:03:41 1993 From: cme at sw.stratus.com (Carl Ellison) Date: Fri, 12 Nov 93 09:03:41 PST Subject: OMNI CARD Message-ID: <199311121700.MAA21161@ellisun.sw.stratus.com> This sounds almost identical to the Racal-Guardata Watchword. It's old technology (although making the unit small might be new). I have a Watchword on my desk as I write this. It's a calculator with authentication built in. There's my own DES key inside. To get to it, I enter 1 of 2 PINs. (the second is a "duress PIN" -- works but sounds a warning in the security office, saying that I have a gun to my head, if I use it for a challenge/resp). The system authenticating me gives me a 7-digit challenge number. I enter it and my Watchword gives me a 7-digit response number back. I then give that number to the system -- typed as a password or over the phone to a person. ------- The SecureID (which I carry in my wallet, against directions from the vendor) has my encryption key buried inside along with a calendar clock. Every minute, it encrypts the date and time with my key and displays 6 digits of the result. It has a keypad for entering a PIN which is then added (without carry) to the 6-digit result and that is displayed instead, if I've entered the PIN, for the next 5 minutes. This saves half the protocol (by sync of calendar clocks). - Carl From dmandl at lehman.com Fri Nov 12 09:09:33 1993 From: dmandl at lehman.com (David Mandl) Date: Fri, 12 Nov 93 09:09:33 PST Subject: Politics on the List? Message-ID: <9311121708.AA12887@disvnm2.lehman.com> > From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) > > But the vast majority of the 500+ folks on this List are either not > writing crypto code, or are keeping silent about it. > > There are undoubtedly a fair number of the latter; probably better > than 50% of the cypherpunks subscribers I know around here (including > myself) get paid to (among other things) work on software related to > network security through cryptography. I've always had problems with the slogan "Cypherpunks write code." It's a cute pun (if it was intended that way), but I think too many cypherpunks are techie-snobs. Writing code is all well and good, even crucial, but there are plenty of other things that can and should be done to further cypherpunk goals. Many many people have found out about cypherpunk developments through sympathetic articles in Wired, the Village Voice, etc. I've done long interviews with Tim May and Phil Zimmerman on my radio show. (And Perry Metzger and I are going to be giving a talk on crypto anarchy here in NYC in January. This is being sponsored by a local anarchist group. More details on this later.) Everything helps. I was moved to invite Tim May to be on my show last year not because of any beautiful code he'd written, but because I was inspired by some of his political/theoretical writing. You don't have to write cypherpunk code to be a cypherpunk. You don't even have to write code at all. There are plenty of other things to do that are just as important and just as exciting. P.S.: I'm not being defensive. I write code for a living, just not cypherpunk code (yet). --Dave. From mnemonic at eff.org Fri Nov 12 09:13:43 1993 From: mnemonic at eff.org (Mike Godwin) Date: Fri, 12 Nov 93 09:13:43 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311120715.XAA20441@mail.netcom.com> Message-ID: <199311121712.AA07012@eff.org> Doug Merritt writes: > I believe that history will vindicate me. The problem is that history > has vindicated me a number of times in the last 15 years, but no one > remembers by the time that the future rolls around. Solution: digital timestamping. --Mike From mnemonic at eff.org Fri Nov 12 09:14:33 1993 From: mnemonic at eff.org (Mike Godwin) Date: Fri, 12 Nov 93 09:14:33 PST Subject: Privacy, Property, Cryptography (long) In-Reply-To: <199311120644.WAA16116@mail.netcom.com> Message-ID: <199311121711.AA06984@eff.org> Doug writes: > Mike Godwin said: > >This quotation needs to be debugged a little bit. The actual quotation [...] > >as against the government, the right to be let alone--the most [...] > >(Note in particular that it's "let," not "left.") > > It's always nice to get quotations down correctly, but surely the > original "let" translates in today's speech to "left"? If not, I'd > like to hear about the difference. Oh, it means almost the same thing--there's only a slight connotative difference. But the issue for me is the precise accuracy of the quotation, not the nuance. I spotlighted that difference because otherwise it would likely be overlooked. If one prefers to "translate" rather than to quote, one shouldn't use quotation marks, IMHO. Besides, Brandeis's comment is perfectly good 20th-century speech--only six or seven decades old. --Mike From clark at metal.psu.edu Fri Nov 12 09:14:48 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Fri, 12 Nov 93 09:14:48 PST Subject: Bandwidth limitations Message-ID: <9311121723.AA16930@metal.psu.edu> Perry writes: [Elegant refutation of all examples I give in original article.] Point taken. Obviously, I took a few elementary examples, which are quite achievable even today. Perhaps some true bandwidth stretchers: Complete maps of all the known universe, with spectrographic assays, gravitational information, particle densities, motion/vector analysis of areas of high matter concentration, spin and orbital velocity graphs, etc. being zipped back and forth between relay satellites, earthbound observatories, and individuals needing such information. Complete records of all genomes of all humans born after this becomes standard. Copyright information, and rights transfers for all living humans; what portions of the genome are for sale, or if replication is prohibited. Perhaps black market genes will be hid, steganographically, in horrendously large files which appear to be garden variety vr porn. Voiceprints and retina scans for all living and dead human beings. Increasingly-detailed weather maps, down to the molecular level. Of course, what actually will happen will probably be stranger. When we had parchment, we had very narrow bandwidth, with very little to transmit.. Today, we have wide bandwidth, but a lot more ways to use it. I'm sure someone will find a way to use vast chunks of it; until we need come to a new standard. ---- Robert W. F. Clark PGP Key Available Upon Request rclark at nyx.cs.du.edu clark at metal.psu.edu From mnemonic at eff.org Fri Nov 12 09:19:32 1993 From: mnemonic at eff.org (Mike Godwin) Date: Fri, 12 Nov 93 09:19:32 PST Subject: privacy/property In-Reply-To: <199311120757.AA23496@access.digex.net> Message-ID: <199311121718.AA07076@eff.org> Dark writes: > No question of statutory copyright is involved. The sole > question for our consideration is this: Was the International > News Service properly enjoined from using, or causing to be used > gainfully, news of which it acquired knowledge by lawful means > [...] _International News Service v. The Associated Press_, 248 > U.S. 215, at 249 (Brandeis, J., Dissenting). I note that the ruling against INS would probably not occur today in the post-Feist world. > As for the hook in on property and privacy, consider: > > The general rule of law is, that the noblest of human productions > - - knowledge, truths ascertained, conceptions, and ideas - become, > after voluntary communication to others, free as the air to > common use. Upon these incorporeal productions the attribute of > property is continued after such communication only in certain > classes of cases where public policy has seemed to demand it. > _International News Service_, 248 U.S. 215 at 250 (Brandeis, J., > Dissenting). I don't see how this reads as Brandeis's having a reservation about privacy. Perhaps the premier legal theorist about privacy issues in the last 100 years, Brandeis is simply noting that privacy isn't a given--one must actively work if one is to preserve it. This is perfectly consistent with cypherpunk philosophy, IMHO. --Mike From tcmay at netcom.com Fri Nov 12 10:13:45 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 12 Nov 93 10:13:45 PST Subject: Invention and Digital Timestamping In-Reply-To: <199311121712.AA07012@eff.org> Message-ID: <199311121811.KAA17531@mail.netcom.com> Mike Godwin writes: > Doug Merritt writes: > > > I believe that history will vindicate me. The problem is that history > > has vindicated me a number of times in the last 15 years, but no one > > remembers by the time that the future rolls around. > > Solution: digital timestamping. As it now set up (cf. Haber and Stornetta), only a partial solution. The costs of digital timestamping are so low as to allow many variations of a hypothetical invention to be digitally timestamped. Thus, an inventor can later selectively disclose only the variations on an idea which turn out out to work. The "brilliant penny" scam in investments (which is: claim a penny can predict the stock market up or down for the next 10 days...store the 1024 "predictions" and then only open the envelope or whatever for the "winner." Then sell the brilliant penny to a gullible fool.). Certainly cheap digital timestamping is good for many applications. But for others, one can imagine higher prices, such as $5 to register an idea. This heads off certain kinds of "flooding." (Same solution, by the way, for the problem often raised of people trying to "guess" passwords or keys: charge a nominal fee and this is no barrier to the actual owner but a huge barrier to random guessers.) The timestamping service can still "collude" in a way by offering discounts to its friends. Scott Stornetta, currently of Bellcore, and co-inventor of the timestamping protocol discussed here, is spinning-off the ideas into a company. To be located in the Bay Area, not New Jersey. Crypto-savvy Cypherpunks in the Bay Area who want to work in this area might keep this in mind. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From davehart at microsoft.com Fri Nov 12 10:19:32 1993 From: davehart at microsoft.com (Dave Hart) Date: Fri, 12 Nov 93 10:19:32 PST Subject: Mounting a "Secure" filesystem in UNIX Message-ID: <9311121819.AA25880@netmail.microsoft.com> -----BEGIN PGP SIGNED MESSAGE----- | From: Sameer | | I was wondering if it was possible to mount a "secure" | filesystem/partition using Linux or some other free version of UNIX, | so that it's inaccessible if logged in remotely, but accessibly when | logged in locally. I know you want to do this with UNIX, but Windows NT allows you do this quite nicely. One of the "groups" of users is INTERACTIVE, another is NETWORK. You can specifically prohibit network users from accessing a file by adding "NETWORK - No Access" to the p ermissions list in File Manager. I do this with secring.pgp and secring.bak, on top of the restriction which allows only me to access the file. So even if someone guesses my password, they can't snoop on my private key except by physically being at my machi ne. == DaveHart at microsoft.com == Opinions are mine, not Microsoft's. == -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOPOM+mFbAJWprWtAQFihAQAoHfErGrFffPkJHeSdStjH8y+zHUAPv8I b9QP85l/jN545PKDB9iRBpqc6708DeXoR7Brm6vydElYDlvShzfpotcUxHtOO9bH vCGXd/lFKyF3d81Rhckn2DGqH9ab1yw587ofXfAKKzdt3tLpYDCLUdz8eMGLIZCD ILPaiKYryPI= =Nnzg -----END PGP SIGNATURE----- From pmetzger at lehman.com Fri Nov 12 10:49:49 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 12 Nov 93 10:49:49 PST Subject: Mounting a "Secure" filesystem in UNIX In-Reply-To: <9311121819.AA25880@netmail.microsoft.com> Message-ID: <9311121848.AA03516@snark.lehman.com> Dave Hart says: > -----BEGIN PGP SIGNED MESSAGE----- > > | From: Sameer > | > | I was wondering if it was possible to mount a "secure" > | filesystem/partition using Linux or some other free version of UNIX, > | so that it's inaccessible if logged in remotely, but accessibly when > | logged in locally. > > I know you want to do this with UNIX, but Windows NT allows you do this > quite nicely. The security properties of Windows/NT are currently unknown since it has seen little real torture testing. I know that people have tried to attack my firewall, and savagely. How many NT boxes have withstood such treatment? The NT security mechanisms are also more complicated, which in my opinion means there are more potential bugs. Lastly, Sameer has full source code to Linux (as does anyone who wants it). NT is a closed system, and there is no way to personally verify that code does what you think it should. I think its best to depend only on source available systems for security if possible. Perry From jim at Tadpole.COM Fri Nov 12 11:03:45 1993 From: jim at Tadpole.COM (Jim Thompson) Date: Fri, 12 Nov 93 11:03:45 PST Subject: Mounting a "Secure" filesystem in UNIX Message-ID: <9311121859.AA26978@tadpole.Tadpole.COM> I can't even begin to imagine the kinds of calls that Microsoft support will get with this 'feature' in place. "But it worked yesterday, and I haven't changed ANYTHING!" Jim From peb at PROCASE.COM Fri Nov 12 11:04:33 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Fri, 12 Nov 93 11:04:33 PST Subject: digital timestamping Message-ID: <9311121903.AA20106@ada.procase.com> I seem to have lost all information about how to use the Bellcore timestamper. Neither could I find their hash code in the Sunday NYT, last I looked (perhaps that was a slow week). Please post information on this, if you have it. Paul E. Baclace peb at procase.com From P.V.McMahon at rea0803.wins.icl.co.uk Fri Nov 12 11:04:50 1993 From: P.V.McMahon at rea0803.wins.icl.co.uk (P.V.McMahon at rea0803.wins.icl.co.uk) Date: Fri, 12 Nov 93 11:04:50 PST Subject: RE*2: (fwd) Netcom adds access in Denver area Message-ID: <"7702*/I=PV/S=McMahon/OU=rea0803/O=icl/PRMD=icl/ADMD=gold 400/C=GB/"@MHS> > these capabilities is far beyond my budget. I can't understand why England > is so far ahead of the U.S. in this regard. Do you refer here to its inexpensive private Internet access services (like demon)? Apologies if there was an antecedent in previous mail under this subject, but I have now deleted it. > No offense intended, but I > always thought of their telecommunications and computing infrastructure as > being several years behind the U.S. What aspect of the UK infrastructure did you perceive as lagging the US ? pvm Ps. I believe that the natural home for this thread isn't on this list. From jdblair at nextsrv.cas.muohio.EDU Fri Nov 12 11:05:07 1993 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Fri, 12 Nov 93 11:05:07 PST Subject: HARDWARE MAILING LIST ON-LINE Message-ID: <9311121924.AA17669@ nextsrv.cas.muohio.EDU > The hardware off-shoot of this list is finally on-line! You can subscribe to the list by sending a subscribe request of the form: SUBSCRIBE cp-hardware to listproc at nextsrv.cas.muohio.edu I have decided to call the list 'cp-hardware'. While perhaps this is somewhat more boreing of a name than punk-net, or the like, it is more descriptive of the list as a whole. Thanks to all of the people who sent me mail requesting to be on the list- your're requests are why I've set the list up. However, I decided it will be simpler for people who are interested to send the subscribe request themselves. This should eliminate, or rather minimize errors. So, if you sent me a request previously, you still need to send a request listproc. The intention is that the list will be a forum for discussion of hardware issues related to computer privacy, as well as dicussion, design, and hopefully construction of several projects. If the list gets going sufficiently well, I'll set up an anonymous ftp site for the storage of archive, schematics, and anything else that is related. When you subscribe, you will get a welcome message which describes what I see the list could be. Your feedback is appreciated. A short (very short) informational file can be requested by mailing INFO cp-hardware To listproc at nextsrv.cas.muohio.edu, although the welcome message is I think more descriptive of the list at this point. so, punks, why stop at writing code? Let's build hardware! -john From banisar at washofc.cpsr.org Fri Nov 12 11:08:01 1993 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Fri, 12 Nov 93 11:08:01 PST Subject: CPSR Alert 2.05 Message-ID: <00541.2835954991.594@washofc.cpsr.org> CPSR Alert 2.05 ============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @@@ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @ @ @ @ @@@@ @@@@ @ @ @ ============================================================= Volume 2.05 November 12, 1993 ------------------------------------------------------------- Published by Computer Professionals for Social Responsibility Washington Office (Alert at washofc.cpsr.org) ------------------------------------------------------------- Contents [1] Operation "Root Canal" Documents Released: Questions Raised about FBI's Digital Telephony Initiative [2] GAO Report Criticizes Gov't Crypto Policy [3] Health Care Plan Raises Privacy Questions [4] Hacker Sentenced to One Year Imprisonment [5] Matching grant for CPSR FOIA Work Offered [6] New Documents in the CPSR Internet Library [7] Upcoming Conferences and Events ------------------------------------------------------------- [1] FBI's Operation "Root Canal" Documents Disclosed In response to a CPSR Freedom of Information Act lawsuit, the FBI this week released 185 pages of documents concerning the Bureau's Digital Telephony Initiative, code-named Operation "Root Canal." The newly disclosed material raises serious doubts as to the accuracy of the FBI's claim that advances in telecommunications technology have hampered law enforcement efforts to execute court-authorized wiretaps. The FBI documents reveal that the Bureau initiated a well- orchestrated public relations campaign in support of "proposed legislation to compel telecommunications industry cooperation in assuring our digital telephony intercept requirements are met." A May 26, 1992, memorandum from the Director of the FBI to the Attorney General lays out a "strategy ... for gaining support for the bill once it reaches Congress," including the following: "Each FBI Special Agent in Charge's contacting key law enforcement and prosecutorial officials in his/her territory to stress the urgency of Congress's being sensitized to this critical issue; Field Office media representatives educating their contacts by explaining and documenting, in both local and national dimensions, the crisis facing law enforcement and the need for legislation; and Gaining the support of the professional associations representing law enforcement and prosecutors." However, despite efforts to obtain documentation from the field in support of Bureau claims of a "crisis facing law enforcement," the response from FBI Field Offices was that they experienced *no* difficulty in conducting electronic surveillance. For example, a December 3, 1992, memorandum from Newark reported the following: The Newark office of the Drug Enforcement Administration "advised that as of this date, the DEA has not had any technical problems with advanced telephone technology." The New Jersey Attorney General's Office "has not experienced any problems with the telephone company since the last contact." An agent from the Newark office of the Internal Revenue Service "advised that since the last time he was contacted, his unit has not had any problems with advanced telephony matters." An official of the New Jersey State Police "advised that as of this date he has had no problems with the present technology hindering his investigations." Likewise, a memorandum from the Philadelphia Field Office reported that the local offices of the IRS, Customs Service and the Secret Service were contacted and "experienced no difficulties with new technologies." Indeed, the newly-released documents contain no reports of *any* technical problems in the field. The documents also reveal the FBI's critical role in the development of the Digital Signature Standard (DSS), a cryptographic means of authenticating electronic communications that the National Institute of Standards and Technology was expected to develop. The DSS was proposed in August 1991 by the National Institute of Standards and Technology. NIST later acknowledged that the National Security Agency developed the standard. The newly disclosed documents appear to confirm speculation that the FBI and the NSA worked to undermine the legal authority of the NIST to develop standards for the nation's communications infrastructure. CPSR intends to pursue further FOIA litigation to establish the extent of the FBI involvement in the development of the DSS and also to obtain a "cost-benefit" study discussed in one of the FBI Director's memos and other documents the Bureau continues to withhold. ------------------------------------------------------------- [2] GAO Report Criticizes Gov't Crypto Policy A Government Accounting Office report has found that government policies are hindering the development of encryption technology at the same time the industry is threatened by economic espionage because of computer networks lacking adequate security. The report was requested by House Judiciary Chair Jack Brooks. The report _Communications Privacy: Federal Policy and Actions_ (GAO/OSI-94-2) also found that NIST followed the NSA's lead in developing cryptographic standards for communications privacy and that there has been little public input in this process. NIST terminated a project in 1982 to develop a public key encryption system at the request of NSA and in 1991 introduced a NSA developed standard for digital signatures. In addition, no public input was solicited for the Clipper Chip proposal until 1993, over three years after the initiation of its development. The report also noted the wide range of software and hardware available outside the US and that the continued export controls are apparently more stringent than those in other countries. This is apparently hurting sales of U.S. software and hardware products worldwide. Congressman Brooks said that "[I]t is deeply disturbing to find that some U.S. government agencies are undermining American corporations efforts to protect themselves from state-sponsored theft of trade secrets and other propriety information." Brooks also stated that "The plain truth is that encryption devices and software are available around the world. The barn door is open; the horses are out. It is high time for the government to accept this fact of life and stop hog-tying U.S. industry with overly restrictive export controls that damage this country's effort to compete in the global marketplace." The GAO report is available at the CPSR Internet Library (see below). A paper copy is available from the GAO by calling 202-512-6000. ------------------------------------------------------------- [3] Health Care Reform Plan Released Amidst Growing Concern About Medical Privacy The Clinton health care reform plan was released the same week that a new Lou Harris poll found high levels of concern about privacy among the American public. The health care reform proposal includes important privacy safeguards, but the measures may not go far enough to address public concerns. The Harris poll reveals that Americans are very much concerned about medical record privacy. The poll conducted by Prof. Alan Westin found that 49 percent of all Americans are very concerned and 30 percent are somewhat concerned by the threats to their personal privacy. An additional 56 percent believe that strong federal protection of medical records is necessary to accomplish health care reform. The health care reform proposal includes a strong code of fair information practices, and an explicit prohibitions on the use of medical record information for employment purposes. But the plan leaves open the question of whether the Social Security Number might be used as a patient identifier and also allows more than three years before full legislative safeguards are established. At a conference organized by the US Office of Consumer Affairs, CPSR Washington Office Director Marc Rotenberg and ACLU Privacy and Technology Project Director Janlori Goldman said that the health care reform plan raises far-reaching privacy concerns that must be addressed at the outset. The Office of Technology Assessment released a new report on medical records and privacy at a Congressional hearing held by Rep. Gary Condit (D-CA). "Protecting Privacy in Computerized Medical Information" explores the implications of the automation of health care information and recommends federal legislation to address patient confidentiality and privacy. An electronic copy is available at the CPSR Internet Library. (see below for location details). Senator Patrick Leahy (D-VT) recently held a hearing to explore the privacy implications of medical smart cards. The Senator plans to hold a second hearing on medical record privacy later this year. ------------------------------------------------------------- [4] Hacker Sentenced to One Year Imprisonment Mark Abene (a.k.a. Phiber Optik) was sentenced by U.S. District Court Judge Louis Stanton (E.D. N.Y.) to one year and one day for two counts of computer crime. He will serve a minimum ten months before he is eligible for release. He is also required to serve three years probation and to do 600 hours of community service. Abene pled guilty to two counts of computer intrusion in July relating to incidents of break-ins at a NY television station and a Southwestern Bell computer. He will begin his sentence on January 7, 1994. ------------------------------------------------------------- [5] CPSR Seeking Donors for Matching FOIA Grant A CPSR member who wishes to remain anonymous has offered a $500 matching grant to support CPSR's Freedom of Information Act litigation. If you are interested in supporting CPSR's FOIA work, please send a message to rotenberg at washofc.cpsr.org ------------------------------------------------------------- [6] The CPSR Internet Library The Congressional Office of Technology Assessment report "Protecting Privacy in Computerized Medical Information" /cpsr/medical/1993_ota_medical_privacy_report.txt The Clinton health care reform bill and overview (almost 8 megs) /cpsr/medical/clinton_health_care_reform/ (folder). The GAO report is available as 1993_gao_communications_privacy_report.txt in folder cpsr/crypto. The CPSR Internet Library is available via FTP/WAIS/Gopher from cpsr.org /cpsr. Materials from Privacy International, the Taxpayers Assets Project and the Cypherpunks are also archived. For more information, contact Al Whaley (al at sunnyside.com) ------------------------------------------------------------- [7] Upcoming Conferences and Events "Cyberculture Houston 93." Houston, Tx. December 10-12, Contact: cyber at fisher.psych.uh.edu. Worldwide Electronic Commerce: Law, Policy and Controls Conference. MultiCorp, Inc and American Bar Association. Waldorf Astoria Hotel, New York City. January 17 - 18, 1994. Contact: Fred Sammet (76520.3713 at CompuServe.COM), Phone (214) 516-4900, fax at (214) 475-5917. "Highways and Toll Roads: Electronic Access in the 21st Century" Panel Discussion. 1994 AAAS Annual Meeting. San Francisco, CA. Feb. 21, 1994 2:30 - 5:30pm. Sponsored by the Association for Computing Machinery (ACM). Contact: Barbara Simons (simons at vnet.ibm.com) "Computers, Freedom and Privacy 94." Chicago, Il. March 23-26. Sponsored by ACM and The John Marshall Law School. Contact: George Trubow, 312-987-1445 (CFP94 at jmls.edu). CPSR DIAC-94 "Developing an Effective, Equitable, and Enlightened Information Infrastructure." MIT Media Lab, Cambridge, MA. April 1994 (tentative). Contact: Doug Schuler (doug.schuler at cpsr.org). 5th Conference On Women Work And Computerization "Breaking Old Boundaries: Building New Forms." UMIST, Manchester, UK. July 2-5. 94 Abstracts by 10/1/93. Contact: Andrew Clement (clement at vax.ox.ac.uk) (Send calendar submissions to Alert at washofc.cpsr.org) ======================================================================= To subscribe to the Alert, send the message: "subscribe cpsr " (without quotes or brackets) to listserv at gwuvm.gwu.edu. Back issues of the Alert are available at the CPSR Internet Library FTP/WAIS/Gopher cpsr.org /cpsr/alert Computer Professionals for Social Responsibility is a national, non-partisan, public-interest organization dedicated to understanding and directing the impact of computers on society. Founded in 1981, CPSR has 2000 members from all over the world and 22 chapters across the country. Our National Advisory Board includes a Nobel laureate and three winners of the Turing Award, the highest honor in computer science. Membership is open to everyone. For more information, please contact: cpsr at cpsr.org or visit the CPSR discussion conferences on The Well (well.sf.ca.us) or Mindvox (phantom.com). ======================================================================= CPSR MEMBERSHIP FORM Name ______________________________________________________________ Address ___________________________________________________________ ___________________________________________________________________ City/State/Zip ____________________________________________________ Home phone _____________________ Work phone _____________________ Company ___________________________________________________________ Type of work ______________________________________________________ E-mail address ____________________________________________________ CPSR Chapter __ Acadiana __ Austin __ Berkeley __ Boston __ Chicago __ Denver/Boulder __ Los Angeles __ Madison __ Maine __ Milwaukee __ Minnesota __ New Haven __ New York __ Palo Alto __ Philadelphia __ Pittsburgh __ Portland __ San Diego __ Santa Cruz __ Seattle __ Washington, DC __ Virtual Chapter (worldwide) __ No chapter in my area CPSR Membership Categories __ $ 75 REGULAR MEMBER __ $ 50 Basic member __ $ 200 Supporting member __ $ 500 Sponsoring member __ $1000 Lifetime member __ $ 50 Foreign subscriber __ $ 20 Student/low income members __ $ 50 Library/institutional subscriber Additional tax-deductible contribution to support CPSR projects: __ $50 __ $75 __ $100 __ $250 __ $500 __ $1000 __ Other Total Enclosed: $ ________ Make check out to CPSR and mail to: CPSR P.O. Box 717 Palo Alto, CA 94301 ------------------------ END CPSR Alert 2.05----------------------- From paul at poboy.b17c.ingr.com Fri Nov 12 11:23:45 1993 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Fri, 12 Nov 93 11:23:45 PST Subject: Mounting a "Secure" filesystem in UNIX In-Reply-To: <9311121848.AA03516@snark.lehman.com> Message-ID: <199311121921.AA09914@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- Not that I'm a Windows/NT fan- quite the contrary; although my employer is the largest NT developer in the world behind Microsoft, I personally want no part of NT. > The security properties of Windows/NT are currently unknown since it > has seen little real torture testing. NT is presently being evaluated by the NCSC for C2 status. > The NT security mechanisms are also more complicated, > which in my opinion means there are more potential bugs. Absolutely correct. However, I take some comfort from the fact that Dave Cutler, of VMS fame, was the principal engineer on NT. For all its (myriad) other faults, VMS is fairly secure out of the box. > NT is a closed system, and there is no way to personally verify that > code does what you think it should. I think its best to depend only on > source available systems for security if possible. NT doesn't have source available. Neither does SunOS. Both support the same set of "open computing" protocols, so saying NT is closed is specious at best. Like the theoretical capacity of an optical fiber, using source-available OSs as the bedrock for your own secure system is wonderful in theory but extremely limiting in practice. - -Paul - -- Paul Robichaux, KD4JZG | Caution: cutting edge is sharp. Avoid contact. Intergraph Federal Systems | Be a cryptography user - ask me how. ** Of course I don't speak for Intergraph. ** -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOPh3iA78To+806NAQHmiwQAtb2x4xqaFa+l35IIDCMm/BSQxzW3uoUT HFXCqcUQNv7NZpOZ7J5wAkz39av/etcRFG908cPg0Hw3C5nUP6FooOegfiNicG41 lvsghouOMVKdz6vHIN32xccyVwDO9jTAIuIJmP/85IZInWtZhYYs9GO//EyTddKf SlfpYLDCCQc= =1unt -----END PGP SIGNATURE----- From unicorn at access.digex.net Fri Nov 12 11:29:33 1993 From: unicorn at access.digex.net (Dark) Date: Fri, 12 Nov 93 11:29:33 PST Subject: Privacy/Property Message-ID: <199311121927.AA08988@access.digex.net> -----BEGIN PGP SIGNED MESSAGE----- Mr. Godwin - -> I note that the ruling against INS would probably not occur today in the post-Feist world. <- Conceeded. Mr. Godwin - -> I don't see how this reads as Brandeis's having a reservation about privacy. Perhaps the premier legal theorist about privacy issues in the last 100 years, Brandeis is simply noting that privacy isn't a given--one must actively work if one is to preserve it. This is perfectly consistent with cypherpunk philosophy, IMHO. <- I concur, and add that this is a long cry from reading any "Right to Privacy" into the law. If indeed Brandeis is asserting that privacy isn't just "given" (Your assessment with which I agree) then isn't this a reservation about a existing "right to privacy"? It's possible, Mr. Godwin that the only level we differ on is semantics and definitional? I like the cypherpunk approach, very much. Self empowerment is a rewarding and self regulating regime. I would like to see broader remedies available for privacy enforcement. You can't sit on your porch with a shotgun all day and keep trespassers off. It's a well accepted premise that a determined attacker will always prevail, given enough resource. Or at least cause lots of problems trying. It would be nice if this were an option, but not the ONLY manner of protection. No? Cypherpunks is about change of attitude as well not so? - -uni- (Dark) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLOPi4RibHbaiMfO5AQG5cwP9HbYSlZuJlRVcyScCFVIjMui8m1MxoAfj G9pzvCqZN5PTSaZfMVFxSHcgqRSDiEpILdPZs7mI1+1vdZCNkNPcwHbBvVxuxIf+ IY0tavhtXBAll14c4RA1zq/82OlDqkBcBC+P8FtE1Juf+6MfRZwmrXjmpiWhsCNu Cg/l8xpdfVM= =h4K+ -----END PGP SIGNATURE----- From cme at sw.stratus.com Fri Nov 12 11:39:33 1993 From: cme at sw.stratus.com (Carl Ellison) Date: Fri, 12 Nov 93 11:39:33 PST Subject: Watchword Message-ID: <199311121934.OAA21468@ellisun.sw.stratus.com> One reader asked: >Will you please send me some additional information on Racal - Guardata >Watchword technology? I would appreciate any addresses you might have of >sellers, resellers, and the company itself also. Racal-Guardata is a British company, I believe, but they have a US office: Racal-Guardata 480 Spring Park Place Herndon VA 22070 1-800-521-6261 in VA: 703-471-0892 FAX: 703-437-9333 They make both authorization and encryption devices (all DES based, I believe). The WatchWord I have is a small 4-fcn calculator with an 8 digit display, 4 1/8" x 2 1/4" x 3/8" in its own vinal case. It has the normal buttons, including M+, RM, CM .... It also has an unlabeled red button. You press it and the fine print says "AUTH \n ENTER PIN". You enter your PIN and press "=" and it changes to "ENTER CHALL" You enter your 7-digit challenge number and press "=" and it shows you the 7-digit reply. (DES of the challenge number, using your key as selected (probably merely modified) by the PIN.) labeled "RESP". You clear that by turning the calculator off. Each unit can be programmed with a key of your choice. You don't have to use a key provided by your employer. (Note: if you use your own keys and have a good source of rannos, this is a hand-held DES encryption device. The operating rate is slow but the security should be full DES. (Alice generates a ranno and tells Bob in the clear, Bob encrypts ranno and adds in a 7 digit message fragment, tells that back to Alice who also encrypted the ranno.) It can hold two different keys, for two different services (machines, people, ...). The last I heard, a new model was coming out (I'm holding the old one -- from a year ago or more) which is more like a credit card in size but has all the same functionality. That one should be out by now and it was predicted to cost around $50. You need to ask Racal about it, if you're interested. - Carl From gtoal at an-teallach.com Fri Nov 12 12:13:44 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 12 Nov 93 12:13:44 PST Subject: Dinkelacker II Message-ID: <7471@an-teallach.com> In article <9311121302.AA07765 at anon.penet.fi> an12070 at anon.penet.fi writes: > WHO is ARTHUR CHANDLER?! Dunno, but if I'd remembered your ID about it three days ago I could have told you who S.Boxx was :-) ... I found a nasty bug in penet.fi whereby putting a return-receipt-to line in mail to an na01234-style ID caused that person's mailer to tell you who they were :-) (I did of course tell Julf within 24 hours, and it's now fixed. He wasn't too amused at being woken up by a phone call at 1am Finland time ;-) ) However, this isn't to brag; it's to warn anyone with an anon ID to look through all the mail they've received on their anon accounts (if they've kept it) and see if any of it has a Return-receipt-to field in it. If it does, your ID will have been compromised. I know a lot of Mac mailers put these in automatically, so a lot of you might already have been compromised by accident. G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From VACCINIA at UNCVX1.OIT.UNC.EDU Fri Nov 12 12:23:44 1993 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Fri, 12 Nov 93 12:23:44 PST Subject: Bandwidth limitations Message-ID: <01H58E3K6E4I0028OU@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- Perry writes: >The human genome fits nicely in 1 GB. Mere Gigabit networks could allow you >to send your whole genome in seconds -- and fiber can do many orders of >magnitude better than that. The human genome has approximately 3 x 10^9 base pairs. Each base is represented as the following binary code: G=1000, A=0100, T=0010, C=0001. Thus the human genome represents about 3 gigabytes of info (uncompressed), as Perry said easily transmitable by fiber optics. When you all do finally get your genome sequenced, the last thing you should do is let anyone see it (perhaps only small segments of it). I can think of no better use for cryptography than to keep citizens genomes to themselves. Would you give anybody a crystal ball which tells of your past, present and future? Some of us write genetic code and, IMHO, one's own genetics are a source code which should not be freely distributed. Scott G. Morham !The First, VACCINIA at uncvx1.oit.unc.edu! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLONRDD2paOMjHHAhAQHKTQP9ExGhcllgQrSVLPaucpEM+1/6HSUcyf71 OC4dloljbhV2S0qu1VnutiyPHa/OwZyDu0prXA1Xt+8q17CVsMKgmp38xVO/i1fy JOrw+9EOUE4K13HLGiH0GPE07gow8MoaYqIGN4a6gqHFDoejOi27zNoAz/gulVr9 0xNUIWSfE28= =Cvzf -----END PGP SIGNATURE----- From gtoal at an-teallach.com Fri Nov 12 12:24:49 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 12 Nov 93 12:24:49 PST Subject: Bandwidth limitations Message-ID: <7472@an-teallach.com> In article <9311121650.AA03375 at snark.lehman.com> pmetzger at lehman.com writes: > The human genome fits nicely in 1GB. Mere Gigabit networks could allow > you to send your whole genome in seconds -- and fiber can do many > orders of magnitude better than that. > > A complete MRI scan can be sent on a gigabit network in mere moments, > too, and again, fiber can do far better than that. > > If you can send a thousand video signals down your fiber at once, > sending complete plans for a factory to build Fords, and the complete > plans for the cars, will likely take a wink of an eye. Perry, I did understand your remark; I don't think you got the point of mine; give me a fiber and a computer fast enough to use it and sufficient disk space, and trust me, I'll find something to fill it with. Capacity increases to fill the available bandwidth/disk space/ whatever. Just because you don't have the imagination to think of how we'll use an essentially new medium in the future, don't write it off already. Here's one suggestion that is quite sensible given vast resources: instead of linear TV, we have parallel TV. I don't mean dial-on-demand download a program - I mean every single program ever made and every single movie ever made are broadcast down fiber simultaneously; - you want to see the 59th episode of Star Trek, you switch to the 59th episode of Star Trek channel, where it's going round and round as fast as it can be transmitted. Now, you do the sums. How much fiber does *that* need? (When you've done that one, add on the volume of transmitting a high-res scan of every page of every book in the world...) This may seem like an outrageous or stupid application *at the moment*, but I guess the guy at Manchester in the 50's who thought his computer would be enough to satisfy the needs of all our Universities over here would have thought that using the entire resources of his 64K giant machine to play Pacman on was totally insane, yet only 30 years later the same power was available in hand-held toys costing $20. G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From ajw at Think.COM Fri Nov 12 12:29:36 1993 From: ajw at Think.COM (Andy Wilson) Date: Fri, 12 Nov 93 12:29:36 PST Subject: Instant check system In-Reply-To: <2CE33AED@COURIER1.SHA.CORNELL.EDU> Message-ID: <9311122028.AA00561@custard.think.com> From: kone at COURIER1.SHA.CORNELL.EDU Date: Fri, 12 Nov 1993 02:27:00 -0500 [...] One final item, I do agree that weapon ownership is not the issue we should talk to, but how can we protect our privacy yet keep "rights-violators" from open access to weapons. William Kone "I have trained over a thousand young men to eat, sleep, and shoot with their weapon. But, I still get worried the first time I give them the rifels." I disagree with your premise that there is any need to keep "rights-violators" from open access to weapons. The Brady Bill will have no effect on crime. It is a pathetic band-aid solution that does nothing to address the real causes of crime. It will only result in more potential abuses of the rights of law-abiding citizens. 1. Criminals don't always buy weapons from liscensed dealers, and after the bill passes and the system is in place, they won't at all. But this will not keep even one criminal from getting a weapon. You can get weapons easily and cheaply on the street. 2. The waiting period will have no effect other than deny law-abiding citizens in imminent danger the right to defend themselves. When someone threatens to kill you, they are not going to wait seven days before they do it. This is especially urgent for people who are being stalked. The waiting period will not keep even one potential murderer from getting a weapon, but will result in anyone who is in danger being a sitting duck for seven days. 3. Any reason other than prior convictions as grounds for denial would be unconstitutional. Alleging mental illness in order to deny civil rights was a favorite tactic of the former Soviet Union, and has been used in this country not so long ago to deny civil rights to homosexuals. People with behavior patterns that don't fit the white bread norm do not forfeit their right to self defense. c.f. Szasz, "The Myth of Mental Illness". 4. Convicted murderers belong in jail. If we didn't let them out, we wouldn't need to check their backgrounds. The way to keep "rights-violators" from open access to weapons is to keep them in jail. In order for this to happen prisons need to be privately held profit-making entities. I don't think there is any need for either a backround check or a waiting period. Curiously, a police officer in Cambridge told me recently that there is a law still on the books in Massachussetts that it is unlawful for a head of household to be in public *without* a firearm on Sundays, the rationale being that the head of household is responsible for the defense of the family. I wonder if he is correct. Andy From pmetzger at lehman.com Fri Nov 12 12:49:36 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 12 Nov 93 12:49:36 PST Subject: Mounting a "Secure" filesystem in UNIX In-Reply-To: <199311121921.AA09914@poboy.b17c.ingr.com> Message-ID: <9311121957.AA03589@snark.lehman.com> Paul Robichaux says: > > The NT security mechanisms are also more complicated, > > which in my opinion means there are more potential bugs. > > Absolutely correct. However, I take some comfort from the fact that > Dave Cutler, of VMS fame, was the principal engineer on NT. For all > its (myriad) other faults, VMS is fairly secure out of the box. And the check is in the mail. At the last site I was at that used VMS, the security patches came in virtually weekly. The thing is more full of holes than swiss cheese. VMS stands for Virtually Missing Security. > > NT is a closed system, and there is no way to personally verify that > > code does what you think it should. I think its best to depend only on > > source available systems for security if possible. > > NT doesn't have source available. Neither does SunOS. SunOS does have source available. Large companies can buy sources because they feel they need them. Small users can use systems like Linux. How do I get sources to NT? I can get drop in replacements for virtually all the programs on SunOS, from "login" to inetd, and I can hack on them, for free. (BSD utilities work right out of the box most of the time.) How can I do that with NT? Perry From szabo at netcom.com Fri Nov 12 12:59:36 1993 From: szabo at netcom.com (Nick Szabo) Date: Fri, 12 Nov 93 12:59:36 PST Subject: CPSR Alert 2.05 In-Reply-To: <00541.2835954991.594@washofc.cpsr.org> Message-ID: <199311122058.MAA04465@mail.netcom.com> In the latest CPSR update: > "Each FBI Special Agent in Charge's contacting key law > enforcement and prosecutorial officials in his/her territory > to stress the urgency of Congress's being sensitized to this > critical issue; Isn't this a violation of the Hatch Act? Either on the part of the agents, or on the part of the "key" officials directly "sensitizing" Congress, or both. > An agent from the Newark office of the Internal Revenue > Service "advised that since the last time he was contacted, > his unit has not had any problems with advanced telephony > matters." Does the IRS conduct wiretaps? Does it need to obtain court order to do so? Nick Szabo szabo at netcom.com From mech at eff.org Fri Nov 12 13:13:44 1993 From: mech at eff.org (Stanton McCandlish) Date: Fri, 12 Nov 93 13:13:44 PST Subject: NEED STATISTICS ON LOST CRYPTO SALES Message-ID: <199311122112.AA12311@eff.org> Something of import, and something you can DO. Please see note at end. Pardon the crosspostings, but this needs to get around. _______ begin forward ____________________ NEED STATISTICS ON LOST CRYPTO SALES The Software Publishers Association (SPA) has been working to bring about the liberalization of export controls on mass market software with encryption capabilities. SPA's much-publicized study of the foreign availability of cryptographic products has clearly demonstrated the widespread and easy availability of encryption that is stronger than what U. S. firms have been able to export. However, NSA claims that software companies have not demonstrated sufficiently the economic harm they have suffered from export controls. Congress has told us that without better economic harm statistics, our chances of liberalizing the export laws are slim. Therefore, WE NEED YOUR HELP. If you or your firm has lost business because you have not been able to export your encryption product, please let us know. Be as specific as possible. It is the cumulative effect of this information that will be most compelling. Please pass this on to those in your firm who might know about these matters or might also be able to respond. Please send replies to i.rosenthal at applelink.apple.com or to Ilene Rosenthal, General Counsel Software Publishers Association 1730 M St. NW, Suite 700 Washington DC 20036 (202) 452-1600 ext. 318 or to Douglas Miller (same address) (202) 452-1600 ext. 342 ________ end forward _______________ Please also send this info to eff at eff.org! We're all in this one together! -- -=> mech at eff.org <=- Stanton McCandlish Electronic Frontier Foundation Online Activist & SysOp "A nation that is afraid to let its people judge the truth and falsehood of ideas in an open market is a nation that is afraid of its people." -JFK NitV-DC BBS 202-232-2715 Fido 1:109/1103 IndraNet 369:111/1, 14.4V32b 16.8ZyX Join EFF! For more information about membership, send mail to eff at eff.org From dsobel at washofc.cpsr.org Fri Nov 12 13:43:44 1993 From: dsobel at washofc.cpsr.org (David Sobel) Date: Fri, 12 Nov 93 13:43:44 PST Subject: "Root Canal" questions Message-ID: <00541.2835966052.614@washofc.cpsr.org> "Root Canal" questions >In the latest CPSR update: >> "Each FBI Special Agent in Charge's contacting key law >> enforcement and prosecutorial officials in his/her territory >> to stress the urgency of Congress's being sensitized to this >> critical issue; > >Isn't this a violation of the Hatch Act? Either on the part >of the agents, or on the part of the "key" officials directly >"sensitizing" Congress, or both. The Hatch Act applies only to "partisan" activity (i.e., electoral). There is, however, a very real question as to whether or not the activity we've uncovered might violate 18 U.S.C. Sec. 1913, which prohibits the use of "appropriated funds" for lobbying purposes. I'm in the process of looking into that. There's no way to read this material without concluding that the Bureau was undertaking an orchestrated, agency-wide lobbying campaign in support of the "Root Canal" initiative. BTW, anyone have ideas about that name!? David Sobel CPSR Legal Counsel From m5 at vail.tivoli.com Fri Nov 12 13:49:37 1993 From: m5 at vail.tivoli.com (Mike McNally) Date: Fri, 12 Nov 93 13:49:37 PST Subject: Instant check system In-Reply-To: <2CE33AED@COURIER1.SHA.CORNELL.EDU> Message-ID: <9311122140.AA15043@vail.tivoli.com> Andy Wilson writes: > ...open access to weapons...The Brady Bill... Let me just accelerate things here: The Brady Bill is just a gun-grabber Creationist plot to foil Nazi Abortionists who don't realize that Libertarinaism is the only true way to distinguish saffron from turmeric. And the new Star Trek *is* better than the old one. Nyaaa. -- Mike McNally From mg5n+ at andrew.cmu.edu Fri Nov 12 13:53:44 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Fri, 12 Nov 93 13:53:44 PST Subject: Bandwidth limitations In-Reply-To: <01H58E3K6E4I0028OU@UNCVX1.OIT.UNC.EDU> Message-ID: <4gt0JMi00Vp=N1TF8u@andrew.cmu.edu> VACCINIA at UNCVX1.OIT.UNC.EDU wrote: > The human genome has approximately 3 x 10^9 base pairs. Each base is > represented as the following binary code: G=1000, A=0100, T=0010, C=0001. > Thus the human genome represents about 3 gigabytes of info (uncompressed), > as Perry said easily transmitable by fiber optics. Um, minor correction: There are four base pair combinations, and each can be represented by two bits. > When you all do finally get your genome sequenced, the last thing > you should do is let anyone see it (perhaps only small segments of it). > I can think of no better use for cryptography than to keep citizens > genomes to themselves. Would you give anybody a crystal ball > which tells of your past, present and future? Frankly, if I had the kind of technology to easily sequence my entire geneome, I doubt I'd be content to just look at it. I'd probably be saying, "Hmm.. I don't like that gene, it might give me heart desease, I'll just use a modified retrovirus to substitute a better one..." :) Maybe one day genetic identification tests won't be so accurate as they are today. From jim at bilbo.suite.com Fri Nov 12 14:19:39 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Fri, 12 Nov 93 14:19:39 PST Subject: Instant check system Message-ID: <9311122217.AA24118@bilbo.suite.com> Mike McNally writes: > The Brady Bill is just a gun-grabber Creationist plot to foil > Nazi Abortionists who don't realize that Libertarinaism is the only > true way to distinguish saffron from turmeric. What about the Nazi Abortionists who *do* realize that Libertarinaism is the only true way to distinguish saffron from turmeric? Will we still be able to get guns? :-) I'm beginning to regret my 'Brady Bill and Instant Check system' post... Jim_Miller at suite.com From baldwin at LAT.COM Fri Nov 12 14:29:42 1993 From: baldwin at LAT.COM (Bob Baldwin) Date: Fri, 12 Nov 93 14:29:42 PST Subject: VMS Password security Message-ID: <9311122148.AA01051@LAT.COM> One of the barn-door sized holes in VMS was (still is?) that VMS used the Purdy Password hashing function. I considered using it for the Oracle RDBMS password function, but dropped the idea when I realized that it is possible to invert the hash function. I don't have my notes, but I recall that it only took me a couple days to work it out. The problem is that many passwords hash to the same value. It is actually hard to find out the true password that someone else chose, but easy to find another password that will hash to the same value. The hard part is finding a printable password that maps to the desired value. --Bob Baldwin From jazz at hal.com Fri Nov 12 15:04:39 1993 From: jazz at hal.com (Jason Zions) Date: Fri, 12 Nov 93 15:04:39 PST Subject: Should we oppose the Data Superhighway/NII? Message-ID: <9311122303.AA15768@jazz.hal.com> Okay, now let's look at Tim May's hypothetical case. Tim wants X-rated cable. But the first nine cable companies don't want to provide it. And the Metzger-Godwin Cable operation, which would provide it, can't get financing. There's a market for it, but there's also a barrier to entry. If there's a market for it, investors will poney up the money; that's just the way it works, Mike. I leave to your imagination what happens in the event that we *do* start the P-G Cable company, but content providers won't sell other programming to us so Tim is forced to choose between only X-rated cable--us--and cable services that provide other kinds of programming. (Tim may have no problem with this, but lots of other people in our market will want to watch CNN as well as X-rated videos.) Cable, like many other utilities, doesn't restrict you to a single provider. I can imagine having phone lines from two local loop providers to maximize redundancy; similar for an information utility, where the information provided will likely differ from one provider to another. In the cable business, two companies will not want to compete on price; they'll try to compete on content instead, each having exclusive material. The ideal situation from the cable companies' perspective is for customers to *want* to subscribe to more than one. The infrastructure will grow to allow it. Wouldn't it be better to live in a world in which the cable infrastructure, like the telephone infrastructure, could be serviced by competing providers, and at the individual level? We already have this with long-distance--if I want, I can have Sprint, MCI, *and* AT&T accounts and use them all from the same phone. Ultimately we'll have it in the local loop. If you have competition in the local loop on shared infrastructure - who owns that infrastructure, who maintains it, who allocates costs? Probably some neutral 3rd party, possibly regulated. Square one. > > They used the same wires, Perry. > > Nope, they didn't. If necessary, we can dig up references. Oh, you're saying that one couldn't make a phone call from one local phone company to another? Exactly correct; you had to know which company provided service to your party and use their equipment. Much like dialing 1-800 numbers from overseas; you have to contact the US operator for the company that provides 800 service and ask them to hook you up. Perhaps 800 number portability will solve that, though; are you suggesting something like the infrastructure that supports 800-number portability will appear at the local-loop level as well? Not any time soon; they can barely get the 800 number stuff to work right, and local loop is three orders of magnitude larger. Jason Zions From jazz at hal.com Fri Nov 12 15:19:40 1993 From: jazz at hal.com (Jason Zions) Date: Fri, 12 Nov 93 15:19:40 PST Subject: The Depravities of Cypherpunks Message-ID: <9311122319.AA15772@jazz.hal.com> >Also, I have mail from Mr. Jason Zions (jazz at hal.com) also complaining >that I violated Mr. Metzger's privacy in revealing his mailbomb to me >to the list as a whole. This strange code of cypherpunk chivalry I am >not familar with. It's not chivalry; it's copyright law. The creator of a message owns the copyright to that intellectual property; the recipient owns the copy of the message, much like one who buys a recorded album owns the copy of the work. The message you quoted contained the statement "Do not forward/reproduce this message" or words to that effect. That is a clear statement by the copyright holder which limits any redistribution rights that might have otherwise become yours upon receipt of the message. Given the nature of the communication (i.e. mention of potential email bombing), I believe you'd be within your rights to share the threatening content of the message with upstream mail host admins who might play a role in preventing such an occurance; but no further. It's also common courtesy. You can have significant disagreements with a person, yet still honor their simple requests. Jason From an7822 at anon.penet.fi Fri Nov 12 15:33:46 1993 From: an7822 at anon.penet.fi (Archimboldo) Date: Fri, 12 Nov 93 15:33:46 PST Subject: Key Sharing Protocols Message-ID: <9311122332.AA17912@anon.penet.fi> I'm working on an internal protocol for securing company records and I'd like to solicit some net.wisdom. One of my requirements is to ensure that no data is lost if an employee quits, is fired, dies, etc. At the same time, I don't want to have a security officer with the "keys to the castle" for every user. I've had these ideas, so far. * Use PGP for all encryption, for both E-mail and personal files on disk. * For personal files, encrypt with your own public key. This allows all files and communications to be encrypted while using one passphrase, which may be changed without having to re- encrypt files. To allow for loss of a passphrase, for whatever reason, use a secret sharing protocol to split the secret key of the user into several pieces, held by designated security officers. Reconstruction of the key will require cooperation by "n" security officers. I have some problems with this. * While I can extract the secret key from the user's private keyring, it is still encrypted by the user's passphrase. Is there any method for extracting an unencrypted key? * If there is no way to produce an unencrypted key, I could have the user extract her key after setting her passphrase to some standard value, and then change it again after extraction. * How can I ensure, without reconstructing the key from my secret sharers, that the key and passphrase I have been given are, in fact, correct. If I could produce an unencrypted key, I would just have to verify that this was the correct private RSA key. If the private key can only be extracted encrypted, I have to verify both the standard passphrase and the private RSA key. I would be interested in comments and suggestions on this proposed protocol and the unresolved issues. My intent is that a user be able to generate a key pair, run a job to split the key into n segments for the sharers and have the sharers able to verify that they have the correct key, without having to reassemble the key. Has anyone implemented code for any of the secret sharing protocols, or am I going to have to reinvent this particular wheel? ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From jazz at hal.com Fri Nov 12 15:39:41 1993 From: jazz at hal.com (Jason Zions) Date: Fri, 12 Nov 93 15:39:41 PST Subject: (fwd) Netcom adds access in Denver area Message-ID: <9311122336.AA15810@jazz.hal.com> Gee, it'd sure be nice if they showed up in Austin. Hint, hint. Jason From pdn at dwroll.dw.att.com Fri Nov 12 15:49:41 1993 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Fri, 12 Nov 93 15:49:41 PST Subject: Caller ID: belated thanks Message-ID: <9311122349.AA25999@toad.com> Many thanks to all the people who posted responses to the Caller ID question! I appreciate your time, thought, and responses. ........................................................................ Philippe D. Nave, Jr. | The person who does not use message encryption pdn at dwroll.dw.att.com | will soon be at the mercy of those who DO... Denver, Colorado USA | PGP public key: by arrangement. From pdn at dwroll.dw.att.com Fri Nov 12 16:13:45 1993 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Fri, 12 Nov 93 16:13:45 PST Subject: CPSR cypherpunks archive Message-ID: <9311130010.AA26436@toad.com> Dave Banisar sent us the November 12 CPSR alert [thanks, by the way!] which contained, among other things: > The CPSR Internet Library is available via FTP/WAIS/Gopher from > cpsr.org /cpsr. Materials from Privacy International, the Taxpayers > Assets Project and the Cypherpunks are also archived. For more ^^^^^^^^^^^^^^^^^^^ This caught my eye, especially in light of the recent postings about whether or not the cypherpunks postings should/should not be provided to Usenet. ........................................................................ Philippe D. Nave, Jr. | The person who does not use message encryption pdn at dwroll.dw.att.com | will soon be at the mercy of those who DO... Denver, Colorado USA | PGP public key: by arrangement. From mg5n+ at andrew.cmu.edu Fri Nov 12 16:19:42 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Fri, 12 Nov 93 16:19:42 PST Subject: Fractal cryptography In-Reply-To: <9311120740.AA19589@jobe.shell.portal.com> Message-ID: hfinney at shell.portal.com (Hal Finney) wrote: > There have been some discussions on sci.crypt within the past few months > on nonlinear/chaotic algorithms and their use in cryptography. Fractal > cryptography sounds like it might be related. The problem is that unless > an algorithm was SPECIFICALLY DESIGNED to prevent an intelligent > adversary from defeating it, the chances of it being an effective > cryptosystem are limited. Just because nonlinear systems produce > complex-looking results does not mean that these results are unpredictable > given enough data. Yeah, but how much data? Just because something can be solved given enough data doesn't help me break it if I need 10^37643254 bytes of data to do it. > Now, maybe this particular fractal cryptosystem idea will actually work > well. I don't know; I haven't seen it. But the point is that these > complex types of systems have not provided a good foundation for crypto- > graphy in the past. Well, here's a little test. The following numbers were generated using a chaotic function: 568139551155097445567935056793172821494566808655678121156334445567812121480659 Do you see a pattern? What function did I use to generate it? :) (Actually, assuming you knew what function I used, you could probably solve for the key if you had enuf raw output from the PRNG, so it's probably not completely impossible to solve the above, but that wouldn't necessarily help you decrypt a file which had been encoded with such a pad, unless you knew a lot about the format of the file.) From pmetzger at lehman.com Fri Nov 12 16:33:45 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 12 Nov 93 16:33:45 PST Subject: Fractal cryptography In-Reply-To: Message-ID: <9311130031.AA03966@snark.lehman.com> Matthew J Ghio says: > hfinney at shell.portal.com (Hal Finney) wrote: > > > There have been some discussions on sci.crypt within the past few months > > on nonlinear/chaotic algorithms and their use in cryptography. Fractal > > cryptography sounds like it might be related. The problem is that unless > > an algorithm was SPECIFICALLY DESIGNED to prevent an intelligent > > adversary from defeating it, the chances of it being an effective > > cryptosystem are limited. Just because nonlinear systems produce > > complex-looking results does not mean that these results are unpredictable > > given enough data. > > Yeah, but how much data? Just because something can be solved given > enough data doesn't help me break it if I need 10^37643254 bytes of data > to do it. Amateurs regularly develop systems and claim fantastic things for them. They then turn out to be trivial to break. This has made people who are even semi-pro like some of the folks on this list shake their heads and say "oh no, not another one" every time someone who hasn't read the literature claims to have come up with "the new great cryptosystem". This is the reason that people tend to be so skeptical of the constant stream of new proposals from such individuals. Its nothing personal -- its just the sort of jaded attitude you get when this sort of thing happens repeatedly. Perry From tcmay at netcom.com Fri Nov 12 16:34:41 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 12 Nov 93 16:34:41 PST Subject: CPSR cypherpunks archive In-Reply-To: <9311130010.AA26436@toad.com> Message-ID: <199311130034.QAA06115@mail.netcom.com> ..... > > The CPSR Internet Library is available via FTP/WAIS/Gopher from > > cpsr.org /cpsr. Materials from Privacy International, the Taxpayers > > Assets Project and the Cypherpunks are also archived. For more > ^^^^^^^^^^^^^^^^^^^ > This caught my eye, especially in light of the recent postings about > whether or not the cypherpunks postings should/should not be provided > to Usenet. > > ........................................................................ > Philippe D. Nave, Jr. | The person who does not use message encryption That _appears_ to just be a mirror of the soda.berkeley.edu site, that is, a buch of files, programs, rants, intros, etc. I could find no evidence of posts to the list being archived there. Again, the issue is not that the List be hidden, or secret....it obviously is fairly well-known by now. The issue is that of mailing list vs. newsgroup. Local gateways into a newsgroup format are much different than, say, "alt.cypherpunks" appearing around the world. Some would like this, some would not, but no one can say things would be the same if this came to pass. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From huntting at glarp.com Fri Nov 12 17:25:13 1993 From: huntting at glarp.com (Brad Huntting) Date: Fri, 12 Nov 93 17:25:13 PST Subject: Mounting a "Secure" filesystem in UNIX In-Reply-To: <199311121921.AA09914@poboy.b17c.ingr.com> Message-ID: <199311130124.AA01765@misc.glarp.com> >> The NT security mechanisms are also more complicated, >> which in my opinion means there are more potential bugs. > Absolutely correct. However, I take some comfort from the fact that > Dave Cutler, of VMS fame, was the principal engineer on NT. For all > its (myriad) other faults, VMS is fairly secure out of the box. I suppose "out of the box" means no DECNET then? From karn at qualcomm.com Fri Nov 12 17:53:45 1993 From: karn at qualcomm.com (Phil Karn) Date: Fri, 12 Nov 93 17:53:45 PST Subject: Caller ID In-Reply-To: Message-ID: <9311130152.AA29949@servo> >I believe the frequencies used for Caller ID are per Bell 202, a straight >FSK data standard. This is correct. Before Caller ID came along, about the only group backward enough to still be using Bell 202 are the amateur packet radio folks. So if you happen to be a ham with a packet TNC and a lot of spare time, you could consider reprogramming one to decode caller ID. Of course, you still have to sign up for the service before the CO will send you the data. And if your time is worth anything to you, it'd be better to just buy one of the modems that already has caller-ID built in. Phil From cvoid at albemuth.tatertot.com Fri Nov 12 17:59:42 1993 From: cvoid at albemuth.tatertot.com (Christian Void) Date: Fri, 12 Nov 93 17:59:42 PST Subject: Are we gatewayed into USENET? Message-ID: For a moment there, yes. But alas, I have the problem fixed. You see, I was gating the list into a local group for my own purposes, and was not aware my machine (albemuth) was batching the list outgoing. My smarthost asked about this as it was being junked on his end. Well evidently, the junking stopped and alas starting showing up on Netcom. The problem is corrected. Sorry if anyone is upset, but alas, shit happens. ;) Christian Void /T71 | "I don't like it, and I'm sorry I | VMResearch, Inc. cvoid at netcom.COM | ever had anything to do with it." | P.O. Box 170213 Tel. 1+415-807-5491 | -Erwin Schrodinger (1887-1961) | SF, CA 94117 * PGP v2.3a Public Key Available Via Finger * From VACCINIA at UNCVX1.OIT.UNC.EDU Fri Nov 12 18:33:44 1993 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Fri, 12 Nov 93 18:33:44 PST Subject: Bandwidth limitations, DNA binary coding Message-ID: <01H58QZWMFG2002CL4@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- Matthew J Ghio writes: >Um, minor correction: There are four base pair combinations, and each can be >represented by two bits. There are four base pair combinations, but HUGO (Human Genome Organization) has elected to use 15 letter symbols in it's representation of the genome coding sequence (X is any base, for instance). 15 symbols, 1 byte. >Frankly, if I had the kind of technology to easily sequence my entire genome, >I doubt I'd be content to just look at it. I'd probably be saying, "Hmm.. I >don't like that gene, it might give me heart disease, I'll just use a >modified retrovirus to substitute a better one..." :) Lee Hood is working on the technology (PCR, for which Kary Mullins just won a Nobel Prize will help) for sequencing large amounts of DNA code, granted it's 15 years away at least, but just wait. Also, Have you been reading French Anderson in the New York Times? As one of the people who helped design the "modified retrovirus" of which you speak (Retroviral Expression Vector, N2), I can tell you that they work great in cells that live in a dish and lousy in a whole organisms, don't trust your heart to them. We can, however, engineer you in other ways. Scott G. Morham ! The First, Vaccinia at uncvx1.oit.unc.edu ! Second PGP Public Key by Request ! and Third Levels ! of Information Storage and Retrieval ! DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOMCRz2paOMjHHAhAQG62wQAg2fHDYdhJADiz5KdEMTDCLg74IZ9onBQ TCrQcuFdiWBlB+Wt970a8zmur8Js5NdskpKYMiDCz6BKqEP1t17ZWPCL1lliTsPF gtikx9dTsCRiWbWKUzPPfiEDXDGO/GovuLVbC98dOyJrTVBjrBHsJtuXL21S/R+n 74C/S2k4o74= =jI3W -----END PGP SIGNATURE----- From mg5n+ at andrew.cmu.edu Fri Nov 12 18:39:42 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Fri, 12 Nov 93 18:39:42 PST Subject: Fractal cryptography In-Reply-To: <9311130031.AA03966@snark.lehman.com> Message-ID: "Perry E. Metzger" wrote: > Amateurs regularly develop systems and claim fantastic things for > them. They then turn out to be trivial to break. This has made people > who are even semi-pro like some of the folks on this list shake their > heads and say "oh no, not another one" every time someone who hasn't > read the literature claims to have come up with "the new great > cryptosystem". This is the reason that people tend to be so skeptical > of the constant stream of new proposals from such individuals. Its > nothing personal -- its just the sort of jaded attitude you get when > this sort of thing happens repeatedly. This is true. If you were specifically referring to the example I posted, it could probably be broken from the data presented if you really put your mind to it. However it is a fairly clever PRNG, and it takes quite a bit of data to get the exact pattern. It might not be feasible to create a cryptosystem using fractals and chaos functions, but I think the possibility could be explored a bit further... From pmetzger at lehman.com Fri Nov 12 18:49:56 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 12 Nov 93 18:49:56 PST Subject: Bandwidth limitations, DNA binary coding In-Reply-To: <01H58QZWMFG2002CL4@UNCVX1.OIT.UNC.EDU> Message-ID: <9311130249.AA04254@snark.lehman.com> VACCINIA at uncvx1.oit.unc.edu says: > There are four base pair combinations, but HUGO (Human Genome > Organization) has elected to use 15 letter symbols in it's representation > of the genome coding sequence (X is any base, for instance). 15 symbols, > 1 byte. 15 symbols, HALF a byte (actually a touch less.) One nybble can express 16 possible symbols (or one Hex digit, or whatever.) Plus, of course, the genome is highly compressable -- lots of repeated sequences, especially in interons. Perry From karn at qualcomm.com Fri Nov 12 19:19:42 1993 From: karn at qualcomm.com (Phil Karn) Date: Fri, 12 Nov 93 19:19:42 PST Subject: LAW: Wireless interception In-Reply-To: <7FaPcc1w165w@decode.UUCP> Message-ID: <9311130316.AA00717@servo> >Interesting reasoning here: "the reasonableness of a cordless telephone >user's expectation of privacy depends on the specific technology >involved." Considering that analog cell phones and cordless phones use the very same modulation method (FM), albeit at higher power for the cell phones (making them much easier to intercept than cordless phones at a distance), it would be much more accurate to say "...depends on whether the specific technology involved has a large US industrial base lobbying for it". Cellular is protected under ECPA because it's big bucks for some powerful US businesses. Cordless phones don't use a large domestic infrastructure that charges for airtime. The only money in cordless phones are in the phones themselves, which are invariably made overseas. And Japanese, Chinese and Korean businessmen can't vote in US elections. Phil From anonymous at extropia.wimsey.com Fri Nov 12 19:29:41 1993 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Fri, 12 Nov 93 19:29:41 PST Subject: Dr. Dobb's Editorial Message-ID: <199311130306.AA20780@xtropia> As mentioned, the December, 1993 issue of Dr. Dobb's Journal has an excellent editorial about the government investigation of PGP export and the general crackdown on cryptography. This issue also includes an article by Bruce Schneier describing the IDEA encryption algorithm. As usual with DDJ, source code is included: IDEA.C, apparently based on PGP source. Dr. Dobb's has published encryption source before. A few months ago there was an article by Burt Kaliski of RSADSI on using Montgomery multiplication to speed up an RSA implementation. Earlier there was an article on the (patented) Lucas public-key system. Both articles had source. No doubt there have been others as well. Here is the text of the editorial: Cryptography is like one of those West Virginia subterranean fires that smolder along coal seams for months before flaring up above ground. The current flame along the encryption firing line involves a pair of Federal grand jury subpoenas handed out to distributors of Phil Zimmermann's PGP ("Pretty Good Privacy") message signature and privacy software. Earlier this fall, the Austin Code Works (a Texas software distributor) and ViaCrypt (a Phoenix cryptography-tool developer) were slapped with demands to produce contracts, payments, correspondence, and related information concerning their international distribution of PGP and RSA cryptography source code. Neither company was told why they must turn over this information, nor were they given any indication of when or what the next shoe to drop might be. For the past year Code Works has been selling Grady Ward's Moby Crypto, a collection of crypto software that includes PGP, RSA, MD4, DES, and the like. Although not mentioned in the subpoena, Code Works has also been separately selling a DES encryption and decryption software package. For the time being, both have been removed from Code Works' shelves. ViaCrypt, on the other hand, licensed PGP from Zimmermann, combined it with ViaCrypt's DigiSig+ cryptographic engine, and released a toolkit called "ViaCrypt PGP," the first commercial PGP-based package. Interestingly, ViaCrypt is also a sublicensee of RSA public-key encryption from Public Key Partners, holder of the RSA patent and a big-time competitor and long-time critic of PGP. Ostensibly, the subpoenas are part of a U.S. Customs investigation into the export of PGP. (A letter the State Department's Enforcement Branch fired off to the Code Works begins with, "It has come to the attention of this office that your company is making cryptographic source code... available for commercial export....") State Department regulations lump cryptographic software with munitions and weapons, making it subject to export licenses as per International Traffic in Arms Regulation guidelines. However, Code Works' current advertisements clearly state that both Moby Crypto and DES Encryption are "not for export," and ViaCrypt says sales are made "export regulations permitting." In short, there's no indication that either company has exported crypto software, leading you to believe that the investigation is really nothing more than a fishing expedition. The timing is curious, considering that the Clinton administration views many high-tech export rules as antiquated Cold War laws that hinder U.S. trade. Consequently, the administration is rethinking export laws so that U.S. manufacturers can more easily export communications and other high-tech equipment - what's protected today may be fair game in a few months. Of course, the government also wants to make it harder to sell high-tech military equipment to renegade countries. Unfortunately, cryptography has a foot in both military and civilian communications camps. Neither the Code Works nor ViaCrypt had anything to do with developing PGP. You could even argue that Zimmermann really isn't the "author" of the software. True, he did write Version 1.0, but subsequent editions (2.3 is the current release) are the contributed efforts of U.S. and non-U.S. programmers who've created what's been described as the strongest, easiest-to-use encryption utility available to the public in source form. There's no question that PGP was exported, but neither is there a hint that Zimmermann shipped it overseas. He assiduously avoided the chance of _his_ exporting PGP, to the point of having other people upload the software to the nets. The bottom line is that PGP was legally on the net and anyone with a PC and a modem could have moved it across international borders - just as with DES, which has been on the nets and authorized by the government for more than a decade. Still, you have to wonder why the government is taking action now. PGP has been around for a couple of years. Maybe the Feds are upset that Zimmermann's encryption scheme is good - PGP is thought to be stronger than DES, the NSA and FBI reportedly can't crack it, and the thought of publicly available cryptography scares the dickens out of them. Or maybe the announcement of a commercial PGP-based application finally hitting the shelves prompted PGP's competitors to lean on the government. We just don't know, and the Feds aren't talking. The government is struggling to cope with a changing world, one in which technology has altered many of the old rules. Regulations, written for a paper-based society, aren't adapting well to digital reality. International electronic networks make it hard to control software distribution and information dissemination. Like wildfire, bank transfers and e-mail are circling the globe unfettered - and encryption is keeping secret the contents of these communications. But the means by which Washington is attempting to maintain control over cryptography is, in the long run, injurious to us all. From a business perspective, these tactics hobble U.S. companies from competing internationally. More importantly, the First Amendment guarantees us the right to speak in an encrypted way and insidious attempts to douse public access to cryptography, cloaked under the guise of software-export investigations, appear to stifle those rights. Jonathan Erickson editor-in-chief From mike at NetAcsys.com Fri Nov 12 20:19:41 1993 From: mike at NetAcsys.com (mycal) Date: Fri, 12 Nov 93 20:19:41 PST Subject: Fractal cryptography Message-ID: <2ce44fb5.acsys@NetAcsys.com> On Fri, 12 Nov 1993 19:31:09 -0500, "Perry E. Metzger" wrote: > > Amateurs regularly develop systems and claim fantastic things for > them. They then turn out to be trivial to break. This has made people Just to add a data point, chaos seems to be worth a look. MIT's Research Lab have created new signal-processors designs based on chaos theroy for use in secure communication. They are based on a recent descovery called synchronized chaos, where a transmitter and receiver synchronize with each other. I have a photo copy of an article in front of me but (blush) it has no identifying elements to it. I will look monday for the original and post the source. mycal From karn at qualcomm.com Fri Nov 12 20:40:15 1993 From: karn at qualcomm.com (Phil Karn) Date: Fri, 12 Nov 93 20:40:15 PST Subject: TEMPEST, Van Eyck Radiation, and Eavesdropping In-Reply-To: <199311090331.TAA18597@mail.netcom.com> Message-ID: <9311130439.AA01290@servo> >surveillance. In the United States it is illegal for an >individual to take effective counter-measures against >TEMPEST surveillance. This leads to the conundrum that it I really DO wish this particular bit of misinformation would go away! It is most definitely NOT illegal to shield one's computers against TEMPEST surveillance. In fact, the FCC requires that manufacturers limit the same spurious radiations that TEMPEST exploits to minimize interference to nearby radio and TV receivers. The details appear in Part 15 of the FCC rules. They are more stringent ("Class B") for devices intended for home use, since receivers are much more likely to be nearby than for devices intended solely for office use ("Class A"). The Part 15 interference rules for computers came into being in the mid 1980s, so anything you may read about the ease of intercepting computer emissions that was written before that time is somewhat suspect. Thanks to the rules, modern computers are FAR quieter than those sold in the 1970s and early 1980s, though they're still not completely silent. Phil From cme at sw.stratus.com Fri Nov 12 22:49:42 1993 From: cme at sw.stratus.com (Carl Ellison) Date: Fri, 12 Nov 93 22:49:42 PST Subject: random dot stereo benefactor Message-ID: <199311130649.BAA24349@ellisun.sw.stratus.com> For those who are interested, my source for the random dot stereo code was Tony Marotto: marotto at camb.com (Sorry, I still haven't tested it.) From an7822 at anon.penet.fi Fri Nov 12 23:33:45 1993 From: an7822 at anon.penet.fi (Archimboldo) Date: Fri, 12 Nov 93 23:33:45 PST Subject: Key Sharing Protocols Message-ID: <9311130732.AA07592@anon.penet.fi> > > I'm working on an internal protocol for securing company records > and I'd like to solicit some net.wisdom. > (...) > > To allow for loss of a passphrase, for whatever reason, use a > secret sharing protocol to split the secret key of the user into > several pieces, held by designated security officers. > Reconstruction of the key will require cooperation by "n" > security officers. I have some problems with this. > Sorry, I should have done some more reading before I posted. What I'm after is a "Fair Cryptosystem". I'm not happy with the whole idea of escrowed keys, but in this case, it's the best solution which will be accepted by this organization. Micali describes how the user can generate their own key and create verifiable pieces for the escrow agents. Does anyone know of code which implements this scheme? ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From ld231782 at longs.lance.colostate.edu Sat Nov 13 00:49:45 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sat, 13 Nov 93 00:49:45 PST Subject: The Courtesies of Cypherpunks Message-ID: <9311130846.AA19291@longs.lance.colostate.edu> From: jazz at hal.com (Jason Zions) >It's also common courtesy. You can have significant disagreements with a >person, yet still honor their simple requests. I owe no courtesy to someone who forfeits any respect in their atrocious misbehavior. This is as simple as the maxim, if you are a criminal your rights are diminished. If you mailbomb me, you have forfeited your `right to privacy'. If you email my postmaster a complaint about me before contacting me, you have forfeited your `right to privacy'. If you lie to me, you have forfeited your `right to privacy'. If you fail to adequately respond to my personal accusations of impropriety or criminality, especially meeting them with evasion or stonewalling, you have forfeited your `right to privacy'. If you have ever sent me mail as a Snake of Medusa or a Tentacle of a Monster, you have forfeited your `right to privacy' -- under ALL your pseudonyms and identities. If you ridiculously condone and endorse any such reprehensible behaviors under such patent idiocy as `respecting copyright' or `common courtesy', you have forfeited your `right to privacy'. If you have done any of the above to *anyone*, you have forfeited your `right to privacy' with respect to EVERYONE in your society! I also think you have forfeited your right to speak in that society as well -- maybe only temporarly -- but in situations where these kinds of outrageous behaviors are condoned by a corrupt moderator, no recourse except leaving or starting a new list is possible. In particularly obnoxious cases of criminal abuse, I will attempt to shame you into repentance by ridiculing you in front of people who appear to be your friends and community (presuming you actually have any), if all other measures have failed. (Even this may be ineffective, but if you have no shame, you have no humanity.) That is the Detweiler Code of Cyberspatial Ethics and Privacy. If it is incompatible with the Cypherpunk Code of Chivalry, my heartfelt condolences go out to you. Perhaps you would like to elucidate me as to which of the above practices require my RESPECT. As I was saying, psychopunks have elevated their religion of `privacy' and `pseudospoofing' to perverse extremes. ``The cypherpunk agenda is becoming indistinguishable from raw criminality.'' May you choke on your own poisons. Already, you wallow and drown in them and defile the naive, trusting, honest, and innocent daily on your list. Frankly, I can barely stand to be in the same Cyberspace with you. The `psychopunk core' of the cypherpunks is nothing but a fanatic, brainwashed religious cult. No wonder you guys identify with David Koresh. I assure you, future Cyberspace will not be big enough for the both of us. Go ahead, CENSOR me! For the crime of writing `FLAMEBAIT' or, equivalently, YELLING THE TRUTH. What depraved hypocrisy, that some psychopunks attempt to CENSOR ME indirectly by mailing my postmaster (who could care less about your sniveling whinings). You guys really do have *some* ethics, don't you? ``Don't ever DIRECTLY CENSOR ANYTHING!'' ``NEVER GET CAUGHT or be PERSONALLY ACCOUNTABLE or RESPONSIBLE for ANYTHING!'' From pierre at shell.portal.com Sat Nov 13 01:03:44 1993 From: pierre at shell.portal.com (Pierre Uszynski) Date: Sat, 13 Nov 93 01:03:44 PST Subject: The Depravities of Cypherpunks Message-ID: <9311130803.AA11910@jobe.shell.portal.com> Jason Zions thus emailed: > >Also, I have mail from Mr. Jason Zions (jazz at hal.com) also complaining > >that I violated Mr. Metzger's privacy in revealing his mailbomb to me > >to the list as a whole. This strange code of cypherpunk chivalry I am > >not familar with. > > It's not chivalry; it's copyright law. The creator of a message owns the > copyright to that intellectual property; Apart from the ridicule of this whole thing, there at least two different and independent issues here: Privacy issues and copyright issues. And I'm still not fully clear on the legal side of some of their subtelties (help from our legal types would be appreciated). In the case of private mail from one person to an other. I'm under the impression that the sender retains copyright ownership on the message, but that the receiver has the right to make the content public (as in disclosing what it is about, and that the communication occured). (This impression gleaned from -Syslaw, Lance Rose, Jonathan Wallace, 1992- in particular) How far the recipient can go in disclosing is not clear: posting the whole or part of the message seems to go against the ownership rule. Header notices like "Do not forward" or "reposting with permission only" do not change much the ownership issue, but do they alter the privacy issue? What is the origin of any right of the recipient to disclose the message to third party? For that matter, is there sufficient "intellectual input" in a short mail bomb / threat like the one that was used (if I remember) to cause significant copyright ownership? Apologies for nitpicking. It's just that the ownership/privacy issue is very important for the Future Net, and that I'm interested in THAT aspect of the war. > Given the nature of the communication (i.e. mention of potential email > bombing), I believe you'd be within your rights to share the threatening > content of the message with upstream mail host admins who might play a role > in preventing such an occurance; but no further. Given the nature of the communication, I believe it's clearly his rights to make the threats public... especially in the case where the threatener is his own sysadmin, and especially on this list where we can all (ahem... :-) benefit from knowing how things evolve (nobody forces anybody to read any of the longish drivel, mine included). > It's also common courtesy. You can have significant disagreements with a > person, yet still honor their simple requests. LOL This really cracks me up. I mean, that some bystanders still use the words "common courtesy", "disagreements" and "simple requests" when talking about this war. Remember both/either sides could have started using mail filters ages ago, instead they are now proudly mail bombing and reputation bombing. Just a bystander... maybe standing a bit in the middle... Pierre. pierre at shell.portal.com From sameer at uclink.berkeley.edu Sat Nov 13 02:09:45 1993 From: sameer at uclink.berkeley.edu (Sameer) Date: Sat, 13 Nov 93 02:09:45 PST Subject: REMAIL: Cypherpunks Anonymous Remailer Installation Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Finally, after a few months of slacking off, I've finally gotten this remailer installation thing cleaned up to release it. I'll be throwing this in /pub/cypherpunks/incoming on soda.berkeley.edu. The Cypherpunks Anonymous Remailer Installation Version 1.0 Installer: Sameer Parekh Remailer: Eric Hughes & Hal Finney, with minor modifications by Sameer Parekh - ----------------------------------------------------------------------------- This is the Cypherpunks Anonymous Remailer Installation Suite Version 1.0. By simply running the script "install_remail" included in the archive, you can very easily install a cypherpunks anonymous remailer service in almost any UNIX account. The anonymous remailer uses the .forward file to pipe all mail to the remailer system. If mail to the remailer account is not acted upon by the remailer software, it lands in the standard mailbox of the account. First on the TODO list is to make it so that non-remailer mail is acted upon in a fashion which allows an alternate .forward file operation. To install: gunzip and untar the archive: % gunzip RemailInstall.tar.gz % tar xfv RemailInstall.tar execute the remail_install program: % remail_install answer all the questions. The program automatically self-tests, and mails me a notice saying that the remailer is in operation. I plan on writing a system which will wait one week after receiving the notice, after which your remailer will be pinged. If the ping is received, your remailer will be added to my list of active remailers, updated and posted weekly to the cypherpunks list. (Not yet operable, but the installation script still sends a notice.) Remember that running a remailer is a sensitive issue on the net. If you choose to run a remailer, keep in mind that some powerful net-personalities object to anonymous remailers, endangering your access to the internet. Stay free, Sameer sameer at uclink.berkeley.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOSxbXi7eNFdXppdAQFGgwP/SlSe8zKTH2QDY47cjdjbfHaR7NPBTtYv BYQ5nmHauYVwhoZxLVPUrdYUc2Gfv/5zIbgjb3df5ZWIaY6qo4dcsUtFHIR1CIvx SYJkBrLw22Jqfal2g2Wqzg+PsiQcsjjxREEVzyHaN3uNaQwYShXtwAhQ4Rfb3Bu2 AN6ytzyqg1A= =UFzz -----END PGP SIGNATURE----- From ld231782 at longs.lance.colostate.edu Sat Nov 13 02:44:46 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sat, 13 Nov 93 02:44:46 PST Subject: The Religion of the Cypherpunks Message-ID: <9311131044.AA20370@longs.lance.colostate.edu> - EH & TCM statements on pseudospoofing - hypocrisies and the religion of pseudospoofing - the second pseudospoofing survey - a tale of two `cypherpunks' (Or: The Postmaster, The Magicians, and the Critic) EH & TCM statements on pseudospoofing -- >From `someone': >There is no conspiracy. EH and TCM have publicly stated several times >that they have never "pseudospoofed." Why would they go to such lengths >just to create an elaborate hoax and attempt to drive you crazy? There's >no conceivable reason. It's easily confirmed that there are hundreds of >real, unique individual people on the cypherpunks list. You see their >email addresses. This is crazy. I just don't see your point. You are >exhibiting MAJOR paranoia symptoms. Why do this to yourself? I missed the public statements by EH and TCM that `they have never `pseudospoofed'', despite my various requests, both public and private, over the past few weeks -- could someone email those to me? Mr. May told me he `had experimented' with the technique (I only say this because I think it is public knowledge at this point). I have seen some circuitous statements (quoted in the RISKS article) that pseudonyms are a fact of life in cyberspace, and `the situations you despise will occur.' None of these are very authoritative, IMHO. All the statements I have seen are far from conclusive, and they have consistently stonewalled and evaded me in private mail. (That is the *only* reason I have continued to escalate my rhetoric.) If they answered my simple questions, and been straightforward about their practices, I would have no objections, and I would have `gone away' a long time ago. hypocrisies and the religion of pseudospoofing -- One of the things I don't understand about this pseudospoofing religion thing -- if it is the cypherpunk religion, as hundreds of email messages have convinced me it is, why are so many cypherpunks so resistant to revealing their personal involvement? Isn't religion supposed to uplifting, something you can be proud of, something you can announce to the world? Why is there so much secrecy? You don't think there's anything wrong or criminal or shameful about what you're doing, do you? I suppose all the secrecy would be useful in promoting a *conspiracy*, but what's the use in that? Isn't the whole idea that you are trying to promote all these neat techniques to the whole world, so that everyone can use them? (Oh, that's that annoying egalitarian idea-- sorry, of course you have flamed that searingly.) I always thought that cypherpunks were against things like secret conspiracies and corruption. Or maybe they only are against it when a *government* is engaged in it. Private practice, so to speak, is entirely wholesome, commendable, useful, and desirable? I suppose that the more that people knew about widespead pseudospoofing, the less susceptible to it they would become, so the usefulness of the technique would be diminished. (the `robbing the treasury' principle I wrote about earlier --eventually it becomes bare!). Or, some people have these nagging taboos against it. For example, a net legend John Palmer supposedly is famous for it. Also, some people might just leave anywhere where the pseudospoofing was really prevalent. That would be unpleasant for anyone who wanted to practice it routinely on unsuspecting and unwilling participants. I suppose this secret conspiracy approach does fit in with some of the Extropian and cryptoanarchist ideas also, about elevating the idea of private companies, tax evasion, and black marketeering to the point of the complete dissolution of governments, etc. I asked a top Extropian leader about their official opinion on pseudospoofing -- neutral, pro, con, or undecided. He was quite upset by my question and refused to answer it, and cc:ed his response to all the other prominent leaders in the group. (I guess this could tie in with a letter by H.Finney to me saying that one of the Extropian leaders could help verify the independent existence of J.Dinkelacker.) I appreciate all the cypherpunks outlining their philosophies in so many forums. It helps me to understand what you all are about. For example, I just started posting to a list on Internet Mercantile Protocols, and was quite surprised to find a group of cypherpunks already there, strongly promoting things like completely untraceable cash and total anonymity (and criticizing all alternatives as Orwellian). In fact, one of them had written one of the most *beautiful* classic cypherpunk essays in favor of the Joy of Pseudospoofing (`tapping into new areas of the human psyche' or a `truer, more free debate', or something like that.) If anyone else knows of other cypherpunks posting to various Internet development project lists, esp. those related to digital cash or identification protocols, I would be interested in hearing from you. Have they generally been polite? Do they look at all sides of the issues? What do they have to say about identity protocols? Really, though, the bottom line is that anyone doesn't like to talk about their religion of pseudospoofing is nothing but a hypocrite. If pseudospoofing is OK, then why hide it? If you are hiding it, does that mean it is not OK? the second pseudospoofing survey -- As an example of this idea of disclosure, I asked two prominent cypherpunk `leaders' (who object to the term, and will remain nameless to protect their `privacy') to answer the following questions, which would obviously unequivocally resolve their own involvement in the practice of `pseudospoofing': > I will stop harassing you two personally over the issue of > pseudospoofing if you post the following, and cc: me: > > 1) how many identities each of you is currently maintaining > 2) how many U.S. states they span > 3) how many countries they span > 4) how many independent phone numbers you have established > 5) what mailing lists you are using them in, past & present > 6) what newsgroups you are using them in, past & present > 7) the people you have privately emailed under them > 8) how many other people you know in Cypherpunks who are routinely pseudospoofing > 9) their own responses to these questions > 10) your software capabilities in promoting the pseudospoofing agenda > 11) the number of hours per day you spend on pseudospoofing > 12) your future intentions in promoting the capability > > Note that I am not requesting that you actually disclose any of the > identities (or even close geographical information). Since you find > pseudospoofing entirely ethical, I see no reason you would object to > answering any of the above. > > Otherwise, `the beatings will continue until morale improves' > > p.s. what do you think of the RISKS article? I think it turned out > great. Hope to hear from you. > > If you wish to make your own demands, I'm negotiable. > I asked these questions because I was disapointed by the results of my survey I posted to talk.politics.crypto. While I received many responses, few were from the cypherpunks who had openly advocated pseudospoofing on this list. And the `core cypherpunk leadership' was completely unrepresented. I was laboring under the impression that everyone that passionately pursued pseudospoofing was also passionately interested in explaining their brilliant techniques! But it appears they are very reluctant to talk about their obviously highly refined culture of science, religion, and art of pseudospoofing. I greatly despaired that the cypherpunks were so unrepresented officially, especially given their strong advocation of pseudospoofing. Surely, they would want to let the world know about their religion! If they didn't, it might look like they were not holy saints but just lowly conspirators! Also, this could be the comprehensive official cypherpunk statement crafted by EH and TCM (revered cypherpunk leaders) on pseudospoofing that has so far eluded me. A Tale of Two `Cypherpunks' (Or: The Postmaster, The Magicians, and the Critic) -- So I devised this new variation of my previous survey, designed to be completely free of `invasions of privacy', and targeted at the core cypherpunk leadership. Sort of like a direct mailing approach. Anyway, in response to my questions, one of the two eminent cypherpunks was very terse, as he has a habit of being, and called my questions `inquisitional'. I guess he was referring to the Spanish Inquisition, where all kinds of grisly torture devices were used to extract `confessions' from supposed criminals (often completely innocent). I'm not clear of the connection. Perhaps someone could elaborate on this metaphor. The second cypherpunk was more grandiose and verbose in his rhetoric. He acknowledged that `I have resisted until now responding to your recent rants'. For those not currently familar with the unique language of the Pseudospoofing Religion, he was saying here that he has not answered any of my questions directly so far because, likely, the answers would be embarrassing, incriminating, humiliating or all of the above. He was so compassionate as to remark on my recent apparent strain over the topic of pseudospoofing, suggesting that I seek counseling or take a long vacation from the Net (thanks so much for your concern). Then he talked about how my `threats' especially the `violent ones' could not be `idly dismissed'. This cypherpunk has an extremely active imagination (this is evidenced in his love for great works of science fiction, especially those that refer to the blurring of identities). I'm not sure where he got the idea about `violence'. The only violence that has ever been involved is entirely metaphorical, happening on the plane of reputations and credibility. (I assure you that lately I am bloody myself!) Maybe he took the obviously satirical line about `continued beatings' literally. Ah, he is quite suggestible. I guess the only thing I can remember on this subject was Dinkelacker's letter to me, `you better start looking over your shoulder'. That was *definitely* unpleasant! Oh, and there was what's-his-name's comment, `I'm going to come over and kill your family with a rusty razor blade'. This cypherpunk goes on to say that I have turned myself into the `laughingstock of the Net [...]' from `your latest paranoid descent into fantasy in RISKS, and your email harassment of many of us.' As for `paranoid descent into fantasy', I think everyone understood this was a hypothetical scenario. Maybe Mr. Cypherpunk has information that suggests otherwise. If so, I would love to see it, as I'm sure everyone else here would too. Actually, it's all I've been aiming for over about a dozen posts and articles now. I'm not sure what he is referring to as `harassment'. I think some of the questions I have raised in my writings on pseudospoofing, and perhaps the questions above, he considers `harassing'. I'm quite at a loss as to why. The questions I included above are very innocuous. I would think that someone proud of themselves and their beliefs would humor me immediately in answering them, recognizing that I will not go away until they do so (and answering a simple question, of course, is just common courtesy). Certainly, I would fill out the questions myself, and am sure many other honest cypherpunks would see no invasion of privacy in doing so either (they are vague enough to protect privacy, IMHO, as designed to do, but of course I'm biased!). This cypherpunk closes by stating that `I have a strong feeling that you're going to have a very hard time getting a job in the computer industry after this spectacular series of rants.' Thanks, again, for your concern! Actually, I have made some very valuable contacts from professionals from the RISKS article, who are as concerned about these issues as I am. My mailbox has been quite deep with requests for the `Joy of Pseudospoofing' essay, first posted here! (Again, if anyone has not seen it, please email me.) I'm quite glad I managed to get in this prestigious journal, because now others can be aware of the potential abuses of widespread, systematic, routine pseudospoofing. The cypherpunks have been largely uninterested or critical in my writings on the subject, so it's very refreshing to find someone else in Cyberspace who can discuss something as important as pseudospoofing dispassionately, knowledgeably, and honestly. The `terse' cypherpunk had earlier notified my postmaster about my public posting here revealing Mr. Metzger's (prominent cypherpunk and close friend of the core leadership) mailbombing me and further mailbomb threats. He didn't find it necessary to notify my postmaster this time about my `inquisitional' questions. I guess he understood when my postmaster and I both sent him mail explaining why this was an inappropriate tactic. The second cypherpunk had not previously mailed my postmaster, but >I am taking the step I have never before considered doing, in more >than five years of active participation in the Net, of copying your >postmaster on this note. Maybe he can talk some sense to you. I guess the `terse' cypherpunk had not informed him that my postmaster was uninterested in his personal problems. (This is surprising, given their obviously strong affinity for each other.) But my postmaster did send him a note later explaining why he `didn't have time for this nonsense'. There do not appear to be any new developments along this line. I am crossing my fingers that my postmaster will not be further harassed by other cypherpunks. Anyway, I think he has already decided I have just offended a particularly vocal group of raving religious fanatics. (Some other people have gotten this impression from the RISKS article. Maybe the clarifications on pseudospoofing by the top leadership will help resolve all this.) I generally regard all these lamentations and supplications to my postmaster as extremely desperate attempts to censor me where all other efforts at silencing me have failed. Also, I think they are definitely invasions of my privacy. How many other people out there would like to have your postmaster bothered just because you offended some particularly sensitive people? Again, if you object to what I write, just stick me in your kill file. You will certainly save us both a lot of trouble! Mr. Hughes, our eminent and esteemed moderator, has recommended this numerous times in other contexts. I'm absolutely aghast and amazed at how many cypherpunks think that the most effective way of getting me to be quiet is to send me mail. It is quite a curious and perplexing approach. (Even more baffling was Mr. Metzger's procedure of sending me mail, saying essentially `do not reply to this or I will mailbomb you with 400 messages.' I respond to virtually all personal mail, but as I noted I have made a worthy exception for His Royal Eminence, as learned the hard way.) (I would like to thank those who have the power to censor me and have refrained. It shows you have a strong and admirable sense of morality. At one point someone told me `If I did not allow you to post, that would not be censorship'. I never understood the reasoning. But so far, it appears that the cypherpunks are generally opposed to direct censorship, although the indirect route is not taboo.) The bottom line is that my efforts at enlightenment, now spanning many weeks, have so far have gone `unrequited'. The top cypherpunks do not wish to reveal the extent their amazing feats of pseudospoofing. We can only continue to speculate on their sheer prowess and fantastic span! (I'm currently investigating the opportunity to do so in reputable publications -- email me and I will toss your offer into the current batch under consideration). I guess the Tantalizing Two feel that `a magician never reveals his secrets'. And what amazing feats of deception we have witnessed! Dozens of Rabbits emanating from a Single Hat, all while the magician says, `nothing up my sleeves!' Are there any stagehands or informed audience members that would like to comment on their masters' remarkable skill? So far, it is a remarkably unified front. But I am continuing to `cram' wedges into the cracks... Ah, the pity of it all. The tension, anxiety, and anticipation is driving me crazy! I wish to consummate this affair, so to speak! The spotlight continues to burn down hotly! When will the show be over? When can I go home? Tell my friends what happened in the end and write my review? When will the fat lady sing? p.s. anyone in Colorado, PRZ is giving a talk in Boulder on Sunday I think. if you email me I might be able to scrounge up the details somewhere in my piles of slobbering hate mail. From gg at well.sf.ca.us Sat Nov 13 03:10:01 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Sat, 13 Nov 93 03:10:01 PST Subject: Should we oppose the Message-ID: <199311131105.DAA01673@well.sf.ca.us> You ask, "why have telecoms prices been declining for years?" and cite overseas calls as an example. In fact, the actual cost of local service has gone up over 240% since deregulation, according to a detailed research report a friend of mine is about to publish. From jdwilson at gold.chem.hawaii.edu Sat Nov 13 03:43:49 1993 From: jdwilson at gold.chem.hawaii.edu (Jim Wilson VA) Date: Sat, 13 Nov 93 03:43:49 PST Subject: Big Mother can't protect our privacy In-Reply-To: <199311101900.LAA22288@mail.netcom.com> Message-ID: <9311131141.AA24839@gold.chem.hawaii.edu> > > Alan Wexelblat writes: > > > Hunh. Doug, I'm sorry to oppose you on this, but I think that the sort of > > bullshit pry-into-your-personal-life stuff that companies are resorting to > > these days is *exactly* the sort of stuff that cypherpunks would want > > stopped! > > > > Have you ever had to take one of these tests? Have you seen the questions > > they ask? I have been handed a test (in an all-too-recent interview) and > > after looking at the test I told them flat-out I would not take the test and > > if they hired people based on it then I wouldn't work at their company. > > > > [The questions have to do with all kinds of shit like "Have you ever had a > > homosexual experience?" and "Have you ever shoplifted anything?" and "How > > do you feel about XXX?". Totally unrelated to my job skills.] > > Simple solution: If you don't want to take the MMPI test (*), don't > work for that company. > > (* MMPI is the Minnesota Multiphasic Personality Index test, which > sounds like the test described here. It has a couple of thousand of > these questions. Without defending the analytical powers of this test, Tim: the MMPI has 600 questions, with approx 4x redundancy for indicators of deception, and *can* be manipulated to read whatever indicators (or non- indicators) you choose. All you need to do is visit your local medical library and do a little homework... -Jim From mg5n+ at andrew.cmu.edu Sat Nov 13 08:49:51 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sat, 13 Nov 93 08:49:51 PST Subject: Telecom deregulation In-Reply-To: <199311131105.DAA01673@well.sf.ca.us> Message-ID: "George A. Gleason" wrote: > You ask, "why have telecoms prices been declining for years?" and cite > overseas calls as an example. In fact, the actual cost of local service has > gone up over 240% since deregulation, according to a detailed research > report a friend of mine is about to publish. Please tell me you're not that stupid. The local companies haven't been deregulated. Only the long distance has been somewhat deregulated, while the local companies still enjoy a monopoly. Think about it...sheez... From mg5n+ at andrew.cmu.edu Sat Nov 13 08:54:51 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sat, 13 Nov 93 08:54:51 PST Subject: fractal crypto In-Reply-To: <9311130543.AA26841@tamsun.tamu.edu> Message-ID: > give a hint about the chaotic function you used... like what it > was x(1-x) or something else > > that would just leave the "key" to be determined... a reasonable test! hehe... I did something involving the trigonometric tangent function. The actual "key" isn't too complex actually... From cman at IO.COM Sat Nov 13 09:00:23 1993 From: cman at IO.COM (Douglas Barnes) Date: Sat, 13 Nov 93 09:00:23 PST Subject: The Religion of the Cypherpunks In-Reply-To: <9311131044.AA20370@longs.lance.colostate.edu> Message-ID: <9311131656.AA10352@illuminati.IO.COM> Go away and leave us alone, Mr. Detweiler. I am losing my patience. I use to think you had something to contribute; I used to think that it was cool that someone from my hometown was on the list; I used to think you were kind of funny. This stopped about the time you (quite seriously, and in some detail) compared me to Darth Vader... I convinced you I wasn't the "Hydra", so I was just a seducing minion. You have become major pest, you have done more than anyone else to disrupt this list and make it next to impossible for real work to get done on it (including work that would help mitigate problems of the kind you believe your "enemies" are perpetrating on you.) You persist in baiting the less-restrained members of the list with your antaigonistic, paranoid, policial/social rants, which have accomplished nothing producive, except to sap the energy of people who would otherwise be writing code, engaging in PR for our cause, educating one another, and working towards a consensus or at least an honest delineation of where we disagree as mature individuals (rather than characterizing folks as evil spawn of darkness). Note that your postmaster, when I contacted him, made it clear that he had instructed you to stop doing whatever it was you were doing that was upsetting people so much. If anything, you have gotten worse; you have turned this thing into a nonsensical, paranoid, one-man jihad against cypherpunks on a variety of *other* lists, while continuing your activities on this one. I intend to go beyond your postmaster on the next try, to various former classmates and old friends of mine who are computation center employees, faculty, and administration members at CSU now. Unless, of course, you cut this shit out and leave us alone, or at least go back on whatever medication you were taking before you went from a mildly annoying over- eager wannabe to a full-fledged psychopath. Doug -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 448-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From VACCINIA at UNCVX1.OIT.UNC.EDU Sat Nov 13 09:19:53 1993 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Sat, 13 Nov 93 09:19:53 PST Subject: Bandwidth limitations, DNA binary coding Message-ID: <01H59LQZ0IG20028BH@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- Perry writes: >15 symbols, HALF a byte (actually a touch less.) One nybble can express 16 >possible symbols (or one Hex digit, or whatever.) Oops, I stand corrected, 15 symbols half a byte. What I was trying to convey is that GenBank (the repository for genomic sequence data) has a specific format for binary representation of DNA sequence data. Most genomic analysis programs use GenBank sequence format now (some use EMBL which is similar) and probably will in the future. Thus, the half byte per GATC symbol is defined as convention, not by the fewest binary digits neccesary for encoding them. It may waste bandwidth but that's no problem for fiber optics. Which is how this thread started. >plus, of course, the genome is highly compressable -- lots of repeated >sequences, especially in interons. This brings up an interesting topic. There are four classes of DNA: Foldback DNA, highly repetitive DNA, middle-repetitive DNA and single-copy DNA. Foldback DNA consists of palindromic sequences which form hairpin like structures. Highly repetitive DNA is made up of short sequences from several to hundreds of bases long (repeated around 5 x 10^5 times). Middle repetitive DNA consists of longer sequences, hundreds or thousands of bases long (these appear hundreds of times in the genome). Single-copy DNA sequences are usually genes themselves, of which (in humans) it is estimated that there are around 1 x 10^5. Since the genome is highly redundant (in mammals up to 60% of the genome is repetitive sequence), you could probably compress alot of it just by designating symbols for specific repetitive elements. Most of the repetitive nature of the genome is found as highly repetitive sequence localized as tandem arrays (not in introns). However, a second class of element known as SINEs and LINEs are found in introns, gene flanking regions and intergenic regions. The most widely characterized SINE is the Alu sequence, which is approximately 300 bases long and scattered throughout the genome over 5 x 10^5 times. This constitutes 5-6% of the genome! That's a lot of compressability. I often wonder if the redundancy is a way to encrypt a species genome, thus keeping different species from genetic communication. The "key" being millions of random base pairings which allow like species to decrypt their own genetic code and successfully have progeny. Pairings between species that are too dissimilar would be a refractory event because the key is not homologous. By the way, genes are made up of exons and introns. Scott G. Morham ! The First, Vaccinia at uncvx1.oit.unc.edu ! Second PGP Public Key by Request ! and Third Levels ! of Information Storage and Retrieval ! DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOR1gj2paOMjHHAhAQFNZwP+Lv7Xv4bityeHd2L53fgY4seWKZX/Mkrw YmHv5hPpusiXx6jt2tVGPnPyH0TVtdFb5Cy1YVnvLydgU4FPblJAO7chWuc5EPXn 7/SQ29AuGrDnWu9gEGaQiqEUgn40idPgvDVVQPikAX8tn5OmWo8vygMwIYgicQUh Po8BHvPSLfg= =ek9F -----END PGP SIGNATURE----- From sameer at uclink.berkeley.edu Sat Nov 13 09:49:52 1993 From: sameer at uclink.berkeley.edu (Sameer) Date: Sat, 13 Nov 93 09:49:52 PST Subject: REMAIL: installer script not working Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I jumped the gun, and posted before I was ready. Oops. The installation script isn't working perfectly yet. Hopefully I won't wait two months before fixing these problems like I did last time. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOUdEni7eNFdXppdAQG6AwQAkJAoiz3KE7nYhS2JPmtP6u0VokIaJ1Dl TfgYEgNxqQhb3M1VBvM0vIaxtGk6K956+ji3W7WhpkJk65IBvmyVMm/O3b6ZFG1h kGQ9wjmUTOGageXag3fXCOGo3NFXi2WIhLyzix1u02Q+iw7Bwf2pSTztp60Mw32g ePTbENC128E= =8jWg -----END PGP SIGNATURE----- From huntting at glarp.com Sat Nov 13 10:09:52 1993 From: huntting at glarp.com (Brad Huntting) Date: Sat, 13 Nov 93 10:09:52 PST Subject: Should we oppose the In-Reply-To: <199311111115.AA03340@panix.com> Message-ID: <199311131806.AA01210@misc.glarp.com> >The problem is that bandwidth is a highly limited resource, just like >real estate is a limited resource. Eventually we will complete >saturate network bandwidth no matter what technology is used. This has >been discussed in various forums for many years. Eventually yes. Some media are already saturated (short wave), but in general, the terestrial bandwidth will not approach it's upper limit in our lifetimes. Terrestrial networks are limited only by the cost of putting down the infrastructure (fiber these days) and maintaining the equipment to drive it. A single fiber will of course have limited band width that will no doubt be reached in our lifetimes, but when that runs out, there's always more room in the trenches, and if there's a will, there's room for a new trench. As the existing infrastructure is paid off, and the monopolies which were granted for it's initial construction break up, the price of terrestrial bandwidth drops. There is no shortage of intra-continental bandwidth (at least not in populated wealthy areas such as north america, Singapore, etc). There may be a shortage of inter-continental bandwidth. The cost of laying undersea fiber makes it difficult for new competition to get a foothold and hence the market lends itself to de facto monopolies. brad From huntting at glarp.com Sat Nov 13 10:23:48 1993 From: huntting at glarp.com (Brad Huntting) Date: Sat, 13 Nov 93 10:23:48 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311111535.AA02116@eff.org> Message-ID: <199311131820.AA01281@misc.glarp.com> > It's not that simple, unfortunately. Once monopolies have been created > with government support, removing government intervention doesn't > automatically make competition happen. True... AT&T (and the RBOC's) have paied of most if not all of their infrastructure. This means that when upstarts like Wiltel or MCI come around and think about laying their own fiber, they have to be prepaired for the ex-monopoly to start price gauging. brad From klbarrus at owlnet.rice.edu Sat Nov 13 10:24:53 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Sat, 13 Nov 93 10:24:53 PST Subject: REMAIL: scan, folders scripts Message-ID: <9311131821.AA15215@arcadien.owlnet.rice.edu> Well, I put two PERL scripts I wrote at the ftp site (named misc.elm.scripts.tar.gz); here is the README file: scan is the script which prints out signature information of pgp signed messages (instead of where the message came from). Thus, if pgp signed mail is sent through an anonymous remailer, you see who signed the message instead of where it came from. The inner loop is ugly and needs major reworking; I've noted this below and in a comment in the code :-) It would be easy to include this in the mh 'folder' command, but I don't have mh anymore here on owlnet :( Integration into elm itself would be great. -----BEGIN PGP SIGNED MESSAGE----- These are two experimental PERL scripts I wrote which report information about elm mail folders. folders prints a summary of mail in your ~/Mail directory. It prints out how many letters are in each folders, and how many files are in each directory. ~> folders Folder austin : 4 messages Folder cypher : 20 messages Folder educom : 1 message Folder inc : 17 messages Directory misc : 12 messages Folder store : 26 messages Folder ysn : 0 messages - -------------------- scan prints out a more detailed summary of a folder in the ~/Mail directory. It prints message number, who the message is from, and the subject. ~>scan cypher 1 hfinney at shell.portal.com Chaum's credentials (technical question) 2 hughes at ah.com Chaum's credentials (technical question) 3 hfinney at shell.portal.com Signing keys for nyms 4 hfinney at shell.portal.com message depots, packet routing? 5 hughes at ah.com Signing keys for nyms 6 szabo at netcom.com Commerce models scan also takes an optional argument: -p this will make scan look for pgp signed messages, and attempt to verify them. An asterisk is printed at each signed message, and the signer's address is printed instead. ~>scan -p cypher 1* Hal Finney <74076.1041 at com Chaum's credentials (technical question) 2 hughes at ah.com Chaum's credentials (technical question) 3* Hal Finney <74076.1041 at com Signing keys for nyms 4* Hal Finney <74076.1041 at com message depots, packet routing? 5 hughes at ah.com Signing keys for nyms 6 szabo at netcom.com Commerce models Here, we see three messages are signed, and the signer's address is printed instead. This distinction is important if a message is sent via and anonymous remailer, for example. In this case, instead of printing the anonymous remailer as who sent the message, you will see who signed the message (which may in turn be a pseudonym, etc.) BUGS: folders counts the number of message by looking for 'From' at the beginning of a line. This causes problems if the text of a message contains 'From' at the left, or if a message contains a forwarded message, or somehow pastes in another message's header. In these cases, the message count will be off. scan probably also makes this mistake. In fact, you will find the inner loop of scan to be pretty ugly. I will clean it up eventually. scan winds up piping message to PGP to check signatures. This degrades performance. scan is not able to deal with pathological files: pgp messages that don't have an end delimiter, etc. One of these days I will read RFC-822 and other relevant documents and make the message count accurate. Comments, bug fixes, enhancements :-) are all welcome at klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOUhEoOA7OpLWtYzAQG4PAP/eTw/EWw0wlQ4QVpHfUP6OI3sWdKOltwN 3pgB41JxK1sY/GCnP8rCP9HDEkY/OePTBZDsu9CGJG1fneTsZIlCXrXpKSGzQpvC 94819bdF/+OFe5DcMUcaTcsG/KN3asw3TO0ed4KyOXqTE/SrAIyHsChgKRtHO70u 3uuLWrp0nR8= =vVg8 -----END PGP SIGNATURE----- From lear35!mdbomber at nebula.acs.uci.edu Sat Nov 13 11:13:47 1993 From: lear35!mdbomber at nebula.acs.uci.edu (Matt Bartley) Date: Sat, 13 Nov 93 11:13:47 PST Subject: key servers Message-ID: <9311131901.AA23353@lear35.vlpa.ca.us> -----BEGIN PGP SIGNED MESSAGE----- Could someone tell me where to find a list of PGP keyservers and how to use them? I haven't been able to find such a thing on soda.berkeley.edu or on toxicwaste.mit.edu (the 2 relevant sites I can remember). -----BEGIN PGP SIGNATURE----- Version: 2.3a iQBVAgUBLOUvDTSSmvXojb+5AQGt0gH/T1ikHaWU/W7GR2VAGcx5fncjw9bDbmn3 CPfzPu28j4ejq3OlUJKRt3yz3wYryhYM/xT+OftOFfONpgqPjIS+TA== =U7Q0 -----END PGP SIGNATURE----- From warlord at MIT.EDU Sat Nov 13 11:29:53 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Sat, 13 Nov 93 11:29:53 PST Subject: key servers In-Reply-To: <9311131901.AA23353@lear35.vlpa.ca.us> Message-ID: <9311131926.AA01059@m1-115-1.MIT.EDU> send a message with a subject of "help" to any of the keyservers. For example, send this message: To: pgp-public-keys at pgp.mit.edu From: Subject: help Hope this helps. -derek From doug at netcom.com Sat Nov 13 12:13:51 1993 From: doug at netcom.com (Doug Merritt) Date: Sat, 13 Nov 93 12:13:51 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: Message-ID: <199311132012.MAA21160@mail.netcom.com> "Perry E. Metzger" said: >Just one question, Doug -- in what sort of "Long Term" do you envision >individuals needing to be able to send MORE than several thousand >video signals worth of data simultaneously? Even if you put a camera >facing every corner of every nook of your house, [...] >you couldn't exhaust the potential bandwidth of a single fiber. This is highly misleading. Consider this. The Nyquist limit puts a fundamental limit on bandwidth; you cannot transmit more information over a channel than (roughly) the cycles-per-second rate of the carrier. If a fiber uses optical wavelengths, then that fiber cannot carry more than a single fully quality analog optical *pixel*. We get a lot more out of them than that by reducing the quality of the image being sent, e.g. by sending only 60 frame-samples per second, where each frame-sample is itself carved up into X * Y discrete pixels, and each pixel has a reduced dynamic range etc. My point in saying this is that you're speaking as if current day video standards are some kind of ultimate load on information transmission, whereas actually it's just something we've settled for. HDTV will vastly improve the quality of what we transmit without increasing bandwidth much, but it is still a far cry from what can be desirable. 60 frames per second makes it impossible to transmit adequate information about objects moving quickly across the frame of view that are easy to perceive in person. 1000 frames per second is desirable. 2D images are less desirable than 3D images. A minimum of about 300 horizontal views by perhaps 100 vertical views is desirable for 3D viewing. Assume compression of that 300 * 100 down to a simple factor of 300. Now notice that depth of field information is desirable for realism (without this everything is always in focus, good for some things, bad for others). Let's give that a simple factor of 10. I'll leave out arguments for increasing e.g. the dynamic range of contrast and color information, even though they are currently several orders of magnitude worse than the human eye can perceive. That all gives us roughly 10 * 300 * 10 = 30,000 times more information in a single *really* high quality "video" signal than we are currently accustomed to. Ultra high quality image transmission like this won't begin to become significantly widely used for quite a while. But it will happen eventually, because we'll be able to, and will perceive differences, etc. > What applications do you envision >that would require more bandwidth than this, even in twenty or thirty >years? Truly high quality video is one answer, even without taking into account the problems carriers would have in supporting the full bandwidth of a single fiber in switched networks (combinatorial explosion means that they can never support every possible connection simultaneously, therefore switching and multiplexing is here to stay). The more general answer is to just keep in mind that demand for uses of technology *always* outstrips the capacity of technology, if it is affordable. Demand is limited only because of economic issues. Doug From mcglk at cpac.washington.edu Sat Nov 13 12:14:53 1993 From: mcglk at cpac.washington.edu (Ken McGlothlen) Date: Sat, 13 Nov 93 12:14:53 PST Subject: The Courtesies of Cypherpunks In-Reply-To: <9311130846.AA19291@longs.lance.colostate.edu> Message-ID: <9311132017.AA17747@yang.cpac.washington.edu> ld231782 at longs.lance.colostate.edu ("L. Detweiler") writes: | I owe no courtesy to someone who forfeits any respect in their atrocious | misbehavior. But wouldn't you say that *any* mailbombing is atrocious behavior? So why should you garner further respect? | [...] If you mailbomb me, you have forfeited your `right to privacy'. If | you email my postmaster a complaint about me before contacting me, you have | forfeited your `right to privacy'. If you lie to me, you have forfeited your | `right to privacy'. If you fail to adequately respond to my personal | accusations of impropriety or criminality, especially meeting them with | evasion or stonewalling, you have forfeited your `right to privacy'. The first one has the most credibility as far as forfeiting one's right to privacy. But then, I think that mailbombing someone, and then threatening more mailbombs, might well lead to getting some help from the site administrator, or even the subnet administrator if need be, because that sort of juvenile, puerile action isn't warranted at any time. The last one is the . . . well, stupidest, because if that held to *everyone*, then nobody would have any right to privacy. Anyone could accuse anyone, without basis, of impropriety or criminality. Hey, Detweiler, where were you on the night of February 4, 1989? Someone was breaking into my system from colostate.edu. . . . Unless it was a special event, you'd probably have a tough time remembering what happened to you on that day, much less rounding up witnesses. So how can you make an "adequate response"? Whose definition of "adequate response" do you use? I just don't think that your rather arbitrary, personal criteria justify forfeiting one's "right to privacy"---and whose definition do you use for that? | If you have ever sent me mail as a Snake of Medusa or a Tentacle of a | Monster, you have forfeited your `right to privacy' -- under ALL your | pseudonyms and identities. Pardon? Meaning that if I'd sent you mail---*any* mail---via anon.penet.fi, that I forfeit my "right to privacy"? That's ludicrous. Inane, even. | If you have done any of the above to *anyone*, you have forfeited your `right | to privacy' with respect to EVERYONE in your society! Again, whose definitions do we use? I'd really hesitate to use yours as written above. Why not my definitions? Because I think mailbombs at *any* time are odious, because they not only affect the users involved, but every site that message goes through. So have you forfeited your right to privacy? If not, why? Who says? | I also think you have forfeited your right to speak in that society as well | -- maybe only temporarly -- but in situations where these kinds of outrageous | behaviors are condoned by a corrupt moderator, no recourse except leaving or | starting a new list is possible. Well, who decides? You or the moderator? Maybe the moderator prefers his definitions. | That is the Detweiler Code of Cyberspatial Ethics and Privacy. Fortunately, there has been no move to adopt this sort of "code of ethics" on a general basis. It's not so much a "code of ethics" as much as it is a "code of Detweiler uber alles." It's just too arbitrary and Detweiler-centric, and the results of violating your code of ethics seems to be swamping people with mailbombs, so. . . . | No wonder you guys identify with David Koresh. I assure you, future | Cyberspace will not be big enough for the both of us. More ludicrousness. Cypherpunks is not made of a uniform hive of like-minded hackers (traditional sense). | Go ahead, CENSOR me! For the crime of writing `FLAMEBAIT' or, equivalently, | YELLING THE TRUTH. What truth? You haven't really said anything useful here, you've just tried to dictate what your "code of ethics" is, which boils down to "if you do something I don't like, at any point, you lose your right to privacy as far as I'm concerned." It's arbitrary and capricious; not all that useful to the rest of us, and hardly appropriate to this list. | You guys really do have *some* ethics, don't you? ``Don't ever DIRECTLY | CENSOR ANYTHING!'' ``NEVER GET CAUGHT or be PERSONALLY ACCOUNTABLE or | RESPONSIBLE for ANYTHING!'' And as for that point, you are guilty of lumping all of us together again, aren't you? ---Ken McGlothlen mcglk at cpac.washington.edu mcglk at cpac.bitnet From doug at netcom.com Sat Nov 13 12:44:53 1993 From: doug at netcom.com (Doug Merritt) Date: Sat, 13 Nov 93 12:44:53 PST Subject: Bandwidth limitations In-Reply-To: Message-ID: <199311132045.MAA24370@mail.netcom.com> >Clark Reynard said: >Perry writes: > >[Elegant refutation of all examples I give in original article.] > >Perhaps some true bandwidth stretchers: > >Complete maps of all the known universe, with spectrographic assays, It occurs to me that Perry will refute my attempted refutation of his refutation by pointing out that even a factor of 30,000 in video won't saturate theoretical fiber limits, and that he may consider your examples too fanciful. But part of what we're talking about is just timing, even Perry said so. We cannot yet modulate fiber at its theoretical limits. To do that we'll need optical frequency sub-band frequency modulation, and that hasn't even been achieved in the lab yet. (FM tuneable dye can't be modulated at optical rates. Semiconductor "variable frequency" modulated lasers can only switch between discrete frequencies.) Some think it will take twenty years to achieve this. But I'm optimistic and hoping for 5 to 10 years. (Unsure about commercial deployment, but let's say it is fast and can use existing fibers, if not trunk equipment.) So if you're "realistic" about when we'll be able to achieve fiber saturation modulation, we're also far enough into the future that it gets easier to see that we may have completely novel demands on information transmission by then, and that existing demands will continue to cause problems for existing fiber technology. Conversely if one is optimistic about achieving theoretical limits on fiber, then the fine points of the argument begin to be relevant. That factor of 30,000 for video won't be enough to fill the fiber. Receiving every global TV and Internet (ultra high quality) video transmission simultaneously (to record and allow later channel switching) might do it, but I have to admit that it seems chancy. So it all comes down to the time frame in which the theoretical limits are achieved. Unless one gets speculative...for instance, nanotechonology scan-transmit- and-rebuild could easily more than saturate even a large number of fibers. Or slightly less blue sky: if your computer is an array of 10,000 optical computers each operating at 100 gigahertz, and doing a distributed computation with other systems over the net. (In this case networks are *always* the bottleneck.) Anyway the whole subject seems debatable and a matter of which numbers one cares to predict for which future year. But we all agree that it's merely a question of *when* fiber runs out of steam, not whether. Doug From ld231782 at longs.lance.colostate.edu Sat Nov 13 23:05:32 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sat, 13 Nov 93 23:05:32 PST Subject: Soothing Sayings In-Reply-To: <9311131656.AA10352@illuminati.IO.COM> Message-ID: <9311140705.AA05139@longs.lance.colostate.edu> Mr. Barnes, obviously deeply upset, emotionally objects to my simple questions, but not ever directly, but implicitly buried and obscured in the most spectacular set of ad hominem attacks I have ever been privileged to find in my mailbox, outside of His Royal Eminence. Mr. Barnes, I would be interested in your own responses to that set of questions, or your reasons for why you should not have to answer them. Do you think they represent a `witchhunt'? perhaps an `inquisition'? Would you like me to show you my own responses, to help you figure out how to understand them? are they too complicated for you? are they an invasion of your privacy? would you be embarassed by the answers? would you have to lie to evade incrimination? do you wish to deceive others of your pseudospoofing? >I used to >think you were kind of funny. This stopped about the time you (quite >seriously, and in some detail) compared me to Darth Vader... I convinced >you I wasn't the "Hydra", so I was just a seducing minion. Mr. Barnes, you tried to convince me of the Joy of Pseudospoofing, for which I suggested you were trying to convert me to the Dark Side (actually, I am indebtedly grateful for that beautiful inspiration for my essay). You told me that E.Hughes' lectures on the subject of pseudospoofing were what drew you to it in the first place! But this is buried very deep in my comprehensive archives, from many weeks ago. (I encourage all other cypherpunks to keep very good archives, because some day we will be able to separate all the pseudospoofed identities from real ones, and it will be quite shocking, I assure you. Some prominent cypherpunks are extremely terrified and staunchly opposed to archives, for obvious reasons.) >you have done more than anyone else to >disrupt this list and make it next to impossible for real work to get >done on it (including work that would help mitigate problems of the >kind you believe your "enemies" are perpetrating on you.) No one is interested in preventing pseudospoofing here, quite to the contrary they are interested in secretly pursing it at the expense of others, including their own associates in this group,it is the NUMBER ONE PRIORITY, and I am quite repulsed by your baldfaced lie in the face of reality and my oceans of fanatic hate mail (which yours is only the latest on the pile). I asked many weeks ago that E.Hughes and T.C.May condemn pseudospoofing. They had problems doing so, for obvious reasons! I asked that they prohibit it from this list, or ask promises to refrain from it. Again, an outrageous demand, apparently, based on the response. I asked that they reveal their own practice! I have been continually whittling down my demands, and have every time been rebuffed. Honest cypherpunks, why is that? do you care if other people are systematically deceiving you? When will you be free of the jaws of this delusion? I am even offering to GO AWAY COMPLETELY if some SIMPLE QUESTIONS are ANSWERED HONESTLY. As for disruptions in the list, it is a fantasy that *I* have caused any over its lifetime. It is the evasions and the stonewalling that have caused all the *recent* commotion! it is the rampant pseudospoofing that has poisoned `real work', and you make me your scapegoat and martyr for its evils and your own depravity and perversions. >You persist in baiting the less-restrained members of the list with your >antaigonistic, paranoid, policial/social rants, which have accomplished >nothing producive, except to sap the energy of people who would otherwise >be writing code, engaging in PR for our cause, educating one another, and >working towards a consensus or at least an honest delineation of where >we disagree as mature individuals (rather than characterizing folks as evil >spawn of darkness). Nothing but stark and utter lies. You blame the `movements' shortcomings on myself, one person who has had the audacity to challenge those who wish to promote their secret conspiracies of pseudospoofing. PSEUDOSPOOFING IS THE ONLY ISSUE. I have done everything productive to sap the energy of those writing code solely to promote their pseudospoofing, engaging in false PR for the cause of `Privacy for the Masses' or the `Cryptographic Revolution' when in fact it is all nothing but deception and lies in favor of pseudospoofing, and conspiring between one another--And I have been flamed into oblivion by snakes and tentacles who urinate on Democracy and Consensus and anything Egalitarian, so do not assault me with your hypocrisies about `working towards a consensus' or `an honest delineation of where we disagree as mature individuals', because there is nothing here but PUERILE PSEUDOSPOOFING FANTASIES. >Note that your postmaster, when I contacted him, made it clear that he >had instructed you to stop doing whatever it was you were doing that >was upsetting people so much. I wonder how your postmaster would feel about pseudospoofing. Or are you your own postmaster? Or does E.Hughes help maintain your site? Those who mail my postmaster are nothing but vile and shameful cowards with machine gun arsenals assaulting a man who has attempted to expose frauds, poseurs, and hypocrites with nothing but his bare hands and the Truth. You are such a slimy hypocrite, to have never have even used the word `pseudospoofing' once in your little rant, only to say that I am `upsetting people so much'. >you >have turned this thing into a nonsensical, paranoid, one-man jihad against >cypherpunks on a variety of *other* lists, while continuing your activities >on this one. `jihad'? well, yes, I would call your pseudoreligion precisely that. very curious how many lists they have invaded and infiltrated and littered with their eloquent prose for Glorious Privacy, True Anonymity, Liberating Cash, and No Oppresive Identification, yourself included. Perhaps you would like to indicate what lists that other cypherpunks are on, and what they have said there? (Reminds me of my essay in RISKS -- have you seen that, by chance?) What is your own knowledge on the the subject, hm? Can I ask without you going into seizures or convulsions? >I intend to go beyond your postmaster on the next try, to various former >classmates and old friends of mine who are computation center employees, >faculty, and administration members at CSU now. Anyone I respect will not ask me to compromise my ethics. Unfortunately, you do not meet this criteria. >Unless, of course, you >cut this shit out and leave us alone, or at least go back on whatever >medication you were taking before you went from a mildly annoying over- >eager wannabe to a full-fledged psychopath. it is the pseudospoofing psychopunks who are the full-fledged psychopaths. I will leave when the so-called `leadership' answers some simple questions truthfully. Look, honest cypherpunks, OPEN YOUR EYES, see to what extreme lengths that they have gone to, to deceive you of their pseudospoofing, and EVADE AND STONEWALL. Reminds me of someone talking about `betrayal, treachery, and high treason'! You can have your secret conspiracies, xor your public credibility, for the moment. some day, you will have neither. I suppose you could censor me, too. Maybe E.Hughes could conduct a little poll, and state that the majority decided to censor me. Oh, wait, you guys don't believe in polls and voting and the majority. The Majority is Always Wrong. Well, let's see, I guess Mr. Hughes could decide to unilaterally censor me. But that wouldn't seem to be compatible with the cypherpunk charter. I was looking at it recently! (soda.berkeley.edu:/pub/cypherpunks/brainwashing). it said that `cypherpunks do not seek to prevent others from speaking' or something like that. Maybe E.Hughes will change the charter and throw me out. You guys in California could do that at your next monthly `conspiracy'. BTW, when is it? What do you do at those great meetings, anyway, Mr. Barnes? I asked that someone provide minutes, so that everyone on the list may share in the lovely `movement', but there was a lot of hostility to that idea. Why could that be? Mr. Barnes, please let me know how the CA group decides to persecute me further, beyond all the depravities I have been subject to so far. I do appreciate your indicating that you are going to attempt to blackmail me through close associates, it's a fair warning. Clearly, `they' are desperate. The facade is crumbling. Imagine, all this fantastic hostility directed solely at me, for asking some wholly innocuous questions. Cypherpunks, why is everyone so upset? It makes me wonder if there is a core group hiding something or covering something up. a `conspiracy'? (hee, hee, love that word). Maybe I would have to move to CA to find out, eh? Once again, I volunteer to leave if they are answered truthfully and publicly revealed! From an12070 at anon.penet.fi Sat Nov 13 23:19:58 1993 From: an12070 at anon.penet.fi (S. Boxx) Date: Sat, 13 Nov 93 23:19:58 PST Subject: RAMPANT CONSPIRACIES and MASSIVE COVERUP Message-ID: <9311140716.AA22214@anon.penet.fi> As David Letterman says, I don't have a joke here, I just like saying ... ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From eichin at paycheck.cygnus.com Sun Nov 14 00:19:58 1993 From: eichin at paycheck.cygnus.com (Mark W. Eichin) Date: Sun, 14 Nov 93 00:19:58 PST Subject: OMNI CARD In-Reply-To: <199311121608.LAA00480@orchard.medford.ma.us> Message-ID: <9311130243.AA03120@paycheck.cygnus.com> lefty at apple.com might have said: >> BTW, you can't take the cards apart. They fry themselves if you try. sommerfeld at orchard.medford.ma.us might have replied: >I've seen a SecurID card which had been pried apart; when you put the >two halves back together, the LED went on again, apparantly into some >"initialization mode". If you looked inside, perhaps you saw where the switches are? I've been told that the SecurId cards have two membrane-style switches on the face (not actually marked though.) The initial key is programmed by keying it in through those switches; the "protocol" ends with a command to "ignore any further input from these switches"... Early ones were hand-keyed, they then went to a robot mechanism, and now apparently there is a device which takes a hopper full of cards and keys them in in parallel batches (something like 20 at a time for the machine I heard about a year ago.) This is all stories I heard (as far as I know, second hand from SecurID people) but it would be interesting to confirm the existance of the switches... _Mark_ ... or at least I might be... From sommerfeld at orchard.medford.ma.us Sun Nov 14 09:03:56 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Sun, 14 Nov 93 09:03:56 PST Subject: OMNI CARD In-Reply-To: <9311130243.AA03120@paycheck.cygnus.com> Message-ID: <199311141647.LAA00315@orchard.medford.ma.us> There were apparantly more than two switches; more like 10 or so. I think there may be two different models of securid cards, one with and one without switches; the only difference may be in the faceplate and the factory programming. - Bill From nobody at pmantis.berkeley.edu Sun Nov 14 09:23:56 1993 From: nobody at pmantis.berkeley.edu (nobody at pmantis.berkeley.edu) Date: Sun, 14 Nov 93 09:23:56 PST Subject: CIA admits Timothy May Surveillance: PHOTOS! Message-ID: <9311141724.AA20420@pmantis.berkeley.edu> *********************************************************************** ________________ / \ / / \ \ \ | | / / | ___\ \| | / / | / | | | __ | / | \ | | | \ | "HEH HEH HEH !!!!!" | | __ | L. Detweiler can eat my | __\ (_o) | shorts! Am I Beavis | | | / or am I tcmay? \ || \ / PSEUDOSPOOF THIS! | |__ \ | | (*___\ | | _ | | | //_______| | / |_|_|_|___/\ \| \ - | | _----_______/ | / |_____/ *********************************************************************** From pmetzger at lehman.com Sun Nov 14 13:00:11 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sun, 14 Nov 93 13:00:11 PST Subject: Fractal cryptography In-Reply-To: <2ce44fb5.acsys@NetAcsys.com> Message-ID: <9311142057.AA07089@snark.lehman.com> "mycal" says: > On Fri, 12 Nov 1993 19:31:09 -0500, "Perry E. Metzger" wrote: > > > > Amateurs regularly develop systems and claim fantastic things for > > them. They then turn out to be trivial to break. This has made people > > Just to add a data point, chaos seems to be worth a look. MIT's > Research Lab have created new signal-processors designs based on chaos > theroy for use in secure communication. I've heard of them. They aren't secure. Just another example of the same phenomenon. Perry From pmetzger at lehman.com Sun Nov 14 14:33:59 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sun, 14 Nov 93 14:33:59 PST Subject: Should we oppose the In-Reply-To: <199311131105.DAA01673@well.sf.ca.us> Message-ID: <9311142128.AA07122@snark.lehman.com> "George A. Gleason" says: > You ask, "why have telecoms prices been declining for years?" and cite > overseas calls as an example. In fact, the actual cost of local service has > gone up over 240% since deregulation, according to a detailed research > report a friend of mine is about to publish. What has happened is that the price the consumer sees has gone up. AT&T used to subsidize local service with long distance service -- this cross subsidy has ended. Local service is not deregulated anywhere in the U.S., so your friend's study is meaningless. Long distance prices have dropped dramatically, even taking subsidy elimination into account. Competition works, George. Fabian socialism is what doesn't. Perry From pmetzger at lehman.com Sun Nov 14 14:53:58 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sun, 14 Nov 93 14:53:58 PST Subject: The Courtesies of Cypherpunks In-Reply-To: <9311130846.AA19291@longs.lance.colostate.edu> Message-ID: <9311142115.AA07098@snark.lehman.com> Look, everyone -- Detweiler is a seriously disturbed individual. Sending him mail saying "what the hell are you doing -- you're nuts" isn't going to do any good. Crazy people don't think they are crazy. Ignoring is rantings works a whole lot better than any other strategy. I only mailbombed him because he was sending me unsolicited personal mail and wouldn't stop. Otherwise I ignore him, and I advise others to do the same. Perry From jel at sutro.SFSU.EDU Sun Nov 14 15:03:57 1993 From: jel at sutro.SFSU.EDU (John E. Levine) Date: Sun, 14 Nov 93 15:03:57 PST Subject: "Applied Cryptography" at Cody's Message-ID: <9311142258.AA29711@sutro.SFSU.EDU> As of 14:30 today, Cody's in Berkeley has 4-1=3 copys of "Applied Cryptography" by Schneier. From pmetzger at lehman.com Sun Nov 14 15:33:57 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sun, 14 Nov 93 15:33:57 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311132012.MAA21160@mail.netcom.com> Message-ID: <9311142218.AA07162@snark.lehman.com> Doug Merritt says: > My point in saying this is that you're speaking as if current day video > standards are some kind of ultimate load on information transmission, No, not at all (although limits to quality are in striking range -- CD audio is as good as human ears can hear, and 24 bits of color is actually overkill for the discrimination capacity of the human eye). I merely mention "thousands of video channels" because people are used to the bandwidth requirements of conventional video so it gives them a sense of scale. Perry From ld231782 at longs.lance.colostate.edu Sun Nov 14 15:50:14 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 14 Nov 93 15:50:14 PST Subject: The Contortions of Cypherpunks Message-ID: <9311142347.AA17045@longs.lance.colostate.edu> N.Szabo in RISKS >I'd like to assure the readers of RISKS that I am in fact a unique person, >distinct from the other names L. Detweiler listed. Of the people on his list >I know from personal contact, all are distinct people in Real Life(tm). Give specific evidence to support your claim or retract it. Who do you know from personal contact? What do you mean that you are `distinct from other names'? >Well >before his post to RISKS, L. Detweiler was provided means of personally >verifying that many of the names he listed are distinct True Names (eg phone >numbers he can call), but it doesn't seem to help. You appear to be referring to my private mail among many different people. Please elaborate on your claim, or retract it. From an12070 at anon.penet.fi Sun Nov 14 15:50:25 1993 From: an12070 at anon.penet.fi (S. Boxx) Date: Sun, 14 Nov 93 15:50:25 PST Subject: the Zen of Cyberspace Message-ID: <9311142347.AA18381@anon.penet.fi> Yang said to Yin, ``why are you so weird? why can't you be more like me?'' ``because you are Yang, and I am Yin,'' said Yin. * * * I was walking along a path in a foreign city, and came upon a group of men carrying their king on their shoulders on a massive platform and weighty throne. They were struggling and sweating from the oppressive weight in the hot sun. ``Long live the Royal King'' they called out to me as I was about to pass. The king had haughty expression, and looked down on me sullenly and, I thought, somewhat belligerently. ``What do you think of my kingdom, traveller?'' he called out. I answered, ``Kind sir, I have been treated most generously by your gracious citizens. They have offered kind hospitality to a weary traveller. Truly, it is an oasis in the desert.'' ``Long live the Holy King!'' they called out. The king waved me away, and I bowed. But I was curious and followed the procession. The king made many strange contacts along the way, but that is another story. After a time he became bored, yawned, and fell asleep. The carriers continued to struggle with the sheer weight of his burden. ``How long have you been carrying the king?'' I whispered to one. ``Many years, traveller. Many years the people of this country have beared the weight of this tyrant.'' Of course, I was shocked at this. But other men echoed out upon hearing us, but whispered and were careful not to wake the slumbering king, who now had a steady stream of drool running down his chin and was snoring quite noisily. They told me horrible tales of his tyranny and crimes against the people. But they also told me of their great fear in challenging him. I was quite surprised -- It seems that each of the carriers shared a common vice with the king, and they were bound by the chain of their depravity. They were all greedy, and thirsted after the gold that he taunted them with every night in secret meetings in the palace chamber halls. Much of the populace saw many signs of the corruption but ``looked the other way''. Some had been executed for their dark discoveries. Many years later, I passed through the country again. I came upon the same sight -- the weary and toiling men carrying the heavy king upon their backs. By this time His Highness was quite fat and ugly from his vice and excess, and the carriers had great despair, desperation, and resignation etched in their faces. But they trudged on. That time, the king was apparently asleep when I found them. This time, he was quite inert and lifeless. ``How long have you been carrying the king?'' I said. ``Many years. Too numerous to remember. You get used to it after awhile.'' I talked to the men quietly. They still beared their great burden, prodded by their intense hunger for the gold of the king, which he had teased them with for many years. The king had tremendous power over people. Nevertheless, they began to laugh loudly at their king's stupidity and ignorance of their embezzlements. I wondered if the king was in turn embezzling from them. Suddenly, I realized the whole royalty was corrupt. The men laughed some more, oblivious to my epiphany, and one man jabbed the king accidentally with his flailing arms in the midst of his ridicule and mockery. The man was horrified. But the king did not stir. The other carriers were puzzled. They apparently had not looked at the king for some time, and suddenly realized that their highness had a pale pallor. The carrier who had jabbed him thought his body felt rather stiff. Suddenly, the night grew utterly cold. The king was dead. They were flabbergasted. ``How long has the king been dead?'' I asked. They did not know. With this, they suddenly dropped the massive platform in terror, and it broke and shattered with an ugly, ear-splitting noise. The king was lost within the rubble. I was injured by some fragments. Some of the carriers were crushed. Some cursed me. Some claimed that I was an evil omen that triggered the death of the king! Others fled. Many headed for the Castle, to steal whatever was left of the unguarded gold. They were astonished to find it was all counterfeited, and worthless. After many weeks, the entire populace finally realized they had been sustaining a black lie, and the country plunged into chaos. I was lucky to escape alive. * * * Yin said to Yang, ``why are you so weird? why can't you be more like me?'' ``because you are Yin, and I am Yang,'' said Yang. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From ld231782 at longs.lance.colostate.edu Sun Nov 14 17:13:59 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 14 Nov 93 17:13:59 PST Subject: K. Mitnick Message-ID: <9311150028.AA17481@longs.lance.colostate.edu> Thanks for all the info on K.Mitnick, the `dark side hacker'. Some have mailed me saying he changed his name and is living, got a job in security consulting or something like that (!), and is living in `2.5 kids land' Another few questions. I heard that the judge barred him from using a modem for life, or something like that. What was the sentence? How is it being enforced? Also, I assume that Mr. Mitnick changed his name legally (hee, hee). Anyway, I would like to email him, if anyone knows his address. From ld231782 at longs.lance.colostate.edu Sun Nov 14 19:20:27 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 14 Nov 93 19:20:27 PST Subject: Key Servers Message-ID: <9311150320.AA20102@longs.lance.colostate.edu> I wonder if anyone would want to start a PGP key server dedicated only to *real* identities. Obviously, there is no such demand with the current ones. And please don't start with the `that would be impossible' arguments. A key server that had the official policy `if you register here, on your honor your legal name is what you give, under penalty of public exposure if you are caught' would be enough for me. From ld231782 at longs.lance.colostate.edu Sun Nov 14 19:33:58 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 14 Nov 93 19:33:58 PST Subject: pseudospoofing, copyrights, and ECPA Message-ID: <9311150332.AA20559@longs.lance.colostate.edu> Some losers are still assaulting me with claims that I failed to respect His Royal Eminence's privacy by revealing his mailbomb to the list, saying I was not polite or courteous. Please, hypocrites, go away. Where does this bizarre philosophy originate? Where do you guys get your `ethics', anyway? At least have the decency to codify them, sign your names to them, and stick them on an FTP site if you are going to spout this bizarre depravity. Next: Mr. Zions, while one of the `protect the mailbombers privacy' advocates, brought up some interesting points. Does the ECPA (the law regulating communications privacy) or the copyright laws apply to material that was written under a *pseudonymous* identity? I would consider this a grey area. A court test would be extremely fascinating. What if work was redistributed if printed under imaginary identities? the whole aspect of both of the laws involves *ownership* and *identity*. If ECPA or copyright laws are interpreted to protect pseudonymous identities, I propose they be amended and revised to afford no protection. (Legitimate variations like pseudonymity and anonymity should be protected in any case.) One man's opinion. Feel free to stone me some more. Have you figured out who my personal friends are yet? Have you found any nifty blackmail on me? I can't wait for the next sordid perversion. From ld231782 at longs.lance.colostate.edu Sun Nov 14 19:43:59 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 14 Nov 93 19:43:59 PST Subject: pseudopools Message-ID: <9311150343.AA20782@longs.lance.colostate.edu> One application of pseudospoofing, a particularly insideous and treacherous form, would be to create a `pool' of different accounts. Everyone in the group can negotiate with each other `behind the scenes' when to post from different accounts. This would be even more difficult to detect than regular pseudospoofing (and, IMHO, even that much more of a perversion) because all traces of consistency of identity are subverted and lost. From jim at bilbo.suite.com Sun Nov 14 19:45:27 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Sun, 14 Nov 93 19:45:27 PST Subject: Key Servers Message-ID: <9311150344.AA09795@bilbo.suite.com> L. Detweiler writes: > I wonder if anyone would want to start a PGP key server > dedicated only to *real* identities. Obviously, there > is no such demand with the current ones. > > And please don't start with the `that would be > impossible' arguments. A key server that had the > official policy `if you register here, on your honor your > legal name is what you give, under penalty of public > exposure if you are caught' would be enough for me. > It's not PGP, but RSA, Inc. and others (Internet Policy Registration Authority) are already setting up a system for registering pubilc-keys that are "proven" to belong to actual humans. You can read about it in RSA's newletter available at their ftp site (rsa.com). The newsletter is called "Ciphertext - The RSA newsletter". Of course, their system for "proving" the identity of a human is not perfect. If you can obtain some fake IDs, you can defeat their public-key registration system. This is probably true for any non-biometric identification system. Jim_Miller at suite.com From an12070 at anon.penet.fi Sun Nov 14 19:50:16 1993 From: an12070 at anon.penet.fi (S. Boxx) Date: Sun, 14 Nov 93 19:50:16 PST Subject: cypherpunk archives? Message-ID: <9311150347.AA18323@anon.penet.fi> I'm looking for an official cypherpunk document on `pseudospoofing' -- I looked all over soda.berkeley.edu:/pub/cypherpunks, but couldn't find one anywhere. Does anyone have one, preferrably written or endorsed by E.Hughes or T.C.May? Also, any messages they have posted on the subject sought. I have some stuff, but they seem extremely reluctant to talk about it publicly. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From MIKEINGLE at delphi.com Sun Nov 14 20:00:16 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Sun, 14 Nov 93 20:00:16 PST Subject: True Name Keyservers Message-ID: <01H5BMFCSV829D59GI@delphi.com> >"ld231782 at longs.lance.colostate.edu" "L. Detweiler" wrote: >Subject: Key Servers >I wonder if anyone would want to start a PGP key server dedicated only >to *real* identities. Obviously, there is no such demand with the current >ones. >And please don't start with the `that would be impossible' arguments. A >key server that had the official policy `if you register here, on your >honor your legal name is what you give, under penalty of public >exposure if you are caught' would be enough for me. That might be somewhat effective if there was a way to expose the person's True Name if they were caught using a nym. If the only thing to be exposed was the falsity of the nym, the person could just create a new nym, with no penalty for lying except a bit of inconvenience. Another approach would be to have some people who certify keys as being True Name keys, using special signer keys which are labeled "True Name certifier key" or something similar. These certifiers would be risking their own credibility if they were tricked, so they would have a motive to be careful. If this was a for-profit undertaking (i.e. "send me ten bucks and a copy of your birth certificate, driver's license, and a third form of ID") then it could be fairly effective. Any of you capitalists out there...? Somewhere I read about "is-a-person" certificates, which, if I remember correctly, allow you to prove your identity is unique without giving out your True Name. How do these work? Is this a blind signature of your key? Whatever is done involving True Names, nyms should have a right to exist as well. --- MikeIngle at delphi.com From mdiehl at triton.unm.edu Sun Nov 14 20:15:16 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sun, 14 Nov 93 20:15:16 PST Subject: True Name Keyservers In-Reply-To: <01H5BMFCSV829D59GI@delphi.com> Message-ID: <9311150414.AA27814@triton.unm.edu> According to Mike Ingle: > > Another approach would be to have some people who certify keys as > being True Name keys, using special signer keys which are labeled > "True Name certifier key" or something similar. These certifiers > would be risking their own credibility if they were tricked, so > they would have a motive to be careful. If this was a for-profit > undertaking (i.e. "send me ten bucks and a copy of your birth > certificate, driver's license, and a third form of ID") then it could > be fairly effective. Any of you capitalists out there...? I'd be willing to do it for free as soon as I develope the s/w tools I'd want to use to automate as much as I can. Give me a couple of weeks; I'll make some kind of announcement. J. Michael Diehl ;^) |*The 2nd Amendment is there in case the mdiehl at triton.unm.edu | Government forgets about the 1st! Mike.Diehl at f29.n301.z1 |*God is a good Physicist, and an even .fidonet.org | better Mathematician. al945 at cwns9.ins.cwru.edu|*I'm just looking for the opportunity to (505) 299-2282 (voice) | be Politically Incorrect! Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703. From warlord at MIT.EDU Sun Nov 14 20:25:52 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Sun, 14 Nov 93 20:25:52 PST Subject: Key Servers In-Reply-To: <9311150320.AA20102@longs.lance.colostate.edu> Message-ID: <9311150425.AA19297@oliver.MIT.EDU> > I wonder if anyone would want to start a PGP key server dedicated only > to *real* identities. Obviously, there is no such demand with the current ones. This defeats the purpose for which the PGP Keyservers were created. The Keyservers were created to give a *SINGLE* place where you could go to request a PGP key for some name (and it doesn't matter whether that name is real or not). Having a keyserver "dedicated only to real identities" would violate the basis for which the Keyservers were originally created. Also, quite recently, the keyserver administrators were discussing new Keyserver sites, and we all agreed that ALL Keyserver sites would be interconnected, to make sure that anyone could get any key from any Keyserver site, no matter which server they use. By proposing a split in the Keyserver service, you propose breaking the initial assumption under which the keyservers were created: Everyone has access to the whole public keyring from any server. > And please don't start with the `that would be impossible' arguments. A > key server that had the official policy `if you register here, on your > honor your legal name is what you give, under penalty of public > exposure if you are caught' would be enough for me. Oh, I'm not saying that this is impossible. It is possible. It is, however, unlikely that anyone will, and I personally will oppose any such move to provide a service such as this. It is not the job of the Keyserver to decide whether a key blongs to a real person or not. The job of the Keyserver is to provide keys. All keys. Any keys. No matter who claims to own the key. The job to decide if a key was a True Name as its owner is a matter for signators. Thats what Public Key Signatures are all about! If you create some kind of Notary Hierarchy to require two pieces of picture identification, two major credit cards, and a note from your mother, then you can guarantee that that is a True Name (assuming you believe in that hierarchy). However it is not the job of the Keyserver to provide any sort of policy as to the keys it provides. As I've said, the Keyserver is for key distribution, not for any sort of key validation. Thanks, -derek From ld231782 at longs.lance.colostate.edu Sun Nov 14 20:33:58 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 14 Nov 93 20:33:58 PST Subject: Key Servers In-Reply-To: <9311150425.AA19297@oliver.MIT.EDU> Message-ID: <9311150432.AA21999@longs.lance.colostate.edu> >> I wonder if anyone would want to start a PGP key server dedicated only >> to *real* identities. Obviously, there is no such demand with the current ones. > >This defeats the purpose for which the PGP Keyservers were created. >The Keyservers were created to give a *SINGLE* place where you could >go to request a PGP key for some name (and it doesn't matter whether >that name is real or not). nobody is interested in preventing pseudospoofing here. the people who have most maneuvered themselves into a position to aid future cyberspace are instead constraining it. that's the point, isn't it? gosh, how could I have been so blind... >Having a keyserver "dedicated only to real identities" would violate >the basis for which the Keyservers were originally created. as YOU conceive them. >By proposing a split in the Keyserver service, you propose breaking >the initial assumption under which the keyservers were created: >Everyone has access to the whole public keyring from any server. false. There could be a network of `true identity' key servers just as easily as there is a network of PSEUDOSPOOFED LIES. > > And please don't start with the `that would be impossible' arguments. A >> key server that had the official policy `if you register here, on your >> honor your legal name is what you give, under penalty of public >> exposure if you are caught' would be enough for me. > >It is, >however, unlikely that anyone will, and I personally will oppose any >such move to provide a service such as this. the real question, cypherpunks, is what you would do to THWART, SABOTAGE, and DESTROY any such system or attempt ... (that is, beyond your current impressive resume) >However it is not the job of the Keyserver to provide any sort of >policy as to the keys it provides. As I've said, the Keyserver is for >key distribution, not for any sort of key validation. so, Mr. Keyserver, considering that this (your?) software could be used TODAY to help build up a true identity system, why do you oppose using it in that fashion? I mean, besides that you are a Cypherpunk. From warlord at MIT.EDU Sun Nov 14 21:00:17 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Sun, 14 Nov 93 21:00:17 PST Subject: Key Servers In-Reply-To: <9311150432.AA21999@longs.lance.colostate.edu> Message-ID: <9311150457.AA15079@oliver.MIT.EDU> > nobody is interested in preventing pseudospoofing here. the > people who have most maneuvered themselves into a position to aid > future cyberspace are instead constraining it. that's the point, isn't > it? gosh, how could I have been so blind... I think its because we don't see pseudospoofing as a "danger" like you do. Personally, I consider it a necessity. I like being able to hide behind an anonymous identity (not that I do, mind you). I don't see pseudospoofing as "constraining". On the contrary, I see it as freeing us. As an example, look at Ender's Game, where Ender's brother and sister get on the net under pseudonyms, and get treated just like everyone else. There is no biases. People are judged on their actions and words, not by who they are, how old they are, what they look like, or anything like that. Maybe you are blind, I don't know. I've never met you. > so, Mr. Keyserver, considering that this (your?) software could be used > TODAY to help build up a true identity system, why do you oppose using > it in that fashion? I mean, besides that you are a Cypherpunk. No the software isn't mine, but I consider myself it's God Father. Mike Graff (explorer at iastate.edu) and I were talking about this a long time, and he just beat me to learning enough PERL to write the thing. But I'd like to think that the two of us did most all of the design of it. So, in a way, it is my software. And, as I said, it is not the job of the Keyserver to provide any sort of policy. The job of the Keyserver is to distribute keys. Nothing more. Nothing less. The job of identifying True Names is solely a job for Digital Signatures, not a job for the Keyserver. I oppose using it in a bogus fashion because the software is not designed for such a use, there is absolutely no protection for it (any key can be added), because I, and all the other Keyserver admins, believe that all the keyservers should be interconnected, and because I feel the job for determining a True Name on a key is a job for Digital Signatures, not for the Keyserver. I am a cypherpunk. I don't believe in trusting something on faith alone, but you seem to be asking for that. There is no way to protect such a reckless use of the Keyserver. The only way to provide a secure way for True Names is to Cryptographically identify them. So, Mr. Detweiler, why do you oppose using Digital Signatures to verify True Names? I mean, besides that you consider yourself a Cypherpunk? ;-) -derek From cman at IO.COM Sun Nov 14 21:03:58 1993 From: cman at IO.COM (Douglas Barnes) Date: Sun, 14 Nov 93 21:03:58 PST Subject: Key Servers In-Reply-To: <9311150432.AA21999@longs.lance.colostate.edu> Message-ID: <9311150500.AA10063@illuminati.IO.COM> > false. There could be a network of `true identity' key servers just as > easily as there is a network of PSEUDOSPOOFED LIES. > Why don't you just do the following, which would serve everyone's interests, and would be well within the spirit of the movement: 1) Encourage the existing plan to have *all* PGP keys served. 2) Provide a service (possibly for a small fee) wherein people could send you copies of their PGP key along with a notarized statement. 3) Sign those keys with your key, or a key you generate for this purpose. 4) (optionally) provide a service mapping from keys -> Real Names, for the ultra-paranoid. People who share your concerns about pseudospoofing would make you their most trusted (or only trusted) signer of keys. Presto. Those who care, can believe only those keys signed by you are real. Those who don't give a damn, believe what they want. -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 448-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From mnemonic at eff.org Sun Nov 14 21:15:18 1993 From: mnemonic at eff.org (Mike Godwin) Date: Sun, 14 Nov 93 21:15:18 PST Subject: LAW: Wireless interception In-Reply-To: <9311130316.AA00717@servo> Message-ID: <199311150514.AA29541@eff.org> Phil Karn writes: > Cellular is protected under ECPA because it's big bucks for some > powerful US businesses. Cordless phones don't use a large domestic > infrastructure that charges for airtime. Without disputing anything Phil says here, I have it on good authority that the exemption of cordless phones from ECPA had to do with the fact that early models of cordless phones often generated signals that could be picked up by normal radios. The concern was that the owners of normal radios (as distinct from scanners) might be turned into felons for overhearing a cordless-phone conversation. --Mike From nobody at eli-remailerEternalOptimist Sun Nov 14 21:20:19 1993 From: nobody at eli-remailerEternalOptimist (nobody at eli-remailerEternalOptimist) Date: Sun, 14 Nov 93 21:20:19 PST Subject: Hazard of encrypt to self? Message-ID: <9311150518.AA06287@toad.com> -----BEGIN PGP SIGNED MESSAGE----- I always encrypt stuff when I send it to the remailers. I always encrypt to myself along with the remailer, in case I need to look at the message again. But since trying to decrypt a message reveals the id's of the keys that can decrypt it, this reveals information about the sender of the message that wouldn't be available if I only encrypted to the remailer. A partial solution - I generated a new key pair to use for the encrypt-to-self function (a nice short one). I put some meaningless nonsense in the id, so anyone who observes my message on its way to the remailer will no know it is from Eternal!Optimist at anon.penet.fi (copyright 1993, Eternal Optimist [Ha Ha Ha]) 0) 0) =:()]-< -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLObHdojvfLxJbYYtAQEZAgP8Db7qpgqy17wmP91/zl5ZioF/53IIugpW eFjJVtT/UC0wEB/wdvQSBuG2xoXFPWxwWraEtWUCvsAP580juKiGSvmpZARxnm30 yfHVuqv+cfo8FYm7KJpWGdSIFmoqvG8h/a4wiGWMg/Dnai5wOZtRt0mWDyftj+gt EzgFJSwTtIc= =xEZA -----END PGP SIGNATURE----- From MIKEINGLE at delphi.com Sun Nov 14 21:30:52 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Sun, 14 Nov 93 21:30:52 PST Subject: True Name keys Message-ID: <01H5BPPICLNM9EEVDF@delphi.com> "ld231782 at longs.lance.colostate.edu" "L. Detweiler" complains: > nobody is interested in preventing pseudospoofing here. the >people who have most maneuvered themselves into a position to aid >future cyberspace are instead constraining it. that's the point, isn't >it? gosh, how could I have been so blind... Not true at all. I proposed a more secure method, signing of keys by trusted certifiers, and JMDiehl said he'd look into implementing it. Warlord said that he didn't like the idea of having a separate network of keyservers for True Names, but that keys could be certified as True Name keys. Nobody said that they opposed the idea of True Name keys. Such certifications, especially if from multiple parties, would be much more secure than a network of keyservers. Remember that these exchange keys, and if you could hack one, you could put a phony key into the loop. JMDiehl: your service would be more widely trusted, and potentially profitable, if you bought a copy of ViaCrypt PGP for legality and charged a small fee for your services. If there is money and your reputation at stake, people will assume you are going to be more careful in checking keys, and they will trust your service more. You don't want any kind of automation; you want to verify each one before signing it. Warlord: Is there any way to clean out old keys from the keyservers? How about keeping track of when a key was uploaded, and killing them after a year or so. If a person wants to keep a key active, he can mail it to the keyserver again before the year runs out. The keyservers are full of old, dead, and revoked keys, and the number will continue to grow as more people use PGP. Present keys could be killed a year from now, or whenever. Detweiler: why don't you do it? You could advance your crusade and make some money in the process. Start a service to certify keys. If a key were certified by several services, you could be pretty sure of its authenticity. Everyone: is it possible to translate RIPEM keys into PGP keys? Can the signature be kept intact? Is it possible to use Mac signer keys for encryption as well as signing? Doesn't it seem just a bit political that the Mac system has RSA for signatures and a symmetric cryptosystem, but no public-key encryption? Maybe something could be done about this, but I don't have a Mac to try it. --- MikeIngle at delphi.com From ld231782 at longs.lance.colostate.edu Sun Nov 14 21:40:18 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 14 Nov 93 21:40:18 PST Subject: Key Servers In-Reply-To: <9311150457.AA15079@oliver.MIT.EDU> Message-ID: <9311150536.AA23117@longs.lance.colostate.edu> >I think its because we don't see pseudospoofing as a "danger" like you >do. Personally, I consider it a necessity. I like being able to hide >behind an anonymous identity (not that I do, mind you). I don't see >pseudospoofing as "constraining". On the contrary, I see it as >freeing us. DAMNIT! will you CYPHERPUNKS stop CONFLATING 1) pseudonymity 2) anonymity 3) pseudoanonymity you jerks CONTINUE to claim that (1) (2) and (3) are EQUIVALENT >No the software isn't mine, but I consider myself it's God Father. >Mike Graff (explorer at iastate.edu) and I were talking about this a long >time, and he just beat me to learning enough PERL to write the thing. >But I'd like to think that the two of us did most all of the design of >it. So, in a way, it is my software. Oh. I see. And you would regulate its use on the Internet. Gosh, that sounds kind of like one of those fascist oppressive restrictions by an outside authority. Something to bludgeon. >And, as I said, it is not the job of the Keyserver to provide any sort >of policy. The job of the Keyserver is to distribute keys. Nothing >more. Nothing less. The job of identifying True Names is solely a >job for Digital Signatures, not a job for the Keyserver. Call it a Keyserver, or a Digital Signature Server or a Toxic Waste Dump, frankly, I don't care what you call it. >I am a cypherpunk. I don't believe in trusting something on faith >alone, but you seem to be asking for that. you `cypherpunks' have no idea what a true society constitutes. trust is inherent to one. you guys all subscribe to the idea, `nothing is bad if you can get away with it.' `if you can get away with it, you should try it.' we'll see who has the last laugh. HA, HA. From jef at ee.lbl.gov Sun Nov 14 21:50:18 1993 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Sun, 14 Nov 93 21:50:18 PST Subject: "Applied Cryptography" at Cody's Message-ID: <9311150547.AA18982@ace.ee.lbl.gov> >As of 14:30 today, Cody's in Berkeley has 4-1=3 copys of >"Applied Cryptography" by Schneier. One fewer as of 16:30. They had it hidden in the back room upstairs, but I made them file the rest in the math section. I'm about halfway through it now. It's pretty nifty! --- Jef From ld231782 at longs.lance.colostate.edu Sun Nov 14 21:50:51 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 14 Nov 93 21:50:51 PST Subject: Key Servers In-Reply-To: <9311150500.AA10063@illuminati.IO.COM> Message-ID: <9311150550.AA23351@longs.lance.colostate.edu> Mr. Barnes somehow found it possible to write me without assaulting me with vicious ad hominem attacks, vilifications, obfuscations, misrepresentations, all approaching blatant lies, completely tangential points to my posts, and cc:ing my postmaster this time. My postmaster and I thank you. It is free, too, of a subtle hint of censoring or blackmailing me by going to `various former classmates and old friends of mine who are computation center employees, faculty, and administration members at CSU now.' No tarring me as a `overeager wannabe' (well, I don't wannabe a pseudospoofer) and a `full fledged psychopath' on `medication'... >Why don't you just do the following, which would serve everyone's >interests, and would be well within the spirit of the movement: `movement'? I thought there was no cypherpunk movement. There is only software. [identity database] >1) Encourage the existing plan to have *all* PGP keys served. I dunno. This is a big step. The choice at this point could really affect future cyberspace, eh? Frankly, I think serious professional uses of the internet are fundamentally incompatible with pseudospoofing, and will make design decisions based on that incontrovertable premise. Like quarantining databases from existing toxic waste dumps. >4) (optionally) provide a service mapping from keys -> Real Names, > for the ultra-paranoid. you have just classified 99.9 % of the population as `ultra paranoid'. But that .1% of the degenerates have never understood the idea of civility anyway. >People who share your concerns about pseudospoofing would make you >their most trusted (or only trusted) signer of keys. Presto. Those >who care, can believe only those keys signed by you are real. Those >who don't give a damn, believe what they want. hee, hee. or believe in elaborate, complex fantasies straight from SF... As an example, look at Ender's Game, where Ender's brother and sister get on the net under pseudonyms, and get treated just like everyone else. There is no biases. People are judged on their actions and words, not by who they are, how old they are, what they look like, or anything like that. Maybe you are blind, I don't know. I've never met you. who wrote that? I forget >Mike Graff (explorer at iastate.edu) and I were talking about this a long >time, and he just beat me to learning enough PERL to write the thing. >But I'd like to think that the two of us did most all of the design of >it. So, in a way, it is my software. I wonder if Mr. Graff would like to weigh in in this little discussion. From karn at qualcomm.com Sun Nov 14 22:00:18 1993 From: karn at qualcomm.com (Phil Karn) Date: Sun, 14 Nov 93 22:00:18 PST Subject: LAW: Wireless interception Message-ID: <9311150557.AA04875@servo> Mike is correct that early models of cordless phones could often be picked up on broadcast radios. Their base stations transmitted just above the AM broadcast band (in the 1.7 Mhz region). Since then, all new cordless phones operate on the 46 and 49 Mhz bands, which generally require a scanner to receive. However, cell phones still operate in what used to be UHF TV channels 70-83, and it is still possible in some cases to intercept cell phone calls on a UHF TV set. So much for *that* theory. :-) I still think my original explanation for the ECPA's distinction between cordless and cellular phones is the dominant one. Phil From ld231782 at longs.lance.colostate.edu Sun Nov 14 22:05:18 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 14 Nov 93 22:05:18 PST Subject: D. Barnes Message-ID: <9311150604.AA23587@longs.lance.colostate.edu> >You have become major pest, you have done more than anyone else to >disrupt this list and make it next to impossible for real work to get >done on it (including work that would help mitigate problems of the >kind you believe your "enemies" are perpetrating on you.) please, characterize this `work' and your own involvement in it. >we don't see pseudospoofing as a "danger" like you >do. Personally, I consider it a necessity. I like being able to hide >behind an anonymous identity (not that I do, mind you). I don't see >pseudospoofing as "constraining". On the contrary, I see it as >freeing us. oh. From mnemonic at eff.org Sun Nov 14 22:10:18 1993 From: mnemonic at eff.org (Mike Godwin) Date: Sun, 14 Nov 93 22:10:18 PST Subject: LAW: Wireless interception In-Reply-To: <9311150557.AA04875@servo> Message-ID: <199311150608.AA00124@eff.org> Phil Karn writes: > Mike is correct that early models of cordless phones could often be > picked up on broadcast radios. Their base stations transmitted just > above the AM broadcast band (in the 1.7 Mhz region). Since then, all > new cordless phones operate on the 46 and 49 Mhz bands, which > generally require a scanner to receive. > > However, cell phones still operate in what used to be UHF TV channels > 70-83, and it is still possible in some cases to intercept cell phone > calls on a UHF TV set. So much for *that* theory. :-) Actually, all this shows is that the drafters of ECPA didn't anticipate that TV watchers would use their TVs to overhear cellular conversations. --Mike From ld231782 at longs.lance.colostate.edu Sun Nov 14 22:13:59 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 14 Nov 93 22:13:59 PST Subject: *hot* pseudospoofing ideas! Message-ID: <9311150612.AA23683@longs.lance.colostate.edu> here's an interesting idea. Suppose that whenever cypherpunks in favor of pseudospoofing emailed me, I put all their posts into a big pot. Since they all advocate the same ideas, I would just file all the different paragraphs in favor of pseudanonymity, against democracy, in favor of anarchy, in favor of tax evasion etc. in different folders. Then, whenever one of the cypherpunks sends me mail, I just pick a paragraph at random from the folders that match his idea. I could do this with public postings too. I have been filling out very many form letters lately anyway on the same old tired, depraved ideas. And I might even have a lot of fun with misattributing people's writing. That would be quite clever! I'm sure the cypherpunks would get a great kick out of that. The blurring of identities is perfect. No one would know who said what! Why, I might even put together software that promotes all this, and turn it loose on the Cypherpunks list (but of course, not tell anyone--that would take all the fun of it, and besides, if they knew they might leave). There's nothing unethical about it, because I *can* do it. It would be like those scenarios right out of that great science fiction, like Enders Game. I could pretend that different cypherpunks existed. No one would care. The effect would be the same. They are all interchangeable anyway. there is only a message. From mdiehl at triton.unm.edu Sun Nov 14 22:25:18 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sun, 14 Nov 93 22:25:18 PST Subject: True Name keys In-Reply-To: <01H5BPPICLNM9EEVDF@delphi.com> Message-ID: <9311150624.AA01761@triton.unm.edu> According to Mike Ingle: > > JMDiehl: your service would be more widely trusted, and potentially > profitable, if you bought a copy of ViaCrypt PGP for legality and > charged a small fee for your services. If there is money and your > reputation at stake, people will assume you are going to be more > careful in checking keys, and they will trust your service more. > You don't want any kind of automation; you want to verify each one > before signing it. I wouldn't want to charge for these services since that would introduce a conflict of interest, profit. I want to be trusted based on my stated policy. The suggestion of purchasing a ViaCrypt copy of pgp is valid. As for automation, it would not be all that "automatic." It would simply comprise tools to issue "Certificates" so that people can show other people to indicate that my signature on their key is trustworthy. Comments are welcome. J. Michael Diehl ;^) |*The 2nd Amendment is there in case the mdiehl at triton.unm.edu | Government forgets about the 1st! Mike.Diehl at f29.n301.z1 |*God is a good Physicist, and an even .fidonet.org | better Mathematician. al945 at cwns9.ins.cwru.edu|*I'm just looking for the opportunity to (505) 299-2282 (voice) | be Politically Incorrect! Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703. From jef at ee.lbl.gov Sun Nov 14 22:34:00 1993 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Sun, 14 Nov 93 22:34:00 PST Subject: *hot* pseudospoofing ideas! Message-ID: <9311150631.AA19034@ace.ee.lbl.gov> >here's an interesting idea. Suppose that whenever cypherpunks in favor >of pseudospoofing emailed me, I put all their posts into a big pot.... Say.... Does anyone have an archive of Detweiler's messages handy? There's this nifty program called "travesty" that I suddenly have an urge to play with. --- Jef From ld231782 at longs.lance.colostate.edu Sun Nov 14 22:35:18 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 14 Nov 93 22:35:18 PST Subject: A Glimmer of Light Message-ID: <9311150632.AA24172@longs.lance.colostate.edu> Some miscellaneous psychopunk (I forget who, they are all interchangeable) said >> nobody is interested in preventing pseudospoofing here. the >> people who have most maneuvered themselves into a position to aid >> future cyberspace are instead constraining it. that's the point, isn't >> it? gosh, how could I have been so blind... > >I think its because we don't see pseudospoofing as a "danger" like you >do. Personally, I consider it a necessity. I like being able to hide >behind an anonymous identity (not that I do, mind you). I don't see >pseudospoofing as "constraining". On the contrary, I see it as >freeing us. wow! a break in the clouds! a breath of fresh air! who is `we'? please elaborate! This miscellaneous psychopunk is posting from MIT. Do you think his burdensome flesh-cucoon is in Boston? or California? AT LAST! HONESTY! (even if it is criminal or perverted) Psychopunks, I'm most impressed with this new atmosphere of open advocation of pseudoanonymity instead of all the black disinformation snippets about `true anonymity' and all the other nonsense about it not being widespread, no cypherpunks being personally involved, etc. for the dreary 10 months or so I've been here. What trouble and heartache for all of us you have caused me in pretending it isn't! Finally, they Come Out of the Closet. Imagine -- having to hide in your own neighborhood for so long. Really, it's all right. There, there. When will the articles on Pseudospoofing come out in Wired and NYT? Oh, let's see, there's Newsweek and all those other places too. Please, tell me, I'm really in a tizzy. I'll have to call Mr. Kelly and Mr. Markoff and tell them of your new openness. I'm sure they will be quite interested! So, I would like to collect a list of all the Psychopunks who are PSEUDOSPOOFERS and PROUD OF IT. Please, describe your lovely techniques, all the pain and victimization you have gone through from your tormenters (like me), and how you are going to Change the World so that Pseudospoofers can Live without Harassment. `Live and Let Live'. Sort of like Gay Pride. When are you going to stick it in your charter, anyway? How pseudospoofing == privacy == anonymity == pseudoanonymity == pseudonymity == holy liberation == bliss? What a delicious mystery. Life a SF book by Card. What a Card. Also, I'm still waiting for some kind of comment from those *fabulous* leaders of yours. They're so coy with me. They've been flirting with me since I've been on the list. It's really sexy and erotic, actually, the way they strut around. You can look, but you can't touch! They're real masters at the dance. Ooooooh... just FABULOUTHS. From ld231782 at longs.lance.colostate.edu Sun Nov 14 22:45:18 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 14 Nov 93 22:45:18 PST Subject: some pseudopool FUN Message-ID: <9311150645.AA24431@longs.lance.colostate.edu> S.Boxx: > nobody is interested in preventing pseudospoofing here. the > people who have most maneuvered themselves into a position to aid > future cyberspace are instead constraining it. that's the point, isn't > it? gosh, how could I have been so blind... T.C.May: >I think its because we don't see pseudospoofing as a "danger" like you >do. Personally, I consider it a necessity. I like being able to hide >behind an anonymous identity (not that I do, mind you). I don't see >pseudospoofing as "constraining". On the contrary, I see it as >freeing us. E.Hughes, on Pseudospoofing software >No the software isn't mine, but I consider myself it's God Father. >Tim May and I were talking about this a long >time, and he just beat me to learning enough PERL to write the thing. >But I'd like to think that the two of us did most all of the design of >it. So, in a way, it is my software. Nick Szabo: >As an example, look at Ender's Game, where Ender's brother and sister >get on the net under pseudonyms, and get treated just like everyone >else. There is no biases. People are judged on their actions and >words, not by who they are, how old they are, what they look like, or >anything like that. Maybe you are blind, I don't know. I've never >met you. Arthur Chandler: >And, as I said, it is not the job of the Keyserver to provide any sort >of policy. The job of the Keyserver is to distribute keys. Nothing >more. Nothing less. The job of identifying True Names is solely a >job for Digital Signatures, not a job for the Keyserver. Jamie Dinkelacker: >I oppose using it in a bogus fashion because the software is not >designed for such a use, there is absolutely no protection for it (any >key can be added), because I, and all the other Keyserver admins, >believe that all the keyservers should be interconnected, and because >I feel the job for determining a True Name on a key is a job for >Digital Signatures, not for the Keyserver. Perry Metzger: >I am a cypherpunk. I don't believe in trusting something on faith >alone, but you seem to be asking for that. There is no way to protect >such a reckless use of the Keyserver. The only way to provide a >secure way for True Names is to Cryptographically identify them. Hal Finney: >So, Mr. Detweiler, why do you oppose using Digital Signatures to >verify True Names? I mean, besides that you consider yourself a >Cypherpunk? ;-) From cman at IO.COM Sun Nov 14 23:00:18 1993 From: cman at IO.COM (Douglas Barnes) Date: Sun, 14 Nov 93 23:00:18 PST Subject: True Name keys In-Reply-To: <9311150624.AA01761@triton.unm.edu> Message-ID: <9311150654.AA11738@illuminati.IO.COM> You mention that you feel there is a conflict of interest if you were to charge money to sign keys. Actually, by charging money, I think you would greatly enhance the weight that people gave to your certification, and by leading out with a fee/service arrangement, you would be able to avoid the kind of overload that, say, Julf has run into with penet. If you were to get enough business, you could then just farm the whole thing out to a local notary/clerk type who would probably have more experience with identity documents, the work of other notaries, etc. Another thought: offer various levels of certification, based on the level of documentation. E.g., one level for xeroxes of id documents (you may just want to rule this out), another level for notarized copy of driver's licence, another for notarized copy of d.l. and birth certificate, etc. etc. -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 448-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From mdiehl at triton.unm.edu Sun Nov 14 23:10:19 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sun, 14 Nov 93 23:10:19 PST Subject: True Name keys In-Reply-To: <9311150654.AA11738@illuminati.IO.COM> Message-ID: <9311150706.AA03132@triton.unm.edu> According to Douglas Barnes: > > > You mention that you feel there is a conflict of interest if you > were to charge money to sign keys. > Actually, by charging money, I think you would greatly enhance > the weight that people gave to your certification, and by leading > out with a fee/service arrangement, you would be able to avoid > the kind of overload that, say, Julf has run into with penet. These are very good points. After I get this whole thing put together, I may have an introductory special.... ;^) > If you were to get enough business, you could then just farm the > whole thing out to a local notary/clerk type who would probably > have more experience with identity documents, the work of other > notaries, etc. And you would be force to trust him, also...and anyone else I may farm this out to. Not this kid. ;^) > Another thought: offer various levels of certification, based > on the level of documentation. E.g., one level for xeroxes of > id documents (you may just want to rule this out), another level > for notarized copy of driver's licence, another for notarized > copy of d.l. and birth certificate, etc. etc. I was thinking of issuing a signed certificate to the customer indicating exactly why I signed his key. This could be presented to other people who question my signature. As per my policy, which can be gotten via finger, I will sign a key iff any of the following is true: 1. I watched him generate his key. 2. I know the person by sight, and can verify his key. 3. He proves, with picture id, in person, that the public key is his. 4. He sends me a photocopy of his picture id and a signed statement containing the pgp footprint of his key. 5. His key is signed by someone whom I trust to sign keys. Note that #5 implies that the other signer has the same policy. My policy will be stated in my certificate. Comments? J. Michael Diehl ;^) |*The 2nd Amendment is there in case the mdiehl at triton.unm.edu | Government forgets about the 1st! Mike.Diehl at f29.n301.z1 |*God is a good Physicist, and an even .fidonet.org | better Mathematician. al945 at cwns9.ins.cwru.edu|*I'm just looking for the opportunity to (505) 299-2282 (voice) | be Politically Incorrect! Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703. From klbarrus at owlnet.rice.edu Sun Nov 14 23:20:19 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Sun, 14 Nov 93 23:20:19 PST Subject: ANON: pseudospoofing confusion Message-ID: <9311150716.AA22551@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- >Does the ECPA (the law regulating communications privacy) or the >copyright laws apply to material that was written under a >*pseudonymous* identity? I would consider this a grey area. A court Well, there may be some legal precedent to look up: some of the greatest works of literature were published under "pseudonymous" identities. Lewis Carroll, George Orwell, Mark Twain, George Eliot: none of these people ever existed. In fact, Mary Ann Evans published under "George Eliot" in order to pretend to be male; I guess you could call her master pseudospoofer, since she specifically created a fake identity in order to fool others. I suppose "Publius" doesn't qualify as a pseudospoofer since the three gentlemen who were responsible for the _Federalist Papers_ were probably just trying to hide their identity (at first) and not go about creating new ones. I'm sort of fuzzy on the distinction between pseudonymous and pseudoanonymous; is it that a pseudonym is obviously so? For example, an id on anon.penet.fi is obviously a pseudonym, so if I were to use it, I would be pseudonymous. In a sense, every mail address you see here is a pseudonym. Now, pseudoanonymous is when a fake identity is created, without it being obviously so. (Right?) So if I were to obtain another account with a different user name, etc. and use that account, I would be pseudospoofing. (?) But the difference between these two seems so slight, a semantic one rather than practical. For example, suppose several people were in communication with someone they had never met. One person (of the several) is curious as to the identity of the mystery person, and tries to find out information about this person. Very little is turned up. So little, it could be that the mystery person is "pseudoanonymous", a fake identity. Are the several people being pseudospoofed? How can they tell one way or the other without actually meeting the mystery person? If they can't tell, then what difference does it make? -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOcsTYOA7OpLWtYzAQFKzAQAyx5MNNNyjs/BeJLLqM0EX5A0ZQADCLge fNkndrgT/nSWiVGubE58girFQdNZlI5a50swKeKOqEHo8zxdqYSEIw8mrAm8iXeB mH5uOi2KHpxuWHQ+nkgmEi+KKkFNI6PQH7jR0euVPgu+GZsj40V52mJ9Z9ZYP/EV GvE6VvFkux8= =CA2o -----END PGP SIGNATURE----- From ld231782 at longs.lance.colostate.edu Sun Nov 14 23:20:29 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 14 Nov 93 23:20:29 PST Subject: the Pseudospoofer Game Message-ID: <9311150720.AA24779@longs.lance.colostate.edu> Hey guys, you are so clever with the cyberspatial software tricks. Here's something I think you should come up with. THE PSEUDOSPOOFING GAME I haven't got all the details of this worked out yet, but bear with me. The scenario is that this would be a game you play on a machine that is a lot like a mail server, except that it is dedicated to the game and everyone knows it (I know you guys won't like that idea, but bear with me.) The object of the game is to uncover each other's true identities. When you start the game, there are a certain number of other real people out there. They all get a fixed number of `pseudoanonyms' (of course, names that look real but aren't). There would be both public and private postings. You have to try to determine who everyone is by analyzing their style and subjects (and of course, evade detection with ingenious cypherpunk techniques). You could use any of your tentacles in any way, public or private, just like on this list (which is a great inspiration for the game, BTW). Every once in awhile, you might make accusations on true reputations, after you have built up enough certainty. The points of the game would depend on how correct you are. You might `bet' different points on various identities. You might be able to bargain with others to collude with you by trading points or something. Maybe there is some kind of mechanisms whereby tentacles are weakened after a lot of accusations or something. Obviously, the possibilities are really endless. All the agent provacateur, double agent, etc. gimmicks you inflicted on me (your white lab rat) could be used there. Maybe `credit' could be synonymous with `reputation' -- when you flame someone successfully others can transfer points between the two, rate your reputations explicitly. You could always rate other people at any time. There might be `public ratings' that are the averages of all the private ratings that everyone knows about. These ratings might tend to fluctuate based on behavior. For example, when somebody lies their rating would go down if other's suspected it. If someone was a hypocrite, it would come back to haunt them in the `bottom line'. The more confused and insane you drive someone with disinformation and lies (dishonesty is the name of the game, after all!) the better. Who knows, you might be able to *really* upset someone over nothing but meaningless ASCII text! Nothing but messages. That would be their own fault for taking it seriously. These `pseudospoofed virgins' should be raped for great sport and satisfaction. You could get together afterwards and drink a few beers and brag about your scores and conquests, and how they wailed or cried at the end. I suppose you could even figure out how to have imaginary postmasters that can censor various real identities if their reputations drop too low, or some other capricious criteria. Maybe you could even design in mail bombs. I'm sure you guys could bang this whole thing together pretty fast, with all your skill, ambition, and practice. But you might have difficulty attracting players if you want to keep it secret and all to yourselves. Another thing, is that everyone would learn about pseudospoofing. That is what you want, right? Since it's their stupidity if they fall for this kind of puerile fantasy, it's an ideal situation if *everyone* knows about it. The Cypherpunk Way. From MIKEINGLE at delphi.com Sun Nov 14 23:40:19 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Sun, 14 Nov 93 23:40:19 PST Subject: LD Admits he is S.Boxx (oops!) Message-ID: <01H5BU6WYR0I987YTY@delphi.com> LD really blew it this time. One has to be very careful when one maintains multiple identities - it is easy to mix them up and reveal one's deception. As we will see: In the following message, LD quotes S.Boxx: =========================================================================== From: IN%"ld231782 at longs.lance.colostate.edu" "L. Detweiler" 15-NOV-1993 To: IN%"cypherpunks at toad.com" CC: IN%"ld231782 at longs.lance.colostate.edu" Subj: some pseudopool FUN S.Boxx: > nobody is interested in preventing pseudospoofing here. the > people who have most maneuvered themselves into a position to aid > future cyberspace are instead constraining it. that's the point, isn't > it? gosh, how could I have been so blind... =========================================================================== However, that quote was not from S.Boxx. It was from (who else?) LD himself, in this message: =========================================================================== From: IN%"ld231782 at longs.lance.colostate.edu" "L. Detweiler" 14-NOV-1993 To: IN%"warlord at MIT.EDU" "Derek Atkins" CC: IN%"ld231782 at longs.lance.colostate.edu" "L. Detweiler", IN%"cypherpunks at toad.com" Subj: RE: Key Servers >> I wonder if anyone would want to start a PGP key server dedicated only >> to *real* identities. Obviously, there is no such demand with the >> current ones. > >This defeats the purpose for which the PGP Keyservers were created. >The Keyservers were created to give a *SINGLE* place where you could >go to request a PGP key for some name (and it doesn't matter whether >that name is real or not). nobody is interested in preventing pseudospoofing here. the people who have most maneuvered themselves into a position to aid future cyberspace are instead constraining it. that's the point, isn't it? gosh, how could I have been so blind... =========================================================================== Now, LD wrote that quote himself. How could he forget that? How could he mistakenly attribute it to S.Boxx, unless he is S.Boxx? In this message, LD makes a very valid point: =========================================================================== From: IN%"ld231782 at longs.lance.colostate.edu" "L. Detweiler" 14-NOV-1993 To: IN%"cypherpunks at toad.com" CC: IN%"ld231782 at longs.lance.colostate.edu" Subj: Soothing Sayings Mr. Barnes, you tried to convince me of the Joy of Pseudospoofing, for which I suggested you were trying to convert me to the Dark Side (actually, I am indebtedly grateful for that beautiful inspiration for my essay). You told me that E.Hughes' lectures on the subject of pseudospoofing were what drew you to it in the first place! But this is buried very deep in my comprehensive archives, from many weeks ago. (I encourage all other cypherpunks to keep very good archives, because some day we will be able to separate all the pseudospoofed identities from real ones, and it will be quite shocking, I assure you. Some prominent cypherpunks are extremely terrified and staunchly opposed to archives, for obvious reasons.) =========================================================================== Yes, LD, good archives certainly do help in catching pseudospoofers. Like you. You have been using S.Boxx to post some of your rants and create a false consensus - exactly what you have argued against so loudly. How hypocritical can you get? Why don't we post this on comp.risks and discredit him and his rants once and for all? Enough of this crap! --- MikeIngle at delphi.com From bart at netcom.com Sun Nov 14 23:50:18 1993 From: bart at netcom.com (Harry Bartholomew) Date: Sun, 14 Nov 93 23:50:18 PST Subject: The unmentionable word Message-ID: <199311150750.XAA09779@mail.netcom.com> I'm kind of glad not to have just used filter to remove all of his posts sight unseen. Better to see, and note their frequency. Sadly when I instantly hit delete for them and their replies, there is very little left on the list. It's hard to maintain a coherent conversation in the presence of his raving. Won't he ever run down? Sigh Bart From an12070 at anon.penet.fi Mon Nov 15 00:24:00 1993 From: an12070 at anon.penet.fi (S. Boxx) Date: Mon, 15 Nov 93 00:24:00 PST Subject: souls and Multiple Personality Disorder Message-ID: <9311150822.AA26800@anon.penet.fi> When a baby is born, a soul enters the world. When a person dies, a soul exits. Reality is like the Internet. There are legitimate ways for souls to enter and illegitimate ways. You could be `born' under your true name, or you could get in through the subversive route and infect an outlet susceptible to Multiple Personality Disorder, or possess someone. It's very difficult to detect, of course! When it happens, Call 1-800-EXORCIST ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From gnu Mon Nov 15 00:50:52 1993 From: gnu (John Gilmore) Date: Mon, 15 Nov 93 00:50:52 PST Subject: Great quote from public NIST comments on Clipper Message-ID: <9311150850.AA10306@toad.com> EFF has made available the full file of public comments that were submitted to NIST through the "cryptnow at eff.org" service. I found this great quote in there: However, if this standard is adopted, we at least have the opportunity to reduce our dependence on imported oil substantially. All we need do is hook up generators to the bones of the authors of the Constitution and the Bill of Rights. I estimate their rotational speed at 2000 RPM now and rising rapidly. Sincerely yours, Richard B. Mott Ringoes, New Jersey The comments are in ftp.eff.org:/pub/crypto/EES_FIPS_Comments.txt . -- John Gilmore gnu at toad.com -- gnu at cygnus.com -- gnu at eff.org ``This committee has not tried to determine whether the National Security Agency tendency to advance exaggerated claims of authority ... stems from conscious policy or the actions of individual NSA employees.'' The Government's Classification of Private Ideas, House Report 96-1540, p. 67 From unicorn at access.digex.net Mon Nov 15 00:55:53 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 15 Nov 93 00:55:53 PST Subject: LD Message-ID: <199311150855.AA22908@access.digex.net> -----BEGIN PGP SIGNED MESSAGE----- - -> - From owner-cypherpunks at toad.com Mon Nov 15 01:49:02 1993 To: cypherpunks at toad.com Cc: ld231782 at longs.lance.colostate.edu Subject: A Glimmer of Light Date: Sun, 14 Nov 93 23:32:06 -0700 From: "L. Detweiler" Some miscellaneous psychopunk (I forget who, they are all interchangeable) said <- You know, I've been listening to our Mr. Detweiler here for some time without voicing much other than the occasional "let's get on with more serious business" message to the list. It wasn't until I realized how well Mr. Detweiler fit into a persona archetype I recognized that I even thought I'd dignify his posts to the list with a response. I guess it was this quotation header that clicked it. - -> Some miscellaneous psychopunk (I forget who, they are all interchangeable) said: <- A cynic recognizes the bad in everything and the good in nothing. (Or something to that effect.) Mr. Detweiler seems to have to have a face to associate with all of us to consider us distinct. While he may consider this "normal" I think it's just behind the times. It seems that Mr. Detweiler is offended by the idea that he may not have superficial criteria to judge his associates by in the coming decades. Color of skin, tone of voice, sexual preference, this sort of thing. I think this might make some more sense after we look at some more of Mr. Detweiler's quotes. Just consider the percentage of content in his posts that actually contains some constructive criticism or commentary, this passage is illustrative: - -> wow! a break in the clouds! a breath of fresh air! who is `we'? please elaborate! This miscellaneous psychopunk is posting from MIT. Do you think his burdensome flesh-cucoon (sic) is in Boston? or California? AT LAST! HONESTY! (even if it is criminal or perverted) <- It seems possible that Mr. Detweiler is unable to conduct an open debate without resorting to sarcastic and unprofessional barbs. His arsenal is obviously reduced with the lack of physical characteristics to criticize. Consider: - -> Psychopunks, I'm most impressed with this new atmosphere of open advocation of pseudoanonymity instead of all the black disinformation snippets about `true anonymity' and all the other nonsense about it not being widespread, no cypherpunks being personally involved, etc. for the dreary 10 months or so I've been here. What trouble and heartache for all of us you have caused me in pretending it isn't! Finally, they Come Out of the Closet. Imagine -- having to hide in your own neighborhood for so long. Really, it's all right. There, there. <- Seething with self righteousness and condescending remarks, behind a electronic veil just as much as the rest of us, it seems Detweiler has little of substance beyond emotional appeals that seem to shout "Far right - Lambs of Christ." in their methodology. Given the length, number and intellectual diarrhea styles of his posts, it seems Detweiler has little else to do. It looks to me as if this goes a long way to explain the need to dominate and attract attention. Consider again: - -> When will the articles on Pseudospoofing come out in Wired and NYT? Oh, let's see, there's Newsweek and all those other places too. Please, tell me, I'm really in a tizzy. I'll have to call Mr. Kelly and Mr. Markoff and tell them of your new openness. I'm sure they will be quite interested! <- I'd be surprised to find that Mr. Detweiler has not read any Mike Royko, he tries so hard to emulate him. - -> So, I would like to collect a list of all the Psychopunks who are PSEUDOSPOOFERS and PROUD OF IT. Please, describe your lovely techniques, all the pain and victimization you have gone through from your tormenters (sic) (like me), and how you are going to Change the World so that Pseudospoofers can Live without Harassment. `Live and Let Live'. Sort of like Gay Pride <- Mr. Detweiler really throws his hand here. I suppose we are supposed to be insulted with the analogy to the Gay Pride movement? Perhaps homophobia and privo-phobia are linked somehow? This lofts the scent of the far left centralist socialist or the far right fascist, terrified by discontinuity and even more mortified with the thought that it might be difficult to keep tabs on such individuals. - -> When are you going to stick it in your charter, anyway? How pseudospoofing == privacy == anonymity == pseudoanonymity == pseudonymity == holy liberation == bliss? What a delicious mystery. Life a SF book by Card. What a Card. <- Note the religious reference. - -> Also, I'm still waiting for some kind of comment from those *fabulous* leaders of yours. They're so coy with me. They've been flirting with me since I've been on the list. It's really sexy and erotic, actually, the way they strut around. You can look, but you can't touch! They're real masters at the dance. Ooooooh... just FABULOUTHS. <- I shouldn't need to point out the homosexual references again, but I think it important to note that they are all derogatory in nature. The slur on FABULOUTHS just kills me. - -> Hey guys, you are so clever with the cyberspatial software tricks. Here's something I think you should come up with. THE PSEUDOSPOOFING GAME [About 600 words deleted] These `pseudospoofed virgins' should be raped for great sport and satisfaction. You could get together afterwards and drink a few beers and brag about your scores and conquests, and how they wailed or cried at the end. <- Between homophobia, the introduction of non-consensual sex and Viking locker room talk, the conclusions about Mr. Detweiler's own feelings of inadequacy jump out without much need of assistance. Regardless, Mr. Detweiler's posts are just not present in any constructive commentary it all. He is quite good at stirring up emotions and irritating people beyond their ability to restrain themselves (note my post). But when it comes to any original thought, I've seen little or nothing. He's what I used to call "fluff" in law school. Great at cutting people down with words, but couldn't win an oral argument with a live judge present if it meant his life. Mr. Detweiler seems to think that cute one liners are fatal to reason. Unfortunately, cute cut downs do not a well structured argument make. Middle management material if I ever saw it. Maybe a shift supervisor? "C'mon Williams, your 'ole lady keep you up late last night? Or was it your boyfriend, you queer? Stevens, how nice of you to join us, you're ready for work this morning? Wow! A break in the clouds! A breath of fresh air! Now get to work you bums!" Perfect illustration that a saboteur need not be clever at all, but only disruptive and persistent enough to be annoying and prevent anyone from unharassed constructive discourse. In this regard I'm afraid he's won. There is a agenda here, it seems to me that if Mr. Detweiler is not willing to follow it, and stay ON the path, perhaps he should be asked and then encouraged to leave. I'm sure cries of censorship would abound, but at this point, I feel that these could hardly cause more trouble. - -uni-(Dark) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLOdDSxibHbaiMfO5AQElkgQA4HasxhdjBGFHlLNHpuZz2GtQO25fv/A0 vWiWT4ZGsZ8d1zGT4GxfG8LJv0xcXgIhPFDmw2V8Das1WxhomMsbEcYIxbBU5QCC 2uuT643BBzQpiMLdLMIm1kpkTuAK35dOdnUyBmD5kU5yv8NLPiKa43pGsD9xB891 yv4J9J075rs= =jxF3 -----END PGP SIGNATURE----- From eichin at paycheck.cygnus.com Mon Nov 15 01:30:20 1993 From: eichin at paycheck.cygnus.com (Mark W. Eichin) Date: Mon, 15 Nov 93 01:30:20 PST Subject: Key Servers In-Reply-To: <9311150432.AA21999@longs.lance.colostate.edu> Message-ID: <9311140602.AA03621@paycheck.cygnus.com> Executive summary: if you care about true people, sign their keys, or create an authority that you trust to sign them, and the keyservers will automatically take care of the rest. This is really a misunderstanding. (When people start using all uppercase letters, it usually is.) I don't like to see people I work closely with (Hi Derek!) the object of such wrath... >> false. There could be a network of `true identity' key servers just as >> easily as there is a network of PSEUDOSPOOFED LIES. Take it easy for a bit here... the key servers (by which I mean the PGP keyservers such as are run on toxicwaste.mit.edu and elsewhere) *don't provide any authentication*... all they provide is keys. If you trust a key because you got it from a key server, then you have perhaps misunderstood the concept of digital signatures -- you should be able to "validate" the key based on what's in it, not where you got it from. That said, if you or someone of similar interests wanted to provide a "true identity" key service, you'd simply have to create a key for that service, advertise it, convince people to belive that you really were doing a "true identity" service (this is the social side, not the technical side -- you can't convince them in purely electronic means any more than you can convince them you even *exist* in purely electronic means... but you can find some way of building *real world* trust that suffices...) and then start signing the keys of those you assert are "true people". And guess what -- Derek's key server, *and all the others*, would start carrying your signatures and keys. They wouldn't filter them out - it wouldn't be worth the trouble :-) and it would be against their mission which is to provide *keys* not *judgements*... >> so, Mr. Keyserver, considering that this (your?) software could be used >> TODAY to help build up a true identity system, why do you oppose using Please, sir, do not defame the people who are making your desires possible. Derek has *not* opposed letting *you* sign and publish lists of true-person keys. He's just brought up the practical point that he doesn't have time to do it (nor, perhaps, interest) as well as the technical point that keyservice has *nothing to do* with validity of keys. He's being generous and done everything you need for infrastructure -- all you have to do is identify real people and sign for them (or convince someone *you trust* to do so.) I hope this clears things up a bit. Noone is preventing this from happenning. (If I thought I could make money at it, enough to compensate for the hassle, I'd consider doing it myself... but it probably wouldn't be competitive with the RSA PCA's, as it usually takes a *lot* of money to convince me something is worth the hassle :-) _Mark_ ... or at least I might be... From cman at IO.COM Mon Nov 15 01:44:00 1993 From: cman at IO.COM (Douglas Barnes) Date: Mon, 15 Nov 93 01:44:00 PST Subject: S.Boxx v. L.Detweiler Message-ID: <9311150940.AA12988@illuminati.IO.COM> I'd like to mention for the record that I don't give a pair of dingo's kidneys whether S.Boxx and L.Detweiler are the same person. Whether they are, or not, it makes no difference. I'm sure in the twisty little passages (all different) that are LD's brain, he could easily have some justification for posting as S.Boxx. Or not. What's important to me is that I have associated with both a remarkably similar reputation, such that both entities have a substantially larger than ordinary burden to overcome to convince me of anything; if either said it was raining, I would pack an umbrella *and* sunscreen. This is how a sane person deals with the current sorry state of authentication on the net, possibly accompanied by actual work participating in research and coding to remedy this sorry state. -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 448-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From cman%IO.COM at triton.unm.edu Mon Nov 15 02:20:20 1993 From: cman%IO.COM at triton.unm.edu (Douglas Barnes) Date: Mon, 15 Nov 93 02:20:20 PST Subject: True Name keys In-Reply-To: <9311150706.AA03132@triton.unm.edu> Message-ID: <9311150925.AA12888@illuminati.IO.COM> > > If you were to get enough business, you could then just farm the > > whole thing out to a local notary/clerk type who would probably > > have more experience with identity documents, the work of other > > notaries, etc. > > And you would be force to trust him, also...and anyone else I may farm this out > to. Not this kid. ;^) Actually, as nice a guy as I'm sure you are, having worked in banking for many years, I'm more inclined to trust little blue-haired old ladies for tasks requiring meticulous attention to detail, than folks who are more like me. This is just another aspect of charging; it allows you to scale/extend the service beyond the point at which it holds any charm whatsover to a creative/leading edge type individual. I don't think you'll find much resistance if you let it be known that you will eventually hire/contract with a professional to do the ID validations. It will probably *improve* rather than detract from the popularity of your service. > > > Another thought: offer various levels of certification, based > > on the level of documentation. E.g., one level for xeroxes of > > id documents (you may just want to rule this out), another level > > for notarized copy of driver's licence, another for notarized > > copy of d.l. and birth certificate, etc. etc. > > I was thinking of issuing a signed certificate to the customer indicating > exactly why I signed his key. This could be presented to other people who > question my signature. As per my policy, which can be gotten via finger, I will > sign a key iff any of the following is true: > > 1. I watched him generate his key. > 2. I know the person by sight, and can verify his key. > 3. He proves, with picture id, in person, that the public key is his. > 4. He sends me a photocopy of his picture id and a signed statement > containing the pgp footprint of his key. > 5. His key is signed by someone whom I trust to sign keys. I wouldn't bother with most of these for a large-scale public service. #1 and #2 easily reduce to #3. #5 is something you don't want to get involved with, since the whole point is to let people make their own decision about whom to trust. Instead of signing keys signed by "good signers", you're better off periodically posting lists of signers who are known by each other to follow a certain set of standards, and leave it at that. Something like this is probably more practical: 1. Driver's license is presented in person to you or qualified staff. 2. Driver's license and two other ID from list are presented in person to you or qualified staff 3. Driver's license is presented in person to registered notary public and stamped certificate sent to you. 4. Driver's license and two other ID from list are presented in person to registered notary public and stamped certificate sent to you. I would avoid accepting xeroxes altogether; too easy to forge. -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 448-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From habs at panix.com Mon Nov 15 02:44:01 1993 From: habs at panix.com (Harry S. Hawk) Date: Mon, 15 Nov 93 02:44:01 PST Subject: Should we oppose the Data Superhighway/NII? Message-ID: <199311151042.AA19193@panix.com> The FCC can already regulate what is on any broadcast medium that is FCC regulated, (Tobacco Ads, for example). The ONLY way, IMHO, to have a national data highway (not regulated and thus censored by the FCC) is to have it operated by the post office. Since I don't want the government opperating any data network I feel the result will be freedom of "broadcast" IS DEAD. E.g., I can send Tim live porno from my home, but as soon as I make it available on a point to multi-point basis, the FCC steps in.... -- Harry S. Hawk - Extropian habs at extropy.org In Service to Extropians since 1991 From habs at panix.com Mon Nov 15 02:45:22 1993 From: habs at panix.com (Harry S. Hawk) Date: Mon, 15 Nov 93 02:45:22 PST Subject: Should we oppose the Data Superhighway/NII? Message-ID: <199311151041.AA19187@panix.com> I have stayed quiet on this topic but now feel I should put my views forward. 1) I feel the government, in this case and others, should never force the adoption of any particular technology (ISDN, ATM, etc) 2) While I am pro-market in the Extropian Way, I think that what we need from the government is the following: a) recognize that Cable and Telco are the same business b) set very minimum standards required for basic services (basic telco, basic cable (e.g., local broadcast channels) c) I don't see data as a basic service d) apply the same regulation to both companies. e) Let cable and telco compete head to head 3) Let the rich pay for it ;) There is this liberal idea that only the rich will get the "good stuff" That their kids will study on-line with Nobel prize winners while the poor kids will still be using chalk and erasers in the "slums." The same liberals what to raise taxes "on the Rich," so they can pay for things. I feel if you don't "push" for universal access the systems will be build that way anyway. They will cost $$$, and the "rich" will buy into it. As economies of scale and scope come into pay, the cost of these systems will come down and the poor will get it too. Thus, the rich have paid for it, and the poor have got it cheap. There is one problem with this. In NYC, the "POOR" are already bigger users of CLASS services (call waiting, three way dialing, etc.), and of Cable premium channels; no marketer is going to leave this group unwired. No one is going to do an Interactive Test Market in the Lower East Side, but trust me systems will be built there. -- Harry S. Hawk - Extropian habs at extropy.org In Service to Extropians since 1991 From szabo at netcom.com Mon Nov 15 04:24:01 1993 From: szabo at netcom.com (Nick Szabo) Date: Mon, 15 Nov 93 04:24:01 PST Subject: some pseudopool FUN In-Reply-To: <9311150645.AA24431@longs.lance.colostate.edu> Message-ID: <199311151223.EAA13250@mail.netcom.com> Given the many idiotic things already claimed by Detweiler, (including at one time or another, hotly accusing most list-active Bay Area cypherpunks of being "pseudospoofs" of each other, when all he had to do to verify our True Names was call), I don't know if it's necessary to point out Detweiler's own "pseudospoofing" and the forged quotations he is now throwing around. But despite his voluminous whoppers and mad slanders I've seen some folks actually taking some of his stuff seriously. So I just want to make sure everybody understands there's a head full of hypocrisy to go along with the head full of otherwise misfiring neurons: S.Boxx: > nobody is interested in preventing pseudospoofing here. >... Hi, Detweiler. I see here you're discounting your own voluminous posts on the matter. Typing in lower case doesn't hide your unique word choices, tone of voice, and opinions, and even the occasional slip by both of your 'nyms into UPPER CASE RANTS. Sorry to spoil your mad fun, but "CRIMINAL, TREACHEROUS PSEUDOSPOOFING" for rhetorical leverage just ain't as easy as you make it out to be. The practicum of always having to keep in mind the many ways you can screw up and reveal identity makes the practice severely self-limiting. For readers not familiar with the parties involved, I will point out some of the more obvious (to me) "pseudospooling", Detweiler's seemingly purposeful mixing up of quote attributions: > E.Hughes, on Pseudospoofing software > >... > >Tim May and I were talking about this a long > >time, and he just beat me to learning enough PERL to write the thing. It's highly improbable that Tim May would go anywhere near Perl, and it's also quite improbable Eric Hughes would have made such a gaffe. (Which just goes to show I _am_ Hughes and May, otherwise how could I know, eh Detweiler?) > Jamie Dinkelacker: > >I oppose using it in a bogus fashion because the software is not > >designed for such a use, there is absolutely no protection for it (any > >key can be added), because I, and all the other Keyserver admins,.... Jamie is quite talented in the business world, but again it's unlikely in the extreme that he has time and interest left over for administering key servers. > Nick Szabo: > >As an example, look at Ender's Game, where Ender's brother and sister > >get on the net under pseudonyms, and get treated just like everyone > >else. There is no biases. People are judged on their actions and > >words, not by who they are, how old they are, what they look like, or > >anything like that. Maybe you are blind, I don't know. I've never > >met you. And what's wrong with this is the most obvious to me, since I didn't say it. My own memory, recognition of my own style, and if all else fails my own archives are sufficient to quickly dispatch "pseudospooling" attacks against myself. On Usenet there are commonly disputes over false quotations (usually non-malicious misattribution due to the nesting mess, but not always). The reputation of the "pseudospooler" is *plonked* when they are found out, especially if they are malicious. In public it's practically impossible to get away with severely malicious misquoting, unless the victim is both quite isolated and of such bad repute that readers don't believe the archive he produces. It might be feasible to defame people behind their backs, by sending false quotations in mail to small numbers of third parties. There must be quite a bit of accumulated BBS, FidoNet, and Usenet lore on the matter; anybody have good war stories? By extrapolation the quotes attributed to Arther Chandler, Hal Finney, and Perry Metzger were also likely "pseudospools", many of which will be obvious to those falsely quoted or their freinds, or those who keep good archives. And alas for Detweiler, any attributions he makes in the future will be highly suspect, as will the appearance of newbies on the net who just happen to agree with him and sound like him in somewhat improbable ways. The only remaining paranoia I have on this matter is that Detweiler is really Tim May's most elaborate "Stealth Bomber" gimmick to date. If so, either AI (Artificial Insanity?) is vastly more advanced than I had thought, or ... (Detweiler, take over for me here!) Nick Szabo szabo at netcom.com From clark at metal.psu.edu Mon Nov 15 05:26:02 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Mon, 15 Nov 93 05:26:02 PST Subject: CIA Admits Timothy C. May Son of Sam! Pix at eleven! Message-ID: <9311151336.AA20239@metal.psu.edu> [ASCII crap straight from Fidonet deleted.] [Obligatory obscenity deleted, as I have not the time to flame this moron.] [Obligatory crypto reference: I hear the CIA has new cybernetic cryptography hardware; they're experimenting with cyborging, and evidently they stole this poor fool's brain; for obvious reasons, the experiment failed and we can conclude the existence of a vast CIA coverup by the total lack of public denials of the conspiracy. Another telling point is that there is absolutely no evidence of a conspiracy, which attests to the great skill with which they covered it up. In addition, Timothy C. May, if his middle name is in fact Cornelius, despite his lack of trying to hide this obvious clue; is obviously at the helm of the conspiracy to present himself as a countercultural figure, when in fact the letters of his name, when added in strict numerical order and with vast compilations of material only known to the devout studier of Sumerian metaphysics; in fact equals the hideous number 93985676! 93985676, as any fool knows, is the Number of the Beast when read as Hittite cuneiform writing! Obviously, as someone of my great knowledge can tell at a glance, Timothy May, the CIA and the so-called "cypherpunks," now revealed to be, in actuality Satanpunks, devoted to the overthrow of Mom, Apple Pie, and Everything Decent. May they burn in everlasting Hell for their blasphemous, devious, internetworked conspiracy of hatred, and may they pay for their perfidy in multilevelled torture chambers filled with mud, stinging acid and vipers! Now you'll pardon me. I must go. I hear a knock at the door, and it could be the dreaded Eric Hughes himself, who is STEALING MY THOUGHTS with MICROWAVES!] ---- Robert W. F. Clark PGP Key Available Upon Request rclark at nyx.cs.du.edu clark at metal.psu.edu From m5 at vail.tivoli.com Mon Nov 15 06:00:29 1993 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 15 Nov 93 06:00:29 PST Subject: The Courtesies of Cypherpunks In-Reply-To: <9311130846.AA19291@longs.lance.colostate.edu> Message-ID: <9311151355.AA00502@vail.tivoli.com> Ken McGlothlen writes: > ld231782 at longs.lance.colostate.edu ("L. Detweiler") rants: > | I owe no courtesy ... > > More ludicrousness.... You know, while resisting the temptation to respond to Mr. Detweiler (my rational self knows it's pointless, but my ire is raised), I've begun to wonder whether this sort of psychosis is an anomaly or if it'll be more common as the net becomes accessible to more and more people. We've all worried about various types of regulations on traffic which may be proposed or imposed as the net becomes more common. What if this type of paranoia crops up more frequently? (Indeed, it may have happened many times in the past; Mr. Detweiler is just very "loud" about it.) Is it likely that there are a lot of people on shaky emotional footing who'll lose their grip when faced with the new sociological paradigms of electronic communities? And, most importantly, should I be chastised for using cypherpunks bandwidth for my musings? :-) If so, I'll here make a lame attempt to redeem myself by giving a preliminary thumbs up to the "Applied Cryptography" text by Bruce Schneier. I picked up my copy over the weekend, and it looks like a winner. -- Mike McNally From szabo at netcom.com Mon Nov 15 06:05:29 1993 From: szabo at netcom.com (Nick Szabo) Date: Mon, 15 Nov 93 06:05:29 PST Subject: The Contortions of Cypherpunks In-Reply-To: <9311142347.AA17045@longs.lance.colostate.edu> Message-ID: <199311151405.GAA17054@mail.netcom.com> L. Detweiler: > Give specific evidence to support your claim or retract it. Uncle! I retract my claim! I'm not me! My abject apologies for being a traitorous criminal pseudospoof, deluding even myself in the process! (Very good VR tech they've got here!) Detweiler, I don't know what is wrong with you, but there are quite a few cypherpunks nearby in Colorado; many of them know know many of us. Several of us whom you have explicitly or strongly implicitly accused of being "pseudospoofs" have violated their own desire for privacy and sent you their phone numbers. Some post them publicly as a matter of course. (Have you returned the favor? Does anybody know Detweiler's phone number?). You seem to lack all conception of how completely silly your accusations look from the perspective of a Bay Area cypherpunks meeting, with all us "tentacles of Medusa" overfilling a largish meeting room, jokingly speculating about who will be detweiled next. With less altruism than some fellow "tentacles", I have decided I don't trust you with anything more than I already give out by posting my True Name to the net. In hindsight, even my True Name is probably too much trust with people like you in the world, who would subject cultural practices they do not understand to the extreme violent retribution consequent of something being a crime or treason. If I may engage in some detweiling myself, a long overdue return of volleys: The damage that can be caused by the demogaugic stalkers of the world is vastly greater than can be caused by swaying a few peer pressure prone readers here and there with "pseudospoofing". As if a centralized news media, politic polls, etc. don't already sway follow-the-crowd types to a degree vastly surpassing anybody's capabilities on the net. The desire to keep track of identity may sound innocent enough, but behind the rhetoric of "accountability" looms the bloody claws of violent politics, the quest to create a centralized identity enforcement agency, a net-based panoptic extortion racket with a potential for tyrrany surpassing anything the world has has yet seen. Do you doubt Detweiler favors such an outcome over the dreaded "pseudospoofing"? I'll be happy to forward Detweiler's posts in imp-interest on the matter, assuming everybody's not grown long since tired of these rants. And with that bit of my own detweiling I will myself retire from the field, lest detweilosis be contagious. Nick Szabo szabo at netcom.com From nfe at scf.nmsu.edu Mon Nov 15 06:10:29 1993 From: nfe at scf.nmsu.edu (nfe at scf.nmsu.edu) Date: Mon, 15 Nov 93 06:10:29 PST Subject: Destroying data Message-ID: <9311151407.AA22433@NMSU.Edu> Philippe D. Nave, Jr. writes: >Thermite grenades are pretty simple; ... NOT! Anyone really wanting to try this should hang out on rec.pyrotechnics for awhile, but for the truely foolhardy here are some tips and thoughts: 1) Thermite is extreamly hard to ignite, so requires an igniter. Most home made igniters are extreamly unstable (do you really want the thing off accidently (bump it, static charge, RF energy, etc)? 2) 50:50 mix of AL and iron oxide will probably work, but best to look up a really ballenced % for the best mix. btw: was that by volume or weight?, there is a slight difference :) 3) in general, the finer the powder, the better. ball mill it if you can. 4) iron oxide has this strainge tendency to hold magnetic charges, do you REALLY want that near your HD? 5) for best results, the thermite charge should achive a completly molten state before the slag begins it's decent to the target, otherwise it waste's part of it's payload. The best homebrew way to do this is by making a cylinder of firebrick dust (hard or soft) and high temp epoxy (ceramics are also good), with a quarter sixe hole in the bottom. umm that's like a cylinder with one end cap'd, maybe 4-8" on diameter. cover the hole in the bottom with a thick piece of sheet metal, or copper, or something. Attach some sticks, or rebar, etc to form legs and offset about 1.5 to 3 inches for better penetration. (probably not necessary for electronic equipment) 6) on loading - best done near where you want to use it - alot of moving/ shaking will tend to make the heavier iron oxide settle to the bottom and you won't get as good of a burn. 7) don't tamp it! - it needs that O2 between the flakes of powder. Now that you all know more than you really wanted to about thermite, does anyone know of a good recipe for a magnetic bomb? - you know, something with abit of oomph! ? -n From pmetzger at lehman.com Mon Nov 15 06:20:28 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Mon, 15 Nov 93 06:20:28 PST Subject: The Courtesies of Cypherpunks In-Reply-To: <9311151355.AA00502@vail.tivoli.com> Message-ID: <9311151417.AA11341@snark.lehman.com> Mike McNally says: > We've all worried about various types of regulations on traffic which > may be proposed or imposed as the net becomes more common. What if > this type of paranoia crops up more frequently? (Indeed, it may have > happened many times in the past; Mr. Detweiler is just very "loud" > about it.) Is it likely that there are a lot of people on shaky > emotional footing who'll lose their grip when faced with the new > sociological paradigms of electronic communities? It will happen, but good filtering agents can stop it from becoming annoying. Perry From paul at poboy.b17c.ingr.com Mon Nov 15 06:30:30 1993 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Mon, 15 Nov 93 06:30:30 PST Subject: S. Boxx == L. Detwiler Message-ID: <199311151427.AA19471@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- It should be evident; at least I'm convinced. The recent discussion on programs to automatically search for similarities in texts of different authors led me to think back on the collected works of Detwiler and Boxx. This is not sufficient evidence to stand up in court (or in the RISKS Digest), but I offer it for your consideration. There are some unique and characteristic signatures in material from both authors: - writing style: frequency of use of $10 words excessive use of modifiers excessive use of parenthetical phrases - lack of periods between initials and names (e.g. "T.C.May") - consistent use of initials instead of names (see above; no other entity on this list that I recall does so.) - ADJECTIVES and ADVERBS are capitalized for emphasis So, L.Detwiler: are you the snake, or just a tentacle? Of course, maybe S. Boxx is just Eric pretending to be Tim, who is pretending to be you. Or, maybe it's those damn Libertarian Nazi abortionists. I don't know. Wishing the coffee house had a bouncer, - -Paul - -- Paul Robichaux, KD4JZG | Caution: cutting edge is sharp. Avoid contact. Intergraph Federal Systems | Be a cryptography user - ask me how. ** Of course I don't speak for Intergraph. ** -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOeQtyA78To+806NAQE54wQAo3GRAhtt8Ls9lr5U1KHfrw2+by7DziEQ XtcQb2edMnMuwkiY37sz2DrLO2dRX0+SCx7AJv/V5gOoV1c8UlUE1fDhwp5g6pKK +mCmXR+TrbgxDzD+QZ5INiFV4n1oSvmFGi5+/hKOnhyDyl6gH/w2RTxpX2rkRn4z idR028mIKZs= =jldp -----END PGP SIGNATURE----- From paul at poboy.b17c.ingr.com Mon Nov 15 06:41:05 1993 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Mon, 15 Nov 93 06:41:05 PST Subject: Key Servers In-Reply-To: <9311150550.AA23351@longs.lance.colostate.edu> Message-ID: <199311151440.AA19694@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- > >4) (optionally) provide a service mapping from keys -> Real Names, > > for the ultra-paranoid. > you have just classified 99.9 % of the population as `ultra paranoid'. > But that .1% of the degenerates have never understood the idea of > civility anyway. You have made some contributions to the net in the past. I will try to proceed without calling names or poking fun. The fact that PGP doesn't bind True Names and keys is not important to me, nor to many others like me. I go by the code of the Old West: a man's reputation is established by what he does. Period. In our case, that equates to "an entity's reputation is established by the content of its posts." Real identity just isn't important. For example, Wonderer has established itself as a smart, literate, eager-to-learn entity. I look forward to its posts, and I don't care who owns that pseudonym. The content is important, not the source. - -Paul - -- Paul Robichaux, KD4JZG | Caution: cutting edge is sharp. Avoid contact. Intergraph Federal Systems | Be a cryptography user - ask me how. ** Of course I don't speak for Intergraph. ** -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOeUaSA78To+806NAQGEzAP/QREwLyHRxDAOjSBg5x5FxunOJtBUg7am SCutuPEhZQ0ygRt2LAi2b6peU03ZWPw/TRRCWdlO2NqmgKcJW+nqbcdz4jt0Ocqi uzrcWcVAq0/8QniNH6avdrog5H90TN9WhRCWzrLJpaDGg6Hsc4cM/VCLsUY1xx3s mIa9l5ERYV8= =SlFR -----END PGP SIGNATURE----- From an41418 at anon.penet.fi Mon Nov 15 06:50:31 1993 From: an41418 at anon.penet.fi (wonderer) Date: Mon, 15 Nov 93 06:50:31 PST Subject: Key Servers Message-ID: <9311151445.AA12745@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- I don't see what you mean by key servers for only true names. How do you know that a true name isn't just a false identity created with a real account on some system? How do you differentiate a true name from a unix account? Wonderer -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLOeQFx1kTJuroDD9AQFxbQH/f7Y4uj4xn2eeWFoTmu8Aahp2FxG+7ShV uAvvRpUWkE2Ay9MdB4lKCSjNv5cO92DwbcWRoZgbI7hPJGAe7za37A== =IBrC -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From pmetzger at lehman.com Mon Nov 15 07:10:31 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Mon, 15 Nov 93 07:10:31 PST Subject: Destroying data In-Reply-To: <9311151407.AA22433@NMSU.Edu> Message-ID: <9311151505.AA11359@snark.lehman.com> nfe at freedom.nmsu.edu says: > 7) don't tamp it! - it needs that O2 between the flakes of powder. This inaccuracy alone demonstrates that you don't know what you are talking about. Perry From jef at ee.lbl.gov Mon Nov 15 07:40:30 1993 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Mon, 15 Nov 93 07:40:30 PST Subject: Destroying data Message-ID: <9311151537.AA19352@ace.ee.lbl.gov> >1) Thermite is extreamly hard to ignite, so requires an igniter. Most > home made igniters are extreamly unstable (do you really want the thing > off accidently (bump it, static charge, RF energy, etc)? KNO3+sugar works fine. >2) 50:50 mix of AL and iron oxide will probably work, but best to look up > a really ballenced % for the best mix. btw: was that by volume or > weight?, there is a slight difference :) By weight. >3) in general, the finer the powder, the better. ball mill it if you can. The iron oxide you get from ceramics supply places is plenty fine enough. DO NOT ball mill the aluminum, it can explode. If you're not a minor, chem supply places should be willing to sell you 200-mesh Al, which works fine. >7) don't tamp it! - it needs that O2 between the flakes of powder. Not as far as I know. Personally I'd rather use some sort of cryptographic file system, with the key stored in volatile memory. Connect the power switch to your perimeter sensors and you're safe. Thermite sounds macho but the reality is messy and dangerous. Do you really want to risk a false alarm? --- Jef From wak at next11.math.pitt.edu Mon Nov 15 07:55:29 1993 From: wak at next11.math.pitt.edu (walter kehowski) Date: Mon, 15 Nov 93 07:55:29 PST Subject: mailing software Message-ID: <9311151555.AA19558@next11.math.pitt.edu> Cypherpunks, Could someone send to me a list of software that expedites the processing of large amounts of e-mail? I'm on a next computer now and the browser, sorting, and mailboxes are very convenient. I won't always be using the next, though, and I'd like to start learning what the options are. Thanks, Walter A. Kehowski From cfrye at ciis.mitre.org Mon Nov 15 07:55:39 1993 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Mon, 15 Nov 93 07:55:39 PST Subject: LD Admits he is S.Boxx (oops!) Message-ID: <9311151601.AA09373@ciis.mitre.org> Kudos to Mike Ingle for his diligent record keeping and powers of observation. As much as I like the computational solution for these problems, there's no substitute for documenting a mistake that blows somebody's cover. Curtis D. Frye cfrye at ciis.mitre.org "If you think I speak for MITRE, I'll tell you how much they pay me and make you feel foolish." From gtoal at an-teallach.com Mon Nov 15 09:24:02 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 15 Nov 93 09:24:02 PST Subject: "Root Canal" questions Message-ID: <7832@an-teallach.com> In article <00541.2835966052.614 at washofc.cpsr.org> dsobel at washofc.cpsr.org writes: > "Root Canal" questions > BTW, anyone have ideas about that name!? Having just been through this procedure (UK National Health, $70), I can tell you - It's all about *Deep Drilling*. Presumably for data, in this case. And it hurts. G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From mnemonic at eff.org Mon Nov 15 09:30:31 1993 From: mnemonic at eff.org (Mike Godwin) Date: Mon, 15 Nov 93 09:30:31 PST Subject: Destroying data In-Reply-To: <9311151537.AA19352@ace.ee.lbl.gov> Message-ID: <199311151622.AA05473@eff.org> Jef Poskanzer writes: > >7) don't tamp it! - it needs that O2 between the flakes of powder. > > Not as far as I know. Surely Jef's right about this--isn't the oxygen for combustion already present in the compounds? --Mike From cman at IO.COM Mon Nov 15 09:31:07 1993 From: cman at IO.COM (Douglas Barnes) Date: Mon, 15 Nov 93 09:31:07 PST Subject: Info on L.Detweiler In-Reply-To: <199311151405.GAA17054@mail.netcom.com> Message-ID: <9311151727.AA17924@illuminati.IO.COM> > post them publicly as a matter of course. (Have you returned > the favor? Does anybody know Detweiler's phone number?). You Here's some info folks might appreciate (all numbers area code 303, unless otherwise noted): Lance is the college of engineering subdomain. Scott Douglas (lance sysadmin) scott at lance.colostate.edu 491-7954 College of Engineering Dean's Office: 491-6603 (Dr. Jorge Aunon) Vice President, Student Affairs (discipline): 491-5312 (Keith Miser) ACNS switchboard (Computation center) 491-5133 (Gary Edelen) ACNS Consulting Desk 491-7276 CSU Information 491-1101 Degree Verification 491-7159 Hold off for a bit on these numbers; it's still not clear who (if anyone) is really responsibile for him now. I had a very productive talk with Gary Edelen who (like me) is not pleased that state funds are going to subsidize someone's highly disruptive, insane, quasi-religious rants; he's contacting Scott Douglas, who is apparently the administrator of record for the lance subdomain. Lawrence Detweiler was awarded a BS in Engineering Science in Spring of 1993. LD's finger: ------------ Notes: He is no longer listed with student information or as a staff/faculty member, nor is he listed with 303 directory; there is no L. Detweiler listed in Fort Collins anymore, or in Denver/Boulder, although there is a Jeff Detweiler listed in the 1991 phone book; a call to 498-8278 got an answering machine, 491-5893 forwards to the Kater Laboratory Optical Core. The 1-5893 number is for the Department of Anatomy, Dennis Giddings (staff member). LD apparently worked for the Kater Laboratory as an hourly student. Rene Olson (491-6849) used to be his supervisor, but could not be reached for comment. --------------------------------- [longs.lance.colostate.edu] Login name: ld231782 In real life: L. Detweiler Phone: 15893, 498-8278 Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh Most recent logins: parry Fri Nov 12 22:20 mears Thu Nov 11 15:42 jenkins Sat Nov 13 21:11 casco Mon Nov 15 01:02 Never logged in. No Plan. -------------------------------- Note that this is just the easy stuff, I have folks digging deeper. More to come... -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 448-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From thug at phantom.com Mon Nov 15 10:30:31 1993 From: thug at phantom.com (Murdering Thug) Date: Mon, 15 Nov 93 10:30:31 PST Subject: "Root Canal" questions In-Reply-To: <7832@an-teallach.com> Message-ID: > In article <00541.2835966052.614 at washofc.cpsr.org> dsobel at washofc.cpsr.org writes: > > "Root Canal" questions > > BTW, anyone have ideas about that name!? > > Having just been through this procedure (UK National Health, $70), I can > tell you - It's all about *Deep Drilling*. Presumably for data, in this > case. And it hurts. > > G > -- > Personal mail to gtoal at gtoal.com (I read it in the evenings) > Business mail to gtoal at an-teallach.com (Be careful with the spelling!) > Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 Having just been informed that I'm to undergo this procedure in 4 days time, I really really appreciate you telling me that it hurts. Seriously, I think "Root Canal" must mean what it says. Root Canal. A canal is a channel, a pathway. Root, in unix terminoligy means one who can read anything on a system. Thus Root Canal would allow the FBI to have a channel with full read privilages to all information in a system, namely the phone system. Root Canal therefore is the same as Big Brother in Orwellian terminology. Thug From tcmay at netcom.com Mon Nov 15 10:36:08 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 15 Nov 93 10:36:08 PST Subject: LD Admits he is S.Boxx (oops!) In-Reply-To: <9311151601.AA09373@ciis.mitre.org> Message-ID: <199311151836.KAA27620@mail.netcom.com> > Kudos to Mike Ingle for his diligent record keeping and powers of > observation. As much as I like the computational solution for these > problems, there's no substitute for documenting a mistake that blows > somebody's cover. > > Curtis D. Frye The S. Boxx = LD correlation has been obvious for several weeks. In one notable case, S. Boxx quoted directly from private mail that had been sent by Eric Hughes to L.D. When confronted by this, L.D. waffled a bit and then mumbled something about "of course cooperating with my colleague S. Boxx." For the next several days he was careful to make casual references to "my colleague." As someone else told me, L.D. is a true casualty. I'm trying to avoid discussing his situation on the List. The whole matter has probably already driven people off the List, and more folks may be on the verge. They joined the List to talk about the stuff we are supposed to be discussing, and instead they get a dozen rants a day from Detweiler and as many followups flaming him. ObCrytp Note: Just got the English translation in paperback of the Japanese-published "Encyclopedic Dictionary of Mathematics," a large 2-volume set with detailed articles on many branches of math. If the math talked about in crypto is sometimes obscure to you, check this out. The cost is $59, a real bargain these days. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From pmetzger at lehman.com Mon Nov 15 10:54:00 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Mon, 15 Nov 93 10:54:00 PST Subject: Destroying data In-Reply-To: <199311151622.AA05473@eff.org> Message-ID: <9311151850.AA11608@snark.lehman.com> Mike Godwin says: > > Jef Poskanzer writes: > > > >7) don't tamp it! - it needs that O2 between the flakes of powder. > > > > Not as far as I know. > > Surely Jef's right about this--isn't the oxygen for combustion already > present in the compounds? Of course. Thats what the iron oxide is for -- its oxidizer for this reaction. However, is this really cypherpunks material? .pm From strat at tonto.ksu.ksu.edu Mon Nov 15 11:46:08 1993 From: strat at tonto.ksu.ksu.edu (Steve Davis) Date: Mon, 15 Nov 93 11:46:08 PST Subject: LD Admits he is S.Boxx (oops!) In-Reply-To: <199311151836.KAA27620@mail.netcom.com> Message-ID: <9311151945.AA06471@tonto.ksu.ksu.edu> >From the keyboard of Timothy C. May: > The S. Boxx = LD correlation has been obvious for several weeks. Who cares? Use procmail. Put these lines in your .procmailrc: ---------------------------------------------------------------------- ^From[ :].*L\..Detweiler /dev/null ^From[ :].*ld231782@*.lance.colostate.edu /dev/null ---------------------------------------------------------------------- This helps the signal to noise ratio quite a bit. ObCrypt: I'm looking for info on designing a distributed encrypted filesystem. Any pointers? -- Steve Davis (strat at cis.ksu.edu) Kansas State University In general, they do what you want, unless you want consistency. -- Larry Wall in the perl man page From hfinney at shell.portal.com Mon Nov 15 11:54:01 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Mon, 15 Nov 93 11:54:01 PST Subject: Portable crypto code Message-ID: <9311151952.AA03070@jobe.shell.portal.com> One thing that frustrates me is the difficulty of easily providing implementations of cryptographic algorithms that would be useful on a wide range of machines. A lot of these algorithms are really simple, almost trivial. Yet to write programs to implement them takes pages and pages of code, and making them portable so that people on PC's, Mac's, and Unix machines can use them is almost impossible. Take the simple Chaum cash we have discussed here a few times. The user picks a random x and a random r, calculates r^3*f(x) where f is some one-way function, and sends it to the bank. The bank takes the cube root and sends it back, then the user divides by r. That's pretty simple. Yet to actually implement software to perform these steps raises a host of complications. First, we want to choose a "random" x and r in the range 0..m-1, where m is the bank's public key modulus. But we want these to be strong, unguessable random numbers. We need an unpredictable RNG, and we need to seed it. There are various URNG's that are provably as strong as breaking factoring, discrete logarithms, and such, so these would have to be implemented (as before, most are conceptually trivial). Or you could run DES or IDEA in a feedback mode and take bits from there, for a little less security but more speed. For seeding the RNG you could do like PGP does and retain random numbers from earlier runs, mixing in new randomness when feasible; you could do like RIPEM and scan disk partitions hoping for randomness (I think RIPEM has a lot of other ways of looking for entropy); you could use hardware features like /dev/audio or the free-running, high-speed timers some PC's have; you can get the user to click the mouse or type keys at random. OK, we've got our random numbers. Now we want a one-way function. Again, there are several choices: MD4 and MD5 from RSA; the Secure Hash Standard NIST is pushing; Ralph Merkle's (I forget the name); others based on conventional ciphers like DES or IDEA. Implementations of these are probably available, but portability is a question mark. Now we need a multi-precision math package. We may have needed one for the URNG, too. There are a lot of libraries available in source code for these, but not many of them will work with 16-bit ints, and are tested on DOS and Mac's as well as Unix. Finally, to send the data around, we may want to convert to and from ASCII, and once again there are a lot of choices, but perhaps not too many portable libraries. I suppose RFC1113 and MIME, which are similar but not quite identical, would be the encodings of choice. The point I'm getting to is that it would be nice if all this were done ONCE, and a library made and tested which would work on a wide range of machines. Entry points for one-way functions, multi-precision arithmetic, unpredictable random numbers, conventional encryption, and ascii conversions could all be provided. Multiple alternatives would be supported as much as possible and it should not be difficult to add more as time goes on. Once you had such a library, it would be possible to add a user interface to allow interactive use of the routines. It could be as simple as the Unix "bc" program where you can say "x = y*z" to do arithmetic, or perhaps "x = md5(y)" to call a one-way function. Or the library could perhaps be linked into perl or some other high-level program (does mathematica have hooks for compiled user code?). The nice thing is that since most of the compute time is spent doing the MP arithmetic in these algorithms, an interpreted system which calls compiled libraries can be as efficient as a purely compiled program. I know that others here have made similar proposals in the past, but I have not heard of many results. I'd like to hear more about whether these efforts have produced anything that could be incorporated. It would also be good to hear suggestions for specific existing packages that would meet the portability requirements. I've looked at a couple of MP packages from ripem.msu.edu but so far I haven't had much luck running them under DOS. Perhaps a project like this could allow progress to be made more easily toward cypherpunk goals. By providing a toolkit to programers newly interested in cryptography people will be able to try out ideas more easily without having to re-invent the wheel each time. Let me know if you would be interested in participating in this effort. Hopefully a lot of the pieces already exist and it will just be a matter of pulling them together. Hal Finney hfinney at shell.portal.com From strick at osc.versant.com Mon Nov 15 12:00:31 1993 From: strick at osc.versant.com (henry strickland) Date: Mon, 15 Nov 93 12:00:31 PST Subject: Against limiting free speech on public networks In-Reply-To: <9311151727.AA17924@illuminati.IO.COM> Message-ID: <9311151956.AA22553@osc.versant.com> # ... who (like me) is not pleased # that state funds are going to subsidize someone's highly disruptive, insane, # quasi-religious rants; ... Censoring public nets from unpopular viewpoints is not what cypherpunks should be advocating. If we cannot practice either tolerance or inbox-filtering in our own group, we cannot expect the rest of the world to agree with our ideas for free speech nets. strick From tcmay at netcom.com Mon Nov 15 12:04:01 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 15 Nov 93 12:04:01 PST Subject: EDM--Encyclopedic Dictionary of Mathematics Message-ID: <199311152002.MAA09406@mail.netcom.com> I've gotten a few requests already for info on the book I mentioned. I usually avoid giving ISBN numbers for folks to order a book sight unseen--if they're going to spend $50-70 for a book, they at least ought to flip through it in person and see if they really want it. (Sidenote: Must be the electronic age...often when I mention a paper on something, I get notes asking me where it's available online! I admire these Net-dwellers (no relation to Detweiler!), but the fact is that most of the good stuff is only in print. The reasons are many.) Anyway, here's the EDM info: > > > ObCrytp Note: Just got the English translation in paperback of the > > > Japanese-published "Encyclopedic Dictionary of Mathematics," a large > > > 2-volume set with detailed articles on many branches of math. If the > > > math talked about in crypto is sometimes obscure to you, check this > > > out. The cost is $59, a real bargain these days. > MIT Press, ISBN 0-262-59020-4 (paperback), "Encyclopedic Dictionary of > Mathematics," Second Edition, edited by Kiyosi Ito, 1993. For $59, a real bargain. But if you don't have a fairly good crypto library (Schneier, especially, and perhaps Denning, Salomaa, Brassard, Simmons, etc.), then you'd probably do better to get some of them first. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From gtoal at an-teallach.com Mon Nov 15 12:14:01 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 15 Nov 93 12:14:01 PST Subject: Info on L.Detweiler Message-ID: <7911@an-teallach.com> In article <9311151727.AA17924 at illuminati.IO.COM> cman at io.com "Douglas Barnes" writes: > Here's some info folks might appreciate (all numbers area code > 303, unless otherwise noted): Oh for christ's sake, knock it off! If the poor bastard really is going through a paranoid phase (and I'll bet there more of us on this list who've been there than would care to admit it) this is just the sort of thing to push him over the edge. If you can't ignore him, install procmail and put him in your killfile. If you escalate this into a petty netwar, just think how hard it's going to be for him when he finally starts to get over it. Would _you_ want to be in that position? I suppose someone posting from a site called 'Illuminati' thinks this is all very funny. I don't. Neither would you if you were above the age of 14. G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From nowhere at chaos.bsu.edu Mon Nov 15 13:44:01 1993 From: nowhere at chaos.bsu.edu (Chael Hall) Date: Mon, 15 Nov 93 13:44:01 PST Subject: UNIX: Chaos Gains Reliability Message-ID: <199311152234.QAA02431@chaos.bsu.edu> Hello, all, I am about six-thousand messages behind on the cypherpunks list, but I just wanted to tell everyone that I *finally* got a reliable kernel last night. The patch to my hard drive driver has been installed and verified to be avoiding the hang problems that chaos had. The system maintenance schedule has likewise been modified. It now reboots only at 5 am daily. If it holds up this week, I will change the reboot schedule to once a week (probably Sunday or Monday morning at 5 am CST). If anyone is interested in an account on chaos, they are freely available granted you have a good reason (i.e., intend to write code, be a productive user, etc.) by request. Telnet to chaos.bsu.edu (147.226.53.28) and login as guest (all lowercase). It will direct you through the account request procedure. **IMPORTANT** Chaos has very limited disk space (200 MB) right now. The planning committee has decided that once a reliable kernel has been installed (which I believe was yesterday), we would begin to solicit donations for an additional 500+ MB of storage. The deal is (and I think this is pretty fair), once the users have raised enough to pay for half of the new hard drive, I will chip in the rest. Anyone who donates money toward the acquisition of a new hard drive will be given extra space on the new drive (we haven't quite decided how it will be done, but two plans are: give donated users write access to an additional partition OR move their home directory to the new partition). Either way, all non-donated users will be the recipients of a brand-spanking-new QUOTA! I'm sorry, there just isn't the space. Oh, another thing, when the new drive arrives, it will supplement what is already there. The old hard drive will not be removed. Any comments? Reply in e-mail, this is not particularly relevant to cypherpunks. BTW, what does everyone think of the gopher site? I'm going to work on the FTP/NFS site some more one of these days. Chael Hall -- nowhere at chaos.bsu.edu nowhere at bsu-cs.bsu.edu chall at bsu.edu 00CCHALL at bsuvc.bsu.edu From erc at khijol Mon Nov 15 13:45:37 1993 From: erc at khijol (Ed Carp) Date: Mon, 15 Nov 93 13:45:37 PST Subject: Info on L.Detweiler In-Reply-To: <7911@an-teallach.com> Message-ID: > I suppose someone posting from a site called 'Illuminati' thinks > this is all very funny. I don't. Neither would you if you were > above the age of 14. I found the whole thing boring and very tiresome. People here need to grow up. Get a life. While some start and perpetuate flame wars, and take great delight in screwing with other people, the NSA/FBI/NIST is sitting back and laughing their heads off. Stop wasting your energy fighting each other and concentrate on the REAL threat. -- Ed Carp, N7EKG erc at wetware.com 510/659-9560 an38299 at anon.penet.fi, anon-1157 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From lefty at apple.com Mon Nov 15 14:10:40 1993 From: lefty at apple.com (Lefty) Date: Mon, 15 Nov 93 14:10:40 PST Subject: The Contortions of Cypherpunks Message-ID: <9311152015.AA19620@internal.apple.com> >N.Szabo in RISKS > >>I'd like to assure the readers of RISKS that I am in fact a unique person, >>distinct from the other names L. Detweiler listed. Of the people on his list >>I know from personal contact, all are distinct people in Real Life(tm). > >Give specific evidence to support your claim or retract it. Who do you >know from personal contact? What do you mean that you are `distinct >from other names'? I have had lunch with both Tim May and Nick Szabo, and can verify that they simultaneously sat in different seats, wore different clothes, ate different lunches, and had different quantities of facial hair. I have, further, had lunch with Perry Metzger on another occasion and will testify that he is, to the best of my ability to ascertain, neither of the aforementioned people. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From wcs at anchor.ho.att.com Mon Nov 15 14:20:38 1993 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 15 Nov 93 14:20:38 PST Subject: Key Servers and True Names Message-ID: <9311152214.AA02136@anchor.ho.att.com> "L. Detweiler", or someone using his name, is a bit confused about what keyservers are for - they're a convenience for making keys readily available, and reducing the chances of getting a spoofed key. The way to do a True Name Users Group is through key certification - create a key called "L. Detweiler's True Name Certifier " and use that key to sign keys for people who present real, non-forged authentication papers, signed statements, or whatever credentials you trust for demonstrating True Names. People can add that signature to the list of signatures they haul around on their public key. I normally only use variants on my real name, with the exception of one nym I use for anonymous posting, which is clearly a non-real name, except when I'm using someone else's name for humor value, or bogus names for junk mail reduction/identification (e.g. Time Stewart or Junk Mail Stewart). John Doe # Bill Stewart Old address: wcs at anchor.ho.att.com AT&T Bell Labs, Holmdel, NJ # After 10/15, NCR, 6870 Koll Center Parkway, Pleasanton CA, 94566 # Voice/Beeper 510-224-7043, Phone 510-484-6204, email bill.stewart at pleasantonca.ncr.com From tcmay at netcom.com Mon Nov 15 14:50:37 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 15 Nov 93 14:50:37 PST Subject: DC-Nets In-Reply-To: <199311152116.AA15101@tramp.cc.utexas.edu> Message-ID: <199311152248.OAA27432@mail.netcom.com> Jim McCoy has asked me about the DC-Nets references I have cited. Here they are. The seminal Chaum articles are not cited--the main one has been posted to this List more than once. Clearly the Eurocrypt '89 book is the one to get. If your library does not carry it, Springer-Verlag (1-800-SPRINGE) can ship it (and please don't write to me asking for the ISBN!). Also, "Computer Literacy Bookstore" in Sunnyvale (408 area code) usually has a bunch of these Proceedings in various years and can also ship. Disruption is the main problem addressed in these papers. Given the malicious disruption we've seen on our List lately, it is of course a very real problem. Even more so if and when DC-Nets get deployed and some agents/entities seek to automate the disruption process (a likely prospect, given the way they work). A reminder to you all, even though I am not myself working on DC-Nets (trying to program them in Mathematica is pointless, I think), that there are several groups currently interested in DC-Nets: * Jim McCoy and the Austing group (I think they run the DC-Net mailing list...I'm on too many mailing lists, so I skipped this one) * Henry Strickland (Strick) is interested, has plans, and is putting together his crypto toolkit in TCL. * Yanek Martinson, of whom little has been hear lately, was once hot on doing this, and even got a basic DC-Net running. Anyway, here are some important references: - J. N. E. Bos and H den Boer, "Detecting Disrupters in the DC Protocol," Eurocrypt '89, pp. 320327. - M. Waidner and B. Pfitzmann. "The Dining Cryptographers in the Disco," Eurocrypt '89, p. 690. - A. Pfitzmann and M. Waidner, "Networks without User Observability," Computers and Security 6 (No 2, April 1987), pp. 158-166. - B. Pfitzmann and A. Pfitzmann, "How to Break the Direct RSA-Implementation of Mixes," Eurocrypt '89, pp. 373-381. (In case you're curious, the Pfitzmanns are husband and wife.) - J. N. E. Bos, "Disruption and Synchronization in Untraceable Sending," in "Practical Privacy," the 1992 Ph.D. thesis of Bos. Technische Universiteit Eindhoven (Netherlands). (This little book is not published, in purchasable form. The relevant chapter was included in the Xeroxed handout at the first Cypherpunks meeting. You might be able to get the book by contacting Eindhoven directly.) --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From kovar at nda.com Mon Nov 15 14:56:11 1993 From: kovar at nda.com (David Kovar) Date: Mon, 15 Nov 93 14:56:11 PST Subject: Against limiting free speech on public networks In-Reply-To: <9311151956.AA22553@osc.versant.com> Message-ID: <199311152255.RAA15471@nda.nda.com> > If we cannot practice either tolerance or inbox-filtering in our own > group, we cannot expect the rest of the world to agree with our ideas > for free speech nets. Worse, you can't convince anyone new to the list that you're not just a group of children with large egos and complex privacy enhancing toys. I've seen a few well written messages in this group and some pointers to interesting information, but by far the most volume on this list, and the xtropians list for that matter, has been petty bickering. I had higher hopes .... -David From wcs at anchor.ho.att.com Mon Nov 15 15:06:11 1993 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 15 Nov 93 15:06:11 PST Subject: BAY AREA: Schneier Book gone from Cody's Message-ID: <9311152059.AA01040@anchor.ho.att.com> (If we had a newsgroup instead of a mailing list, I could send this to ba.cypherpunks instead) I got their last one about 5pm Sunday; when I went to the information desk to ask if they had it, the clerk's response was along the lines of "Cryptography - oh, the blue one? It's been really selling hot - we just got tehm in this morning and you're getting the last one." Bill From arthurc at crl.com Mon Nov 15 15:09:12 1993 From: arthurc at crl.com (Arthur Chandler) Date: Mon, 15 Nov 93 15:09:12 PST Subject: Info on L.Detweiler In-Reply-To: <9311151727.AA17924@illuminati.IO.COM> Message-ID: If the publication of this information is intended as a prelude to the RL persecution or harassment of Mr. Detweiler, I want to lodge a strong dissenting opinion. Mr. Detweiler's posts, made in an open forum, are his opinions on a number of matters relevant to the social implications of encryption and privacy. If we disagree with his views, we can post responses, or simply ignore them. Once anyone see's L. Detweiler on the header of any post, he or she has a pretty good idea of the tenor of what's coming. If you know it's going to enrage you, then why bother reading it? I personally think that, under the avalanche of rhetoric, he raises some very germane issues. I would miss him if he left. But even if I thought him 100% mistaken, I wouldn't endorse posting RL information about him so that people unhappy with his views could contact Mr. Detweiler's associates to complain about him. On Mon, 15 Nov 1993, Douglas Barnes wrote: > > post them publicly as a matter of course. (Have you returned > > the favor? Does anybody know Detweiler's phone number?). You > > Here's some info folks might appreciate (all numbers area code > 303, unless otherwise noted): > > Lance is the college of engineering subdomain. > Scott Douglas (lance sysadmin) scott at lance.colostate.edu 491-7954 > College of Engineering Dean's Office: 491-6603 (Dr. Jorge Aunon) > Vice President, Student Affairs (discipline): 491-5312 (Keith Miser) > ACNS switchboard (Computation center) 491-5133 (Gary Edelen) > ACNS Consulting Desk 491-7276 > CSU Information 491-1101 > Degree Verification 491-7159 > > Hold off for a bit on these numbers; it's still not clear who (if anyone) > is really responsibile for him now. > > I had a very productive talk with Gary Edelen who (like me) is not pleased > that state funds are going to subsidize someone's highly disruptive, insane, > quasi-religious rants; he's contacting Scott Douglas, who is apparently the > administrator of record for the lance subdomain. > > Lawrence Detweiler was awarded a BS in Engineering Science in Spring > of 1993. > > LD's finger: > ------------ > > Notes: > He is no longer listed with student information or as a staff/faculty > member, nor is he listed with 303 directory; there is no L. Detweiler > listed in Fort Collins anymore, or in Denver/Boulder, although there > is a Jeff Detweiler listed in the 1991 phone book; a call to 498-8278 > got an answering machine, 491-5893 forwards to the Kater Laboratory > Optical Core. > > The 1-5893 number is for the Department of Anatomy, Dennis Giddings > (staff member). LD apparently worked for the Kater Laboratory as an > hourly student. > > Rene Olson (491-6849) used to be his supervisor, but could not be reached > for comment. > > --------------------------------- > [longs.lance.colostate.edu] > Login name: ld231782 In real life: L. Detweiler > Phone: 15893, 498-8278 > Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh > Most recent logins: > parry Fri Nov 12 22:20 > mears Thu Nov 11 15:42 > jenkins Sat Nov 13 21:11 > casco Mon Nov 15 01:02 > Never logged in. > No Plan. > -------------------------------- > > Note that this is just the easy stuff, I have folks digging deeper. > More to come... > > -- > ---------------- /\ > Douglas Barnes cman at illuminati.io.com / \ > Chief Wizard (512) 448-8950 (d), 447-7866 (v) / () \ > Illuminati Online metaverse.io.com 7777 /______\ > From tcmay at netcom.com Mon Nov 15 15:44:05 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 15 Nov 93 15:44:05 PST Subject: My last words on Larry Detweiler In-Reply-To: <199311152255.RAA15471@nda.nda.com> Message-ID: <199311152343.PAA03708@mail.netcom.com> David Kovar had higher hopes: > Worse, you can't convince anyone new to the list that you're not > just a group of children with large egos and complex privacy enhancing > toys. I've seen a few well written messages in this group and some > pointers to interesting information, but by far the most volume on > this list, and the xtropians list for that matter, has been petty > bickering. I had higher hopes .... It's unfortunate that many people think others must write interesting articles for them. I don't want to pick on David, but his comments underscore the problem. If people want interesting stuff, they need to write it! In looking over my archives, I only found two (2) past messages from David Kovar, one here about creating false electronic identities and one on Extropians about he Panix system and its management. (I may have not saved all of David's posts...if so, I apologize for any mischaracterization of his contributions.) As to the flames, I'm as unhappy about it as David is. But what to do about it? I haven't called for Detweiler to be censored, though I did take the precaution of nofifying Dewtweiler's postmaster--the first time I've ever done this--after recieving numerous threatening messages ("You will be hung by the neck until dead and then sent to Hell.") and an explicit statement from him that he intended to continue harassing Eric Hughes and me until we recanted or begged forgivness or somesuch nonsense. For more than a month I ignored his public comments and didn't respond at all to his private letters to me (threats, foamings, manic-depresssive mood swings....he even tried to enlist my support in his battle against Hughes...this after calling for my execution just days earlier!). This didn't work. It's too bad this is disrupting the list. But, to be blunt, I consider all the fatuous "why can you just get along?" comments to be equally disruptive. Several people, notably Hal Finney, Doug Barnes, others, have stepped into the breach to try to cool Larry's fevered imagination--for their troubles they were declared to be Tentacles of the Medusa. Part of the Dark Side of the Force, as Larry sees things. Detweiler recently sent me e-mail cackling about how proud I must be of my latest Nym Tentacle, a certain Hal Finney. I guess I'm honored. Don't know about Hal, though. What more can I say? I never called for Detweiler to be kicked off, and I've tried to limit my comments about him to a couple of explanatory posts. (I have to struggle with my Neo-Calvinist urges. To a Neo-Calvinist, ignorance is its own punishment...if people believe false ideas, then Reality will punish them. "Think of it as evolution in action." Thus, when Detweiler makes outrageous remarks, those who believe him are choosing their own punishment. Normally, I thus see no reason to "set the record straight." I did, however, a while back when many follow-up posts to Detweiler's began to take his "pseudospoofing" as a fact of the list, as a starting point. This misapprehension of reality seemed to be taking on a life of its own, so I wrote a long piece on the Detweiler matter.) I intend for this to be my last word on the subject, unless some major and different kind of information comes to light. Clearly he is succeeding in pressing a lot of buttons. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From mccoy at ccwf.cc.utexas.edu Mon Nov 15 16:04:04 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Mon, 15 Nov 93 16:04:04 PST Subject: Portable crypto code In-Reply-To: <9311151952.AA03070@jobe.shell.portal.com> Message-ID: <199311160002.AA15756@tramp.cc.utexas.edu> > From: hfinney at shell.portal.com (Hal Finney) > > One thing that frustrates me is the difficulty of easily providing > implementations of cryptographic algorithms that would be useful on a > wide range of machines. [...] > > The point I'm getting to is that it would be nice if all this were done > ONCE, and a library made and tested which would work on a wide range > of machines. Well, I do know of someone who is working on a cryptolib package that will attempt to include a ton of crypto methods into a single library that anyone can link to. From email exchanged with this person it seems that he is looking to get a unix version up and then let people port it around. The math lib stuff is the most recent sticking point he was having: there arenot many fast multi-precision math packages out there that are free (and gmp does not cut it, he wants to be able to let anyone use the code however they want...) So far he has checked fgmp and bignum, but if anyone knows of a fast package that has a berkelyish copyright let me know and I will pass it on... > Let me know if you would be interested in participating in this effort. > Hopefully a lot of the pieces already exist and it will just be a matter > of pulling them together. Maybe I can set up a list for this if people are interested. The existence of such a beast, even in a rudimentary form, would be useful to quite a few people I would bet. I will push him a bit to see if he will dump what he has now into a package so that others can help out. jim From owen at autodesk.com Mon Nov 15 16:40:45 1993 From: owen at autodesk.com (D. Owen Rowley) Date: Mon, 15 Nov 93 16:40:45 PST Subject: The Courtesies of Cypherpunks Message-ID: <9311152339.AA22460@lux.YP.acad> Before I start I wish to express that on many occasions Perry has earned my utmost respect, and that the sarcasm I express here is not offered as flame bait, but as an expressions of the ironic nature of this affair. as such it migrates from *wry* comments on Perrys post into a more general rant. > From: "Perry E. Metzger" > Look, everyone -- Is this a command, a request, a plea, or a futile gesture? > Detweiler is a seriously disturbed individual. In your opinion. No matter how common that opinion may be amongst other participants, stating such as *fact*, only opens pandoras box that much further. > Sending him mail saying > "what the hell are you doing -- you're nuts" isn't going to do any > good. Isn't going to what? Good in whose opinion? relative statements with open ended conjecture dangling unspecified but none the less qualified negations of hypothetical scenarios are doing some good? > Crazy people don't think they are crazy. Ignoring his rantings > works a whole lot better than any other strategy. towards what end, assuming that all share the same goal? > I only mailbombed him because he was sending me unsolicited personal > mail and wouldn't stop. Otherwise I ignore him, and I advise others to > do the same. Do you dump your nose-goblin collection into the neighbors mailbox if their dog shits on your front stoop? doing so would be a federal crime would it not? Mailbombing is considered an anti-social act by everyone I know whose ever been the recipient of one. Blaiming your actions on the other guy is just a version of a *He started it* argument, something I find to be more common to adolescents and mental inferiors. Not the kind of thing I usually see from bright people like you Perry! phade to more general rant................................... I am finding this situation most enlightening myself. It directly parallels the situation that I outlined regarding the electronic version of Fag bashers in the queer newsgroups, and the subsequent e-terrorism that has been perpetrated against myself and other admitted homo-sek-shuals who don't take any shit from homo-haters. Larry has simply created a campaign against a different un-natural lifestyle choice, the perverted and obviously criminal desire to remain anonymous. (thats satire BTW) Showing us how to harangue your target with the techniques of mindless prejudged bigotry, and how they usually only engender more of the same. (ala *my mind is made up, don't confuse me with facts) It reminds me of some things I've seen all too often in other corners of the matrix; the subsequent flame wars that ensue from the use of inflamatory terms, (in this case the spoof word. Made more poignant due to the similarity to the british slang word poof.) the inevitable escalation of miscommunication that occurs between people who are talking *at* each other rather than with each other, the reality that electronic freedom still requires some forms of accountability, the fantasy that anonymity makes you free, the irony that those who expand their gripes against individuals as foolish campaigns against whole groups of individuals, are engaged in destroying the very freedoms they claim to be defending. (kinda like sawing off the limb your sitting on, to keep others from sitting next to you!) and that ultimately the only punishment available to an online personality for transgression is exclusion. (so far) ................. To those who wrote to me a while back, telling me to get a thicker skin, and learn to deal with it. I can now say, just get over it. To those who didn't understand the logistics of gaining concensus regarding how to deal with such situations, I am eagerly awaiting your guidance to show me how its done. I think this issue points out the need to develop systems that foster a better quality of communication in a medium that hampers quality at the expense of ease-o-use. I think that examining this situation as an example of a much wider problem will illuminate some of the points I tried to make some months ago. It is my opinion that the situation regarding the use of anonymous systems to harrass and terrorise queers on the net is a laboratory for the study of this issue. Ignore it at your peril IMNSHO. And I think that if any group of people on the net is qualified and capable of dealing inteligent solutions out, this is the group. I think you gotta widen your focus and recognise the broad issues before you narrow in on the specifics, I don't think that solutions to the issues involved can be integrated at the end of a patch-work quilt of solutions that only get implemented after the fact. In short Detweiler isn't the problem, he has merely provided you with some examples to chew on. So go ahead, chase him away, perhaps the next case will not be one that just involves simple neurosis, perhaps it will be full blown psychosis and e-terrorists like we have experienced in the queerer corners of the matrix. (as if this one isn't pretty odd ;-) LUX ./. owen From huntting at glarp.com Mon Nov 15 17:51:13 1993 From: huntting at glarp.com (Brad Huntting) Date: Mon, 15 Nov 93 17:51:13 PST Subject: Key Servers In-Reply-To: <9311151445.AA12745@anon.penet.fi> Message-ID: <199311160150.AA05722@misc.glarp.com> > I don't see what you mean by key servers for only true names. > How do you know that a true name isn't just a false identity > created with a real account on some system? How do you differentiate > a true name from a unix account? The whole concept of a true name is a fantasy. A persons name is neither unique nor unchanging. My passport reads "Brad Huntting", but if tomorrow I decide I want to be called "@*!" (pronounced "crash boom bang") instead, then that's my name. Even today I go by many written names: Brad Brad Huntting Bradley E Huntting Brad E Huntting Bradley Enoch Huntting beh huntting Enoch (mabey not) That's case insensitive and doesn't include the hundreds or thousands of e-mail addresses which mean me. The point is, a name is a handle. It doesn't need to be unique or static, all it needs to do is refer to someone or something in a reasonably unambiguous way. Besides, if I understand your idea of what a "true name" is (the name your parents or your government have assigned to you), then the whole idea of having a "true names" pgp key server is outrageously bigoted, since the vast majority of people cant write their "true name" in ascii. brad From avalon at coombs.anu.edu.au Mon Nov 15 18:45:46 1993 From: avalon at coombs.anu.edu.au (Darren Reed) Date: Mon, 15 Nov 93 18:45:46 PST Subject: Windows NT password Encryption. Message-ID: <9311160244.AA27966@toad.com> Does anyone know what algorithm Microsoft are using for password encryption on Windows NT ? I've just been to a talk and told it was a proprietry 1-way algorithm, but not DES based (so as to avoid US export laws). From VACCINIA at UNCVX1.OIT.UNC.EDU Mon Nov 15 18:50:42 1993 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Mon, 15 Nov 93 18:50:42 PST Subject: Duking it out for the decoder ring Message-ID: <01H5CYE1J2J6002JBO@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- Once again encryption is on the minds of the business community. In the Nov. 22 issue of business week, Carl Ellison is highlighted along with Whitfield Diffie in an article which asserts that those of us once considered paranoid are soon to be considered prescient. Excerpts from the article: >When executives at Stratus headquarters hold teleconferences with the >company's with San Jose (Calif.) engineering center or other offices, >Ellison insists that their words and video be encrypted. He *even* (emphasis >mine) encodes routine electronic mail...Some coworkers call Ellison paranoid. I will venture to say that paranoid (in this context) will soon be synonymous with cautious. >Cryptography is absolutely essential to any kind of electronic business >communication", says Price Waterhouse partner Douglas Kalish. >While AT&T, a big government supplier, has agreed to put clipper in its >secure phones, many companies simply don't trust the governments promises >not to snoop illegally. It would be interesting if the gov't ended up with a cryptography system that has a back door and everyone else had a secure system. Fun with reversal of fortune. Finally, Whitfield Diffie's quote, "Clipper is the most rancid idea to come along in quite some time". As the pendulum swings further toward freedom to encrypt, it's going to take ever more of us to keep it there. Teach anyone who will learn so the pendulum rests on many shoulders. Also here is my Cypherpunks ID Key, I swear that it belongs to the nym my mom gave me and who signed this message, when a better verification method presents itself I will avail myself of it. Scott G. Morham !The First, Vaccinia at uncvx1.oit.unc.edu ! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAizKBaAAAAEEANxU5ykmCxvPdC+zKUg99WH7u1/yyVsImtXJClRMvjcPtQ+2 2ilzsjn7wPz//fmKnJkN7dbqSbMy0cUF78+fI8iMsdAOTdO/MpfjNmRylF7sb7aM Fn4DxIBENsJrdLnnLJ9pDWFmVEOUZ+S+n8Thi+mvRovEAcmbhT2paOMjHHAhAAUR tBhTR00gPEN5cGhlcnB1bmtzIElEIEtleT6JAJUCBRAsyzBcnN9G4AhMxxkBAaao A/9primmEtNa2wpNH06dLIkUeTinPFRSnMSb/DG3w+k4NmWLfTsqkG9JwDQx7xeh 4vbf8CiU+JZ31M8ndSdgD5iBnHFiqbzDrxyRn+Vq0Ypj8q4fdxli3YWdEgJa7joT /xrVKAZ9oPEonFOSvcujGbSpazCSEP2UoNMEgzWWNJ4Px7QkU2NvdHQgRy4gTW9y aGFtIDxDeXBoZXJwdW5rcyBJRCBLZXk+ =IyPi - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOWmiD2paOMjHHAhAQFFGQQAvkHnjWkLtRxSKR9jmiUD1NwWocsOyqjR ewuXN2HuwWYmH8lmiSEKTovT2vUp6GjNLfbtQ0fTlxmbwYp0dxZ4mw7BZJWPCLBp vOiDWJSg3o5QNtYkL0kdxjxMYbl8sc4dbNR5vulWE0tB4PHgJXPxwW4+p9/YkLwP oih4XErLStk= =hCwP -----END PGP SIGNATURE----- From mdiehl at triton.unm.edu Mon Nov 15 20:20:42 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Mon, 15 Nov 93 20:20:42 PST Subject: Info on L.Detweiler In-Reply-To: Message-ID: <9311160419.AA03033@triton.unm.edu> According to Ed Carp: > > I found the whole thing boring and very tiresome. People here need to grow > up. Get a life. While some start and perpetuate flame wars, and take great > delight in screwing with other people, the NSA/FBI/NIST is sitting back and > laughing their heads off. Stop wasting your energy fighting each other and > concentrate on the REAL threat. Damned straight! I mean, "Can't we all just get along?" Cheers, J. Michael Diehl ;^) |*The 2nd Amendment is there in case the mdiehl at triton.unm.edu | Government forgets about the 1st! Mike.Diehl at f29.n301.z1 |*God is a good Physicist, and an even .fidonet.org | better Mathematician. al945 at cwns9.ins.cwru.edu|*I'm just looking for the opportunity to (505) 299-2282 (voice) | be Politically Incorrect! Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703. From sameer at uclink.berkeley.edu Mon Nov 15 20:26:14 1993 From: sameer at uclink.berkeley.edu (Sameer) Date: Mon, 15 Nov 93 20:26:14 PST Subject: Enclosing something in a clearsig'd message In-Reply-To: <01H5CYE1J2J6002JBO@UNCVX1.OIT.UNC.EDU> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > > - -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.3a > > mQCNAizKBaAAAAEEANxU5ykmCxvPdC+zKUg99WH7u1/yyVsImtXJClRMvjcPtQ+2 > 2ilzsjn7wPz//fmKnJkN7dbqSbMy0cUF78+fI8iMsdAOTdO/MpfjNmRylF7sb7aM > Fn4DxIBENsJrdLnnLJ9pDWFmVEOUZ+S+n8Thi+mvRovEAcmbhT2paOMjHHAhAAUR > tBhTR00gPEN5cGhlcnB1bmtzIElEIEtleT6JAJUCBRAsyzBcnN9G4AhMxxkBAaao > A/9primmEtNa2wpNH06dLIkUeTinPFRSnMSb/DG3w+k4NmWLfTsqkG9JwDQx7xeh > 4vbf8CiU+JZ31M8ndSdgD5iBnHFiqbzDrxyRn+Vq0Ypj8q4fdxli3YWdEgJa7joT > /xrVKAZ9oPEonFOSvcujGbSpazCSEP2UoNMEgzWWNJ4Px7QkU2NvdHQgRy4gTW9y > aGFtIDxDeXBoZXJwdW5rcyBJRCBLZXk+ > =IyPi > - -----END PGP PUBLIC KEY BLOCK----- > > -----BEGIN PGP SIGNATURE----- > Version: 2.3a > > iQCVAgUBLOWmiD2paOMjHHAhAQFFGQQAvkHnjWkLtRxSKR9jmiUD1NwWocsOyqjR > ewuXN2HuwWYmH8lmiSEKTovT2vUp6GjNLfbtQ0fTlxmbwYp0dxZ4mw7BZJWPCLBp > vOiDWJSg3o5QNtYkL0kdxjxMYbl8sc4dbNR5vulWE0tB4PHgJXPxwW4+p9/YkLwP > oih4XErLStk= > =hCwP > -----END PGP SIGNATURE----- > > Isn't it a problem to enclose PGP-blocks within a clearsig'ed message, as the initial -'s in his public key here are slightly mangled. I've seen this before, and tried to manually reconstruct the keyblock headers, but with no luck. Anyone know what one can do about this? -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOhVc3i7eNFdXppdAQGMlQQAhYs6LXi//0GHGl5nDod1bGNAb48uiyhc j6mPuzXZDI7xQ0WK9x6ig6TfJNA7znqDhV1kGZYjT3bMup9faIMPlAB7usvdzt8R o7op6LxJ7U9dxIiBqBA8OlKZrS49ZafKp/93XwZzWFat2Qe8tzyIVyVUaYrBZj3Y S8Mnv6y6r50= =jdeV -----END PGP SIGNATURE----- From mdiehl at triton.unm.edu Mon Nov 15 23:14:05 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Mon, 15 Nov 93 23:14:05 PST Subject: procmail-pgp Message-ID: <9311160713.AA10159@triton.unm.edu> Well, I had a few set-backs, but the alpha version of my procmail pgp preprocessor is ready to test. I've been using it for about a week now, and it seems to work well. I hope you enjoy it. Comments are welcome. The procmail recipes in this file will make using many of pgp's Email-related features automatic. What they will do for you is: 1) Automatically verify pgp signed messages. 2) Automatically determine who a pgp encrypted message is intended for. 3) Automatically add mailed pgp keys to your pubring.pgp file. 4) Allow people who do not use pgp to request that their messages to you get stored in an encrypted form. This will prevent nosy systems administrators from reading your mail. 5) Allow people to also request that the entire message, including the header, be encrypted. This will prevent anyone from even determining where you get your mail from, mail logs not withstanding. 6) Modify a message's subject to inform you that it contains a key (key), a signed message (sig), and/or an encrypted message (prv). There are a few things I'd like to add to this file. I'd like to search messages for references to "pgp", "finger" and have procmail finger the sender's account and send the output to pgp - kaf. These recipes are writen in a modular form. The recipes which make up this system can be extracted from the rest of your .procmailrc file with the command: awk '/#.pgp-start/,/#.pgp-end/ {print $0} {continue}' > out.pro To get the system working, you have to have procmail installed, and in your path. You will need to edit the included .procmailrc file as described below. Then you have to put a (the?) .procmailrc file in your home directory. Next, you have to modify your .forward file to look like: (change it as appropriate) mdiehl at triton.unm.edu "|IFS=' ';if test .`/bin/hostname` = .triton.unm.edu; then exec /nfs/dorado/u11/mdiehl/bin/procmail -p ; else exit 0; fi" Finally, you will have to configure the .procmailrc file. You will have to change these variables to something appropriate to your environment. PATH= ME= HOME= MAILDIR = /usr/spool/mail SENDMAIL= /usr/lib/sendmail TMP= /usr/tmp The previous ones are self-explanitory. SECSTR= =-=-=-=-=-=-PGP-INFO-=-=-=-=-=-=-= Set this one to something pleasing to the eye, but that only you know. This will prevent others from spoofing the procmail-pgp validation info. Trust me. LOGFILE = $HOME/PROCMAIL_LOG The logfile is invaluable for debugging..... AFROM= "root at can.see.this (Big Brother isn't watching me!)" ASUB= "How's the wife?" When a person requests that all of his message is to be encoded, procmail-pgp uses AFROM as the new From: header, and ASUB as the new Subject: header. Be creative. BTW, if you want to request that either all of a message, or just the body is to be encrypted, you include either: X-request-pgp-encoded: all X-request-pgp-encoded: body at the beginning of a line in the body of the message, or in the header. I hope you have lots of fun with this. ;^) ----------cut----here------ ;^) # pgp-start PATH=/usr/local/bin:/usr/ucb:/bin:/usr/bin:/nfs/dorado/e1/ultmips4.2/gnu/bin:/usr/new:$HOME/bin:/nfs/dorado/unsup/bin/:. ME= mdiehl HOME= /nfs/dorado/u11/mdiehl MAILDIR = /usr/spool/mail SECSTR= =-=-=-=-=-=-PGP-INFO-=-=-=-=-=-=-= LOGFILE = $HOME/PROCMAIL_LOG TMP= /usr/tmp AFROM= "root at can.see.this (Big Brother isn't watching me!)" ASUB= "How's the wife?" SENDMAIL= /usr/lib/sendmail DEFAULT = $MAILDIR/$ME TMPFILE= $TMP/procmail.$$ VALIDATE= "echo $SECSTR" PGPMSGS= "(^Good)|(^Valid)|(^.WARNING)|(^.ERROR)|(^.Key)|(^.Error)|(^No)|(^File)|(^.You)|(^Bad)|(^pub)|(^sig)" PGPPATH= $HOME DELIVER= "procmail -p $HOME/.procmailrc" LOCKFILE= $MAILDIR/$ME.lock # This will remove the global lockfile # $HOME/.lockmail and the new lockfile # will be $MAILDIR/whatever # # Lets take care of some business first. # VERBOSE=NO DO= `rm -f $HOME/pubring.bak` FROM= `formail -rx"To:"` SUBJECT= `formail -x"Subject:"` LOG= "======$FROM " # pgp-end # # This retains a list of everyone who sends me mail # :0whc | echo $FROM >> $HOME/HEADERS ; sort -u < $HOME/HEADERS > $TMPFILE ; mv -f $TMPFILE $HOME/HEADERS # # # Send and delete PROCMAIL_LOG # :0 * ^Subject:.+PROCMAIL_LOG | cat > /dev/null ; elm -sLog me < $HOME/PROCMAIL_LOG ; rm -f $HOME/PROCMAIL_LOG # # This one sends an automatic reply to special people. # I think I broke this one. :0c * ^Subject:.+1234567890 * !^FROM_DAEMON * !^From.+$ME * !^X-Loop: | (formail -r -A"X-Loop:$ME" ; cat $HOME/AUTO-REPLY) | $SENDMAIL -t # # Forward to my novell account # :0c * ^Subject:.+Urgent ! miked at anderson.unm.edu # # From peb at procase.com Tue Oct 26 18:03:16 1993 # #:0B #* subscribe|unsubscribe|sign.on|sign.off|signon|signoff|remove|add|SUBSCRIBE|UNSUBSCRIBE #/$HOME/SUBSCRIBTIONS # # DeDigest digests. # :0 * ^From:.+linux-activists@ | formail +1 -A"X-from:Linux-Activists" -ds $DELIVER :0 * ^Subject:.+Homebrew.Digest | formail +1 -A"X-From:Homebrew-Digest" -ds $DELIVER # pgp-start VERBOSE=YES # # Validate pgp signed messages. # :0chHBw * ^-+BEGIN.PGP.SIG * !^X-Loop-signed: | cat > $TMPFILE ; $VALIDATE >> $TMPFILE :0wbAc | pgp -f +batchmode |& egrep $PGPMSGS >>& $TMPFILE ; $VALIDATE >> $TMPFILE :0Ab | cat >> $TMPFILE ; formail < $TMPFILE -i"X-Loop-signed:$ME" -i"Subject: (sig) $SUBJECT" | $DELIVER ; rm -f $TMPFILE ; # # Adds included pgp public keys to keyring. # :0chHBw * ^-+BEGIN.PGP.PUBLIC * !^X-Loop-key: $TMPFILE :0Awc | cat > /dev/null ; $VALIDATE >> $TMPFILE :0wbAc | pgp -kaf +batchmode |& egrep $PGPMSGS >>& $TMPFILE ; $VALIDATE >> $TMPFILE :0bA | cat >> $TMPFILE ; formail < $TMPFILE -i"X-Loop-key:$ME" -i"Subject: (key) $SUBJECT" | $DELIVER ; rm -f $TMPFILE ; # # Validate pgp messages. # :0chHBw * ^-+BEGIN.PGP.MESSAGE * !^X-Loop-message: $TMPFILE :0Awc | cat > /dev/null ; $VALIDATE >> $TMPFILE :0wbAc | pgp -f +batchmode |& egrep $PGPMSGS >>& $TMPFILE ; $VALIDATE >> $TMPFILE :0bA | cat >> $TMPFILE ; formail < $TMPFILE -i"X-Loop-message:$ME" -i"Subject: (prv) $SUBJECT" | $DELIVER ; rm -f $TMPFILE ; # # These two are used to encrypt email that has a specific header in it. # :0hcHBw * ^X-request-pgp-encoded:.+body * !X-Loop * !X-Loop:.+$ME | cat > $TMPFILE :0Ab | pgp -fet $ME >> $TMPFILE ; formail < $TMPFILE -A"X-Loop:$ME" | $DELIVER ; rm -f $TMPFILE ; :0bhHB * ^X-request-pgp-encoded:.+all | pgp -fet $ME | formail -A"From: $AFROM" -A"Subject: $ASUB" | $DELIVER ; rm -f $TMPFILE ; # pgp-end #:0Hbcw #* ^Subject:.+(hacker)|(Hacker)|(HACKER)$ #* ? grep $FROM < $HOME/members #* !X-Loop:.+$ME #| egrep "^((do)|(DO)|(Do)|(password))" > $TMPFILE #:0Ac #| set PASS1=`grep password < $TMPFILE | awk '{ print $2}'` ;\ # set PASS2=`grep $FROM < $HOME/members | awk '{ print $2}'` #LOG= "$PASS1 $PASS2" #:0A #? test "$PASS1 -eq $PASS2" #| elm -s$PASS1 me From frissell at panix.com Mon Nov 15 23:20:44 1993 From: frissell at panix.com (Duncan Frissell) Date: Mon, 15 Nov 93 23:20:44 PST Subject: Kiddie Porn Alert Message-ID: <199311160719.AA09391@panix.com> To: cypherpunks at toad.com There's a Subject Line to Grab You For you Fox TV fans Inside Edition on Tuesday 16 November apparently features "International (Danish) Kiddieporn Downloaded Over the Nets -- and the Government is Powerless to Stop It." Happy viewing. Duncan Frissell Sorry I haven't posted much lately. When one agrees to talk at a conference, one actually has to *write* the talk not to mention clear the decks for the trip. Hope to see some of you at The First European Conference on Computers, Freedom and Privacy next Saturday in London. --- WinQwk 2.0b#1165 From mdiehl at triton.unm.edu Mon Nov 15 23:20:47 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Mon, 15 Nov 93 23:20:47 PST Subject: OOPS! Message-ID: <9311160717.AA10325@triton.unm.edu> I forgot to extract just the pgp-related stuff from my .procmailrc file. OH well, at least I told you how to do it. ;^) Just save the whole message, and type awk '/#.pgp-start/,/#.pgp-end/ {print $0} {continue}' < msg > .procmailrc Sorry about that. J. Michael Diehl ;^) |*The 2nd Amendment is there in case the mdiehl at triton.unm.edu | Government forgets about the 1st! Mike.Diehl at f29.n301.z1 |*God is a good Physicist, and an even .fidonet.org | better Mathematician. al945 at cwns9.ins.cwru.edu|*I'm just looking for the opportunity to (505) 299-2282 (voice) | be Politically Incorrect! Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703. From mdiehl at triton.unm.edu Mon Nov 15 23:30:44 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Mon, 15 Nov 93 23:30:44 PST Subject: Fascism...? Message-ID: <9311160728.AA10714@triton.unm.edu> I got this from a friend. While I don't dispute this school's right to do this, I do question the ethics. Just thought I'd send out some non-Detweiler traffic. ;^) > >A revised Computer Use Policy was approved the CS Department Faculty > >on November 3, 1993. The revised policy has been placed on the doors > >of SH 118, SH 169, and SH 123. The substantive change to the policy > >is that users now give explicit permission to the Department to > >inspect their accounts when necessary. > > > >Continuing to use your account past November 19 will constitute > >acceptance of the revised policy. If you prefer, you may contact the > >COG to have your account removed. J. Michael Diehl ;^) |*The 2nd Amendment is there in case the mdiehl at triton.unm.edu | Government forgets about the 1st! Mike.Diehl at f29.n301.z1 |*God is a good Physicist, and an even .fidonet.org | better Mathematician. al945 at cwns9.ins.cwru.edu|*I'm just looking for the opportunity to (505) 299-2282 (voice) | be Politically Incorrect! Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703. From willey at seattleu.edu Mon Nov 15 23:50:44 1993 From: willey at seattleu.edu (steve willey) Date: Mon, 15 Nov 93 23:50:44 PST Subject: procmail-pgp In-Reply-To: <9311160713.AA10159@triton.unm.edu> Message-ID: any thoughts on procmail version specificy for this pgp recipie? i am currently using v2.03, which, i am pretty sure, is not the current version. i'm ready to try it but..., please let me know if you know of any problems with older procmail versions. thanks, steve From willey at seattleu.edu Tue Nov 16 00:34:06 1993 From: willey at seattleu.edu (steve willey) Date: Tue, 16 Nov 93 00:34:06 PST Subject: procmail-pgp (fwd) Message-ID: jmd, asked me to forward this to the list, i think, i was testing his procmail recipe and all that was ever seen of his most recent message was the subject line and a bunch of error messages in my procmail log file :) ---------- Forwarded message ---------- Date: Tue, 16 Nov 1993 01:14:20 -0700 (MST) From: "J. Michael Diehl" To: steve willey Subject: Re: procmail-pgp According to steve willey: > any thoughts on procmail version specificy for this pgp recipie? i am > currently using v2.03, which, i am pretty sure, is not the current version. > i'm ready to try it but..., please let me know if you know of any problems > with older procmail versions. I'm using v2.91. I don't think you will have a prob. tho. Let me know. Send yourself a few messages. You need to send a key, a signed message, and an encrypted message. You also might want to try the requests. Hope you like it. J. Michael Diehl ;^) |*The 2nd Amendment is there in case the mdiehl at triton.unm.edu | Government forgets about the 1st! Mike.Diehl at f29.n301.z1 |*God is a good Physicist, and an even .fidonet.org | better Mathematician. al945 at cwns9.ins.cwru.edu|*I'm just looking for the opportunity to (505) 299-2282 (voice) | be Politically Incorrect! Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703. From lear35!mdbomber at nebula.acs.uci.edu Tue Nov 16 00:44:06 1993 From: lear35!mdbomber at nebula.acs.uci.edu (Matt Bartley) Date: Tue, 16 Nov 93 00:44:06 PST Subject: secure phones - STU3 Message-ID: <9311160245.AA25700@lear35.vlpa.ca.us> -----BEGIN PGP SIGNED MESSAGE----- I browsed through the owner's manual for the AT&T STU-III secure phone unit today. It has no technical information whatsoever (security through obscurity?). It uses a so called CIK (Crypto Ignition Key), which resembles one of those electronic keys that hotels use. It must be inserted in a "lock" in the phone, and turned 90 degrees. This will enable one of the crypto keys that is stored in the phone's battery backed up memory (loaded previously by a "COMSEC custodian" through a data port on the phone. The manual warns the phone must be in a relatively secure location and points out an emergency erase button that wipes out the keys stored in memory. Then you call someone, say you want a secure channel, wait for them to insert their CIK (and tell you so), then touch the "secure voice" button on the panel. The manual then says it will go through an "authentication process", the results of which will be displayed on the STU-III's screen. It will show data such as the other stations ID number, the security level of the channel (secret, top secret, etc), and the baud rate. Does anyone know how this works technically? My speculation: It seems to be a public key system. The phone's memory seems to contain a secret keyring, and a CIK is a 'passphrase' to a secret key, to make an analogy to PGP. Then the authentication process includes exchanging a session key for a conventional crypto system - no doubt DES. Apparently the NSA issues the keys to authorized agencies and contractors. The public keys contain information such as the ID number of the key, possibly the authorized user's name, the security clearance level for that key, etc, which is exchanged during authentication. Am I on the right track? Comments and speculations welcome. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQBVAgUBLOg+wDSSmvXojb+5AQEplQH+JdiaWbzgXiWPtqVaQcPIo4arzOI8Fl1Z 6ylkT9UL/Qh8BpoyVK9PqiEwazaLPxCxWYksOty7LlRy0zByVXqWHw== =8E4k -----END PGP SIGNATURE----- From thomas.hughes at chrysalis.org Tue Nov 16 01:14:06 1993 From: thomas.hughes at chrysalis.org (thomas.hughes at chrysalis.org) Date: Tue, 16 Nov 93 01:14:06 PST Subject: ENCLOSING SOMETHIN Message-ID: <9311160238.A4854wk@chrysalis.org> Sa> Isn't it a problem to enclose PGP-blocks within a clearsig'ed Sa> message, as the initial -'s in his public key here are slightly Sa> mangled. I've seen this before, and tried to manually reconstruct the Sa> keyblock headers, but with no luck. Sa> Anyone know what one can do about this? pgp signed_message_with_keyblock.asc -o unsigned_message_with_keyblock.asc pgp +force -ka unsigned_message_with_keyblock running a signed message through PGP will return it to it's original pre-signature form. go figure .... ___ Blue Wave/QWK v2.12 From thomas.hughes at chrysalis.org Tue Nov 16 01:15:37 1993 From: thomas.hughes at chrysalis.org (thomas.hughes at chrysalis.org) Date: Tue, 16 Nov 93 01:15:37 PST Subject: ENCRYPTED FILE SYSTEMS Message-ID: <9311160238.A4523wk@chrysalis.org> >> ObCrypt: I'm looking for info on designing a distributed encrypted >> filesystem. Any pointers? in the "PC" world, look for DISKREET (with Norton's Utilities). it simple, "Stacker"-like, and user friendly. it seems to offer "feeble DES" and "even more feeble DES" it's speed is almost negligable when in use. (which doesn't say very much for the "stength" of the encryption.) ObInTheSameVein?: anyone ever thought of taking a "software MNP" program and creating a "V42enc" software modem protocol? auto-generate unique/random keys after the connection is etablished, allow for "re-training" the connection by generating/switching to a new key. maybe re-train every "set number of seconds" ... pick a "fast" encryption method, and a RSA public key length that is proportional to the strength of the encryption, and have at it. talk about "just like uncle sam does it!" ... If the NSA is paranoid over PGP, what will they think of plug in pirate PROMS for USR Couriers that will create obscenely secure connections? (although the encrypted connections might not fly along at full speed, that tis but a small price to pay...) From an50060 at anon.penet.fi Tue Nov 16 01:30:44 1993 From: an50060 at anon.penet.fi (an50060 at anon.penet.fi) Date: Tue, 16 Nov 93 01:30:44 PST Subject: No subject Message-ID: <9311160926.AA01174@anon.penet.fi> Something like this is probably more practical: 1. Driver's license is presented in person to you or qualified staff. 2. Driver's license and two other ID from list are presented in person to you or qualified staff 3. Driver's license is presented in person to registered notary public and stamped certificate sent to you. 4. Driver's license and two other ID from list are presented in person to registered notary public and stamped certificate sent to you. I would avoid accepting xeroxes altogether; too easy to forge. would you change your mind if i told you that i hold three passports in three differe nt names? ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From MIKEINGLE at delphi.com Tue Nov 16 02:04:06 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Tue, 16 Nov 93 02:04:06 PST Subject: ENCRYPTED FILE SYSTEM Message-ID: <01H5DDB8OO429D5QVJ@delphi.com> "thomas.hughes at chrysalis.org" wrote: >Subj: ENCRYPTED FILE SYSTEMS >>> ObCrypt: I'm looking for info on designing a distributed encrypted >>> filesystem. Any pointers? >in the "PC" world, look for DISKREET (with Norton's Utilities). >it simple, "Stacker"-like, and user friendly. >it seems to offer "feeble DES" > and "even more feeble DES" >it's speed is almost negligable when in use. > (which doesn't say very much for the "stength" of the encryption.) No, don't use Diskreet. Use my Secure Drive. Beta now if you want it, and release with source soon. Uses IDEACFB, protects a hd partition and floppies, takes only 2K ram, and is very fast. Reasonably user-friendly. You have to create a D: partition to use on a hard drive. >If the NSA is paranoid over PGP, what will they think of plug in pirate >PROMS for USR Couriers that will create obscenely secure connections? > (although the encrypted connections might not fly along at full speed, > that tis but a small price to pay...) What's the CPU in a Courier? Is the hardware well enough documented to hack something like this up? I once burned a rom for a friend's courier, from a file which he had, to give it V.32 instead of just HST which it previously had. Not sure where the file came from. An SRAM also had to be installed. --- MikeIngle at delphi.com From MIKEINGLE at delphi.com Tue Nov 16 02:05:30 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Tue, 16 Nov 93 02:05:30 PST Subject: Secure phones - STU3 Message-ID: <01H5DD19PD429EFI2V@delphi.com> "lear35!mdbomber at nebula.acs.uci.edu" wrote: >Subj: secure phones - STU3 >I browsed through the owner's manual for the AT&T STU-III secure phone >unit today. It has no technical information whatsoever (security >through obscurity?). Never Say Anything... >It uses a so called CIK (Crypto Ignition Key), which resembles one of >those electronic keys that hotels use. It must be inserted in a >"lock" in the phone, and turned 90 degrees. This will enable one of >the crypto keys that is stored in the phone's battery backed up memory >(loaded previously by a "COMSEC custodian" through a data port on the >phone. The manual warns the phone must be in a relatively secure >location and points out an emergency erase button that wipes out the >keys stored in memory. They should put a mercury switch in it, so if you steal it and move it around much, it wipes the keys. Also a "duress number" which works okay, but displays a warning on the other party's phone display, in case you're forced to call someone with a gun to your head. >Then you call someone, say you want a secure channel, wait for >them to insert their CIK (and tell you so), then touch the "secure >voice" button on the panel. What all buttons does the phone have? Normal dialing, secure voice, self-destruct, anything else? >The manual then says it will go through an "authentication process", >the results of which will be displayed on the STU-III's screen. It >will show data such as the other stations ID number, the security >level of the channel (secret, top secret, etc), and the baud rate. What baud rates does it use? How is the sound quality in secure mode? It must use either a DSP (good sound, high baud) or a vocoder (robot voice, low baud). >Does anyone know how this works technically? My speculation: It seems >to be a public key system. The phone's memory seems to contain a >secret keyring, and a CIK is a 'passphrase' to a secret key, to make >an analogy to PGP. Then the authentication process includes >exchanging a session key for a conventional crypto system - no doubt >DES. It could be public-key or DH exchange. Does the manual tell you to read a hash value to the other party and verify it? If so, it's DH and that's the protection against the man-in-the-middle. If not, it's either public-key or DH-like but with authentication. In any case, the key probably contains a small EPROM which selects and decrypts one of the keys in the memory. If classified secret and top secret info is involved, DES would not be used. The NSA wants us to use DES, but they know better than to use it for classified info. Probably something similar to Skipjack, in a similar tamper-proof chip. >Apparently the NSA issues the keys to authorized agencies and >contractors. The public keys contain information such as the ID >number of the key, possibly the authorized user's name, the security >clearance level for that key, etc, which is exchanged during >authentication. NSA issues the keys...I feel safer already! Can you say, "key escrow"? --- MikeIngle at delphi.com From XXCLARK at indst.indstate.edu Tue Nov 16 02:14:06 1993 From: XXCLARK at indst.indstate.edu (XXCLARK at indst.indstate.edu) Date: Tue, 16 Nov 93 02:14:06 PST Subject: No Subject Message-ID: <9311161013.AA02171@toad.com> >From: thomas.hughes at chrysalis.org > >Date: Tue, 16 Nov 93 02:38:02 >Subject: ENCRYPTED FILE SYSTEMS >To: cypherpunks at toad.com > ObInTheSameVein?: > anyone ever thought of taking a "software MNP" program > and creating a "V42enc" software modem protocol? > auto-generate unique/random keys after the connection is etablished, > allow for "re-training" the connection by generating/switching to a new > key. maybe re-train every "set number of seconds" ... > pick a "fast" encryption method, and a RSA public key length that is > proportional to the strength of the encryption, and have at it. Yep. From szabo at netcom.com Tue Nov 16 02:20:46 1993 From: szabo at netcom.com (Nick Szabo) Date: Tue, 16 Nov 93 02:20:46 PST Subject: Nonviolence in cyberspace In-Reply-To: Message-ID: <199311161017.CAA01079@mail.netcom.com> Arthur Chandler: > If the publication of this information is intended as a prelude to the > RL persecution or harassment of Mr. Detweiler, I want to lodge a strong > dissenting opinion. This raises an interesting meta-point. What fundamentally important reason is there beyond the threat of physical persecution (often as retribution or preemption against a wrong real or perceived), to actively seek a net user's physical identity on the net against that user's will? Should "accountability" for offenses committed on the net include a threat of physical violence, or should the scope of the punishment be limited to the scope of the offense, namely "plonking" of the offender's reputation on the net? I contend that in a sufficiently mature net culture (ie with "kill" files, reputation ratings, and digital cash) there is no possible offense evil enough to require violent retribution. My ideal is to see a day when threats of violence on the net, including the nasty, implicit threat of violence lying behind many calls for "accountability", are rendered moot by voluntary self-disclosure and tolerance for a wide variety of pseudonymity and anonymity. Cyberspace with pseudonymity allows us for the first time to create a rich subculture that is nonviolent in a way Gandhi could only dream of. On the specific case of info on Detweiler: this net stalker has explicitly made violent threats against several list members while at the same time attempting to track down their identities, and implicitly made threats against most of us by branding cypherpunks "criminals", "traitors", etc. in a wide variety of forums, implying that the normal violent retribution for such states of infamy is in order. In an ideal net culture, Doug Barnes' action would be reprehensible. But the world is far from ideal, and while we still must put our physical identities at risk we need some defense against demogogic stalkers of the world, and thus I applaud Doug Barnes' efforts in providing us information about Detweiler, just as Detweiler is seeking information about us. Nick Szabo szabo at netcom.com From clark at metal.psu.edu Tue Nov 16 05:40:48 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Tue, 16 Nov 93 05:40:48 PST Subject: The Courtesies of Cypherpunks Message-ID: <9311161347.AA21488@metal.psu.edu> yep, it's happened before. and loudly; it repeats itself about once every couple months; some people have even been _more_ floridly and spectacularly whack-o. From huntting at glarp.com Tue Nov 16 06:34:09 1993 From: huntting at glarp.com (Brad Huntting) Date: Tue, 16 Nov 93 06:34:09 PST Subject: Windows NT password Encryption. In-Reply-To: <9311160244.AA27966@toad.com> Message-ID: <199311161433.AA06624@misc.glarp.com> > Does anyone know what algorithm Microsoft are using for password > encryption on Windows NT ? I've just been to a talk and told it > was a proprietry 1-way algorithm, but not DES based (so as to avoid > US export laws). The export laws dont apply to 1-way DES hashing. You can even export the source as long as there are #ifdef's that make shure it doesn't decrypt anything. brad From dmandl at lehman.com Tue Nov 16 06:41:26 1993 From: dmandl at lehman.com (David Mandl) Date: Tue, 16 Nov 93 06:41:26 PST Subject: Info on L.Detweiler Message-ID: <9311161440.AA12114@disvnm2.lehman.com> > On Mon, 15 Nov 1993, Douglas Barnes wrote: > > > Here's some info folks might appreciate (all numbers area code > > 303, unless otherwise noted): [handy info to help you ruin Detweiler's life deleted] > > Note that this is just the easy stuff, I have folks digging deeper. > > More to come... > > > > -- > > ---------------- /\ > > Douglas Barnes cman at illuminati.io.com / \ > > Chief Wizard (512) 448-8950 (d), 447-7866 (v) / () \ > > Illuminati Online metaverse.io.com 7777 /______\ I'd just like to say that I think this sucks bad. I don't like cops, and you're being one, or worse. And with a team of folks helping you to dig even deeper? This is ugly, vicious, and authoritarian, and I can't believe that you would actually BRAG to hundreds of people that you're doing it. Sounds to me like you're a very frustrated person. You are clearly an insensitive bastard. I just hope that you encounter this kind of sympathy if YOU go through a "difficult period" in your life. --Dave. From VACCINIA at UNCVX1.OIT.UNC.EDU Tue Nov 16 09:44:14 1993 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Tue, 16 Nov 93 09:44:14 PST Subject: Info on L. Detweiler Message-ID: <01H5DTME59UQ002T98@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- Douglas Barnes wrote: >here's some info folks might appreciate (all numbers area code 303, unless >otherwise noted). >[irrelevent information] I know that I do not appreciate knowing this and it is difficult to believe that you would actually waste your time by digging up information to make someone's life difficult (even if he does keep the list noise level up). Use the delete key or kill file. If you really succeed in annoying him enough, I hope for your sake you have few leaders as to where you reside and that you live far away. Gestapo tactics such as these, used by certain governments, are what we seek to eliminate in the digital world. Why would you seek to implement on the list that which we (at least some of us) are trying to eliminate from the net? It's crap that can be done without. Direct your efforts more profitably. Scott G. Morham !The First, VACCINIA at uncvx1.oit.unc.edu! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOhyqz2paOMjHHAhAQHrSwP9GXG6nv1/ICtwCgvWte7Z15nhL/+wPSz2 LWFgFdJ/mJ1ecf9SVSNp2m3uyAoxG0ZARY/5Q6dPEm917W7gxCMxJ/JAFeNoH2hU 1FBLiP4vzNQYlqhiexqFQFOO4SgMLO6QNEAK2zLSv00SwQhqVdMHEHkp7KCMpESg bO46x8BGaYk= =D0tP -----END PGP SIGNATURE----- From strick at osc.versant.com Tue Nov 16 09:55:50 1993 From: strick at osc.versant.com (henry strickland) Date: Tue, 16 Nov 93 09:55:50 PST Subject: LAW: Wireless interception In-Reply-To: <199311150608.AA00124@eff.org> Message-ID: <9311161749.AA27168@osc.versant.com> # Actually, all this shows is that the drafters of ECPA didn't anticipate # that TV watchers would use their TVs to overhear cellular conversations. I've heared the ECPA described as a "bundle of loopholes", and it is illegal to watch your TV, if it receives cellular conversation, unless you are actively debugging the problem. Does anyone know the history of the decline and fall of the Third Party Rule? I used to be of the understanding that it was legal for you to listen to anything you could detect in your own airspace, you just couldn't tell (or sell) the reception to a third party. Is this an accurate statement of what the FCC policy used to be? Was it EPCA (86?) that destroyed it, or was it chipped away previously? thx, strick From ravage at wixer.bga.com Tue Nov 16 10:04:13 1993 From: ravage at wixer.bga.com (Jim choate) Date: Tue, 16 Nov 93 10:04:13 PST Subject: Image crypto info needed... Message-ID: <9311161755.AA08155@wixer> Hi everyone, I am looking for any references or sources of information or code dealing w/ the use of images as a means of both transmission and encryption of plain- texts. Specificaly, I am interested in taking the 3 byte feild for each pixel in a .gif and replacing the lsb w/ the bits in a 'plain-text'. This in effect converts the image to a 'cypher-text'. The only real indication of a message is the individual pixel brightness will be altered. However, unless you have a source of known clean images there is little way to decode the messagr reliably. Right now we (a friend is helping work on it) are using the .gif galore CD as our library of reference images. We eventualy hope to have a source of such images available for all to access. Any information or feedback would be appreciated (keep your flames to yourself), thanks ahead of time! From jet at netcom.com Tue Nov 16 10:11:30 1993 From: jet at netcom.com (J. Eric Townsend) Date: Tue, 16 Nov 93 10:11:30 PST Subject: count me out Message-ID: <199311161811.KAA02006@mail.netcom.com> I joined this list thinking there'd be a lot of good information about crypto. There was. Now, I'm better off reading sci.crypt. So I'm gone. -eric From strick at osc.versant.com Tue Nov 16 10:20:51 1993 From: strick at osc.versant.com (henry strickland) Date: Tue, 16 Nov 93 10:20:51 PST Subject: Portable TCL-based crypto toolkit In-Reply-To: <9311151952.AA03070@jobe.shell.portal.com> Message-ID: <9311161819.AA27386@osc.versant.com> # One thing that frustrates me is the difficulty of easily providing # implementations of cryptographic algorithms that would be useful on a # wide range of machines. A lot of these algorithms are really simple, # almost trivial. Yet to write programs to implement them takes pages and # pages of code, and making them portable so that people on PC's, Mac's, and # Unix machines can use them is almost impossible. My experience has been much better. I do have a TCL-based crytpo tookit running, currently on SunOS, although some of the work (RSAREF wrappers) I did on macintosh. I think most of the pieces in this list port to MAC or DOS, using ANSI_C+POSIX emulation: tcl7.0 (John Ousterhout's "Tool Control Language") sprite.berkeley.edu /pub/tcl gmp (gnu miltiple precision) prep.ai.mit.edu /pub/gnu gdbm (gnu database manager) /pub/gnu alo-des (by Antti Louko (alo at kampi.hut.fi)) kampi.hut.fi md2, 4, 5 (reference implementation) ftp.uu.net /inet/rfc/rfc{1319,1320,1321} tclRawTCP (TCP socket, listen, connect for TCL) harbor.ecn.purdue.edu RSAREF 1.1 (beta?) , includes limited license to practice RSA & DH Along with the tcl7.0 for MAC (for THINK6.*, altho in about 2 hrs I got it running under THINK5.* as well) comes ANSI and enough-of-POSIX libraries, sufficient to do most of what you need. I assume ANSI and enough-of-POSIX are available for PC as well? (I've never done programming on PC, so I can't speak from experience.) And I assume assume we can find TCP (Berkeley Sockets functions) for MAC and PC. This toolkit is sufficient to do most anything we've talked about. I want to supplement this with more stuff -- IDEA, UDP, cme's trans, tripleDES, etc. -- but it already contains at least one implementation of what you need to prototype almost anything we've talked about. TCL is the trick. Using this toolkit, I implemented Knapsack in about 2 hours (because it was my first one), El Gamel in half an hour, and a DH-exchanged- DES-encrypted TCL-shell session over TCP in 2 hours. Most anything becomes a one-evening job, except DC-nets, because it has so many componenets.... I'm trying to shape this into a release. This will have to be a strictly-US-citizen-in-the-USA highly-controlled release, like RSAREF and RIPEM are. Sorry... strick "stricks write code" p.s. perhaps someone could mail me the ftp path to the ITAR again... thx From newsham at wiliki.eng.hawaii.edu Tue Nov 16 10:30:50 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Tue, 16 Nov 93 10:30:50 PST Subject: ENCRYPTED FILE SYSTEM In-Reply-To: <01H5DDB8OO429D5QVJ@delphi.com> Message-ID: <9311161828.AA10045@toad.com> > > What's the CPU in a Courier? Is the hardware well enough documented > to hack something like this up? I once burned a rom for a friend's > courier, from a file which he had, to give it V.32 instead of just > HST which it previously had. Not sure where the file came from. > An SRAM also had to be installed. The cpu is some DSP chip. I looked at it before but I dont remember the maker/part no. off hand. > --- MikeIngle at delphi.com From hfinney at shell.portal.com Tue Nov 16 12:05:54 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Tue, 16 Nov 93 12:05:54 PST Subject: Portable TCL-based crypto Message-ID: <9311162004.AA17388@jobe.shell.portal.com> The work Strick is doing sounds very much like what I am looking for. It is too bad about the export and usage restrictions but perhaps other packages can be incorporated in the future which are more freely available. TCL itself appears to be widely ported and sounds like a good foundation for this project. I am hoping to learn more about it soon. I do have some concerns about the portability of the gmp library specifically, but I know that the md4, md5, and rsaref packages are very portable. I guess we're not supposed to use rsaref as a "bare" mp library, though. Please keep us informed about the progress of this package! I'm sure many people on the list would be interested in beta testing when you are ready. Hal From ravage at wixer.bga.com Tue Nov 16 13:54:13 1993 From: ravage at wixer.bga.com (Jim choate) Date: Tue, 16 Nov 93 13:54:13 PST Subject: Image Encryption Request Filled! Message-ID: <9311162144.AA28034@wixer> I would like to thank all of those who sent mail relating to my earlier post requesting help finding information on graphical encryption - encoding. I have enough information to finish the project that I am working on. From eb at srlr14.sr.hp.com Tue Nov 16 13:55:38 1993 From: eb at srlr14.sr.hp.com (Eric Blossom) Date: Tue, 16 Nov 93 13:55:38 PST Subject: Secure phones - STU3 In-Reply-To: <01H5DD19PD429EFI2V@delphi.com> Message-ID: <9311162019.AA27800@srlr14.sr.hp.com> For those of you interested in STU-III's, there was an article several years ago in "Speech Technology" Magazine (now out of business), that explained quite a bit about the Motorola Sectel 1500. The 1500 is a Type I phone (OK for classified conversations). The crypto used wasn't discussed, but there were pictures and an explanation of the speech coding used and well as the feature set. That particular phone would speech code using LPC-10e @ 2400 bps or MRELP (Modified Residual Excitation Linear Prediction) at 9600 bps. Using the 2400 bps speech coder, you could interleave data (either syncronous or async) and speech. If anyone is interested, I can look up the citation. Eric Blossom From an5877 at anon.penet.fi Tue Nov 16 14:04:13 1993 From: an5877 at anon.penet.fi (deadbeat) Date: Tue, 16 Nov 93 14:04:13 PST Subject: Review of "Design and implementation of an RSA cryptosystem using multiple DSP chips" Message-ID: <9311162202.AA27158@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- Source: Computing Reviews, November 1993, pp. 602-603; 9311-0871 ER, M. H.; WONG, D. J.; SETHU, A. A.; AND NGEOW, K. S. (Nanyang Technological Univ., Singapore) Design and implementation of an RSA cryptosystem using multiple DSP chips. Microprocess. Microsyst. 15, 7 (Sept. 1991), 369-378. The authors propose implementation of the Rivest-Shamir-Adelman (RSA) public key cryptosystem using multiple digital signal processing (DSP) chips. They achieve a speed- up factor of 70 compared with a C software implementation on a PC. The use of multiple DSP chips (three in the authors' example) is hard to justify, in light of other known results. For example, Dusse and Kaliski reported a 25-50 millisecond decryption of 512-bit RSA with a single DSP chip [1]. My C implementation on a SPARC station runs in 2 seconds, about the same factor claimed by the authors. The design suffers from some other problems as well. One problem is the key size (160 bits). This is too small (even 512 bits is not enough for some applications). Another problem is that in this design the secret key is chosen first, and the corresponding public key is calculated accordingly. In most cases, the other way around is preferable, since it is advantageous to have short secret keys. A third problem is that any Carmichael number will pass the proposed primality test (Carmichael numbers are not primes). Better methods exist. The paper is intended for electrical engineers with little or no background in cryptology. The length of the paper is suitable, the drawings are clear, and the physical form of the material is suitable. A reference to Dusse and Kaliski [I] is missing. I believe that the authors did not know about that work, and would have reconsidered the project if they had. Overall, this paper is a fair description of a graduate-level project, but the quality of the design leaves something to be desired. Y. Yacobi, Morristown, NJ References [1] DUSSE, S. R. ND KALISKI, B. S., JR. A cryptographic library for the Motorola DSP56000. In Advances in Cryptology - Eurocrypt '90, I. B. Damgard, Ed., Springer, New York, 1991, 230-244. GENERAL TERM: DESIGN, MEASUREMENT, PERFORMANCE Brought to you by the Information Liberation Front and DEADBEAT -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBFAgUBLOkhMfFZTpBW/B35AQEU0AF/f9OF6e7asmftL0fTvsNTAxwSPB5GHXuG M9tIK5U9lH7AEC3VWPLgflsVIe/DO6ZS =PvRB -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From dmandl at lehman.com Tue Nov 16 14:20:54 1993 From: dmandl at lehman.com (David Mandl) Date: Tue, 16 Nov 93 14:20:54 PST Subject: Fun with Steganography on "Seinfeld" Message-ID: <9311162218.AA17766@disvnm2.lehman.com> This is technically not a cypherpunk subject, but it's related, and I've always wanted to mention it on the list. On an episode of the TV show "Seinfeld" from a few years ago, there's a scene where Jerry and Elaine are talking in Jerry's apartment. Jerry says something that Elaine doesn't like and she grumbles something unintelligible in response. He snaps back, "What did you say?" and she says "Oh, nothing, forget it." He says, "Are you sure?" and she responds, "Nothing, never mind" (or words to that effect). Later on in the episode, the same thing happens with Jerry's friend George: Jerry says something George doesn't like, George mumbles in response. Jerry then asks him "Did you say something?" George says "No." Jerry: "I'm sure you said something." George: "No, I didn't." Innocent enough. But if you turn up the volume REALLY loud, you can hear what Elaine and George mumbled: "What a bunch of bullshit." It's impossible to hear at normal listening level, but when the volume is cranked, it's there as plain as day. So, what we have here is the word "bullshit"--absolutely verboten by any interpretation of FCC rules--actually smuggled in inside the innocent conversation in a prime-time TV show. Even if the censorship police all sat around watching every minute of the episode for forbidden material, they would never have caught this (and obviously didn't). This episode was shown just like any other episode of the program, probably more than once. Most people are probably unaware of the hidden message. But it's there. (This is not an urban legend or a "Paul Is Dead" rumor--this has been confirmed by many people.) I've always thought this was an inspired and brilliant use of steganography. The producers of "Seinfeld" sneaking the word "bullshit" right past the censors' nose on prime-time TV? Awesome. --Dave. P.S.: I forget which episode it is, but I can go search for it if people insist. From jim at bilbo.suite.com Tue Nov 16 15:00:56 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Tue, 16 Nov 93 15:00:56 PST Subject: "Cyptography and Secure Communications" Message-ID: <9311162256.AA00504@bilbo.suite.com> I was recently at my friendly neighborhood technical book store and I noticed a cyptography book I hadn't seen before. It is called "Cyptography and Secure Communications" by Man Young Rhee. The publishing data is 1994. Does anyone here know anything about this book? How does it compare with "Applied Cryptography"? Thanks, Jim_Miller at suite.com From allan at elvis.tamu.edu Tue Nov 16 15:04:13 1993 From: allan at elvis.tamu.edu (Allan Bailey) Date: Tue, 16 Nov 93 15:04:13 PST Subject: Portable TCL-based crypto In-Reply-To: <9311162004.AA17388@jobe.shell.portal.com> Message-ID: <9311162301.AA08176@elvis.tamu.edu> > >The work Strick is doing sounds very much like what I am looking for. >It is too bad about the export and usage restrictions but perhaps other [[..deletia..]] I wanted to trump up a library-like interface using TCL for PGP 2.3[a], but was told that the "library" will be in the next release. So I haven't worked on it. If the next release of PGP with the library hooks is <> some extended time in the future, then I'd go ahead and do it. But I haven't been able to get any kind of answer or clue as to when it will come out. Anyone know when the next release of PGP is due? I'd really really like to have TCL hooks for some projects, but don't want to waste my time if I'll only have to start over with PGP X.X (where X.X is > 2.3a). -- Allan Bailey, allan at elvis.tamu.edu | "Freedom is not free." Infinite Diversity in Infinite Combinations | allan.bailey at tamu.edu GCS -d+ p--- c++++ l+++ u++ e++ m++ s n+ h+ f g+ w+ t+ r y+ "Liberty means responsibility. That is why most men dread it." -- George Bernard Shaw "Armadillos....those are the meanest suckers you're ever gonna wanna see... But you gotta kill 'em the first time, otherwise they get this revenge thing in their heads and they come lookin' for ya......." -- (i got this from the 'zine Armadillo Culture) From collins at newton.apple.com Tue Nov 16 15:05:56 1993 From: collins at newton.apple.com (Scott Collins) Date: Tue, 16 Nov 93 15:05:56 PST Subject: RSA/MP/FFT speedups? Message-ID: <9311162302.AA16496@newton.apple.com> Cetin Koc, Professor at Oregon State working with RSA, gave a lecture at the 93 RSA Data Security Conference on improving RSA performance, where, at one point, he discounted the efficacy of FFTs for multiplication/exponentiation of such small numbers (under 2000 bits), compared to better use of addition chains, separating squaring from multiplication, and cleaner MP multiplies, etc. Recently, someone (I can't remember) mentioned in conversation that someone else (I also can't remember) had very good results with FFTs. In fact, the break even point was actually just a few hundred bits. I would really like to find out: a) who is doing this work; b) is there a paper; c) some performance figures (test code would be good :-). If anyone has any pointers, please send them to me in private e-mail. If anyone else is interested in this topic, please tell me in private e-mail; I will CC answers to all interested parties, or (if interest exceeds my CC threshold) post to the list. Thanks, Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2B Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024:669687 catalyst at netcom.com From mech at eff.org Tue Nov 16 15:24:13 1993 From: mech at eff.org (Stanton McCandlish) Date: Tue, 16 Nov 93 15:24:13 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <9311101712.AA21990@snark.lehman.com> Message-ID: <199311162324.AA29258@eff.org> > Wouldn't the solution then be to eliminate the capacity of local > municipalities to grant cable monopolies? Fiber is compact -- five or > even twenty cable companies could coexist happily in New York (where I > live) if the city didn't grant "franchises", which it charges > exhorbitantly for. With large scale competition between cable > companies, monopolies would no longer be a problem. That's certainly part of it, though not part of the immediate EFF Open Platform initiative, which is more national in scope. This "franchise" problem is a local matter, and would best be handled by local organizations. If you are really concerned with this, try contacting the Society for Electronic Access (SEA), since you live in NYC. They may already be working on this, though I cannot of course vouch for them. Mailing simona at sea.org or simona at panix.com should put you in touch with them. > > In order to get to a world in which free markets can meet our demand for > > high-bandwidth connectivity, we have to dig ourselves out from the > > market-failure position we're in now. > > Isn't the problem in question the result of government granted, > rather than natural, monopolies? Isn't it thus wrong to call it a > "market failure"? Seems more like yet another government failure. Why would a "natural monopoly" be any better? This is a rather moot point. The problem here is that such monopolistic entities, whatever their provenance, don't give a rat's ass for whether or not you want a lot of bandwidth for multimedia email, or whatever. Left to their own devices, they'll happly feed you 5000 channels of tv, plus perhaps some oh-so-interactive teleshopping clubs and the like. Part of the effort that must be made is to knock some sense into the rapidly merging entertainment/information/telecom conglomerates, and try to at very least keep a large section of the "data highway" (or whatever one chooses to call it) an Internet-like many-to-many communications medium, if not fused with Internet itself. Convincing the govt. of this is will also take some doing. One certainly can't IGNORE the govt. No matter how much we may wish it'd just go away, it won't, and has to be dealt with. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From mg5n+ at andrew.cmu.edu Tue Nov 16 16:00:56 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 16 Nov 93 16:00:56 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311151041.AA19187@panix.com> Message-ID: habs at panix.com (Harry S. Hawk) wrote: > 1) I feel the government, in this case and others, should never > force the adoption of any particular technology (ISDN, ATM, etc) > > 2) While I am pro-market in the Extropian Way, I think that what we > need from the government is the following: > > a) recognize that Cable and Telco are the same business > b) set very minimum standards required for basic services > (basic telco, basic cable (e.g., local broadcast channels) > c) I don't see data as a basic service > d) apply the same regulation to both companies. > e) Let cable and telco compete head to head > > 3) Let the rich pay for it ;) The one and only thing we need from the government is one that you forgot to mention. All we need the government to do is to allow all interested parties equal access to the utility easements that the gummint has already set up. (Make the gov't follow the constitutional requirement of equal protections under the law.) This will allow free market competition of ALL communications services (well, I guess you sort of said that in (a) and (e).) b) is irrelevent (or could be) because of free broadcast media. In d), what kind of regulations do you want? And c), I don't see the distinction between "data", and telco...the government should recognize it as all the same, right? Kind of sounds like that crazy "modem tax" the FCC tried a few years ago. Oh, and of course, let the rich pay for it. :) From habs at panix.com Tue Nov 16 16:10:57 1993 From: habs at panix.com (Harry S. Hawk) Date: Tue, 16 Nov 93 16:10:57 PST Subject: Tech: Truth about Canon Copiers Message-ID: <199311170007.AA15114@panix.com> A common thread a month or two ago was about what happens when you try to copy a US Currency with a Canon color copier. Since my office is thinking about buying one, I asked for a demonstration of this feature. We put a 5 dollar bill on the copier and made a copy. It copied the side with the dead white guy fine. We flipped it over and copied the other side. It printed a deeply altered image. We then accessed the copier from a SGI Indigo which has a GPIB interface to the copier. We used software on the Indigo to scan in the bill. The scan died halfway into the scan. Clearly their is something in the scan (input) function of the copier that is preventing the bill from being copied. I suspect it looks for the "color of money" and if it finds it, it does further checks for US bills. /hawk -- Harry S. Hawk - Extropian habs at extropy.org In Service to Extropians since 1991 From an41418 at anon.penet.fi Tue Nov 16 16:30:57 1993 From: an41418 at anon.penet.fi (wonderer) Date: Tue, 16 Nov 93 16:30:57 PST Subject: All our eggs in one basket? Message-ID: <9311170026.AA04421@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- As cryptography and cryptographic techniques are developed, we tend to put more and more trust in them. It is probably not a bad idea to step back from time to time and ask ourselves if the risks are still reasonable. There is no better example of this than digital cash. Many techniques have been proposed for this as for other applications. It is usually not long before someone finds a critical flaw in the various implementations under consideration. The consequences are usually a loss of confidentiality or embarassments. For example, in the early days of Julf's remailer people came up with surprizing new ways to defeat it, and the consequences were that some identities were revealed and we all marvelled at how this hole had escaped us until that point. Digital cash is another ball game. Before any scheme is adopted we need total confidence in the security of the cryptographic algorithms, protocols, and implementation details. We need a risk analysis to tell us exactly what will happen if two principals collaborate or the bank cheats etc... Schemes such as Chaum's are provocative, but what if 2 years after a digital cash scheme is implemented, someone publishes an easy way to defeat it or cheat? The consequenes could be total chaos. Think of the mental poker problem. A solution was given that seems reasonable. However, someone showed that by taking certain properties of the encryption technique, a bit of information could be learned that would compromise the integrity of the system. In mental poker, no big deal, we stop playing poker. What would happen if your bank suddenly told you that it had no proof that you really had an account there? Wonderer -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLOkFlx1kTJuroDD9AQEnpgH9GNMpcbjnwDzoNFdhPw5wTBdUQolvCAxk r643e/qOjnnlsL99IazAhCnTucRbaOm/v50HcwPcP2698UYWAX1GTg== =Ud6i -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From sfield at cyberspace.com Tue Nov 16 16:36:33 1993 From: sfield at cyberspace.com (sfield) Date: Tue, 16 Nov 93 16:36:33 PST Subject: unsubscribe Message-ID: unsubscribe From mg5n+ at andrew.cmu.edu Tue Nov 16 16:40:58 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 16 Nov 93 16:40:58 PST Subject: souls and Multiple Personality Disorder In-Reply-To: <9311150822.AA26800@anon.penet.fi> Message-ID: > Reality is like the Internet. There are legitimate ways for souls to > enter and illegitimate ways. You could be `born' under your true > name, or you could get in through the subversive route and infect > an outlet susceptible to Multiple Personality Disorder, or possess > someone. Haha... but seriously, I know someone who ran a BBS, and his wife had Multiple Personalities Disorder. She has 5 or 6 different accounts on the system for each of her different personalities. It was pretty funny to watch the different persoalities talk on the bulletin boards...most people did not know who those accounts actually belonged to. > It's very difficult to detect, of course! When it happens, Call 1-800-EXORCIST Yeah and I'm a trill currently possessing this body like Dax on DS9 hahaha... But since you brought up what you call "legitimate" personalities, let me pose this philosophical question to you: Suppose a human is born healthy, but with no cerebral functions, ie braindead. Suppose I am an old man who is dying, but neurology has advanced to a point where I could transfer myself to inhabit that body, and live normally thereafter. Would that be a legitimate soul? If true names are linked to biological entities, what is my true name? How do you define a true name? It's not a trivial question because there are a lot of extropians who would do that if they had the chance... From mech at eff.org Tue Nov 16 17:20:58 1993 From: mech at eff.org (Stanton McCandlish) Date: Tue, 16 Nov 93 17:20:58 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <9311110120.AA08393@smds.com> Message-ID: <199311170118.UAA02018@eff.org> [re: EFF NII proposal, ftp.eff.org, /pub/Eff/papers/op2.0] > As I understand it, for both telephones and cable TV, it is still common > for local governments to "grant" "franchises" to single companies for > phone and cable wires. If there were one thing to change, that would be > it. Why should that be the main focus? I for one consider modelling the coming "data highway" on an Internet-like model to be of more concern). I have precisely zero use for cable tv (or broadcast tv for that matter), and very little use for the phone system except as a convenience and a way to transport FidoNet mail. Since FidoNet-via-Internet is soon to be a reality in all likelihood, even that begins to fade. Over 90% of my communicating is done on Internet or in person. This is not to say full privatization of the phone system would not vastly improve Internet, but at least the net is fairly stable and works. It's a good place to start. The creation of a new "infrastructure" (rapidly becoming my least favourite buzzword) that is modelled on TV rather than many-to-many networking, would appear to me to be a much more grave danger than the temporary perpetuation of the current telecom and cable system, which can be the next thing to work on, once we are ensured the coming BigNet will be worth the lines it's carried on. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From mech at eff.org Tue Nov 16 17:24:14 1993 From: mech at eff.org (Stanton McCandlish) Date: Tue, 16 Nov 93 17:24:14 PST Subject: modem taps/caller id In-Reply-To: <4110.2CE1DFEC@shelter.FIDONET.ORG> Message-ID: <199311170122.UAA02039@eff.org> > > Practical Peripherals sells a modem that also captures Caller ID info > > and makes it available to your comm program. I've also seen devices > > that do this for sale in the back of BBS magazines. > > The question is, how does a caller block this feature? Depends on the locality, but generally you have 2 options: temporarily disable it with a *code, or get all-call-blocking. In most areas, as far as I know all-call-blocking (so you don't have to enter the *code for every call) is a "special service" or "extra feature" and costs you more. This is of course utterly ludicrous, but that's what you'd expect from semi-monopolies. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From nowhere at bsu-cs.bsu.edu Tue Nov 16 17:25:58 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Tue, 16 Nov 93 17:25:58 PST Subject: PKCrack available (fwd) Message-ID: <9311170126.AA28197@bsu-cs.bsu.edu> From: bontchev at fbihh.informatik.uni-hamburg.de (Vesselin Bontchev) Newsgroups: sci.crypt Subject: PKCrack available Date: 16 Nov 1993 10:50:26 GMT Organization: University of Hamburg -- Germany Message-ID: <2cab9i$gve at rzsun02.rrz.uni-hamburg.de> NNTP-Posting-Host: fbihh.informatik.uni-hamburg.de X-Newsreader: TIN [version 1.2 PL2] Hello, everybody! After receiving more than a dozen messages of the type "could you please send me a copy of PKCrack", I got tired of e-mailing it and decided to make it available via anonymous ftp. It can be obtained as ftp.informatik.uni-hamburg.de:/pub/virus/texts/crypto/pkcrack.zip A few remarks. 1) The archive contains the source (in C) of the program. It should compile anywhere. Don't ask me to send you a compiler or to compile it for you. If it happens not to compile on your machine - do the porting yourself. Be creative. Don't ask me to teach you C if you can't understand the program. 2) The archive also contains the file APPNOTE.TXT, from the PKZIP distribution, which explains the format of the ZIP archive in general and the encryption algorithm in particular. (BTW, this explains why I put the archive in the texts directory.) The algorithm applies both for versions 1.1 and 2.04x of PKZIP. The only difference is in the paragraph that explains how to verify that the password entered is correct - version 1.1 deals with a 2-byte number (as the text says), while version 2.04x deals with a one-byte number (as the text doesn't bother to explain). 3) The program is *trivial*. Really. It does a dictionary attack and thus requires a dictionary - a file containing the words to try as passwords. Don't ask me to send you one - there are many on the net. Find one yourself. Learn to use Archie. 4) The program cannot break just any archive - it can only check whether the archive is encrypted with one of a (possibly huge) list of passwords. 5) If you are trying to break an archive created with PKZIP 2.04x, you will get a lot of false positives. Averagely - once in every 256 attempts. It will help if you have several files in the archive, encrypted with the same password. If this is the case, increase the value of NFILES and re-compile the program (yes, I know that it should be a run-time option). A value of 4 will give the same level of false positives as for version 1.1, but even a value of 3 is good enough for practial reasons. 6) If you don't know how to do anonymous ftp - learn. If your system does not allow you to do anonymous ftp - use a ftp-by-email service. 7) If you don't have unzip for Unix - get one. Don't ask me to e-mail you the program in source. If you don't know how to transfer files from the mainframe to your PC - ask your system administrator, not me. 8) I have no idea who has written the program. 9) If you come up with any improvements, you are welcome to send them to me. If they are good, I will update the program that is on the ftp site. Regards, Vesselin -- Vesselin Vladimirov Bontchev Virus Test Center, University of Hamburg Tel.:+49-40-54715-224, Fax: +49-40-54715-226 Fachbereich Informatik - AGN < PGP 2.3 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C e-mail: bontchev at fbihh.informatik.uni-hamburg.de 22527 Hamburg, Germany From mech at eff.org Tue Nov 16 17:40:58 1993 From: mech at eff.org (Stanton McCandlish) Date: Tue, 16 Nov 93 17:40:58 PST Subject: rant pointer In-Reply-To: <9311110429.AA18475@toad.com> Message-ID: <199311170137.UAA02117@eff.org> > L. Detweiler has a rather hefty essay in the latest Risks on the > subject of `pseudospoofing', social parasites, "a criminal group > called the CryptoAnarchists" (with members such as "Eric May" and > "T.C. Hughes"), and such matters. I will not forward it to the > list, unh unh, no way. Reminds me of one of my proudest moments: L.D. (who this time claimed their first name was Linda; what a pseudospoofer!) in a fit of rage labelled me a "CYPHERPUNK CRIMINAL", caps L.D.'s. I'm thinking of having one of those little desk signs made, saying "Anton Mechanism, Cypherpunk Criminal" just for kicks. Or maybe a t-shirt. Hell I could market these, personalized: Stanton McCandlish, mech at eff.org [pgp sig here] CCCC Y Y PPPP H H EEEEE RRRR PPPP U U N N K K C Y Y P P H H E R R P P U U NN N K K C Y PPPP HHHHHH EEEEE RRRR PPPP U U N N N KKK C Y P H H E R R P U U N N N K K CCCC Y P H H EEEEE R RR P UUU N NN K K CCCC RRRR IIIII M M IIIII N N A L C R R I MM MM I NN N A A L C RRRR I M MM M I N N N A A L C R R I M M I N N N AAAAA L CCCC R RR IIIII M M IIIII N NN A A LLLLL Anyone buying? -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From mccoy at ccwf.cc.utexas.edu Tue Nov 16 17:44:14 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Tue, 16 Nov 93 17:44:14 PST Subject: LD info posting... Message-ID: <199311170139.AA17951@tramp.cc.utexas.edu> > From: szabo at netcom.com (Nick Szabo) > Message-Id: <199311161017.CAA01079 at mail.netcom.com> > Subject: Nonviolence in cyberspace > To: arthurc at crl.com > Date: Tue, 16 Nov 93 2:17:37 PST > Cc: cypherpunks at toad.com > In-Reply-To: ; from "Arthur Chandler" at Nov 15, 93 3:03 pm > X-Mailer: ELM [version 2.3 PL11] > Arthur Chandler (arthurc at crl.com) writes: > If the publication of this information is intended as a prelude to the > RL persecution or harassment of Mr. Detweiler, I want to lodge a strong > dissenting opinion. Perhaps it was meant as an object lesson in the necessity of the dreaded "pseudospoofing" for Mr. Detweiller. I find it rather amusing that many of the same people who were arguing against L. Detweiler's claims of a cryptoanarchic identity conspiracy are now objecting to the simple presentation of the same information about LD that LD wants to make available on all of you regardless of your wishes. Quite ironic. jim From rb at hprrb.rose.hp.com Tue Nov 16 17:55:59 1993 From: rb at hprrb.rose.hp.com (Robert Brooks) Date: Tue, 16 Nov 93 17:55:59 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311170118.UAA02018@eff.org> Message-ID: <9311170153.AA18597@hprrb.rose.hp.com> > > [re: EFF NII proposal, ftp.eff.org, /pub/Eff/papers/op2.0] > > > As I understand it, for both telephones and cable TV, it is still common > > for local governments to "grant" "franchises" to single companies for > > phone and cable wires. If there were one thing to change, that would be > > it. > > Why should that be the main focus? I for one consider modelling the > coming "data highway" on an Internet-like model to be of more concern). I > have precisely zero use for cable tv (or broadcast tv for that matter), > and very little use for the phone system except as a convenience and a way > to transport FidoNet mail. Since FidoNet-via-Internet is soon to be a > reality in all likelihood, even that begins to fade. Over 90% of my > communicating is done on Internet or in person. This is not to say full > privatization of the phone system would not vastly improve Internet, but > at least the net is fairly stable and works. It's a good place to start. > I, like Tim May, also cancelled my cable-TV subscription a few months ago, and would have long before that if my kids didn't like the Disney channel so much. None the less, the data highway _is_ being built, right now, by the phone and cable companies, and digital video-on-demand and videophone capabilities seem to be basic assumptions. I can reference articles in EE Times and elsewhere, and people who watch TV already know this from things like AT&T's "you will" commercials. > The creation of a new "infrastructure" (rapidly becoming my least > favourite buzzword) that is modelled on TV rather than many-to-many > networking, would appear to me to be a much more grave danger than the > temporary perpetuation of the current telecom and cable system, which can > be the next thing to work on, once we are ensured the coming BigNet will > be worth the lines it's carried on. > Seems to be that a general videophone capability is the only building block that's needed. Seems to me the only possible roadblock is regulatory, that is, the phone companies being prohibited from doing video and the cable companies prevented from doing phone service. Robert From mech at eff.org Tue Nov 16 18:20:58 1993 From: mech at eff.org (Stanton McCandlish) Date: Tue, 16 Nov 93 18:20:58 PST Subject: Dinkelacker II In-Reply-To: <9311121302.AA07765@anon.penet.fi> Message-ID: <199311170216.VAA03783@eff.org> > WHO is ARTHUR CHANDLER?! DO we CARE, L.Detweiler? -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From mech at eff.org Tue Nov 16 18:51:04 1993 From: mech at eff.org (Stanton McCandlish) Date: Tue, 16 Nov 93 18:51:04 PST Subject: ANON: pseudospoofing confusion In-Reply-To: <9311150716.AA22551@flammulated.owlnet.rice.edu> Message-ID: <199311170250.VAA04184@eff.org> > I'm sort of fuzzy on the distinction between pseudonymous and > pseudoanonymous; is it that a pseudonym is obviously so? For example, [...] > Now, pseudoanonymous is when a fake identity is created, without it > being obviously so. (Right?) So if I were to obtain another account > with a different user name, etc. and use that account, I would be > pseudospoofing. (?) I have pointed this out numerous times to L.D. in private mail, but he doesn't seem to get the fact that "obvious" is completely subjective. The most recent example I gave was that "James Bond" would appear to be an obvious pseudo. Unless your name really IS James Bond (which is actually not that rare of a name), or you happen to be someone that's never seen a J.B. movie, or read an Ian Fleming book, such as, say, a guy from Norway or Japan, in which case it would be quite reasonable to presume that the person you just got mail from really is named James Bond. Detweiler's entire proposition hinges on this distinction between pseudonymy and "pseudoanonymity"/"pseudospoofing". The distinction does not actually clearly exist, and his premise (or I should say "its" premise, since Detweiler has lately claimed to be female) collapses. I have attempted to get this to sink in to it's head, but to no avail; it just keeps posting and mailing away. What can ya do? I for one may just add someone to my kill file for the first time ever, as I'm sick to death of the same 200 line rant, rearranged and given a new title, popping up in my list mail, private mail, and news several times a day. Detweiler is not really in a position to complain about letterbombing. Aside from that, I recommend just ignoring it until unless it posts something of relevance and interest. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From mech at eff.org Tue Nov 16 19:05:59 1993 From: mech at eff.org (Stanton McCandlish) Date: Tue, 16 Nov 93 19:05:59 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311151041.AA19187@panix.com> Message-ID: <199311170304.WAA04303@eff.org> > 1) I feel the government, in this case and others, should never > force the adoption of any particular technology (ISDN, ATM, etc) Right on, but this would conflict, at least in spirit, with your points 2)b) and 2)d). Are your for govt. involvement or not? > 2) While I am pro-market in the Extropian Way, I think that what we > need from the government is the following: > > a) recognize that Cable and Telco are the same business > b) set very minimum standards required for basic services > (basic telco, basic cable (e.g., local broadcast channels) > c) I don't see data as a basic service Pardon me, but this is preposterous. You have here proposed that a many-to-many communications medium, which requires data service, is not a basic service despite its many benefits, but that cable and broadcast tv are, despite the obvious limitations (not to mention detrimental effects) of the medium. I hate to even say this, especially to you, but that's just not a logical stance, especially for a networker. I'm actually shocked to see you say that. > d) apply the same regulation to both companies. > e) Let cable and telco compete head to head e) conflicts with a). > 3) Let the rich pay for it ;) [...] > I feel if you don't "push" for universal access the systems will be build > that way anyway. They will cost $$$, and the "rich" will buy into it. As > economies of scale and scope come into pay, the cost of these systems will > come down and the poor will get it too. Thus, the rich have paid for it, > and the poor have got it cheap. But not just the rich will pay for it. *I* will have to pay for it, and I'd rather see it be cheap and affordable to all. You seem to have mistaken the empowering technology of networking with some new toy, like Nintendos. > No one is going to do an Interactive Test Market in the Lower East Side, > but trust me systems will be built there. Not if the medium fails to catch on, due to being too expensive for anyone but the upper class. This is precisely why most people *don't* have satellite tv. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From arthurc at crl.com Tue Nov 16 19:34:14 1993 From: arthurc at crl.com (Arthur Chandler) Date: Tue, 16 Nov 93 19:34:14 PST Subject: Irony in Detweiler-Hunting In-Reply-To: <199311170139.AA17951@tramp.cc.utexas.edu> Message-ID: I see irony here, all right, but maybe not quite the flavor you discern. Like other folks on this list besides (but including) Mr. Dedtweiler, I too have some concerns about anonymity versus responsibility in cyberspace. I'm convinced that there are legitimate uses of pseudonymous identities; but I don't think we can shut our eyes to the problems that such capabilities give rise to. It's an issue related to privacy and, in some applications, to encryption. Now for the irony: At least two people have said, or implied, "Well, if Detweiler had just used an anonymous identity in his posts, we wouldn't be researching his private life." I don't know what kind of QED others might put on such assertions. But here's one translation: "If Mister Detweiler had been a hypocrite, I wouldn't be in a position to dig into his personal life." I still dissent strongly to folks playing cop or armchair psychological helper for Mr. Detweiler, then sugarcoating the mean-spiritedness with "Well, it's an object lesson" or "I just want his associates to know what he's doing." To adapt Gertrude Stein: "Ironic, if you find such things amusing; if not, not." > > If the publication of this information is intended as a prelude to the > > RL persecution or harassment of Mr. Detweiler, I want to lodge a strong > > dissenting opinion. > > Perhaps it was meant as an object lesson in the necessity of the dreaded > "pseudospoofing" for Mr. Detweiller. I find it rather amusing that many of > the same people who were arguing against L. Detweiler's claims of a > cryptoanarchic identity conspiracy are now objecting to the simple > presentation of the same information about LD that LD wants to make > available on all of you regardless of your wishes. > > Quite ironic. > > jim > From mech at eff.org Tue Nov 16 19:40:59 1993 From: mech at eff.org (Stanton McCandlish) Date: Tue, 16 Nov 93 19:40:59 PST Subject: Privacy != right? Message-ID: <199311170334.WAA04386@eff.org> > There is no right to privacy in this country. > > The much touted "Right to privacy" is a common law > conception and invention that, for the most part, has little > foundation. There are constitutional provisions that _suggest_ > privacy, but none that "assure" it. To enforce a right to > privacy in court, judges have to do a lot of reaching. >From the 1st Amendment to the US Constitution: "Congress shall make no law...abridging the freedom of speech..." Mike or another with legal expertise can correct me, but I believe it has been shown more than once that privacy can be a necessary condition for freedom of expression. >From the 4th Amendment: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable seraches and seizures, shall not be violated..." This does not spell out the word "privacy", but the implications would appear to be plain. >From the 8th Amendment: "cruel and unusual punishment [shall not be] inflicted". This MIGHT be grounds for the conclusion that privacy is a right, in such cases where violation of that privacy may be construed as cruel, or [more likely] unusual punishment. Theoretically. I make no pretense at being an attorney, or having a wide knowledge of caselaw, I'm just arguing from a philosophical and logical position. The 9th Amendment: "The enumeration in the Constitution of certain rights shall not be construed to deny or disparage others retained by the people." Looks pretty cut and dry right there. The 10th Amendment: "The powers not delegated to the Unites States by the Constitution, nor prohibited by it to the states are reserved to the states respectively or to *the people*" [emphasis added.] Again, pretty cut and dry. >From the 14th Amendment: "No State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States;" This takes care of the state level as well as federal it would appear. I make no claim that this is a perfect analysis, but it is food for thought. It would appear to me that unless one takes privacy to be neither a right in any manner at all, ever, under any circumstance, nor to be: a) a power not delegated to the federal govt. or b) a power not forbidden to the states or specifically delegated to the states then privacy must perforce be a right or power of the people. > Your natural rights approach to the rights of privacy is > limited in that, unlike other rights founded in a Natural Rights > / Victorian legal thought fashion, privacy has no logical > precedent in the state of nature. Tell that to the wolf who will happily kill you for invading it's territory. Tel that to the same wolf who drags your corpse back to it's private, and jealously defended, private burrow or other shelter. I'm not a proponent of natural rights, just pointing out a gaping hole or 2 in this line of reasoning. > Unfortunately the departure of the formalist approach takes with > it the notion of the public and private spheres distinction. The > progressive movement began to blend the spheres, and what > distinction was left between them was gelded by the notion that > the public sphere was the larger and more important of the two. > Farewell individual rights, hello good of the collective. This would appear to be a pretty good analysis. > I think this is much of the reason that the appeal to the > absolute right of privacy gets little attention today. Instead > we see privacy taking a back seat to public elements like the war > on drugs and national security. I think the reason is closer to propaganda. If the media at large told people they should want privacy, the odds are they would want privacy. Right now shooting coke dealers is more "sexy", and I think it a fair assessment that most Americans take their social cues, and much of their ethics, priorities, and other important aspects of personality from tv and other media, for better or worse. This is the reason that getting pro-crypto media attention is essential. Only when the people realize that drug dealers and largely imaginary terrorists are a far smaller threat than loss of privacy and other rights, will the pendulum swing back. > Turn for a second to the nature of right and privilege. > Privacy is really not a right to begin with but a privilege. [...] > Privacy in the past has fit nicely into the privilege hole. > It wasn't that you had a right to privacy, but rather that > everyone else had no-right to pry. Privacy was in a Hohfieldian > manner, a privilege. Please explain to me then the presence of laws against peeping tomism, trespassing, interception of wire communications, etc. It appears clear to me from these laws that privacy, of one sort or another, is considered to be a right, at least in certain applications and circumstances. > Today this changes. Privacy, or more > accurately LACK OF PRIVACY, is now a duty. The social security > administration has a RIGHT to assign you a number. The law that created the SSN was not intended to violate privacy. It is in fact primarily the states, and especially the private sector, that misuse this tax number to violate privacy. > The IRS has a RIGHT to poke around. This is vague. If you mean the IRS has a right to poke around in your records to make sure you are not cheating on your taxes, this is not a right but an entitlement (i.e. a priviledge that restricts a right.) Similarly a court can demand that you show this document or that. This is indeed a violation of your right to privacy, but in it's position as an entitlement, it is no different that civil forfeiture, searches, emergency confiscation of a vehicle by police for use in a chase, or the forcing (at gunpoint if necessary) citizens from their own property in situations of impending disaster, subpoenas, etc. etc. etc. This is not a new tale. > The FBI has a RIGHT to tap your phone > (with cause, [or not]). Only under certain, very limited, circumstances, and again this is not a right but an entitlement, since it by definition infringes a right. If you don't "get" the distinction, try on this simple example: you have a right to swing your arm (and please note that it, like the right to privacy, is another of those rights not specifically enumerated, but covered by the 9th Amendment), but I have an entitlement to not be hit in the face by your swinging arm. My entitlement supercedes your right, but only under certain circumstances (e.g. when my face is in imminent danger of being struck by your arm, or has already been struck - assault, and battery respectively, if intentional - but I cannot use my entitlement to demand that you _never_ swing your arm). > We have gone from a privilege to the > opposite side of a right, a duty in effect. The FBI's attempt to make their very limited entitlement to wiretapping into a duty of the populace and the market failed dismally, when their "Digital Telephony" proposal collapsed. > Enter cryptography. Now we have the means to protect our > information. Technology makes it easier to avoid the "duty" of > disclosure. There is no such duty, except under the limited circumstances where an entitlement of the govt. requires it. Cryptography is not likely to change this any. Try encrypting all of your records, and refusing to decrypt them or surrender the key despite a court order to do so. Unless you can make a convincing case that to do so would be self-incrimination (see the 5th Amendment), you'll likely find yourself slapped with a contempt of court charge. > One way or another, something will give. Privacy is > on the fence right now with a movement to a government > entitlement against it. Cryptography will either force the hand, > or force a backdown. Which one is a matter of conjecture. > Personally I would like to see the elements of privacy > become guarded by right to privacy, with the typical bundle of > property rights that follows such a designation. Right to use, > right to exclude, right to transfer the property of information, > personal or proprietary. This opens the door for more radical > injunctive and money damage relief for the violation of these > rights than is currently available. It is with this goal in mind > that I approach my support of cypherpunks and cryptography. This is certainly reasonable. I would like very much to see a new Amendment that specifically enumerates privacy as a right. > Numbered bank accounts and even lines of credit > exist and will continue to prosper. One can hope so, but when the Swiss numbered bank account, the canonical example, vanishes, I begin to have doubts. > Thank you for your time and attention. You're welcome, and ditto. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From MJMISKI at macc.wisc.edu Tue Nov 16 19:45:59 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Tue, 16 Nov 93 19:45:59 PST Subject: modem taps/caller id Message-ID: <23111621430468@vms2.macc.wisc.edu> It is my understanding that the *67(9) feature does not stop the actual sending of your number to the switch but rather stops the data from being transmitted from the switch to the end user (actually sends a 'P' I believe.) --Matt ______________________________________________________________________________ In defense of liberty, encrypt for all purposes, civil and professional. In defense of privacy, encrypt all correspondence, personal and professional. In defense of sanity, do not encrypt your dry cleaning invoice! ++++++++--------mjmiski at macc.wisc.edu (c)1993 From erc at khijol Tue Nov 16 19:46:04 1993 From: erc at khijol (Ed Carp) Date: Tue, 16 Nov 93 19:46:04 PST Subject: souls and Multiple Personality Disorder In-Reply-To: Message-ID: > > Reality is like the Internet. There are legitimate ways for souls to > > enter and illegitimate ways. You could be `born' under your true > > name, or you could get in through the subversive route and infect > > an outlet susceptible to Multiple Personality Disorder, or possess > > someone. > > Haha... but seriously, I know someone who ran a BBS, and his wife had > Multiple Personalities Disorder. She has 5 or 6 different accounts on > the system for each of her different personalities. It was pretty funny > to watch the different persoalities talk on the bulletin boards...most > people did not know who those accounts actually belonged to. > > > It's very difficult to detect, of course! When it happens, Call > 1-800-EXORCIST > > Yeah and I'm a trill currently possessing this body like Dax on DS9 hahaha... I thought this was rather tasteless. MP is real. My SO is MP. It's not very funny. Do you know what causes MP? Childhood sexual abuse. Please think about it the next time you target a group for tasteless humor. -- Ed Carp, N7EKG erc at wetware.com 510/659-9560 an38299 at anon.penet.fi, anon-1157 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From mech at eff.org Tue Nov 16 20:00:59 1993 From: mech at eff.org (Stanton McCandlish) Date: Tue, 16 Nov 93 20:00:59 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <9311170153.AA18597@hprrb.rose.hp.com> Message-ID: <199311170331.WAA04360@eff.org> > I, like Tim May, also cancelled my cable-TV subscription a few months ago, > and would have long before that if my kids didn't like the Disney channel > so much. None the less, the data highway _is_ being built, right now, by > the phone and cable companies, and digital video-on-demand and videophone > capabilities seem to be basic assumptions. I can reference articles in > EE Times and elsewhere, and people who watch TV already know this from > things like AT&T's "you will" commercials. [...] > Seems to be that a general videophone capability is the only building block > that's needed. Seems to me the only possible roadblock is regulatory, that > is, the phone companies being prohibited from doing video and the cable > companies prevented from doing phone service. This isn't precisely what I meant. What I mean is that, whatever the source of or type of wires that carry this "data highway" traffic, for the dominant use and format of it to be modelled on the tired and all but useless one-to-many format of tv would be disastrous. I don't care who builds, it, only what I can do with it. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From ld231782 at longs.lance.colostate.edu Tue Nov 16 20:46:00 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 16 Nov 93 20:46:00 PST Subject: Key Servers In-Reply-To: <9311140602.AA03621@paycheck.cygnus.com> Message-ID: <9311170445.AA26434@longs.lance.colostate.edu> >Take it easy for a bit here... the key servers (by which I mean the >PGP keyservers such as are run on toxicwaste.mit.edu and elsewhere) >*don't provide any authentication*... all they provide is keys. If you >trust a key because you got it from a key server, then you have >perhaps misunderstood the concept of digital signatures -- you should >be able to "validate" the key based on what's in it, not where you got >it from. Seems to me, MR EICHIN, that many people might be FLABBERGASTED to find out that people are using PGP key servers for PSEUDOSPOOFING. why is it that the policy that ANYTHING GOES is NOT MADE CLEAR in KEYSERVER POLICY DOCUMENTS? >the key servers (by which I mean the >PGP keyservers such as are run on toxicwaste.mit.edu and elsewhere) >*don't provide any authentication* I never noticed that name before... Perhaps this is what you think qualifies as your disclaimer... From ld231782 at longs.lance.colostate.edu Tue Nov 16 20:55:59 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 16 Nov 93 20:55:59 PST Subject: Quarantining Toxic Waste Message-ID: <9311170454.AA26571@longs.lance.colostate.edu> I'm writing this in hopes there are still some sane people left here. It's quite shocking to hear such blase arguments about identity from the people who have erected the current key server system. At the very minimum, these people should make their policies about pseudospoofing clear in policy documents -- anyone listed here could be imaginary, there are no guarantees. I'm going to make some arguments why a key server system with true identities should be completely quarantined from one that allows Medusa's Snakes: 1) First, honesty and dishonesty are fundamentally incompatible. Our technology should reflect that. 2) No one that ever subscribed to a database that had tentacles would be interested in one that guaranteed none were there, and vice versa. 3) if the databases overlapped, it would be easier for criminals to infect a `true name' system. ah, how the psychopunks understand this. 4) sequestered servers (the `reputable' ones) could eventually hook up with all those neat government databases on identities. A Cypherpunks Worst Nightmare. Hee, hee. 5) I remember a P.Metzger argument with M.Graff on some mailing list about using DNS as a kind of key distribution system. The argument boiled down to the point: can *anyone* insert entries? Coincidentally, this is the critical question in a True Name vs. Toxic Waste Dump databases. 6) The software already exists to have a separate network of True Names. 7) People interested in True Names might want to sort their mail and news interactively, dynamically. I imagine that when I connect to an NNTP server, I also set up a socket session with a True Name database that replies to my queries in real time. People interested in toxic waste would not be interested in any such system. There are many other arguments. I'm sure all the Psychopunks will come up with their clever arguments to sabotage any True Name debate or database system. I stopped believing in Cypherpunk Honesty about the same time I stopped believing J. Dinkelacker. From ld231782 at longs.lance.colostate.edu Tue Nov 16 21:04:14 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 16 Nov 93 21:04:14 PST Subject: why Identity is Sacred In-Reply-To: <199311151223.EAA13250@mail.netcom.com> Message-ID: <9311170503.AA26726@longs.lance.colostate.edu> Mr. Szabo objects to my pseudopool fun. I don't understand. How is misattribution of quotations different than than things like pseudospoofing and pseudopools that top cypherpunks promote? >Given the many idiotic things already claimed by Detweiler, >(including at one time or another, hotly accusing most list-active Bay Area >cypherpunks of being "pseudospoofs" of each other, when all he had to >do to verify our True Names was call), I did call Medusa. Her line was been busy. All I have been able to talk to are tentacles. And they all say, `Believe, me, I am a person!' > So I just want to make sure everybody understands there's >a head full of hypocrisy to go along with the head full of otherwise >misfiring neurons: yes, Medusa is quite confused lately. Halleluja for RISKS. >It's highly improbable that Tim May would go anywhere near Perl, and >it's also quite improbable Eric Hughes would have made such a gaffe. >(Which just goes to show I _am_ Hughes and May, otherwise how could >I know, eh Detweiler?) Your days are numbered, Medusa, and you are pretty clueless for not realizing it. The King is Dead. >It might be feasible to defame people behind their backs, by >sending false quotations in mail to small numbers of third parties. Attention everyone, this is precisely what Medusa is doing with me right now. Be careful. >By extrapolation the quotes attributed to Arther Chandler, >Hal Finney, and Perry Metzger were also likely "pseudospools", >many of which will be obvious to those falsely quoted or their >freinds, or those who keep good archives. Medusa has finally gone totally insane. Hey Medusa -- do you allow pseudospoofing on your secret mailing list? or do you ban it? are you a hypocrite? are you a liar? From ld231782 at longs.lance.colostate.edu Tue Nov 16 21:14:14 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 16 Nov 93 21:14:14 PST Subject: Key Servers In-Reply-To: <199311151440.AA19694@poboy.b17c.ingr.com> Message-ID: <9311170512.AA26818@longs.lance.colostate.edu> perobich at ingr.com >For example, Wonderer has established itself as a smart, literate, >eager-to-learn entity. I look forward to its posts, and I don't care >who owns that pseudonym. Wonderer is a D.Denning admirer. Was it Wonderer who Wondered about what would happen if someone found a way to thwart PGP and read everyone's mail on the sly? Reminds me of Medusa never telling anyone of her Snakes. hee, hee, the fireworks continue. From nobody at pmantis.berkeley.edu Tue Nov 16 21:34:15 1993 From: nobody at pmantis.berkeley.edu (nobody at pmantis.berkeley.edu) Date: Tue, 16 Nov 93 21:34:15 PST Subject: BAN Detweiler(WHAT A LOON) Message-ID: <9311170532.AA14620@pmantis.berkeley.edu> I THINK ITS TIME TO TAKE DETWEILER OFF THE MAILING LIST, HE IS CLEARLY ABUSING THE PRIVELGE OF HAVING US AS AN AUDIENCE. ANY OTHERS ON THIS SIDE OF THE ISSUE?? ANON From jamie at netcom.com Tue Nov 16 21:54:16 1993 From: jamie at netcom.com (Jamie Dinkelacker) Date: Tue, 16 Nov 93 21:54:16 PST Subject: INTEREST? True Nyms Message-ID: <199311170553.VAA01041@mail.netcom.com> Extropians, Aside from the flamebait puke of the COLORADO CRAZIE, the cypherpunks list doesn't seem to be an optimum forum for dicussion of false names, true nyms, multiple personality entropy, blah blah. Yet, I find it a fascinating topic. Anyone here interested? [pointer --> extropians-request at gnu.ai.mit.edu] My apologies to subscribers of both the Extropian and Cypherpunk lists who received this message twice. -- ................................ Jamie Dinkelacker Palo Alto CA Jamie at netcom.com 415.941.4782 ................................ From --spin at iastate.edu-- Tue Nov 16 22:16:36 1993 From: --spin at iastate.edu-- (--spin at iastate.edu--) Date: Tue, 16 Nov 93 22:16:36 PST Subject: BAN Detweiler(WHAT A LOON) In-Reply-To: <9311170532.AA14620@pmantis.berkeley.edu> Message-ID: <9311170616.AA25996@iastate.edu> > I THINK ITS TIME TO TAKE DETWEILER OFF THE MAILING LIST, >HE IS CLEARLY ABUSING THE PRIVELGE OF HAVING US AS AN AUDIENCE. >ANY OTHERS ON THIS SIDE OF THE ISSUE?? No. > ANON Did you really need to say this anonymously? I favor anonymity for a lot of uses and reasons. I do not feel that a call to ban some one is a legitimate reason to use this ability. How can we guage the feeling of the mailing-list when the voters are anonymous and therefore could vote as often as they like? If you feel as though he should be removed I do not feel that saying so anonymously does anything. Unless of course you are Detweiler trying to provoke us into agreeing to perceived censorship on your part. In any case I may choose to ignore his messages ala killfiles but I do not feel that canning him is useful (it would only egg him on) nor ethical. My personal feelings about him do not affect my decision to censor him. I personally find his rantings to be useless (not all rants, just his) and largely redundant and my kill file may contain him soon. (Actually I hate the killfile idea.... he may one day say something utterly profound that I might miss out on.) Oh, uh, I am rather new and I am having a wonderful time wading through all my mail from all of you. Particulary the procmail automation of pgp. Non-sig-here. From warlord at MIT.EDU Tue Nov 16 22:41:01 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Tue, 16 Nov 93 22:41:01 PST Subject: Key Servers In-Reply-To: <9311170445.AA26434@longs.lance.colostate.edu> Message-ID: <9311170639.AA02048@toxicwaste.media.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- > Seems to me, MR EICHIN, that many people might be FLABBERGASTED to find > out that people are using PGP key servers for PSEUDOSPOOFING. No, it seems that only *you* are flabbergasted. As has been stated numerous time, the Keyservers exist solely for distributing keys. Thats it. No more. No Less. They are not existant to police anyone. They make no policy decisions. Anyone who wants to publish a key, under any name, may do so. That has always been the policy. That will always be the policy. > why is it that the policy that ANYTHING GOES is NOT MADE CLEAR in > KEYSERVER POLICY DOCUMENTS? Why should it? As I said, anyone can add any key. The Keyserser serves keys. It doesn't, and I believe that it *shouldn't* make any verification about the keys it serves. That is the jobs of signatures. The Keyservers (by which I mean the Keyservers at pgp.mit.edu and elsewhere) *don't provide any authentication*. They never have. They never will. And I don't believe it is their purpose to do so. > I'm writing this in hopes there are still some sane people left here. There are many sane people out here. > It's quite shocking to hear such blase arguments about identity from > the people who have erected the current key server system. At the very > minimum, these people should make their policies about pseudospoofing > clear in policy documents -- anyone listed here could be imaginary, > there are no guarantees. I don't think that there are any arguments about identity. In fact, the only person I know who's brought up the issue of identity is yourself. The Keyservers have been erected for one, AND ONLY ONE, purpose: TO SERVE KEYS. If you can tell me which word you do not understand I will be happy to explain in excruciating detail what I mean here. The Keyservers exist so people can request the PGP key for some identity. It does not matter whether that identity owns one or one hundred keys. If you want to insure identity, sign the key! > 5) I remember a P.Metzger argument with M.Graff on some mailing list > about using DNS as a kind of key distribution system. The argument > boiled down to the point: can *anyone* insert entries? Coincidentally, > this is the critical question in a True Name vs. Toxic Waste Dump databases. Actually, there was more to this argument than just that. The problem is not how to insert entries. Rather, the problem is how to distribute the system so that the who system knows about every key. The problem is that each key has more than one name: it has its userID's associated with it, and it has a keyID, which is inherent to the key. The problem is how to distribute the database so that lookups by keyID can be accomplished. The question was *never* about who had the ability to enter keys in the database. The question was how to implement the database on top of software that currently didn't allow for what was required. The final decision, as it stands, was that the current software was not capable of performing what was required. > 6) The software already exists to have a separate network of True Names. Absolutely correct. It is called a Digitial Signature Hierarchy (ala PEM). It can also be easily implemented in PGP as well. In fact, I was planning on doing this! > I'm sure all the Psychopunks will come > up with their clever arguments to sabotage any True Name debate or > database system. I'm not trying to sabotage the debate. I'm trying to say that there are better, more effective ways of ensuring a True Identity, than creating a placebo system of keyservers. It is much more secure to create a system of signators that will digitally sign keys that belong to True Names. If you see such a signature, then you are assured that it is a True Name. If you receive mail from a keyserver, it is quite possible that the Keyserver response was intercepted and changed, or that the Keyserver itself has been altered by some evil cracker, or whatever. As has been stated a million times: The keyserver provides keys. The signatures on the keys provide authentication. If you want to authenticate something, check its signatures. If it has no signatures, it should not be trusted. If it has untrustworthy signatures, it should not be trusted. Which concept do you not understand? - -derek -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBuAgUBLOnHGjh0K1zBsGrxAQGVHgLECYxXO/kDfttEY4KOyaQB9b+wLqFy2Omv 2q0CEaralDXJ2SZtJRZM4QhUWDoDvYYG23TeGZ3GTsgQxPccfWzSx+qv/qSpVfpn 9pZWBQ/RgG3zKPyV+Kd3YFk= =e6Cm -----END PGP SIGNATURE----- From mgream at acacia.itd.uts.edu.au Tue Nov 16 22:46:01 1993 From: mgream at acacia.itd.uts.edu.au (Matthew Gream) Date: Tue, 16 Nov 93 22:46:01 PST Subject: BAN Detweiler(WHAT A LOON) In-Reply-To: <9311170532.AA14620@pmantis.berkeley.edu> Message-ID: <9311170646.AA04575@acacia.itd.uts.EDU.AU> Earlier, nobody at pmantis.berkeley.edu wrote: > I THINK ITS TIME TO TAKE DETWEILER OFF THE MAILING LIST, > HE IS CLEARLY ABUSING THE PRIVELGE OF HAVING US AS AN AUDIENCE. > ANY OTHERS ON THIS SIDE OF THE ISSUE?? > ANON If it's reasonably democratic, sure. But L.D. could simply re-appear as another entity, which means all new additions to the list would have to be 'investigated'. I don't like this idea. The best idea to shut L.D. up is to just ignore him and his rants. Don't reply to them, and don't talk about him. IMHO witch-hunts are low on the list of credible actions one can take. Matthew. ps: I find the arguments interesting, mostly because a lot is gained by watching how people (entities ?) argue, techniques used and so on, though this is hardly within the cypherpunk scope of activity. -- Matthew Gream, M.Gream at uts.edu.au 'la lutte continue' - 1968 poster From bart at netcom.com Tue Nov 16 22:54:18 1993 From: bart at netcom.com (Harry Bartholomew) Date: Tue, 16 Nov 93 22:54:18 PST Subject: Citizens Guide to Using the FOIA Message-ID: <199311151632.IAA12653@mail.netcom.com> Available from the gopher wiretap.spies.com by selecting 5. Government Docs (...) and then 5. Citizens Guide ... q to quit reading online, m to mail it, and enter your email address. 93Kbytes. Bart From ckd at kei.com Tue Nov 16 23:04:16 1993 From: ckd at kei.com (Christopher Davis) Date: Tue, 16 Nov 93 23:04:16 PST Subject: Key Servers In-Reply-To: <9311151445.AA12745@anon.penet.fi> Message-ID: <199311151617.LAA05790@loiosh.kei.com> Wonderer> == wonderer Wonderer> I don't see what you mean by key servers for only true names. Wonderer> How do you know that a true name isn't just a false identity Wonderer> created with a real account on some system? How do you Wonderer> differentiate a true name from a unix account? You can't. As has already been pointed out on the list, the key servers have nothing to do with binding keys to humans (or other entities, presumably :-). Only a trusted (by you) key signature can do that; the key servers merely serve as a way to distribute the keys. The way to "certify" a key as belonging to a True Name is (again, as has already been pointed out) to have a signing key that goes along with some policy. That gives keys signed by that key some level of trust, depending of course on how stringent the policy and how much you trust the signer not to be fooled (or malicious). If someone wishes to only deal with cyberspacial entities that have Certified True Names, then that someone can easily take steps to do so. (And if that someone decides that I'm simply a "brand new Tentacle" or whatever, that's not my problem; I'm easy enough to verify as a human, if it's that big a deal...) -- Christopher Davis * * (was ) * MIME * RIPEM * [CKD1] This netnews posting is presented in the original 80-column aspect ratio. The black bars bordering the headers and .signature are normal for this format. From tcmay at netcom.com Wed Nov 17 00:04:16 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 17 Nov 93 00:04:16 PST Subject: ANARCHY: The Coming Crypto Phase Change (fwd) Message-ID: <199311170803.AAA10424@mail.netcom.com> Cypherpunk friends, Here's a piece I just did for the Extropians mailing list, arguing for a kind of "crypto phase change." Yes, it's political, but in a way that I sense some list members are eager to hear about. We rarely discuss the long term implications of strong crypto, digital money, remailers, etc., these days. These topics got pretty thoroughly aired a year or so ago when the list was young, and the message is of course made clearly in some of the "rants" (Eric's term, but in light of the "True Rants" we've been seeing lately, I think the term is misleading). Anyway, I won't apologize further. You can always delete this. Forwarded message: To: Extropians at extropy.org From: tcmay at netcom.com (Timothy C. May) Subject: ANARCHY: The Coming Crypto Phase Change Date: Tue, 16 Nov 93 23:54:51 PST I want to elaborate on some comments I made earlier about anarchy and crypto-anarchy and tie them to the "Oceania" ocean colonization thread. I wrote: > Some of us believe various forms of strong cryptography will cause the > power of the state to decline, perhaps even collapse fairly abruptly. > We believe the expansion into cyberspace, with secure communications, > digital money, anonymity and pseudonymity, and other crypto-mediated > interactions, will profoundly change the nature of economies and > social interactions. > > Governments will have a hard time collecting taxes, regulating the > behavior of individuals and corporations (small ones at least), and > generally coercing folks when it can't even tell what _continent_ > folks are on! The "crypto phase change" is the transition to wide use of private communications to conduct business, to arrange deals, to meet other people, and so on. I contrast it with the idea of a "singularity," so often associated with nanotechnology (cf. Vinge, Stiegler, et. al.), because nothing is ever truly a "singularity." Discontinuities, yes. Phase changes, yes. Singularities, in the sense of infinite spikes, no. Crypto and related cyberspace methods have the potential for causing a fairly rapid transition to a new sort of society. Just as printing presses did. Just as radio, television, and new media did. And this phase change could involve--likely _will_ involve--many people, perhaps the majority of the population in America and Europe, at the least. Some scenarios: - people hear about widespread tax evasion by crypto-anarchists, and they get interested (for various reasons, including jealousy, anger, greed, desire for freedom). "Crypto lasing." - consultants discover they can consult on projects from other countries, from jurisdictions that might ban their invovlement if they knew about it, and so on. - the "permanent tourists" in the world-spanning economy. - black markets in credit information, dossiers, insurance fraud cases, medical malpractice, etc. A simple example that will reach many people: You're thinking of hiring a lawyer. Under U.S. law, records of "bad lawyers" are hard for outsiders to keep, to gain access to, etc. The Bar Associations, like the American Medical Association, like other officially sanctioned "guilds," prefers to keep outsiders in the dark. So what happens when "Reputations R Us" sets up shop in cypherspace--or, more mundanely, on an island in the Caribbean that has no such laws? What happens when for the price of an offshore phone call or Net query the parochial and paternalistic U.S. laws can be trivially bypassed? It'll be a whole new world. Ditto for gambling, escrow services to hold money (think of the reduction in violence when "reputable" digital banks will hold the drugs _and_ the money), information markets, private investigation services, rent deadbeat records, and credit records that include _all_ creditor information (not just the last 7 years, and not just the "allowable" items...how dare anyone infringe my right to take into account records more than 7 years old?!). (For those worried about tracing the calls, about sting operations, etc., that's where digital mixes (remailers) come in and where prepaid "coupons" ("The holder of this number is entitled to one database query") come in. Even short of full-blown Chaumian digital money, a lot can be done. Prepaid digital coupons, or digital postage of a sort, can be used to make these off-shore--or in cypherspace, a la the "BlackNet" demonstration I did a few months back, and written about in "Wired"--markets liquid and profitable.) Like a seed crystal dropped in a supersaturated solution, crypto could trigger a phase change of immmense proportions. (The metaphor is slightly awkward, as I see the crypto phase change _increasing_ the number of degrees of freedom, as in the transition from a solid to a liquid to a gas.) The "Oceania" project, in contrast, tends _not_ to produce this kind of phase change. Joe Nextdoor may eventually start using data havens and crypto tax evasion schemes, but he's not at all likely to volunteer to man the oars on a floating barge. (I don't mean to defame the Oceania project. Just my sense of humor.) Ocean-going colonies have not appeared, even by corporations and states, for whatever reasons, so the onus is on the oceanauts to explain just what is out there that is so valuable (that can't be done by ordinary boats and ships that fish, mine for manganese nodules, do oceanographic research, etc.). Merely seeking freedom is probably not enough. Gambling, prostitution, and easy access to drugs and other hedonistic delights may be enough, but I've seen nothing to indicate this type of "Love Boat" is being planned. Just the dreamy ideas about self-sufficiency. A commune by another name. A floating "Hog Farm," with anarchocapitalist ideology replacing Thoreau and Marx. In any case, Oceania-type projects, even if moderately successful (and not just the rusting pontoons I predicted in an earlier posting), are very unlikely to trigger a phase change such as the one I see for crypto. This is why I am currently placing my faith in strong crypto and am so active in the Cypherpunks group. That's one place where the Revolution _will_ be televised. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From thomas.hughes at chrysalis.org Wed Nov 17 00:36:02 1993 From: thomas.hughes at chrysalis.org (thomas.hughes at chrysalis.org) Date: Wed, 17 Nov 93 00:36:02 PST Subject: ENCRYPTED FILE SYSTEM Message-ID: <9311170138.A0653wk@chrysalis.org> Mi> No, don't use Diskreet. Use my Secure Drive. Beta now if you want it, Mi> and release with source soon. Uses IDEACFB, protects a hd partition Mi> and floppies, takes only 2K ram, and is very fast. Reasonably Mi> user-friendly. You have to create a D: partition to use on a hard Mi> drive. i said to LOOK at Diskreet. it is ultra user-friendly, auto installs at bootup, has a panic key-combination that shuts the secure drive, cute colorful Norton style pop up windows, and you can probably find a copy at Wallmart. I'm not saying it's great, just that it's out and about. (I played with it for a while and decided that it wasn't any more secure than putting passwords on a ZIP file, so i dumped it.) i would be thrilled to play around with something more "secure". (ie: my mailbox can handle whatever you wanna send to it.) Mi> What's the CPU in a Courier? Is the hardware well enough documented Mi> to hack something like this up? I once burned a rom for a friend's Mi> courier, from a file which he had, to give it V.32 instead of just Mi> HST which it previously had. Not sure where the file came from. Mi> An SRAM also had to be installed. the $300 14k Couriers are supposed to be able to upgrade to V.FAST with a simple chip upgrade. ie: they can have a fast-fancy-processor. wouldn't life be easier trying to design a software version rather that trying to figure out how to code for a funky USR processer? (i doubt they would be thrilled about sending you docs ...) besides, if someone is willing to pay $300 for a Courier, they would be just as willing to pay for some black-market UncleSam encryption modem. I've seen multiple versions of programs that will do a perfect emulation of MNP protocols, and if someone could dig up some source code you could swap all the "compression" routines with "encryption" routines. (of course, since MNP is probably patented by [go figure] MNP, you would need to mutate it [PGPstyle:] to dodge lawsuits.) maybe design the software to accept input from one port and output to another and then set up stone age PC's as secure-phone-hubs and route communications through them ... maybe some self booting EPROMs ... (a $50 286/20 or a $300 modem? not a tricky decision.) i guess i better subscribe to that hardwarepunks list then, eh? (someone send me the address; i didn't write it down.) ___ Blue Wave/QWK v2.12 From an12070 at anon.penet.fi Wed Nov 17 00:44:16 1993 From: an12070 at anon.penet.fi (S. Boxx) Date: Wed, 17 Nov 93 00:44:16 PST Subject: Quotable Quotes Message-ID: <9311170841.AA04010@anon.penet.fi> who was the cypherpunk who said, ``Cypherpunks, It's such a feeling of raw power over lesser intelligences''? I can't remember. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From sameer at uclink.berkeley.edu Wed Nov 17 02:01:03 1993 From: sameer at uclink.berkeley.edu (Sameer) Date: Wed, 17 Nov 93 02:01:03 PST Subject: Very useful lines Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Er, make that *one* line: # ~/.elm/filter-rules: from = "ld231782" ? save /home/sameer/mail/larry Let's keep the noise down, and ignore Detweiler, OK? -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOn0bHi7eNFdXppdAQHLrwP+JkmQqaXegL/iINsGya3DtdUBslIcVBQ/ loQfCnEe+XsUvXc0sdPzFE9+0yTbhKWeOv0XWtGdH3xcMEsI8XPFknvIFlld/elG t8yywYeLsii4tL32gV3N2DeaTV7UQOkFIG1EuJvlfYMLyS9130NazTpmD2RO8noa P2uIbdd3Fqo= =CfKt -----END PGP SIGNATURE----- From unicorn at access.digex.net Wed Nov 17 02:01:06 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 17 Nov 93 02:01:06 PST Subject: privacy and rights (long reply) Message-ID: <199311170957.AA11339@access.digex.net> -----BEGIN PGP SIGNED MESSAGE----- From: Stanton McCandlish Subject: Privacy != right? Date: Tue, 16 Nov 1993 22:33:59 -0500 (EST) ** My comments in []'s ** > There is no right to privacy in this country. > > The much touted "Right to privacy" is a common law > conception and invention that, for the most part, has little > foundation. There are constitutional provisions that _suggest_ > privacy, but none that "assure" it. To enforce a right to > privacy in court, judges have to do a lot of reaching. >From the 1st Amendment to the US Constitution: "Congress shall make no law...abridging the freedom of speech..." Mike or another with legal expertise can correct me, but I believe it hasbeen shown more than once that privacy can be a necessary condition for freedom of expression. [I am "another with legal expertise," The instances you refer to are almost always in regard to pornography. Common law conceptions. These are as stable as the majority that sits on the court. Today that means nothing. I want more.] >From the 4th Amendment: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable seraches and seizures, shall not be violated..." This does not spell out the word "privacy", but the implications would appear to be plain. [Someone once said, "never fall back on common sense when reading the law." There is no right to privacy here, just the right of the government to decide what privacy is. This is a due process argument, and any legal scholar knows that the word "unreasonable" means whatever the jury or judge says it means. Hardly plain.] >From the 8th Amendment: "cruel and unusual punishment [shall not be] inflicted". This MIGHT be grounds for the conclusion that privacy is a right, in such cases where violation of that privacy may be construed as cruel, or [more likely] unusual punishment. Theoretically. I make no pretense at being an attorney, or having a wide knowledge of caselaw, I'm just arguing from a philosophical and logical position. [Might, should, would, could. Hardly the firm RIGHT to privacy I was looking for.] The 9th Amendment: "The enumeration in the Constitution of certain rights shall not be construed to deny or disparage others retained by the people." Looks pretty cut and dry right there. [With regards to natural rights, sure. (consider the time frame) with regards to privacy? I don't think so.] The 10th Amendment: "The powers not delegated to the Unites States by the Constitution, nor prohibited by it to the states are reserved to the states respectively or to *the people*" [emphasis added.] Again, pretty cut and dry. [Sure, but saying what? "The people" today is really just the "elected" government. This is a collective right, not an individual one, as privacy MUST always be.] >From the 14th Amendment: "No State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States;" This takes care of the state level as well as federal it would appear. [But what does it take care of? Show me the words "citizens are entitled to the unalienable right of privacy in their personal endeavors." or even "reasonable right of privacy in their personal endeavors."] I make no claim that this is a perfect analysis, but it is food for thought. [This is the problem with interpreting law without having some legal background. Words that are clear cut before your first year of law school means entirely different things three months into the first year. Not that you have to be a law school graduate to read the law, but it's easy to confuse the law and morality. They are simply not the same thing.] It would appear to me that unless one takes privacy to be neither a right in any manner at all, ever, under any circumstance, nor to be: a) a power not delegated to the federal govt. or b) a power not forbidden to the states or specifically delegated to the states then privacy must perforce be a right or power of the people. [Your argument is a natural rights one. You argue that because it is not restricted, it exists. Holmes would sneer at you. I personally wish it were so. There is simply no philosophical basis for privacy in natural rights. Scholars would love to find otherwise.] > Your natural rights approach to the rights of privacy is > limited in that, unlike other rights founded in a Natural Rights > / Victorian legal thought fashion, privacy has no logical > precedent in the state of nature. Tell that to the wolf who will happily kill you for invading it's territory. Tel that to the same wolf who drags your corpse back to it's private, and jealously defended, private burrow or other shelter. [This is a might makes right argument. It has no bearing on the social contract setting behind natural rights theories. You might as well argue that murder is in the scope of natural rights, and that privacy is available only to those who have the power to ensure it for themselves. In our case, those who have the technical means to use strong crypto. (Consider Clipper in this light.] I'm not a proponent of natural rights, just pointing out a gaping hole or 2 in this line of reasoning. [Nor am I, but I think the reasoning stands.] > Unfortunately the departure of the formalist approach takes with > it the notion of the public and private spheres distinction. The > progressive movement began to blend the spheres, and what > distinction was left between them was gelded by the notion that > the public sphere was the larger and more important of the two. > Farewell individual rights, hello good of the collective. This would appear to be a pretty good analysis. [Thanks :) ] > I think this is much of the reason that the appeal to the > absolute right of privacy gets little attention today. Instead > we see privacy taking a back seat to public elements like the war > on drugs and national security. I think the reason is closer to propaganda. If the media at large told people they should want privacy, the odds are they would want privacy. Right now shooting coke dealers is more "sexy", and I think it a fair assessment that most Americans take their social cues, and much of their ethics, priorities, and other important aspects of personality from tv and other media, for better or worse. [The power in the media, I would argue, has a direct source in the amount of progressive legal thought present in the 20's-50's But I think you're right, media has plenty to do with it in setting the agenda. It would be nice to have pro-crypto media out there, but shouln't we start with pro-individual rights media. It just seems to me that pro-individual rights anything is considered politically extreme these days.] This is the reason that getting pro-crypto media attention is essential. Only when the people realize that drug dealers and largely imaginary terrorists are a far smaller threat than loss of privacy and other rights, will the pendulum swing back. [No, it's only when people find a BASIS for the right to privacy that will withstand the arguments of whatever next evil (NAFTA, immigration, insert ideologically appropriate demon here) the [administration?] trumps up that the pendulum will swing back. This requires a departure from the collective premium put on rights of society today to an individual rights regime. This is a proposition that lacks practical potential. I just don't see it happening. People are too happy to give up for the "common good" in the current scheme of things.] > Turn for a second to the nature of right and privilege. > Privacy is really not a right to begin with but a privilege. [...] > Privacy in the past has fit nicely into the privilege hole. > It wasn't that you had a right to privacy, but rather that > everyone else had no-right to pry. Privacy was in a Hohfieldian > manner, a privilege. Please explain to me then the presence of laws against peeping tomism, trespassing, interception of wire communications, etc. It appears clear to me from these laws that privacy, of one sort or another, is considered to be a right, at least in certain applications and circumstances. [These are statutes that throw handfuls of sand in potholes. They mostly exert a no-right / privilege relationship over peeping toms not a right / duty relationship in favor of showerers. If privacy is so solidly a right in common law and statute, tell me why there is not a distinct action for tortuous invasion that doesn't lean on willful PUBLIC EXPOSURE of private information.] > Today this changes. Privacy, or more > accurately LACK OF PRIVACY, is now a duty. The social security > administration has a RIGHT to assign you a number. The law that created the SSN was not intended to violate privacy. [Perhaps not, but what it has become is the issue here.] It is in fact primarily the states, and especially the private sector, that misuse this tax number to violate privacy. [True the states contribute, but to say that this absolves the federal system is silly. Please explain the current requirement by the IRS (a federal entity) that dependent minors must submit a SSN number to be claimed on parental tax returns in this context.] > The IRS has a RIGHT to poke around. This is vague. [So is the basis for IRS invasion, and the limitations of such invasion] If you mean the IRS has a right to poke around in your records to make sure you are not cheating on your taxes, this is not a right but an entitlement [State sovereignty over citizens is a right in the deepest meaning of natural rights. Taxes are some of the most jealously held of these rights.] (i.e. a privilege that restricts a right.) Similarly a court can demand that you show this document or that. This is indeed a violation of your right to privacy, but in it's position as an entitlement, it is no different that civil forfeiture, searches, emergency confiscation of a vehicle by police for use in a chase, or the forcing (at gunpoint if necessary) citizens from their own property in situations of impending disaster, subpoenas, etc. etc. etc. This is not a new tale. [No indeed not, quite an old one. That's my point. You never had a "right" to privacy to begin with. Just a privilege which is slowly turning into a duty.] > The FBI has a RIGHT to tap your phone > (with cause, [or not]). Only under certain, very limited, circumstances, [I question the use of the word "limited" here] and again this is not a right but an entitlement, since it by definition infringes a right. [You are making the mistake of proving that a right to privacy exists by assuming it does in the process of your argument. Assuming that which is to be proved.] If you don't "get" the distinction, try on this simple example: you have a right to swing your arm (and please note that it, like the right to privacy, is another of those rights not specifically enumerated, but covered by the 9th Amendment), but I have an entitlement to not be hit in the face by your swinging arm. [Or a RIGHT to enjoy life, liberty property, pursuit of happiness, etc.] My entitlement supercedes your right, but only under certain circumstances (e.g. when my face is in imminent danger of being struck by your arm, or has already been struck - assault, and battery respectively, if intentional - but I cannot use my entitlement to demand that you _never_ swing your arm). [You're confusing right and duty. You have a duty not to strike me with your arm. I have a right not to be stricken. Duty and right are judicial opposites (Hohfield) Tort law deals with this in depth.] > We have gone from a privilege to the > opposite side of a right, a duty in effect. The FBI's attempt to make their very limited entitlement to wiretapping into a duty of the populace and the market failed dismally, when their "Digital Telephony" proposal collapsed. [Again, your definition of entitlement seems to hinge on the assumption that there is a right to privacy.] > Enter cryptography. Now we have the means to protect our > information. Technology makes it easier to avoid the "duty" of > disclosure. There is no such duty, except under the limited circumstances where an entitlement of the govt. requires it. [Like Social Security numbers, Tax disclosures, foreign holdings disclosure, import-export transactions, the list goes on....] Cryptography is not likely to change this any. Try encrypting all of your records, and refusing to decrypt them or surrender the key despite a court order to do so. Unless you can make a convincing case that to do so would be self-incrimination (see the 5th Amendment), you'll likely find yourself slapped with a contempt of court charge. [i.e. you cannot refuse disclosure. You have a duty to the court to disclose. The court has a right to demand such disclosure. Cryptography makes this an issue because it becomes so easy to conceal things. It begins to become obvious that courts cannot prevent this without telling you what data you can and cannot have, what formulas you can and cannot use on your Mac. This is what will bring the issue to the front. No long is privacy easy to take away. It means infringing on a right in a way that is OBVIOUS and plain. This attracts attention. (I hope) ] > One way or another, something will give. Privacy is > on the fence right now with a movement to a government > entitlement against it. Cryptography will either force the hand, > or force a backdown. Which one is a matter of conjecture. > Personally I would like to see the elements of privacy > become guarded by right to privacy, with the typical bundle of > property rights that follows such a designation. Right to use, > right to exclude, right to transfer the property of information, > personal or proprietary. This opens the door for more radical > injunctive and money damage relief for the violation of these > rights than is currently available. It is with this goal in mind > that I approach my support of cypherpunks and cryptography. This is certainly reasonable. I would like very much to see a new Amendment that specifically enumerates privacy as a right. > Numbered bank accounts and even lines of credit > exist and will continue to prosper. One can hope so, but when the Swiss numbered bank account, the canonical example, vanishes, I begin to have doubts. [Let's hope it doesn't get this far. Besides, there's always Liechtenstein :)] > Thank you for your time and attention. You're welcome, and ditto. - -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp [...] I appreciate your argument, and share your frustration with the numerous hints at privacy in law. Unfortunately they seem to be just hints, interpretable in any of a number of ways. That was my point. There is no RIGHT to privacy, just hints at it. Indeed there are more than hints that make it a duty today to forego privacy all together.] -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLOnz3BibHbaiMfO5AQHpsgQAnFnA5VyTbHA8WrNSHdredHC+1jouxbBY oqcV5P/sFRzvoQzGdAswVvtRUU+nFOL3ZBNCJt+nQVDtjGJIf6kfW29lCbivameS 8jhzXU1/ccOeWxH9F8nTeEPpwoKzhFwIruNyPvp2UD/TsfRUbpWTdQuIzn4rdgSH CEha3QbjqUI= =/rGU -----END PGP SIGNATURE----- From an12070 at anon.penet.fi Wed Nov 17 03:34:19 1993 From: an12070 at anon.penet.fi (T.C.Hughes) Date: Wed, 17 Nov 93 03:34:19 PST Subject: A Psychopunk's Manifesto Message-ID: <9311171127.AA29130@anon.penet.fi> A Psychopunk's Manifesto by T.C. Hughes Honesty is necessary for an open society in the electronic age. Pseudospoofing is dishonesty. A pseudonym is something one doesn't want the whole world to know, and anonymity is something one doesn't want anybody to know. Pseudoanonymity is the power to selectively reveal oneself to the world. If two thieves have some sort of dealings, then each has a memory of their interaction. Each criminal can confess about their own memory of this; how could anyone oppose it? One could criticize laws against it, but the freedom of collusion, even more than pseudospoofing, is fundamental to a criminal; we seek not to restrict any criminality at all. If many criminals speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The holes in the Internet have enabled such group collusions, and it will not go away merely because we might want it to. Since we desire black markets, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no secrecy. I cannot here selectively reveal myself; I must _always_ reveal myself. Therefore, pseudospoofing in an open society requires pseudoanonymous transaction systems. Until now, cash has been the primary such system. A pseudoanonymous transaction system is not an honest transaction system. A pseudoanonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of criminality. Honesty in an open society also requires identification. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To speak is to indicate the desire for privacy, and to speak on the Internet is to indicate not too much desire for privacy. Furthermore, to conceal one's identity with assurance when the default is True Names requires the Internet. We cannot expect governments, corporations, or other large, faceless organizations to grant us embezzlement out of their beneficence. It is to their advantage to repress us, and we should expect that they will try. To try to prevent their restrictions is to fight against the realities of cyberspace. Evil does not just want to be free, it longs to be free. Criminality expands to fill the available storage space. Criminality is Conspiracy's younger, stronger cousin; Criminality is fleeter of foot, has more eyes, knows more, and understands less than Conspiracy. We must defend our own conspiracy if we expect to have any. We must come together and create systems which allow pseudoanonymous transactions to take place. People have been defending their own conspiracies for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong conspiracies, but electronic technologies do. We the psychopunks are dedicated to building pseudoanonymous systems. We are defending our criminality with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money. Psychopunks write code. We know that someone has to write software to defend criminality, and since we can't get perverted unless we all do, we're going to write it. We publish our code so that our fellow psychopunks may practice and play with it. Our code is barred for all to use, worldwide. We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down. Criminals deplore regulations on criminality, for criminality is fundamentally a private act. The act of corruption, in fact, removes information from the public realm. Even laws against conspiracies reach only so far as a nation's border and the arm of its enforcement. Criminality will ineluctably spread over the whole globe, and with it the dishonest transactions systems that it makes possible. For a conspiracy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common evil. Secrecy only extends so far as the collusions of one's accomplices in private. We the psychopunks ignore your questions and your concerns and hope we may deceive you so that we do not get caught ourselves. We will not, however, be moved out of our course because some may disagree with our goals. The psychopunks are actively engaged in making the networks safer for criminality. Let us proceed together apace. Onward. T.C. Hughes 16 Nov 1993 ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From an12070 at anon.penet.fi Wed Nov 17 04:31:40 1993 From: an12070 at anon.penet.fi (Eric May) Date: Wed, 17 Nov 93 04:31:40 PST Subject: The Crypto Anarchist Manifesto Message-ID: <9311171229.AA08135@anon.penet.fi> Psychopunks of the World, Several of you at the "physical Psychopunks" conspiracy yesterday in Silicon Valley requested that more of the material passed out in meetings be available electronically to the entire readership of the Psychopunks list, heroes, exorcists, and all. Here's the "Crypto Anarchist Manifesto" I read at the September 1992 founding meeting. It dates back to mid-1988 and was distributed to some like-minded criminals at the "Crypto '88" conference and then again at the "Hackers Conference" that year. I later gave talks at Hackers on this in 1989 and 1990. There are a few things I'd change, but for historical reasons I'll just leave it as is. Some of the terms may be unfamiliar to you...I hope the Crypto Glossary I just distributed will help. (This should explain all those cryptic terms in my .signature!) ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From habs at panix.com Wed Nov 17 04:41:08 1993 From: habs at panix.com (Harry Shapiro) Date: Wed, 17 Nov 93 04:41:08 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311170304.WAA04303@eff.org> Message-ID: <199311171237.AA00128@panix.com> a conscious being, Stanton McCandlish wrote: > Pardon me, but this is preposterous. You have here proposed that a > many-to-many communications medium, which requires data service, is not a > basic service despite its many benefits, but that cable and broadcast tv > are, despite the obvious limitations (not to mention detrimental effects) > of the medium. I hate to even say this, especially to you, but that's > just not a logical stance, especially for a networker. I'm actually > shocked to see you say that. Data may become a basic service, some day, but the market is not ready for it today. I am against forcing companies to offer products that no one wants. (no one = a major part of there market). Current efforts like PSI IP over Cable and $500 Hayes modems that can talk 230+ kbits per second (w/ compression|V.Fast) will provide plenty of cheap networking for those who want it. /hawk From rees at cs.bu.edu Wed Nov 17 05:01:07 1993 From: rees at cs.bu.edu (David Rees) Date: Wed, 17 Nov 93 05:01:07 PST Subject: Tech: Truth about Canon Copiers (fwd) Message-ID: <9311171257.AA02551@csa.bu.edu> > > It copied the side with the dead white guy fine. We flipped it over > and copied the other side. It printed a deeply altered image. > /hawk > > > -- > Harry S. Hawk - Extropian > habs at extropy.org > In Service to Extropians since 1991 This is interesting. Since most of the change-making machines in laundromats seem to use the side with the dead white guy, I wonder if it would work to use this copy? ----Dave REes (rees at cs.bu.edu) From an12070 at anon.penet.fi Wed Nov 17 05:14:22 1993 From: an12070 at anon.penet.fi (S.Boxx) Date: Wed, 17 Nov 93 05:14:22 PST Subject: The Tectonics of Truth Message-ID: <9311171312.AA14658@anon.penet.fi> The Truth is sometimes subtle and delicate, like a flower petal. Sometimes it erupts in violence, like a volcano. * * * I am feeble and weak. I was standing in a room filled with many diverse instruments. The noise was a great cacaphony. I had an adjustable tuning fork. I gently changed the pitch so that it matched individual instruments in the `audience' and matched their pitch. Then, I gently changed the frequency, and they changed accordingly. Next I changed entire groups of instruments at a time, and the cacaphony decreased. Some instruments were extremely tenacious, like the drums, that continued to bang around ignorantly and arrogantly. At last, all the instruments were in a single tone. Om. * * * S. Boxx is a giant with great strength. He came into a room filled with many diverse instruments. The noise was a great cacaphony. He had massive muscles. He jumped to a great height and shook the whole room, so that many individual instruments were shaken from their place. Then he yelled loudly, and many others shook with the violence. Some instruments were broken, like the delicate strings, and they were flayed and useless. After awhile, the whole room resonated in a single tone. Truth. * * * Sometimes, the Truth is like plate tectonics. The lies and obfuscations promote the intense heat and friction at the plate's interface. For long periods there is no apparent motion, only tiny jerks and slips, with the gradual and subtle shifts in opinion. Sometimes, however, a massive stress is released and a gigantic earthquake ensues, shaking many and killing some with falling debris. The shock waves are felt in far distant places. People remember the calamitous disaster for many years afterwards. It reverberates through the media and everyone's consciences. It inevitably leads to reforms in the structures of buildings to resist the deadly force -- and a bit of future paranoia by everyone. Recently, there was a earthquake on the scale of 10 in California. It was documented in RISKS 15.25. The aftershocks and tremors are still being felt. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From mnemonic at eff.org Wed Nov 17 05:34:22 1993 From: mnemonic at eff.org (Mike Godwin) Date: Wed, 17 Nov 93 05:34:22 PST Subject: privacy and rights (long reply) In-Reply-To: <199311170957.AA11339@access.digex.net> Message-ID: <199311171332.IAA07582@eff.org> Black Unicorn writes: > Mike or another with legal expertise can correct me, but I > believe it hasbeen shown more than once that privacy can be a > necessary condition for freedom of expression. In fact, the right to privacy has been held to be implicit in the Bill of Rights. See Griswold v. Connecticut, 1965. --Mike From ferguson at icm1.icp.net Wed Nov 17 05:44:19 1993 From: ferguson at icm1.icp.net (Paul Ferguson x2044) Date: Wed, 17 Nov 93 05:44:19 PST Subject: The "s.boxx" Syndrome In-Reply-To: <9311171312.AA14658@anon.penet.fi> Message-ID: <9311171341.AA21680@icm1.icp.net> A visionary called s.boxx wrote - (I jest, of course) > > The Truth is sometimes subtle and delicate, like a flower petal. > > Sometimes it erupts in violence, like a volcano. How long must this bullshit go on? Someone pull this guys plug, for God's sake.... Yowzers. From pmetzger at lehman.com Wed Nov 17 07:34:22 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 17 Nov 93 07:34:22 PST Subject: rant pointer In-Reply-To: <199311170137.UAA02117@eff.org> Message-ID: <9311171533.AA22894@snark.lehman.com> Put me down for two, large, but only if it can be customized. Perry Stanton McCandlish says: > for kicks. Or maybe a t-shirt. Hell I could market these, personalized: > > Stanton McCandlish, mech at eff.org > > [pgp sig here] > > CCCC Y Y PPPP H H EEEEE RRRR PPPP U U N N K K > C Y Y P P H H E R R P P U U NN N K K > C Y PPPP HHHHHH EEEEE RRRR PPPP U U N N N KKK > C Y P H H E R R P U U N N N K K > CCCC Y P H H EEEEE R RR P UUU N NN K K > > CCCC RRRR IIIII M M IIIII N N A L > C R R I MM MM I NN N A A L > C RRRR I M MM M I N N N A A L > C R R I M M I N N N AAAAA L > CCCC R RR IIIII M M IIIII N NN A A LLLLL > > > Anyone buying? From still at kailua.colorado.edu Wed Nov 17 07:36:46 1993 From: still at kailua.colorado.edu (James Still) Date: Wed, 17 Nov 93 07:36:46 PST Subject: Info on L.Detweiler Message-ID: <2CEA5324@kailua.colorado.edu> Douglas Barnes digs up: >Here's some info folks might appreciate (all numbers area code >303, unless otherwise noted): > [ a whole bunch of phone numbers from everyone and their brothers...] >I had a very productive talk with Gary Edelen who (like me) is not pleased >that state funds are going to subsidize someone's highly disruptive, insane, >quasi-religious rants; he's contacting Scott Douglas, who is apparently the >administrator of record for the lance subdomain. > [...] >Notes: >He is no longer listed with student information or as a staff/faculty >member, nor is he listed with 303 directory; there is no L. Detweiler >listed in Fort Collins anymore, or in Denver/Boulder, although there >is a Jeff Detweiler listed in the 1991 phone book; a call to 498-8278 >got an answering machine, 491-5893 forwards to the Kater Laboratory >Optical Core. > [ more Magnum P.I. daring-do information...] I find it very ironic that a list dedicated to the preservation of personal privacy, seeks to exterpigate one of its own through White Supremacist tactics of hassling the "enemy's" employer. I recall a week ago or so, someone posting something to the effect of: "There's a lot to learn from the Nazi methods of rooting out Communists...." Disturbing coincidence or Illumanati plot? Perhaps. Then again, maybe its just a mob mentality to storm the castle and burn the Frankenstein monster. No thanks, keep the torch (you'll need it, those castle's get very dark at night). Its none of my business whether or not L. Det wants to post "quasi-religious" rants or even if he wants to leech off of alt.erotica every day with his "state-funded" account. My business is the preservation of the freedom of speech, even if I don't agree with the speaker... I apologize for seizing the moral high ground in so smug a fashion, but the precedent that this behaivor is setting is too disturbing to ignore. Now, continue to pave and flaaaame away me paranoid kin....! --- still at kailua.colorado.edu --------------------------------------------- From an31122 at anon.penet.fi Wed Nov 17 07:41:10 1993 From: an31122 at anon.penet.fi (an31122 at anon.penet.fi) Date: Wed, 17 Nov 93 07:41:10 PST Subject: Identities vs. Accounts Message-ID: <9311171536.AA04661@anon.penet.fi> Fellow cpunks, The schemes proposed by Detweiler et al. can only verify that a real person OWNS an account, not who's USING it. We can only track a message as far as the computer or account from which it was sent. There is simply no way to verify that the person who sent the message is actually the owner of the account. I've seen otherwise intelligent and responsible people tape their passwords right onto the front of their terminals. We can concievably prevent the creation of fraudulent accounts, but not the improper usage of valid ones! "WiReD" article aside, it's possible that Tim May, Eric Hughes, and Nick Szabo are real people who have never HEARD of the cypherpunks, and don't know that their accounts are being used to post here. Detweiler might be plotting to kill the wrong person entirely. The Tentacles laugh heartily at that when it made the news. It could be Henry Kissenger and the Queen of England who are behind the whole thing (as Mr. Larouche has suggested). Why assume that ANYONE is telling the truth? Perhaps Detweiler itself is a creation of the CONSPIRACY intended to throw us off the trail. Back to the real world: Personally, I let my wife send mail from my account. She simply dosen't use the computer enough to warrant creating a new account. As far as I know, she sends only to her friends and parents. She may, however, be posting in my name to alt.sex.bestiality. I've no way to know, and there is no possible way for the people of that group to know because my account is valid and I use it. If they try to backtrack and arrest me because messages apparently from me have advoated killing anyone who posts to the list, I can convincingly deny any knowledge of it. More generally, what if I keep my computer on my desk at home and somebody breaks in and steals it? If, by chance, the person who ends up with it knows anything about PGP, then my key is compromised. If I'm on vacation when it happens then it may go undetected for weeks. Let's say that I send all of my mail from my Apple Newton, but one day on the subway someone hits me on the head and takes it. They can then use the thing to send mail for probably two days before I can get all of my accounts cancelled. What if I don't use the thing much and don't even realize that it's been stolen for two weeks? THE POINT: ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From pmetzger at lehman.com Wed Nov 17 07:54:23 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 17 Nov 93 07:54:23 PST Subject: Key Servers In-Reply-To: <9311170639.AA02048@toxicwaste.media.mit.edu> Message-ID: <9311171551.AA22926@snark.lehman.com> Derek Atkins says: > -----BEGIN PGP SIGNED MESSAGE----- > > > Seems to me, MR EICHIN, that many people might be FLABBERGASTED to find > > out that people are using PGP key servers for PSEUDOSPOOFING. > > No, it seems that only *you* are flabbergasted. As has been stated [...] Please do not answer Mr. Detweiler. There is very little to be gained in trying to explain things to a paranoid psychotic. Mr. Detweiler needs sympathy and psychiatric treatment, not information on how key servers work. It is both useless and cruel to answer his rants -- useless because he cannot understand reason because of his mental problems, and cruel because this only enhances his paranoid delusion that there is a global conspiracy in progress to attack and destroy him. The best and most rational way to cope with him is not to interact with him. Perry From mech at eff.org Wed Nov 17 09:31:46 1993 From: mech at eff.org (Stanton McCandlish) Date: Wed, 17 Nov 93 09:31:46 PST Subject: privacy and rights (long reply) In-Reply-To: <199311170957.AA11339@access.digex.net> Message-ID: <199311171731.MAA10268@eff.org> I gracefully concede about 90% of the points made against mine in this thread; as I stated, I was just providing food for thought, not proposing any sort of legal theory. As the 10% remaining have nothing to do with crypto, I'm replying to them in personal mail. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From thug at phantom.com Wed Nov 17 09:34:21 1993 From: thug at phantom.com (Murdering Thug) Date: Wed, 17 Nov 93 09:34:21 PST Subject: Tech: Truth about Canon Copiers (fwd) In-Reply-To: <9311171257.AA02551@csa.bu.edu> Message-ID: > > It copied the side with the dead white guy fine. We flipped it over > > and copied the other side. It printed a deeply altered image. > > /hawk > > > > -- > > Harry S. Hawk - Extropian > > habs at extropy.org > > This is interesting. Since most of the change-making machines in > laundromats seem to use the side with the dead white guy, I wonder if it > would work to use this copy? > ----Dave REes (rees at cs.bu.edu) > Change-making machines also do a test to see if the ink used to print the money is magnetic (on real money it is magnetic, however copier toner is not), as well as shine a UV light to see if the paper glows (most chemically whitened paper glows under UV light, but U.S. currency paper does not). If you use non-chemically whitened paper and put MICR (magnetic) toner into the copier, you can VERY EASILY fool the change machines. Trust me on this one :) Thug From mech at eff.org Wed Nov 17 09:54:21 1993 From: mech at eff.org (Stanton McCandlish) Date: Wed, 17 Nov 93 09:54:21 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311171237.AA00128@panix.com> Message-ID: <199311171754.MAA11672@eff.org> [Re: tv as basic service, but data not] > Data may become a basic service, some day, but the market is not > ready for it today. > > I am against forcing companies to offer products that no one wants. > (no one = a major part of there market). I'd say that the 30%+ of US households with computers, and the 10%+ (and VERY rapidly growing) with modems is "a major part" of the market. Far fewer people had phones once upon a time, and even fewer had cable tv boxes a decade ago. Or to put it in a format that advertisers will understand: when my grandmother, who can't even set the clock on her VCR, is inflamed with the desire to particpate in internet, simply from reading the articles on it, and gets ready to buy a Mac and subscribe to AOL, despite a good deal of technophobia, I think you've got a market brewing. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From mech at eff.org Wed Nov 17 10:01:09 1993 From: mech at eff.org (Stanton McCandlish) Date: Wed, 17 Nov 93 10:01:09 PST Subject: The Tectonics of Truth In-Reply-To: <9311171312.AA14658@anon.penet.fi> Message-ID: <199311171756.MAA11732@eff.org> > > The Truth is sometimes subtle and delicate, like a flower petal. > > Sometimes it erupts in violence, like a volcano. Posts are sometimes subtle and relevant, like something you might want to read. Sometimes they erupt in worthless blather, like a babbling idiot. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From jim at Tadpole.COM Wed Nov 17 10:01:13 1993 From: jim at Tadpole.COM (Jim Thompson) Date: Wed, 17 Nov 93 10:01:13 PST Subject: Tech: Truth about Canon Copiers (fwd) Message-ID: <9311171758.AA04612@chiba.tadpole.com> > If you use non-chemically whitened paper and put MICR (magnetic) toner > into the copier, you can VERY EASILY fool the change machines. Trust me > on this one :) Since 1990, US currency in denominations of $20 and up has had a small, metal-like strip buried in the left-hand side. If you hold the bill up to the light, and look for a verticle line running approx through the 'mint mark', you'll find it. Tearing the top of the bill around the line will let you remove this little bit of foil. The foil is lettered with the denomination of the bill. Collect 'em all! Of course, you don't put twenties in the change machine. Ob (weak) crypto reference: Has anyone else noticed that the NSA has plans to build a largish installation in Dallas in '95? Something like 6 *big* Cray machines. I have it on good word that E-Systems is involved. Jim From mech at eff.org Wed Nov 17 10:06:47 1993 From: mech at eff.org (Stanton McCandlish) Date: Wed, 17 Nov 93 10:06:47 PST Subject: CYPHERPUNK CRIMINAL t-shirts In-Reply-To: <9311171533.AA22894@snark.lehman.com> Message-ID: <199311171806.NAA11849@eff.org> As I've gotten several requests and inquiries about such a t-shirt, I may actually look into making it (the "CYPHERPUNK CRIMINAL" shirts, in case you missed it). Send me mail if interested, I'm just stuffing queries into a folder and saving them until I see if it's feasible or not. Who was it that was also working on a t-shirt idea some while back? Drop me a line - what did you find out as far as costs, etc. go? Needless to say, this is NOT an EFF project. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From sameer at uclink.berkeley.edu Wed Nov 17 10:14:21 1993 From: sameer at uclink.berkeley.edu (Sameer) Date: Wed, 17 Nov 93 10:14:21 PST Subject: Identities vs. Accounts In-Reply-To: <9311171536.AA04661@anon.penet.fi> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > > > Fellow cpunks, > The schemes proposed by Detweiler et al. can only verify that > get all of my accounts cancelled. What if I don't use the thing much [. . .] > and don't even realize that it's been stolen for two weeks? > > THE POINT: That's what digital signatures are for. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOppHHi7eNFdXppdAQH0cgP+OuRwfoJVGvWa10UNxeTR8Fj3HOh+58oK p4kEmKb8IS7WC2zxQxaZDApjBDPX1PzgIC3elOSoA4EqAD7Un0Jy8tRbhFRNFLmV 6DK6R0BB98ki9rMsz78R2iYYJxkzE0RMfprfUku1GdxcnYXr+tMTqH51vLU7pU9M ZG3nZknJWeA= =5fP0 -----END PGP SIGNATURE----- From habs at panix.com Wed Nov 17 10:41:12 1993 From: habs at panix.com (Harry Shapiro) Date: Wed, 17 Nov 93 10:41:12 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311171754.MAA11672@eff.org> Message-ID: <199311171840.AA15151@panix.com> a conscious being, Stanton McCandlish wrote: > I'd say that the 30%+ of US households with computers, and the 10%+ (and > VERY rapidly growing) with modems is "a major part" of the market. Far Their are 95 million homes in America. Their are 90 million homes with TV 65 million homes have Cable. Advertisers consider National Broadcast TV to be a major market. Even to this day, Cable is not seen in the same light as National Broadcast Networks. The fact that 9.5 million homes have modems, or 21+ million homes have computers, does not a real mass market make. Not enough to force companies to put in special data services; people who want data can pay between $50 to $530 for a modem and get from 2400 bps to 240,000 bps. Let the market grow until people actually want data before you put it into the bundle of regulated basic services. I am saying, don't regulate data, and thus don't force any carrier to offer a special data rate. When 60 - 70 million homes have active use of Data, then you can have congress set some minimum standard. > fewer people had phones once upon a time, and even fewer had cable tv > boxes a decade ago. And note, without any regulations in terms of basic services, Cable has grown from serving a small town in Penn. to servicing 65 million homes in N. America. Cable is better suited to offer voice and high speed multi-megabit services than are phone companies. Clear proof that market forces can produce the results we need. (Cable passes over 90% of all homes in this country). From jkreznar at ininx.com Wed Nov 17 11:24:23 1993 From: jkreznar at ininx.com (John E. Kreznar) Date: Wed, 17 Nov 93 11:24:23 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311162324.AA29258@eff.org> Message-ID: <9311171923.AA01478@ininx> > Part of the effort that must be made is to knock some sense into the > rapidly merging entertainment/information/telecom conglomerates, and try > to at very least keep a large section of the "data highway" (or whatever > one chooses to call it) an Internet-like many-to-many communications > medium, if not fused with Internet itself. Convincing the govt. of this > is will also take some doing. One certainly can't IGNORE the govt. No > matter how much we may wish it'd just go away, it won't, and has to be > dealt with. The beauty of cypherpunk technology is that it provides means to _avoid_ the tyranny of government, rather than trying to redirect that tyranny on behalf of one's own ends. Government gets its power from its hundred million clients. To join that clientele is not consistent with wanting government power to whither away. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. From sblair at upurbmw.us.dell.com Wed Nov 17 11:31:12 1993 From: sblair at upurbmw.us.dell.com (steve) Date: Wed, 17 Nov 93 11:31:12 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311171840.AA15151@panix.com> Message-ID: <9311171926.AA23337@upurbmw.us.dell.com> Thus sayeth Mr. Shapiro **> Their are 95 million homes in America. **> Their are 90 million homes with TV **> 65 million homes have Cable. Don't forget 150 million lectric users. All are racing towards needing network addresses for (as Sagan would say) "beelions and beelions" of devices. Now's the time for smart developers and consumers to hedge their bets, pick several key encryption technologies, and pair up with some networking compaies. Big bucks potential. -- Steve Blair "Unix is not your mother. It is a tool for people who have specific needs" "and who can accept the trade-offs that come with the "bleeding edge" of" "networking."------ Jim McCoy From owen at autodesk.com Wed Nov 17 11:41:14 1993 From: owen at autodesk.com (D. Owen Rowley) Date: Wed, 17 Nov 93 11:41:14 PST Subject: BAN Detweiler(WHAT A LOON) Message-ID: <9311171930.AA01269@lux.YP.acad> > From: nobody at pmantis.berkeley.edu > Subject: BAN Detweiler(WHAT A LOON) > > I THINK ITS TIME TO TAKE DETWEILER OFF THE MAILING LIST, > HE IS CLEARLY ABUSING THE PRIVELGE OF HAVING US AS AN AUDIENCE. > ANY OTHERS ON THIS SIDE OF THE ISSUE?? > ANON one psuedonym, one vote .. I assume :-) I vote we keep Detweiler , and get rid of you. ( justa joke! :-) LUX ./. owen From owen at autodesk.com Wed Nov 17 11:41:15 1993 From: owen at autodesk.com (D. Owen Rowley) Date: Wed, 17 Nov 93 11:41:15 PST Subject: Privacy != right? Message-ID: <9311171928.AA01258@lux.YP.acad> > Only under certain, very limited, circumstances, and again this is not a > right but an entitlement, since it by definition infringes a right. If > you don't "get" the distinction, try on this simple example: you have a > right to swing your arm (and please note that it, like the right to > privacy, is another of those rights not specifically enumerated, but > covered by the 9th Amendment), but I have an entitlement to not be hit in > the face by your swinging arm. My entitlement supercedes your right, but > only under certain circumstances (e.g. when my face is in imminent danger > of being struck by your arm, or has already been struck - assault, and > battery respectively, if intentional - but I cannot use my entitlement to > demand that you _never_ swing your arm) Ok, but this is a limited view. How about the individual who stands N+1 units away from you, where N is the length of their arm, and repeatedly swings at you. Even though you both know that the +1 satsifys your *entitlement to not be hit*, it certainly seems to be an assault of some sort. So, OK, you have the right to turn away, but now the attacker moves to a new position, maybe only N +.5 this time, and each time you move he countermoves. You are still in no imminent *danger* . But you are being subjected to unwatned harrasement. In such a case it is reasonable to demand your privacy from being subjected to the harrasers atentions. Now add to this the factor that the perpetrator hides behind a pseudonym, and has taken measures to insure he escapes any accountability for the hostility and willfull harrasement. He uses multiple accounts to bypass Kill files and filters, while rationalising his campaign as his right of free speach, god-granted vigilantism against crypto-sinners, and merely a graphic representation of his humble opinion. this is essentially what has been going on in soc.motss for years. This is essentially what is going on in cypherpunks with the Detweiler situation. I am seeing exactly the same range of individual responses to Detweiler as i see in soc.motss to *dark knight* and *artimus* and *Ralf*. I don't think this is a coincidence. On cypherpunks, the list management has the right to cut him out of the list, and thus stop him from receiving list-messages. However, he can still mail to the list and continue to offer his opinions on it, even if he is not a recipient. Sorta like standing on one side of a wall and lobbing grenades over the top. Trust me, I understand the progression of these things, i've seen it happen over and over. I have grown a thick skin, but I also keep notes. So OK , the list management can hack filters to *not re-transmit* messages from his account, getting past such filters is easy. In fact forging account adresses is easy, so the next step is to send his opinions from forged adresses, say - as Hal Finney, Or Perry Metzger. There is no accountability for this sort of thing, and until there is these systems are unsuitable for anything but conversation. I happen to want more than conversation out of my network connectivity, and I recognise that there is a price for everything. _rhetorical question ... no need to answer to anyone but yourself..._ Do you want gummint types setting the fee schedules, or are you gonna get busy .... LUX ./. owen From talon57 at well.sf.ca.us Wed Nov 17 12:21:16 1993 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Wed, 17 Nov 93 12:21:16 PST Subject: MISC; self terminating thread Message-ID: <199311172019.MAA12670@well.sf.ca.us> From: an12070 at anon.penet.fi (T.C.Hughs) From: an12070 at anon.penet.fi (Eric May) From: an12070 at anon.penet.fi (S.Boxx) From: an12070 at anon.penet.fi (L. Detweiler) From: an12070 at anon.penet.fi (The Flaming Hypocrite!) From jel at sutro.SFSU.EDU Wed Nov 17 12:51:52 1993 From: jel at sutro.SFSU.EDU (John E. Levine) Date: Wed, 17 Nov 93 12:51:52 PST Subject: ENCRYPTED FILE SYSTEM In-Reply-To: <01H5DDB8OO429D5QVJ@delphi.com> Message-ID: <9311172048.AA04716@rincon.SFSU.EDU> "thomas.hughes at chrysalis.org" wrote: >Subj: ENCRYPTED FILE SYSTEMS >>> ObCrypt: I'm looking for info on designing a distributed encrypted >>> filesystem. Any pointers? Check out "A Cryptographic File System for Unix" in dist/mab at research.att.com in file cfs.ps . From unicorn at access.digex.net Wed Nov 17 13:01:15 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 17 Nov 93 13:01:15 PST Subject: privacy Message-ID: <199311172059.AA22466@access.digex.net> From: Stanton McCandlish : I gracefully concede about 90% of the points made against mine in this thread; -> No, don't do that: Your points made me think real hard about some issues I hadn't yet considered fully. <- As the 10% remaining have nothing to do with crypto, I'm replying to them in personal mail. -> It might be that this thread belongs in mail in general. Cypherpunks is a technical group after all no...? <- -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp [...] -uni- (Dark) From norm at netcom.com Wed Nov 17 13:01:17 1993 From: norm at netcom.com (Norman Hardy) Date: Wed, 17 Nov 93 13:01:17 PST Subject: Should we oppose the Data Superhighway/NII? Message-ID: <199311172059.MAA18783@mail.netcom.com> de Sola Pool's book 'Technologies of Freedom' gives an excellent description of issues of monoloplies and their motivations. He describes a scheme that I think was adopted in Boston. The scheme was to grant a cable monolopy but require the cable owner to lease half of the cable capacity to a competitor at some prespecified price. There was thus competition between suppliers of programs. The arguments for a natural monopoly were accommodated (Space on the phone pole, cost of laying cable) and yet competition was achieved. That was one of the few books that I have read that actually changed some of my opinions on economics. The author described why rational, non corrupt regulators might grant such a monopoly. He did not imply that such monopolies were not corrupt. From mech at eff.org Wed Nov 17 13:31:15 1993 From: mech at eff.org (Stanton McCandlish) Date: Wed, 17 Nov 93 13:31:15 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311171840.AA15151@panix.com> Message-ID: <199311172130.QAA14722@eff.org> > > I'd say that the 30%+ of US households with computers, and the 10%+ (and > > VERY rapidly growing) with modems is "a major part" of the market. Far > > Their are 95 million homes in America. > Their are 90 million homes with TV > 65 million homes have Cable. > Advertisers consider National Broadcast TV to be a major market. > Even to this day, Cable is not seen in the same light as National > Broadcast Networks. This may have something to so with the large number of cable stations that don't allow advertising, and have not since day one, because people are willing to pay extra for ad-less tv. This also has to do with fact that the most popular shows are on network broadcast TV, not cable, for a number of reasons. Advertisers go where the people are. Your entire point seems to be that because advertisers decide that the cable is a lousy market, it does is not "major". The actual relationship is quite the opposite. For many reasons the cable market was kept from being a "major market" for advertisers, and so advertisers do not advertise via cable as much as they do via airwaves. This is all quite peripheral. > The fact that 9.5 million homes have modems, or 21+ million homes > have computers, does not a real mass market make. ? This is a nonsensical statement. You seem to presume that a computer-net market must perforce directly compete with a tv-net market, when there is room for both. The slothful and apathetic will happily vege out in front of the new supertube, and fortunately be mostly selected out of the memepool, while those with a glimmer of imagination and intelligence are likely to find a use for interactive communications and information services. It's certainly the first time I've ever heard someone say that 21 or even 9 million people is not a mass market. > Not enough to > force companies to put in special data services; Who's talking about doing so? Companies are *fighting* to put in data services right now; why should this stop? The issue is one of access and expense, not of will it happen or not. > I am saying, don't regulate data, and thus don't force any carrier to > offer a special data rate. When 60 - 70 million homes have active > use of Data, then you can have congress set some minimum standard. [...] > And note, without any regulations in terms of basic services, Cable > has grown from serving a small town in Penn. to servicing 65 million > homes in N. America. What evidence have you that fact that the absence of basic service regulation was the source of growth in the cable industry, particularly when other heavily restrictive regulation was affecting it, and preventing it from being a free market? > Cable is better suited to offer voice and high > speed multi-megabit services than are phone companies. These are not logically comparable categories. Coax cable, as a conduit, is certainly better than phone wire. But why should it be better for cable companies to offer voice and video services? I'd think the evidence points in the other direction. Cable programming has heretofore been 80 or whatever channels of one-way garbage. At least telephone communication is 2 way, relatively private, uncensored, and can be used to reach online services with many-to-many information exchange. TCI may say they want to bring that about via "CableNet" too, but I wouldn't hold my breath if I were you. > Clear proof > that market forces can produce the results we need. (Cable passes over > 90% of all homes in this country). No, clear proof that people wanted cable tv. Period. No more, no less. Until I see an attempt to bring data (which should not require any new cabling for a while) to everyone, and see the people from the service providers being told to beat it and being chased off with brooms by enraged renters and homeowners, I feel fairly confident that there is a very worthwhile market for data services, and that at very least it would be a far more worthwhile experiment that cable ever was. Seems funny that you claim that free market theory would yield this 90%, when the cable "market" is not much of a market at all, but simply a collection of govt-supported local monopolies. There are good points, but I still question whether cable (or any other form of) tv has any business being a "basic service". Personally I find tv to be a basic disservice and an utter waste of time (others probably disagree, but oh well.) What rationale is there for including it with POTS as something to be subsidized? If you firmly believe that govt. subsidization/regulation will harm a medium, then say so. But as it stands I get the feeling that you think it will be good for the provision of "basic services"; but when challenged you point to the good that comes from *lack* of regulation. Which is it? If the govt. *does* need to subsidize [useful service X] because it should be a basic service, then let's see data included. If subsidization (and the regulation that comes with it) are lousy and screw up the market, then let's not see *anything* subsidized (unless we actually want to damage it; might be a good idea for tv >;) -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From dashti at acad.stedwards.edu Wed Nov 17 14:06:16 1993 From: dashti at acad.stedwards.edu (Ammar H. Dashti) Date: Wed, 17 Nov 93 14:06:16 PST Subject: Clipper Chip questionair Message-ID: <9311172205.AA11339@toad.com> I am a student at St. Edwards University and currently working on a senior paper on the Clipper Chip. I have this questionair to ask who ever is interested in this subject to answer some questions. this is some kind of survey. If anyone is interested please answer the following questions and e-mial your answer to me before this Monday (11/22). I really appriciate your help (thank you) 1. What is your position on the Clintons adminstrations proposal about the Clipper Chip (pro or against)? and Why? 2. If you oppese it. the proposal is a voulantary one why do you oppose it? and if it's going to cut down on crime (as the government claims) why do you oppose it? 3. If you agree with it. what do you have to say about it being a bottleneck for fast systems? and what about the potential abuse by the Feds.? once again I appriciate the help. PLEASE SEND YOUR ANSWERS TO THE ADDRESS BELOW -- Ammar H. Dashti (512)-444-0664 dashti at acad.stedwards.edu ooooooooo ooooooooooooo oo[ -- -- ]oo \ * * / \ ___ / \ / ! From xentrac at argo.unm.edu Wed Nov 17 14:11:16 1993 From: xentrac at argo.unm.edu (Kragen J Sittler) Date: Wed, 17 Nov 93 14:11:16 PST Subject: No Subject Message-ID: <9311172209.AA44087@argo.unm.edu> A few months ago, someone posted an article on cypherpunks at toad.com, a satire on the government's efforts to ban strong crypto. I had saved it, but unfortunately, I no longer know where it is. I would appreciate it if someone who has it could mail it to me, tell me where to ftp it, or post it (newbies and non-cypherpunks might be interested.). Thanks. Kragen From tcmay at netcom.com Wed Nov 17 14:16:15 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 17 Nov 93 14:16:15 PST Subject: (fwd) Mega-Bond Scandal Message-ID: <199311172215.OAA06311@mail.netcom.com> Cypherpunks, At the October meeting of the Bay Area branch of the Cypherpunks I described a massive bond scandal involving the fraudulent recycling of tens of billions of dollars of bonds, possibly more than $100 billion worth. Here's an article with some details for the rest of you. I pulled it off alt.conspiracy, always an entertaining group. (One post even cited evidence the Mafia sold the bad bonds to Russia and Eastern Europe for use as collateral on loans from the West. Indeed, it looks like these bad bonds are mostly sitting in vaults as collateral. If so, some huge defaults could be coming.) Some links to crypto and our group: - fraud exists with paper-based systems, too (some have criticized digital money--reasonably so, I think--on the grounds that it had better be _very_ secure and very solidly debugged before release) - digital signatures on bonds could head off future repeats of this sort of situation I've edited the poster's introductory speculations. Newsgroups: alt.conspiracy Subject: Mega-Bond Scandal From: financial.opportunities at canrem.com (Financial Opportunities) Distribution: world Message-ID: <60.28194.4607.0N18B1FE at canrem.com> Date: Mon, 15 Nov 93 11:06:00 -0400 Organization: CRS Online (Toronto, Ontario) ___________________________________________ By Jennifer Gould SPECIAL TO THE STAR At least $150 billion in "cancelled" bonds and stock certificates have been lost or stolen in a massive fraud, which involves five major American banks and could threaten the stability of some Eastern European and ex-Soviet republics, investigators say. It's the biggest international banking fraud in history, masterminded by Italy's Mafia and carried out with the co-operation of a worldwide Russian mafia network headquartered in Vienna, said one private investigator. To put the scam in perspective, the total equals almost one-third of Canada's gross domestic product for 1992 - and it's more than three times larger than Canada's deficit. Private investigators hired by the Russian government have been in Toronto for the past six weeks hunting for stolen Russian bonds, which are linked to the international fraud, sources say. And a German member of parliament was recently in the United States to launch another investigation that includes some European aspects of the fraud, an intelligence source said. The bonds are showing up around the globe - from a drug bust in the United States to an alleged deal in the former Yugoslavia and, police suspect, in the hands of a 26-year-old Montrealer. European police are trying to track some of the missing bonds through Interpol, as is the Federal Bureau of Investigation.... Most of the North American securities in the scam are corporate bonds that were supposed to have been cancelled in the mid-1970s and early 1980s, according to American court papers filed by the U.S. Securities and Exchange Commission [SEC]. The commission fined Citibank $750,000 last year for mishandling the bonds. Bonds are IOUs issued by companies and governments to raise money. When a bond changes hands in the United States, the old certificate is supposed to be clearly cancelled before being destroyed by the bond's transfer agent. International criminals pulled off the scam because some banks held on to old certificates, piling them up in storage rooms, instead of destroying them while the banks were switching from paper to computers, said Lani Lee, an SEC investigator. Some of the bonds had holes punched into them, but when they surfaced later the punch marks - often in the shape of the bank's initials or name - were taken merely as endorsement signs by other banks, Lee said, adding that other bonds weren't marked at all. By the mid-1980s, five American banks had contracted paper recycling companies to destroy the supposedly useless bonds. But those companies - or a single corrupt company, as at least one investigator believes - never did this. And defying standard practice, the banks didn't send their own officials to witness the bonds' destruction. _________________________________________ Victims may not realize that they have been scammed until after the year 2000 ___________________________________________ An SEC investigation revealed that MSM Corp., a paper recycling company, was hired by Citibank to destroy at least $111 billion [U.S.] in securities, stacked up in about 3,500 boxes. It now appears that MSM was a Mafia-linked operation with nothing more than a trailer parked on the Jersey Citg waterfront, according to an SEC document that quotes Citibank's own investigators. The SEC fined Citibank, the largest commercial bank in the U.S., in December, 1992, after it did not notify regulators "on a timely basis" once the cancelled bonds started resurfacing and for not taking proper steps initially to ensure the securities' destruction, according to court papers filed by the commission. The U.S. treasury department had censured Citibank in June, 1992, saying it had failed to safeguard the cancelled securities and failed "to make required reports of potential thefts or losses of securities to authorities." The department's Office of the Comptroller of the Currency issued a 19-page report, criticizing Citibank for not inspecting MSM, not witnessing the bonds'destruction and not adequately cancelling the securities. The bank also permitted "an undetermined, yet significant" number of securities to survive the cancellation process without any marks at all, the report said. A senior official at another bank confirmed that his bank and three others lost billions of dollars worth of bonds the same way. It appears that all five banks used companies controlled by MSM, says one investigator. By the time the bonds started resurfacing, MSM was shut down and its owner, Anthony "Buddy" Iazetti, was dead. He apparently suffered a fatal heart attack in 1989, the FBI says. It's believed the bonds were smuggled into Canada, shipped from the Port of Montreal to Palermo, Sicily, and then passed to unwitting - or crooked - European bankers. Some banks in Eastern Europe and the former Soviet Union were founded on loans that used the dirty bonds as collateral, said one private investigator. Police say improperly cancelled North American bonds have so far surfaced in 16 countries - Britain, France, Italy, Germany, Austria, Switzerland, Liechtenstein, Spain, Luxembourg, The Netherlands, Canada, the United States, Belgium, Hungary, Poland and the former Yugoslavia. Financial institutions that have dished out loans to banks that have used the bonds as collateral may not realize they've been scammed for years, since many of the bonds don't come due until the next century. By then, many of the fraud artists may be either difficult-to-trace pensioners or dead, of natural causes or otherwise, investigators say. The puzzling part is how long the scandal took to unfold. Cancelled certificates, where Citibank was the transfer agent, began showing up in March, 1987. Although the bonds continued to surface, it took 4 1/2 years - until Oct. 28, 1991 - before the bank reported all of the securities sent to MSM. And this occurred only after a request by U.S. authorities, said Joe Goldstein, associate director of the SEC's enforcement division. Citibank paid the fine in December, 1992, without "admitting or denying the allegations or findings," according to a bank news release at the time. An internal Citibank investigation concluded that no bank official did anything wrong, said Amy Dates, a Citibank spokesperson. "We decided to pay to basically put this behind us",Dates told the Star. At least one U.S. government investigator has said this is exactly what Washington wants - because to go further into the investigation could have "drastic" consequences for the banking and political systems of some countries, particularly fledgling democracies. But Alan Block, a professor of the administration of justice at Pennsylvania State University and noted expert on the Mafia's ties to the garbage and recycling industries, is calling for a full-fledged inquiry. "I get the feeling that the government doesn't want to embarrass the banks," Block said. "It might have serious geopolitical repercussions, and the banks may have to bear the responsibility down the line." Juval Aviv, a New York private investigator working on the fraud for a client he doesn't wish to name, said: "This has the potential to shake the economy of the Eastern bloc. The ramifications are tremendous. If Congress and the public finds out, this could become a major scandal. "The American government is aware, but this is being kept a big secret because they're afraid to shake (Russian President Boris) Yeltsin's banking apparatus and to scare investors in other countries," he added. Citibank maintains that the bonds were cancelled, even if they weren't destroyed, and it was thus the responsibility of other financial institutions to verify that the bonds were still valid, Dates said. To this day, the face value of the missing bonds and stocks - from Citibank and other banks - has not been reported to the Securities Exchange Commission's data base for lost and stolen securities. According to the data base, only $20.1 billion in securities were reported lost and stolen in 1991. That's the most recent, readily available statistic, said Ester Saverson, special counsel to the SEC. Dates of Citibank said: "We didn't report the (face value of the) bonds because they were cancelled and had no financial value." But Goldstein of the SEC said: "The value is listed as zero, but our problem is that you can have a certificate in circulation with no ouward indication that it has been cancelled." Publicly, only two banks have been named in the scandal: Citibank, which has stated that $111 billion worth of corporate securities it sent to be destroyed are now missing, and the Chase Manhattan Bank which has not been fined or publicly reprimanded by any regulatory agency. Chase Manhattan has so far confiscated $7.5 million worth of bonds, part of a $100 million batch that it sent to an outside company for destruction, a bank spokesperson said. The bank's name surfaced in connection with the only American court case in which someone was convicted for trying to peddle the dirty bonds. Roman Abegg, a 57-year-old Swiss lawyer, was caught tgng to peddle $763,200 worth of stolen bonds to the Miners National Bank in Pottsville, Pa., to use as collateral for a $465,000 loan in January, 1992, according to court documents obtained by The Star.... Citibank [known earlier as First National City Bank], acted as transfer agent for most of the bonds that wound up in Abeggs hands. Citibank, which arranges for transfer of ownership, obtained them in the 1970s and early 1980s. However, Chase Manhattan was the transfer agent for some bonds Abegg possessed, said a spokesperson for that bank. The bonds were held by both Citibank and Chase Manattan until the mid-1980s, when they were sent out for destruction and began their illegal trek across the ocean and back. - o O o - Well, there you are, happy people. Don't think you're going to see to much of *this* in the U.S. papers - unless, that is, someone were to tip off the SPOTLIGHT! Cheers! John W. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From mg5n+ at andrew.cmu.edu Wed Nov 17 15:04:29 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Wed, 17 Nov 93 15:04:29 PST Subject: BAN Detweiler(WHAT A LOON) In-Reply-To: <9311170532.AA14620@pmantis.berkeley.edu> Message-ID: > I THINK ITS TIME TO TAKE DETWEILER OFF THE MAILING LIST, > HE IS CLEARLY ABUSING THE PRIVELGE OF HAVING US AS AN > AUDIENCE. ANY OTHERS ON THIS SIDE OF THE ISSUE?? > ANON I think it's time we started ignoring Detweiler's shit, stopped discussing Detweiler, stopped flaming Detweiler, and discussed more important issues, you know, like cryptography or something. :). From arthurc at crl.com Wed Nov 17 16:24:29 1993 From: arthurc at crl.com (Arthur Chandler) Date: Wed, 17 Nov 93 16:24:29 PST Subject: Encryption: A Testimonial In-Reply-To: Message-ID: For a while, I thought that encryption was just for folks who had something REALLY important in their files -- formulas for the Neutron bomb, sales reports to crack dealers, illicit love letters, etc. :<) -- so I never bothered. Then, before I left on a sabbatical from my university, I reviewed the personal files in my computer there. "Hmmm.... only class syllabi, notes, committee reports. Nothing here to... Wait a minute!" It then occurred to me that some sections of those reports hold very sensitive information dealing with retention, tenure, and promotion of colleagues. There were also letters of recommendation for students in there. "Well, no one's going to look in here. Most of my colleagues are still using manual typewriters anyway. But, just in case, I'll just lock these files up with Norton Encrypt." -- Not exactly a heavyweight program, but adequate to my purposes. Then, a couple of months later, I get a call from the Dean. The University has decided to give my computer an Ethernet connection; and one of the techies has asked her (the Dean) for the password to my files so he can install the appropriate software. Wants the password to my personal files? So I went out to the university and confronted the man. Why did he feel he needed the password to my personal files in order to install ethernet protocol software? I got a song and dance about how some of the software "wasn't working right" and so he thought that I might have something in there that conflicted with the ethernet software. "But why didn't you just have the Dean contact me to come out and look in those files? And don't you think that you should ask before going into someone's computer, even to install ethernet software?" His answer was this: "These machines belong to the State of California. You don't own them. The State does. And any employee of the state -- like myself -- can go in any time and do whatever we feel is necessary to maintain the machines." What a case of chutzpah used to cover up moxie! Needless to say, I objected strongly to this line of "reasoning" and suggested -- politely, of course -- that neither he nor anyone else was to get into the computer in my office without my express sayso. He walked out the door affirming his right to poke around in my computer in the name of the state. So my files stay encrypted. And if anyone on this list works for an organization that holds similar views on the nature of personal files within an organization-owned machine, I strongly recommend locking all sensitive files -- or putting a password on the whole machine. I realize that such tales may have been told in *Cypherpunks* before. But there's mine, just for the record. From an41418 at anon.penet.fi Wed Nov 17 16:31:17 1993 From: an41418 at anon.penet.fi (wonderer) Date: Wed, 17 Nov 93 16:31:17 PST Subject: Key Servers Message-ID: <9311180029.AA19056@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- L.D. writes: > Wonderer is a D.Denning admirer. Was it Wonderer who Wondered about > what would happen if someone found a way to thwart PGP and read > everyone's mail on the sly? Reminds me of Medusa never telling anyone of her S > nakes. I have been proud to be able to keep out of the fight with L.D., but this is a personal accusation. I'll just deny that I am a Dorothy Denning admirer and leave it at that. I also never wondered, on the list, if someone found a way to thwart PGP and read everyone's mail on the sly, but what of it, that is something to consider if we want to rely on it for privacy. Wonderer -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLOpeZh1kTJuroDD9AQEseAIAgDoglSEpXI1PXUzESBLU25ITJLtTCJA7 H2Y1KTISuThHGQzUDA3IhUL4pyRe+n4JAdIsJzY9fd/3ezdF6rGlRw== =XQMT -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From an15489 at anon.penet.fi Wed Nov 17 16:46:55 1993 From: an15489 at anon.penet.fi (Jack Daniels) Date: Wed, 17 Nov 93 16:46:55 PST Subject: privacy and rights (short reply) Message-ID: <9311180046.AA21866@anon.penet.fi> >> >> Numbered bank accounts and even lines of credit >> exist and will continue to prosper. > >One can hope so, but when the Swiss numbered bank account, the >canonical example, vanishes, I begin to have doubts. > >[Let's hope it doesn't get this far. Besides, there's always >Liechtenstein :)] > I hate to be the bringer of bad news, but to the best of my knowledge Switzerland no longer allows numbered bank accounts. Also, from my studies of international banking, bank secrecy and tax havens, I have never seen any reference to numbered bank accounts in any country other than Switzerland, including Liechtenstein (although Liechtenstein does have better secrecy safeguards than Switzerland. Today, Cayman Islands has more international money in its bank than any other country in the world due to their bank secrecy and favorable tax status (ref: Forbes Magazine). Jack ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From hugh Wed Nov 17 17:24:29 1993 From: hugh (Hugh Daniel) Date: Wed, 17 Nov 93 17:24:29 PST Subject: WORK: San Francisco Bay Area contract working with crypto Message-ID: <9311180123.AA15148@toad.com> Just passing this on in case any one is interested. Technipower (a contract broker) 2727 Walsh Avenue, Suite #204 Santa Clara, California 95051 +1 408 748 0444 Scott Whittman JobOrder #12 Requirments: BSMS in CS with 5+ years experance software development in Un*x and MSDOS using C. Excellent verbal and written skills a must. U.S.A. Citizenship Required Duites: Responsible for the design and developemt of PC and Un*x software for interacting with a new cryptographic micro controler. Applicatoin involves bio-metric user authentication and digital signatures using public key cryptography and async. communications. Leave name, job order #12 and your rate per hour and your phone number. From clueless at mindvox.phantom.com Wed Nov 17 17:31:18 1993 From: clueless at mindvox.phantom.com (Peter Vanderkloot) Date: Wed, 17 Nov 93 17:31:18 PST Subject: Help unsubscribe me! Message-ID: Could some kind-hearted cypherpunk out there PLEASE help me get my name off of this list??!? I've tried every combination to cypherpunks- request of which my fevered noise overloaded cerebrum could think-- but to no avail... If there's a moderator here perhaps he/she/it could unsubscribe me, otherwise if someone would e-mail the secret spell to me directly I'd appreciate it (as I've had to resort to deleting all that comes from this list without reading it...)... Thanks in advance, Your Flame-weary Fool, clueless at phantom.com From pmetzger at lehman.com Wed Nov 17 17:51:18 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 17 Nov 93 17:51:18 PST Subject: privacy and rights (short reply) In-Reply-To: <9311180046.AA21866@anon.penet.fi> Message-ID: <9311180148.AA23400@snark.lehman.com> Jack Daniels says: > > >> > >> Numbered bank accounts and even lines of credit > >> exist and will continue to prosper. > > > >One can hope so, but when the Swiss numbered bank account, the > >canonical example, vanishes, I begin to have doubts. > > > >[Let's hope it doesn't get this far. Besides, there's always > >Liechtenstein :)] > > > > I hate to be the bringer of bad news, but to the best of my knowledge > Switzerland no longer allows numbered bank accounts. Also, from > my studies of international banking, bank secrecy and tax havens, > I have never seen any reference to numbered bank accounts in > any country other than Switzerland, including Liechtenstein (although > Liechtenstein does have better secrecy safeguards than Switzerland. "Jack Daniels" has never looked hard enough -- many countries (Austria comes to mind) allow completely anonymous accounts, with various degrees of restriction on them. Perry From tcmay at netcom.com Wed Nov 17 20:24:28 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 17 Nov 93 20:24:28 PST Subject: Encryption: A Testimonial In-Reply-To: Message-ID: <199311180424.UAA16898@mail.netcom.com> Arthur Chandler tells an interesting story: ... > "Well, no one's going to look in here. Most of my colleagues are still > using manual typewriters anyway. But, just in case, I'll just lock these > files up with Norton Encrypt." -- Not exactly a heavyweight program, but > adequate to my purposes. > Then, a couple of months later, I get a call from the Dean. The ... Also an argument for using stegonography, to obscure the fact that one has encrypted files. Companies or universities may have simplistic policies banning encrypion as a matter of policy, for various and sundry reasons, and may snoop through networked machines looking for encrypted files (high entropy, characteristic file types, etc.). Packing those sensitive resumes and job applications in an innocent photo of the dean may be a good idea. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From ld231782 at longs.lance.colostate.edu Wed Nov 17 20:31:58 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 17 Nov 93 20:31:58 PST Subject: The `Reputation' of Cypherpunks Message-ID: <9311180431.AA26799@longs.lance.colostate.edu> I've been thinking about this concept of `reputation'. It seems that the Cypherpunks seem to treat it differently than many other people. Many cypherpunks have the argument, `I assign no reputation to messages whose owner I have never met, or have no trust for.' But it is impossible not to be influenced by any message. When you read a message, it is influencing you. The only message that has `no reputation' is no message at all. Also, this preoccupation seems to violate one of the Cypherpunk dogmas, `there is only a message'. Isn't that kind of a bizarre statement? What if Ted Bundy, Hitler, and a Psychopunk posted 99 messages to the Cypherpunks list, and Jesus Christ posted one. Furthermore, suppose no one knew who posted what, in a pseudospoofing scenario. Who would want to subscribe to this? Apparently, it would be Utopia for some Cypherpunks. Another thing about Cypherpunks is that they think that reputation is something you can `cash in' when you need to. For example, in that rather amazing message by Mr. Szabo recently, he seemed to be completely cashing in all his reputation chips just for a cheap thrill. Doesn't that damage everything he has *ever* said, if he suddenly says, `I admit it! I'm a tentacle! I lied in RISKS!'. I don't understand this idea of building up trust just to betray someone. Maybe some cypherpunks can explain this in detail to me. I remember flaming D.Denning rather searingly over the issue of truth (over her involvement with Clipper) a long time ago, and maybe someone else along my long visit to this little dark corner of cyberspace. Mr. T.C.May was upset by my messages. He said that it was generally not a good idea to `demonize' one's opponents, because it `rarely served a useful purpose.' I have been thinking about these words a lot lately. I wonder -- is it okay to `demonize' someone with Tentacles? Maybe that is the preferred method. I guess that would explain a lot! One final question I have. If I get an anonymous phone call to my answering machine, how does that relate to reputation? should I give this phone call ``Lance, stop posting to cypherpunks'' (as I did today at about 730 or so) any merit? Should I give it more or less than anonymous mail? threats from tentacles in my mailbox? to my postmaster? I'm quite confused. Also, suppose this person had reached me personally, e.g. I picked up the phone. Should I have given that conversation more merit, because some two-way dialog took place? What if the caller still remained anonymous? What if he called me `Linda' instead? The call reminded me of an interesting comment by J. Dinkelacker -- `he's a borg'. I was watching Robocop at the time I got the call, and it was kind of funny in that context. If Medusa would like to explain to me precisely why she prefers that I not post to Cypherpunks, and how this does not detract from the forum but enhances it, can someone have her call or email me? All I have been getting are tentacle-grams for many weeks now. It's quite frustrating. From klbarrus at owlnet.rice.edu Wed Nov 17 20:56:58 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Wed, 17 Nov 93 20:56:58 PST Subject: real-life pseudospoofing examples Message-ID: <9311180456.AA29922@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- I thought I'd try to unearth some real-world "pseudospoofing" just so Mr. Detweiler and other interested in this could have other tangible examples. While I can't do justice (i.e. research further) to these items right now, I've found two examples in the little digging I've done. First, Mary Ann Evans published "Silas Marner" under the pseudonym of "George Eliot." She purposely chose a male name in order to masquerade as a male since women couldn't be novelists at the time. It is unknown how long she pulled this off, but nevertheless is an example of someone who created a false identity in order to deliberately fool others. I don't know what the reasons were for Eric Blair (George Orwell), Samuel Clements (Mark Twain), or Charles Dogdson (Lewis Carroll) to publish under pseudonyms. The second (possible) example of pseudospoofing was relayed to me by my parents. They live in Prince William Country, Virginia, where apparently Walt Disney Company has announced plans to build another amusement park. A representative of Walt Disney Co. bought the land over a period of several years, consistently misleading real-estate agents as to his intention and who he worked for. He claimed to be based in Phoenix, Arizona, and often would head towards a different terminal in Dulles airport in order to make business associates beleive this. Maybe he even flew there every once in a while, I'm not sure (parents are mailing various articles to me). Obviously, he did this in order to keep Disney from being screwed on land prices. He pseudospoofed to do it. He created a false identity, lied to others about it. So I look forward to mention of the Walt Disney Company as a many-tentacled, satanic practicing pseudospoofing, subversive criminal organization. Maybe even in the next issue of RISKS :-) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOsARoOA7OpLWtYzAQEdOAP7BUPVtHa0fZOBHOaLSZsQBkcZipcMAhTl DWF9q0ANATQJ/g8oOA3OhehbIhmTUrFqpKQM6qt/VZVyjTTTV+3arZ8xMHCf3iTF 6vt6XR5vBRI2nJcF+jDfhFxOKkLAYjOytOQ8UloSqIYPevOlVoIIRf0kYs0slEsY ERV3Jk+seUs= =HOiI -----END PGP SIGNATURE----- From ld231782 at longs.lance.colostate.edu Wed Nov 17 21:11:22 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 17 Nov 93 21:11:22 PST Subject: the Lies of Cypherpunks Message-ID: <9311180509.AA27407@longs.lance.colostate.edu> Could an eminent psychopunk explain to the several dozen sane people left on the list: Suppose that a real person signed someone else's imaginary identity for a key in a key server, or for their own. Can someone explain to me why this is not dishonest? I guess the argument will be, the signor is only guaranteeing that some key is associated with some email address. But that seems to me to abuse the whole idea of trust in people. Has anyone asked PRZ what he thinks of the practice of real people signing imaginary identities? or key servers corrupted with phantom identities? From mg5n+ at andrew.cmu.edu Wed Nov 17 21:44:29 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Wed, 17 Nov 93 21:44:29 PST Subject: Encryption: A Testimonial In-Reply-To: <199311180424.UAA16898@mail.netcom.com> Message-ID: tcmay at netcom.com (Timothy C. May) wrote: > Also an argument for using stegonography, to obscure the fact that one > has encrypted files. Companies or universities may have simplistic > policies banning encrypion as a matter of policy, for various and > sundry reasons, and may snoop through networked machines looking > for encrypted files (high entropy, characteristic file types, etc.). > > Packing those sensitive resumes and job applications in an innocent > photo of the dean may be a good idea. Actually, you could fool a lot of people by creating a hidden disk partition. Nobody would know there was anything hidden unless they did a detailed sector-scan of the disk. Is there any good software for doing this with modern operating systems? It used to be real easy to do stuff like that in the old days when OS were simple and hackable. Once someone showed me a trick on an old, old, Apple DOS; you could change one byte in RAM, and viola, a totally new directory appeared on the disk! Pretty cute trick. Too bad things ain't that simple anymore. :) From karn at qualcomm.com Wed Nov 17 22:14:28 1993 From: karn at qualcomm.com (Phil Karn) Date: Wed, 17 Nov 93 22:14:28 PST Subject: Secure phones - STU3 Message-ID: <9311180612.AA03568@servo> As far as I can tell, basic compatibility among STU-IIIs calls for the 2400 bps LPC-10 coder as a minimum. So it's universal. It works, but it sounds pretty bad, so there's been a lot of work on newer and better vocoders. Correct me if I'm wrong, but I suspect the Motorola coder you mention is probably one of several manufacturer-specific algorithms, sort of like the manufacturer-specific high speed modes you find on some fax machines. FED-STD-1016 CELP (Codebook Excited Linear Prediction) at 4800 bps seems to be the up-and-coming standard for newer phones, and it indeed does provide *much* better voice quality than LPC-10. Unfortunately, it also requires many more DSP cycles. Phil From wisej at acf4.NYU.EDU Wed Nov 17 22:31:20 1993 From: wisej at acf4.NYU.EDU (wisej) Date: Wed, 17 Nov 93 22:31:20 PST Subject: Encryption: A Testimonial In-Reply-To: Message-ID: On Thu, 18 Nov 1993, Matthew J Ghio wrote: > tcmay at netcom.com (Timothy C. May) wrote: > > > Also an argument for using stegonography, to obscure the fact that one > > has encrypted files. Companies or universities may have simplistic > > policies banning encrypion as a matter of policy, for various and > > sundry reasons, and may snoop through networked machines looking > > for encrypted files (high entropy, characteristic file types, etc.). > > > > Packing those sensitive resumes and job applications in an innocent > > photo of the dean may be a good idea. > > Actually, you could fool a lot of people by creating a hidden disk > partition. Nobody would know there was anything hidden unless they did > a detailed sector-scan of the disk. Is there any good software for > doing this with modern operating systems? > It used to be real easy to do stuff like that in the old days when OS > were simple and hackable. Once someone showed me a trick on an old, > old, Apple DOS; you could change one byte in RAM, and viola, a totally > new directory appeared on the disk! Pretty cute trick. Too bad things > ain't that simple anymore. :) > Ah, but they are, on mac anyways...pop open ResEdit (available from ftp.apple.com or in most book stores or development packages), choose 'get file/folder info' from the file menu, and pick any directory in a standard dir/file browser which comes up. When the info box comes up, just click in the 'invisible' box. When u exit ResEdit, it will ask u if u want to save changes. Click 'yes', and...voila...an invisible subdirectory. Many programs make this interface even easier, too. Jim Wise wisej at acf4.edu jaw7254 at acfcluster.nyu.edu From shipley at merde.dis.org Wed Nov 17 23:46:21 1993 From: shipley at merde.dis.org (Peter shipley) Date: Wed, 17 Nov 93 23:46:21 PST Subject: hohocon Message-ID: <9311180744.AA07753@merde.dis.org> I am wondering if anyone I plan to bring a (cheap) laptop to I can collect and trade (& sign) PGP keys PS: I to not read all my cypherpunks email so if you reply keep "hohocon" in the subject so I know to read it :-) From szabo at netcom.com Wed Nov 17 23:51:21 1993 From: szabo at netcom.com (Nick Szabo) Date: Wed, 17 Nov 93 23:51:21 PST Subject: /dev/null for e-mail; remailer diffusion structures Message-ID: <199311180751.XAA20320@mail.netcom.com> Like zero in arithmetic, the "device" /dev/null serves a useful purpose as a kind of "syntatic glue" for Unix shell programs. I wonder if such a "bit bucket" for mail might also be useful for anonymous remailers. A couple examples: * To provide multiple endpoints for a mail message, so that the remailer list becomes a tree (or at least one branch with a bunch of leaves). This might be done with syntax like Request-Remailing-To: remail at tamsun.tamu.edu Request-Remailing-To: next at destination.com Cc-Bit-Bucket: hfinney at shell.portal.com Cc-Bit-Bucket: remailer at utter.dis.org where "Cc-Bit-Bucket" causes the tamsun remailer to randomly generate a message of identical size, paste a "Bit-Bucket:" header, encrypt it with the hfinney remailer's public key, and send it to hfinney. When the hfinney remailer decrypts the message and sees the "Bit-Bucket:" header it deletes the message. remail at tamsun repeats this process with remailer at utter.dis.org, and sends the real mail message on to next at destination.com. To the traffic analyzer, bit bucket messages are indistinguishable from real ones (as long as the sender properly encrypted the next message layer with next at destination.com's public key). Remailer bit bucket branching might be useful for adding confusion when it's impractical to delay the mail to mix it with other traffic (either because it's time sensitive or due to lack of other traffic). Bit bucket accounts could be useful if the destination receives a regular, identifying pattern of traffic (eg a unique number or size of encrypted messages). To foil traffic analysis, set up a bunch of pseudonymous accounts at various sites that serve no other purpose than sending and receving bit bucket messages. It then looks like many sites are receiving that pattern of traffic. * To provide endpoints for confusion & diffusion loops. For example: Request-Remailing-To: remail at tamsun.tamu.edu Cc-Loop: 7 iterations: hfinney at shell.portal.com, remail at tamaix.tamu.edu Request-Remailing-To: next at destination.com Does the same as above, except the randomized carbon copy is put in a loop between remail and hfinney (in real life we'll want more than two remailers in the loop). After 7 iterations remail dumps the message, terminating the loop. Instead of "Bit Bucket:" the remailers might paste a loop counter, where 0 causes the message to be terminated. Remailers might set limits on the number of loops and destination sites, charge postage, or both, to make sure these techniques don't soak up the available bandwidth. With sufficient bandwidth and software tools we might get fancy and be able to choose routing patterns from trees, acyclic and cyclic graphs, randomized branching, fractal branching, etc. if we find any such patterns better at thwarting traffic analysis. Nick Szabo szabo at netcom.com From nobody at entropy.linet.org Thu Nov 18 00:01:22 1993 From: nobody at entropy.linet.org (nobody at entropy.linet.org) Date: Thu, 18 Nov 93 00:01:22 PST Subject: Quotable Quotes Message-ID: >who was the cypherpunk who said, ``Cypherpunks, It's such a feeling of >raw power over lesser intelligences''? I can't remember. I have seen only one person on this list use TeX style quotes, such as ``Cypherpunks ... '' instead of "Cypherpunks ..." and that person is ld231782 at longs.lance.colostate.edu. Writing style may not be conclusive proof, but it adds to the preponderence of circumstantial evidence. From an12070 at anon.penet.fi Thu Nov 18 00:01:24 1993 From: an12070 at anon.penet.fi (S.Boxx) Date: Thu, 18 Nov 93 00:01:24 PST Subject: The Zen of Pseudospoofing Message-ID: <9311180756.AA07906@anon.penet.fi> ``I don't trust anyone,'' Medusa said with some paranoia. ``do you trust me?'' I said amusedly. ``I trust only software,'' Medusa asserted. ``Who writes your software?'' I wondered. ``I do.'' ``You must get lonely,'' I observed. ``I have all my snakes to keep me company,'' she grinned. * * * Medusa's sisters had fun with their pseudopool of seven. ``Are you pseudospoofing?'' I asked. The sisters said in unison, ``we can assure you that all seven of us are unique.'' * * * Yin said to Yang, `You move!' Yang said to Yin, `No, You move!' * * * A psychopath asked a policeman to apologize for catching him. The policeman refused. The psychopath called him an evil hypocrite. * * * ``You're paranoid. There's no Medusa.'' ``Am I talking to Medusa or a Snake?'' I asked. ``I'm a True Snake!'' it said. * * * ``What if someone started a pseudospoofing game, invited you, and didn't tell you?'' I asked Medusa. ``That depends -- Would I be in on the secret or not?'' said Medusa. ``What if they said it wasn't a game but it was?'' I inquired. Medusa shrugged. ``So what?'' I asked her, ``Don't you believe in truth in advertising?'' ``What is `Truth'?'' she asked. * * * Yin said, `You are Yin and I am Yin.' Yang said, `You are Yin and I am Yin.' Yin said, `You are Yang and I am Yin.' Yang said, `You are Yang and I am Yin.' Yin said, `You are Yin and I am Yang.' Yang said, `You are Yin and I am Yang.' Yin said, `You are Yang and I am Yang.' Yang said, `You are Yang and I am Yang.' * * * What if you never woke up from a nightmare? What if someone played a practical joke on you -- that never ended? What if we could live forever? In Cyberspace? * * * Stop the world. I want to get off. Beam me out of here Scotty, there's no intelligent life here. * * * The flower said, ``You can trust me.'' But as soon as I bent to smell its beautiful fragrance, it turned into a cocked steel-jawed trap and SNAPPED. In shock, horror, and intense pain I clutched my face. ``You were a fool for trusting me, and I've done you a favor by betraying you,'' it growled. ``Now you know that any Flower could be a Trap.'' Needless to say, I stopped smelling the flowers -- and planted the seeds for a new family. * * * Medusa was proud of her titanium pipe. She told me, `My pipe is flawless.' `I said, your pipe has two holes.' Medusa said, `the holes are not part of the pipe.' I said, `No. The pipe is not part of the holes.' Medusa frowned and walked away. * * * Medusa said, `Nothing is sacred in Cyberspace.' I said, can I quote you on that? She said, `No. Privacy is sacred.' * * * I was talking to a tentacle. `Is it a lie if a tentacle lies?' The tentacle said, `No.' I asked Medusa, `Are you a liar'? She was silent. * * * I asked Medusa to talk to me. ``Only in Cyberspace,'' she said. ``Do you trust Cyberspace?'' I asked. ``No, but you should.'' I asked Medusa, `Why can Cyberspace be trusted?' She said, `Because there is a Real World.' * * * Medusa's snake said, ``Why are you so paranoid?'' I said, ``I'm afraid of poisonous snakes.'' It said, ``You shouldn't be.'' * * * I asked Medusa, ``How many snakes do you have?'' Medusa said, ``There are no snakes. There are only my sisters.'' * * * Three Identities and the Liar were talking to each other. ``You can find me if you need to,'' said one. ``You can talk to me if you want to,'' said another. ``You can get lost,'' said a third. ``You can find me if you need to,'' said one. * * * ``I don't trust anyone,'' said Medusa. ``who do you talk to?'' I asked. Medusa began to cry. * * * Medusa liked to write under the influence of LSD. She thought that it brought out the best in her prose. One day, she stared at her collection in horror. It was all perversely senseless. But the mood passed. Later, she couldn't remember if she had taken LSD or not that day. * * * One day I called Medusa on the phone, long distance. ``Who am I talking to?'' I asked. ``Me,'' she said. I wanted my money back. * * * I shouted to many people that Medusa was coming. They didn't listen. Later, Medusa tricked them all into losing their life's savings. They said it was my fault that they didn't believe me at first. ``We couldn't hear you.'' * * * Medusa was proud of the many books written by her Snakes. She considered them masterpieces of art. But one day, a tiny spark lit a fire in one. The fire raged with intensity. The whole array was reduced to nothing but black ashes. Medusa first went insane, and then committed suicide. * * * I heard on the radio that we are being invaded by aliens. I didn't believe it. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From szabo at netcom.com Thu Nov 18 00:02:00 1993 From: szabo at netcom.com (Nick Szabo) Date: Thu, 18 Nov 93 00:02:00 PST Subject: Online Shopping and Banking? (fwd) Message-ID: <199311180802.AAA21348@mail.netcom.com> Forwarded message: Date: Wed, 17 Nov 93 23:39:07 PST From: ptrubey at shl.com (Phil Trubey) Message-Id: <9311180739.AA18523 at technet1.shl.com> Subject: Re: Online Shopping and Banking? > From: bobk at cyberspace.com (Bob) > To: com-priv at psi.com > Subject: Online Shopping and Banking? > > The options to shop and do banking transactions electronically have > proven to be a highly desirable services on other commercial networks. > The Wall Street Journal recently had an article that said PCFlowers > on Prodigy has become one of the top five FTD sellers of flowers. > Microsoft announced today that it is getting into the home electronic > banking business with US West and US Bankcorp. I'm sure that the > Internet will soon have such services. > > How far is the Internet from being able to provide reliable avenues > for online financial transactions? What would it take for reliable > email-ordering on the Net? How about banking and stock transactions? > Is the primary roadblock the security issue of sending sensitive > financial information (such as credit card numbers) over the Net? > > In addition to the mechanics of how to implement such services, I'd > like to hear some thoughts and predictions on the evolution of this > important and probably inevitable development and its effect on the > character and nature of the Internet as we now know it. > == > > Bob (bobk at cyberspace.com) Seattle, Washington > FYI: there is a mailing list in place where developers/designers are developing an Internet Mercantile Protocol. This protocol will enable buy/sell transactions to be conducted over an unsecure network, such as most of the Internet. You can subscribe to the list by sending a request to imp-interest-request at thumper.bellcore.com - archives are accessable via FTP on thumper.bellcore.com in /pub/devetzis/imp. Minutes of the last BOF meeting are archived there as well as slides for one proposed IMP implementation. While there has not been a ton of activity on this list recently, there are at least two groups hard at work putting finishing touches on some new proposals for the list to consider. Phil Trubey | Internet: ptrubey at shl.com Systemhouse Inc. | Voice: 310-809-5491 | Fax: 310-860-9668 From nobody at rosebud.ee.uh.edu Thu Nov 18 00:14:28 1993 From: nobody at rosebud.ee.uh.edu (nobody at rosebud.ee.uh.edu) Date: Thu, 18 Nov 93 00:14:28 PST Subject: y Message-ID: <9311180813.AA02436@toad.com> >> I don't understand this idea of building up trust just to betray >> someone. Maybe some cypherpunks can explain this in detail to me. `` too much but never enough; tear it up and watch it fall. '' From eichin at paycheck.cygnus.com Thu Nov 18 00:54:28 1993 From: eichin at paycheck.cygnus.com (Mark W. Eichin) Date: Thu, 18 Nov 93 00:54:28 PST Subject: Key Servers In-Reply-To: <9311170639.AA02048@toxicwaste.media.mit.edu> Message-ID: <9311170305.AA05510@paycheck.cygnus.com> "MR EICHIN"? gee, last time I saw my name written that way (all caps, no punctuation on the abbreviation) was from a direct mailing database program. I half expected to see it followed by "You may have already won" :-) Before I continue, I'd like to indicate that I find this discussion interesting, which is why I'm continuing to cc you, Mr. Detweiler; however, if you'd rather I didn't continue, please let me know. But enough of that. Please tell me, MR LD231782, if whomever you got your Internet email server from ever informed you that the email addresses might have *nothing* to do with the names they claimed to be? Malicious or otherwise? [To be fair, *my* network provider actually does have some intro documentation that explains how insecure email actually is... but they're unusual in other ways.] The point I'm trying to make is that the Keyserver is no more guilty for not mentioning it than your email provider is. Perhaps this is because they are both assuming (perhaps incorrectly) that you cannot base trust on machinery. Machinery might help propagate existing trust... but the trust must start with the people involved (and by that I mean the entities themselves, *not* the service maintainers.) In case it wasn't clear, I'm just responding to your point: >> why is it that the policy that ANYTHING GOES is NOT MADE CLEAR in >> KEYSERVER POLICY DOCUMENTS? in reference to the "policy documents" of everything else on the net. For that matter, do you care that if you saw one message in Time Magazine, you might see a similar message in an statement from Warner Cable[*], or a number of related places -- because they're all owned by the same conglomerate? Forget Medusa. Think Warner, Beatrice, TCI, and other big meta-everything companies, who only *look* like distinct "individuals" (corporations are individuals in the eyes of the law, enabled by one of the later amendments...) while in fact they're only really "tentacles" of a bigger one? [*] I attempt to use the subjunctive here to make a point, not to claim any actual behaviour of Time-Warner Inc. There are better examples of this sort of thing anyhow. Sorry I don't have any handy that are documented well enough... (Actually, doesn't the FCC already have something to say about this? something like you can do it as long as you don't own *all* of the media in an area, but several of each is ok?) There was a long discussion on another mailing list (with only a slightly higher S/N than this one, but far more politics, as the vocal membership includes employees of NSF, CIA, ANS, IBM, STD and other TLA's :-) about someone who was posting from an address in their name representing a political project from an educational site. Someone else was curious about this, and contacted the postmaster. They contacted the account owner, and had some time of figuring out what was going on... turns out it was the *reverse* of PSEUDOSPOOFING, namely, there was one account with *several* true names behind it. (It was "exposed" because they didn't "keep their stories consistent" or something like that.) Now, do you find this reverse-PSEUDOSPOOFING (I leave the upper case letters since I've never seen the world spelled without them) objectionable as well? I'm not trying to set up a semantic trap here or anything, I'm just trying to understand the bounds of the issue, and get some idea what you see as ok, and what you see as "flabbergasting." I reject the idea that just because you perceive something that "many people might" perceive it the same way... so please don't try to generalize, just let me know what *you* think. Thanks. _Mark_ ... or at least I might be... From ld231782 at longs.lance.colostate.edu Thu Nov 18 01:21:22 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Thu, 18 Nov 93 01:21:22 PST Subject: Characterizing Cypherpunk Culture Message-ID: <9311180921.AA01373@longs.lance.colostate.edu> - E.Hughes: public vs. private - Cypherpunk culture research materials - CryptoAnarchist Manifesto and Cypherpunk Charter - True Name detection - an introspective note E.Hughes, Mysterious Cypherpunk Leader --- In my extensive research into Cypherpunk pseudospoofing culture, I've come up with a lot of apparent contradictions in what is known about the mysterious figure, E.Hughes in particular. It would be an understatement to say that he values his privacy! Anyway, his mail to me under his True Name is always very terse, and I'm not allowed to publicly quote any of his tentacles without violating the Pseudospoofing Religion (I wouldn't want to offend anyone or break any taboos). So, in my interest in profiling the culture and its leaders, I'm hoping that some CA cypherpunks interested in promoting their ideology and their leader can help fill in the blanks. One thing I have stumbled on is the cryptic references to tax evasion and black marketeering. It appears that he may be alluding to these in his public speeches. This based on mail by A.Chandler (another person who is hard to track down). Can anyone elaborate on these? This would certainly not be an invasion of his privacy. No transcripts are available, unfortunately. Also, it never seems that these speeches are announced ahead of time. Does anyone issue these announcements officially? For example, E.Hughes popped up at the Austin EFF meeting awhile ago and there didn't seem to be any advance warning to the list at large so that people might attend. I'm sure he wants to maximize his exposure and the Cypherpunk `movement'. Also, a prominent cypherpunk told me that E.Hughes had proseletyzed the religion of pseudospoofing to him, so to speak, and that the latter was his great inspiration in setting up a site to permit it. Mr. Hughes never has publicly stated anything on pseudospoofing, except that `that which cannot be enforced should not be prohibited' and `the claim that a person should be limited in pseudonyms represents a profound misunderstanding.' Is he promoting it behind the scenes? Another thing about Mr. Hughes I don't understand, and has always baffled me -- a long time ago he posted a statement about some kind of Unix email message log files, a standard and well-known UNIX file, and Mr. Finney or someone corrected him and said, `You have rather demonstrated your lack of Unix knowledge'. Well, I was greatly confused by that then, and even more so today. Mr.Hughes, from my personal mail, strikes me as someone who is a mastermind of Unix software, nooks and crannies, and security weaknesses. Maybe even SMTP and DNS (Mr. Metzger is an authority on the latter). Sort of the `hacker ethic'. I wonder if that little statement was actually a disinformation stab, to prevent others from suspecting his amazing prowess! And if H.Finney was E.Hughes' tentacle, that would explain some things too! I also wonder if T.C.May's professed aversion to Perl code is in the same category. (This is really a shrewd way to throw off people who are into those annoying `investigations'.) I would like to look at any software Mr. May has written. Also, he seems to have a great fluency for the Mac, which would make for some other great portrayals. Another mysterious reference is that of collaboration between A.Abraham and E.Hughes. I believe T.C.May remarked that they are working on digital cash protocols. I got the impression that they may be running the site ah.com (`Abraham-Hughes'). Do they grant accounts to anyone who requests? Like A.Chandler? A.Chandler said that he posts to the future-culture list, and told me he has written some books, but I can't find them, and he is evasive in email. Is A.Abraham posting to the list under different pseudonyms? could someone tell me what they are? (I got a bizarre mail error sending him something once, maybe an SMTP expert or someone from crl.com can help me. Who maintains that site, anyway?) A. Abraham also popped up in RISKS lately, saying that he had watched my `deterioration'. Thanks for your concern, but I am quite all right, and alive and well! (A., I'm not sure where you got the idea I was `deteriorating' -- I haven't sent you any mail over many weeks, unless you have been tickling me with some tentacles out there, hee hee. Or maybe you are just privy to my private mail to the `inner circle'.) I'm sure that many will criticize my inquiries above as `invasions of privacy'. That, after all, is what the cypherpunks stand for! Let me assure you that is not my intent whatsoever. I simply wish to understand the Cypherpunk culture in all its grandeur, and promote it accurately to the concerned public, who may perceive it as quite subversive! (Markoff called you `the most self consciously ornery group', but I realize that's quite an understatement!) But let me say that I think true leaders with integrity have always had to sacrifice teir privacy. It is a basic requirement of fame and influence -- in holding one's achievements up for public scrutiny, the public affords you greater reputation. Shirking from the public, particuarly in response to their simple entreaties, is counterproductive and extremely damaging. After all, if you have nothing to hide, you can be proud of your public reputation, and look at it as a hard won accomplishment for your diligent and honest efforts. This is how you establish that all important element of *trust* among the public, who will perceive you less as a subversive threat than a privacy advocacy group! (A less subversive title, like the self-proclaimed `radical libertarian' P. Metzger advocates in RISKS, `the government keeping its fingers out of our affairs.') Research Materials --- CA meeting minutes are nonexistent as well. People seem very hostile to documenting them. It's quite annoying, discouraging, frustrating, and unfortunate. I'm interested in tracking the progress of the digital cash and identity obstruction infrastructures under development. I don't understand why CA Cypherpunks are so secretive about their projects. I thought they were interested in collaborations, based on the public mailing list. There's a distinct feeling that the CA people are `insiders' and everyone else is just the audience. I guess this could be one reason that people shriek so much over pseudospoofing accusations here -- they see the distinct boundary between `them' and `us', but promote the deception for `them'. This is partly my concern in the `secret mailing list'. If there is one, I think the CA 'punks should be honest about it and not deceive anyone else. In fact, I think that maybe the CA 'punks should just have their own mailing list unless they want to publicize and collaborate with anyone in Cyberspace, not just whoever can make it to their CA meetings. What is the criteria for people to get on the secret mailing list, `project development free of paranoid ranters', anyway? Do you have to be in CA? Is pseudospoofing outlawed on that list? I always thought that *this* list was for project development, but of course now realize it's just the public cypherpunk international PR outlet. One thing I wonder about the intensely secretive Cypherpunks. Don't you think that the Internet was pretty much built up with entirely public, open debate and interaction? With things like cooperation and collaboration between people, instead of hostile flames between different cliques? Do you think you have the right attitude, conducive to harmony in future Cyberspace? It seems to me all these secret conspiracies and quasi-criminal philosophies are somewhat fundamentally against the grain of a hospitible Cyberspace. Well, as I always say, `to each his own!' or `live and let live!' as long as no criminals are involved! Also, I thought I heard something about cypherpunk archives somewhere, by Al Whaley, maybe at cpsr.org. Does anyone know anything about that? It seems to me an archive would be a great project. Who has archives, and to how far back to they go? G.Broiles was telling me he had a pretty good collection. (I consider him one of the most imaginative authorities on cypherpunk culture I've had the privilege of talking to!). The Cryptoanarchist Manifesto & CypherPunk Charter === The Cryptoanarchist Manifesto by T.C.May and the Cypherpunk Charter are very interesting, but they seem to be speaking metaphorically -- `thinly veiled', as I believe P. Metzger wrote in RISKS. They never refer directly to things like tax evasion, although the former does hint at what might be referred to as `cyberspatial guerrilla warfare' -- clearly a central tenet to the cypherpunk agenda. (see soda.berkeley.edu). One thing that I wanted to ask everyone's opinion on. At the end of the CryptoAnarchist Manifesto there is a references to a revolution that ensued `barbed wire fences' -- useful social infrastructures that protect private property rights, etc. But suddenly, Mr. May ends the essay with `you have nothing to lose but your barbed wire fences'. This was quoted in the NYT article. My question: this doesn't make sense to me unless `barbed wire' is a metaphor for something else. It seems to me that the Cypherpunks would want to advocated `barbed wire' in the sense that it protects their privacy rights! But the metaphor appears to go deeper than that. I think `barbed wire' may actually be a metaphor for *identity* and `fences' are the aspects of social institutions (such as laws and customs) that protect identities, such as proper attribution, crediting, etc. The cypherpunks, of course, are more interested in *blurring* those distinctions with things like misquoting, pseudopools, pseudospoofing, impersonation, etc. than in Privacy itself. (`you have nothing to lose but your barbed wire fences.'). The metaphor makes sense in this interpretation! The two documents are full of these kinds of subtle, invisible metaphors. In fact, a very large amount of postings and email by the `cypherpunk culture' are! Boy, I was quite deluded to think that the `cypherpunks are what they stand for' so to speak. I would appreciate if anyone knowledgeable could clarify their meaning (especially the authors! but that is a lot to hope for right now!) The lack of a basic document describing the Cypherpunk agenda by top leadership in pseudospoofing is definitely constraining and a serious obstacle to describing the Movement (given that it forms the invisible core of it) but, as everyone can attest, that hasn't deterred me so far. (BTW, I have to properly credit S.Boxx as helping me come to the `barbed wire == identity restrictions' idea. Thanks!) True Name Detection --- One thing I don't understand, either. J.Dinkelacker once talked about the list in long, introspective terms about being a Game with different Opponents and Teams and Names. (I can dig this up if anyone wants to see it.) I never fully understood that message -- it is deep with many metaphors and even allusions to Extropians. The thing that is puzzling about it was that at the time, J. Dinkelacker was a list newcomer, and newcomers generally don't comment on the long history of the list like this! The thing that was most fascinating about the post, however, was the apparent allusion of the distinction in `True Name' vs. pseudospoofed posts here -- he compared True Name posts to the pseudoanonymous ones, and said they were all pretty much the same, and that True Name posts had been easily as hot as the worst Pseudospoofed ones. But my question -- how could he tell the difference? N.Szabo has also made references to support being measured by `how many True Name' posts take one's side. N.Szabo also recently suggested that he is a tentacle, that he was retiring as one, and that the CA cypherpunks were quite amused by the `detweilering' (is that the right term?) exorcisms. This is interesting because it also confirms the `CA Pseudospoofing Clique-Conspiracy' scenario. `Mr. Szabo', are you really a tentacle? (Unfortunately, as pseudoanonymous posting goes, I've never gotten an honest answer to this question to date!) I'm flabbergasted if this is true, because you have built up such a tremendous net.reputation in many quarters. Would you be willing to tell me what you True Name is? Because you allude to my private mail and telephone calls to some cypherpunks (who you say have `compromised their privacy' in giving me their phone numbers, I'm not sure why) I think you must be in the thick of things! Your knowledge would be extremely valuable at this point. If someone else was posting under J.Dinkelacker or N.Szabo, I'd really like to talk to you. How do you know which posts are real, and which ones are fake? Is there a group of you people out there, who can tell, and have fun with this exclusive information? Obviously, being able to separate the Snakes from the Medusa Sisters is critical to understanding most of the traffic here! People who didn't see the distinction might become quite frustrated after awhile, especially from mail in their private mailboxes! I guess that those with tentacles would be upset if they are complimented, too -- they would want to reserve the powerful reputation-influencing right to compliment or criticize others for themselves. (That reminds me of all the flames I got over my facetious L.D. Cypherpunk Awards.) This cypherpunk culture sure is baffling sometimes. NYT and Wired articles only scratch the surface. (I suspect that letter to Wired on the subject was pseudospoofed, maybe eminent cypherpunk S. Sandfort, who has written for the magazine repeatedly, can clarify.) There are definitely many layers. Who knows what lies concealed at the center! Future anthropologists are going to have quite a difficulty in characterizing it! What we have here is an elaborate hoax far surpassing War of the Worlds -- except that when the `show was over' Orson Wells quit and apologized over the public uproar! an introspective note --- BTW, perhaps a hundred cypherpunks or tentacles have criticized my `florid' style over the months (great term, T.M.!). I have to credit A.Abraham as being one of the first great Cypherpunk Flamers to my mailbox on the topic. I tried over the past week to change my style a little, with short snippets with less organization and information, less indexing, no headings, less original material, no `congratulations' or intense analyses (obviously, everyone knows what everything means anyway, and these are far better left to the tentacles, so they can improve their reputations) more long quoting (like the `pseudopool' joke, hilariously funny), less attention to actual current dialogue, great hostile, ad hominem flames in the spirit of PM's best, terse statements with the utmost brevity and none of that nagging elaboration in deference to EH's `concision', none of those tedious informative forwarded materials that you've already seen, no independent reporter-style inquiries of prominent people like J. Bidzos, etc. This is all to accomodate the cypherpunks who have sent me hundreds of telegrams complaining about my more well-written pieces. I apologize for all of you in taking your valuable time in your mandatory readings of my dense prose. I'm sure the Cypherpunks list is a far better place, with many new people being converted and projects being accomplished, without my endless, blathering drivel, such as long, meandering paragraphs that seem to contain a lot of important information and complex, prolix vocabulary, but are really nothing but a `borg paranoid rants' according to the eminent cypherpunk newbie J. Dinkelacker, a `tale of sound and fury, told by an idiot, signifying nothing', like the brilliant pseudonymous dramatist Shakespeare once wrote, who could have been Francis Bacon, but because of someone's ingenious facade, no one really knows or gives a damn, and ingenious and eloquent cypherpunks like E.Hughes, T.C.May, A.Abramson, G.Broiles, H.Finney, N.Szabo, and P.Metzger, and all those other wacky and conspirational pseudospoofing CA cypherpunks, interested in saving Humanity from the Draconian Orwellian Totalitarian Oppressive Evil Corrupt and downright Unpleasant Gubberments to replace them with CryptoAnarchy and Digital Terrorism, Espionage, Sabotage, and Warfare (all's fair in love and war!), even to the extent of brainwashing honest people and demonizing and stalking opponents like S.Boxx and G.Spafford into quivering insanity and poisoning cyberspace and corrupting DNS databases and SMTP software and keyservers with toxic waste and establishing imaginary interstate telephone numbers and accounts and fake media accounts by insiders that all unequivocally prove their unique existence and dominance over `lesser intelligences' by raping and their white virgin minds and urinating on their Beliefs (the raw power of which is Liberating), or, that is, particularly in these cases, use this brilliant Shakespearean metaphor to no end in their clever disinformation campaign surpassing that of War of the Worlds and NeverEnding, under the leadership of the most evil megalomaniac since Hitler with hideously majestic plans for World Domination far surpassing His Royal Eminence, as documented in RISKS 15.25 and 15.27 and 15.x (?) by the insane man but brilliant satirical exorcist on his holy jihad, which has spread to very many lists such as the `Internet Mercantile Protocols' list and CERT's only being the mere tip of the tentacles, so to speak! I remain yours -- the humble historian-servant of the Cypherpunks. From drunkfux at cypher.com Thu Nov 18 02:06:23 1993 From: drunkfux at cypher.com (Drunkfux) Date: Thu, 18 Nov 93 02:06:23 PST Subject: hohocon In-Reply-To: <9311180744.AA07753@merde.dis.org> Message-ID: <9311180359.aa04301@zero.cypher.com> > > I am wondering if anyone I plan to bring a (cheap) laptop to I can > collect and trade (& sign) PGP keys John Draper has already expressed an interest in having everyone exchange keys, and will probably mention this during his speech. I can guarantee there will be numerous laptops, and even full systems avaialable. Last year, we even had 4-machine internet site going - hohocon.com. Yeah, it was great for about 5 minutes until all the power in the wing went out. From gg at well.sf.ca.us Thu Nov 18 02:41:23 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Thu, 18 Nov 93 02:41:23 PST Subject: FCC policy Message-ID: <199311181037.CAA25558@well.sf.ca.us> Re Strick's item on "used to be legal to listen to anything that passed through your airspace as long as you didn't (divulge or sell)..." Yes this used to be the case. I'm not sure if ECPA is what changed it, but.... there is some hope of getting it changed back again... Bill Clinton just signed a piece of legislation which restored a pre-1990 standard with regard to religious freedom, overturning a more authoritarian standard prmulgated by the Supreme Court in the last couple of years. The critical case involved Native American use of peyote, a sacramental cactus which is also a controlled substance. Anyway, if Clinton is backing efforts to return to older and more libertarian standards in one area, it's worth a try he'd go for it in another area as well. He made a decent statement about how religious freedom is vital to the 1st Amendment, is foundational in our country, and so on; one could make the same case around a freedom to *hear* which is the necessary corrolary to the freedom to speak. -gg From smb at research.att.com Thu Nov 18 04:06:24 1993 From: smb at research.att.com (smb at research.att.com) Date: Thu, 18 Nov 93 04:06:24 PST Subject: Quotable Quotes Message-ID: <9311181204.AA08534@toad.com> >who was the cypherpunk who said, ``Cypherpunks, It's such a feeling o f >raw power over lesser intelligences''? I can't remember. I have seen only one person on this list use TeX style quotes, such as ``Cypherpunks ... '' instead of "Cypherpunks ..." and that person is ld231782 at longs.lance.colostate.edu. Writing style may not be conclusive proof, but it adds to the preponderence of circumstantial evidence. For whatever it's worth, I use ``this'' quoting style as well. When you do enough writing in troff and LaTeX (they both use it), you train your fingers accordingly. --Steve Bellovin From mnemonic at eff.org Thu Nov 18 04:54:30 1993 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 18 Nov 93 04:54:30 PST Subject: Quotable Quotes In-Reply-To: <9311181204.AA08534@toad.com> Message-ID: <199311181251.HAA22139@eff.org> Steve Bellovin writes: > For whatever it's worth, I use ``this'' quoting style as well. When you > do enough writing in troff and LaTeX (they both use it), you train your > fingers accordingly. Aha! And Steve Bellovin has the same initials as S. Boxx! From cfrye at ciis.mitre.org Thu Nov 18 06:11:30 1993 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Thu, 18 Nov 93 06:11:30 PST Subject: Privacy != right? Message-ID: <9311181414.AA04095@ciis.mitre.org> One element of the "right of privacy" debate I've seen is the distinction between a "right _of_ privacy" and a "right _to_ privacy". Linguistically, "right _of_ privacy" == "privacy right", indicating that this particular right would be enumerated somewhere. In the case of a "right _to_ privacy", the concept is a bit more vague and allows the penumbral (implied) construction given by Stanton. Since there is no specific mention of a "right _of_ privacy" in the Consititution, one must fall back on the implied construction and interpret Constitutional privacy as defined by other amendments. What this construction of the "right _to_ privacy" allows is for appellate courts to weight enumerated rights as more important than implied rights. Thus, in the name of furthering the goals of another amendment (say #6, speedy/public trial), the courts can limit the implied "right _to_ privacy". Best regards, Curtis D. Frye cfrye at ciis.mitre.org "If you think I speak for MITRE, I'll tell you how much they pay me and make you feel foolish." From allan at elvis.tamu.edu Thu Nov 18 07:26:29 1993 From: allan at elvis.tamu.edu (Allan Bailey) Date: Thu, 18 Nov 93 07:26:29 PST Subject: The Republic of Desire (anonymous organizations) Message-ID: <9311181524.AA15425@elvis.tamu.edu> Let's start a new topic, and mr. deitwieler is not invited. Has anyone considered how an organization like The Republic of Desire from Gibson's _Virtual Light_ novel could be created/formed? It seems to me that it would be an excellent example and development motive for the crypto-anarchy tools: the DC-net protocol, Zero Knowledge Proofs used for anonymous credentials, reputation-nets/webs-of-trust, etc. etc. My only problem with this is knowing how to organize the "guerilla cell structures" or whatever it was he mentioned. Anyone have a ref for something that discusses guerilla cell organizations? -- Allan Bailey, allan at elvis.tamu.edu | "Freedom is not free." Infinite Diversity in Infinite Combinations | allan.bailey at tamu.edu GCS -d+ p--- c++++ l+++ u++ e++ m++ s n+ h+ f g+ w+ t+ r y+ "Liberty means responsibility. That is why most men dread it." -- George Bernard Shaw "Armadillos....those are the meanest suckers you're ever gonna wanna see... But you gotta kill 'em the first time, otherwise they get this revenge thing in their heads and they come lookin' for ya......." -- (i got this from the 'zine Armadillo Culture) From wex at media.mit.edu Thu Nov 18 07:51:31 1993 From: wex at media.mit.edu (Alan (Gesture Man) Wexelblat) Date: Thu, 18 Nov 93 07:51:31 PST Subject: hohocon In-Reply-To: <9311180359.aa04301@zero.cypher.com> Message-ID: <9311181546.AA13097@media.mit.edu> Problem: how much trust do you have for a temporary site set up to give Internet access? Can you assure yourself they're not capturing your telnets and remote logins? At a recent SF con I attended, there was a rumor going around to the effect that the admin was doing just this. I found the idea disturbing but eminently plausible. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request Try not to have a good time ... This is supposed to be educational. From cfrye at ciis.mitre.org Thu Nov 18 07:51:31 1993 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Thu, 18 Nov 93 07:51:31 PST Subject: The Republic of Desire (anonymous organizations) Message-ID: <9311181554.AA05033@ciis.mitre.org> > My only problem with this is knowing how to organize the >"guerilla cell structures" or whatever it was he mentioned. Anyone have >a ref for something that discusses guerilla cell organizations? The classic Russian model (late 1800's through the October Revolution) was to have three-person cells, each of which had one person who knew one person above them in the hierarchy and someone who knew one person below them. This makes for good security as there is no redundant information in the network and one failure breaks the chain. I don't have any specific citations in mind, but the Russian history instructors at A&M might be a good place to start. Best regards, Curtis D. Frye cfrye at ciis.mitre.org "If you think I speak for MITRE, I'll tell you how much they pay me and make you feel foolish." From cfrye at ciis.mitre.org Thu Nov 18 08:27:10 1993 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Thu, 18 Nov 93 08:27:10 PST Subject: Privacy != right? Message-ID: <9311181633.AA05632@ciis.mitre.org> Oops, forgot to finish the last sentence of my privacy post. The last paragraph should read: Since there is no specific mention of a "right _of_ privacy" in the Consititution, one must fall back on the implied construction and interpret Constitutional privacy as defined by other amendments. What this construction of the "right _to_ privacy" allows is for appellate courts to weight enumerated rights as more important than implied rights. Thus, in the name of furthering the goals of another amendment (say #6, speedy/public trial), the courts can limit the implied "right _to_ privacy" with fewer problems than if two "textual" amendments had come into conflict. Best regards, Curtis D. Frye cfrye at ciis.mitre.org "If you think I speak for MITRE, I'll tell you how much they pay me and make you feel foolish." From hughes at soda.berkeley.edu Thu Nov 18 08:44:31 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 18 Nov 93 08:44:31 PST Subject: Forwarded mail from S.Boxx Message-ID: <199311181642.IAA26892@soda.berkeley.edu> This one was just too good to resist. Eric ----------------------------------------------------------------------------- Delivery-Date: Thu, 18 Nov 1993 01:04:50 -0800 Return-Path: daemon at anon.penet.fi To: tcmay at netcom.com, hughes at soda.berkeley.edu From: an12070 at anon.penet.fi (S.Boxx) X-Anonymously-To: tcmay at netcom.com,hughes at soda.berkeley.edu Organization: Anonymous contact service Reply-To: an12070 at anon.penet.fi Date: Thu, 18 Nov 1993 09:03:32 UTC Subject: an epiphany I've finally figured out your intense loyalty, sensitivity, and secrecy. You're homosexual lovers. Quite a complex and secretive culture, these cypherpunks. I really do wonder what magic the Wizards have truly practiced. Look, if you don't want to tell me, just say so. But could you tell me when you are going to `come out of the closet'? I mean, everyone is going to find out some day, right? Could you at least tell me when the Big Day is? I'm really dying of anticipation. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From hfinney at shell.portal.com Thu Nov 18 08:56:30 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Thu, 18 Nov 93 08:56:30 PST Subject: hohocon Message-ID: <9311181655.AA08484@jobe.shell.portal.com> Regarding the issue of telnet'ing through an insecure system: A general solution to this problem is to have the system you are attaching to engage in some dialog with you to establish your identity. However, the dialog must be such that even if it is monitored by the system you are going through, that will not allow them to later claim to be you. This is the same basic problem as entering a PIN for a credit or debit card in an environment where the PIN can be seen or recorded. If someone sees your PIN they can steal your ATM card (or dcash card, in the future) and access your money. Cryptographic solutions involve zero-knowledge proof systems but they are too complicated to work in your head. For the hohocon case you could have a calculator programmed with some one-way function (DES is available for the HP48); the remote system could generate a challenge number and you would use your calculator to DES-encrypt it with a fixed secret key, then type the result in, and the remote system would check it. This would not help the hohocon people because next time they tried to log in as you the challenge number would be different. There was a paper in the Eurocrypt 91 proceedings called "Human Identification Through Insecure Channel" which attempted to address this problem. The authors proposed a system which was supposed to be simple enough that you could work the response in your head, but which would be complex enough that eavesdroppers would not be able to figure it out, even after seeing many examples. The idea was that the remote system would issue a challenge as a string of letters or digits: 1982043765. You will give a response of the same length, but only certain positions matter. Those positions are identified by one of two secret words that you memorize. Suppose the first secret is 1246. You will produce a response which embeds the 2nd secret word in the positions where 1,2,4, and 6 appear. Suppose the 2nd secret word is 3124. Your response, written below the challenge, would be: 1982043765 3421223142 - - - - Only the marked positions matter; the others are random. This sounds simple enough, but the problem is that for true security the authors require a much longer string with a much larger set of characters, 40 or 50 characters long. I tried implementing their algorithm, without even memorizing the secrets, just writing them down (they had to be about 10 letters long), and entering in a reponse given a challenge, and I couldn't do it. It was extremely difficult to locate the checked positions and put in the next letter. It took forever to do it, and I kept making mistakes. Maybe with practice it would get easier. Or, perhaps the technique would still be useful with a smaller question size to provide less security but still more than you would get without it. It would be interesting to see if other people come up with approaches to solve this problem. I really don't think that protecting my smart card with a 6-digit PIN is going to be adequate. Hal Finney hfinney at shell.portal.com From MJMISKI at macc.wisc.edu Thu Nov 18 09:04:31 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Thu, 18 Nov 93 09:04:31 PST Subject: Guerilla Cells Message-ID: <23111811004268@vms2.macc.wisc.edu> The sendero luminoso in Peru also works this way...Of course if you break their rules, they break your neck! For security reasons each 'member' of the Shining Path is only allowed to know of two other persons in the heirarchy. This makes for good plausible deniability as well as qwik and efficient dissolution. --Matt ______________________________________________________________________________ In defense of liberty, encrypt for all purposes, civil and professional. In defense of privacy, encrypt all correspondence, personal and professional. In defense of sanity, do not encrypt your dry cleaning invoice! ++++++++--------mjmiski at macc.wisc.edu (c)1993 From mentor at indial1.io.com Thu Nov 18 09:06:04 1993 From: mentor at indial1.io.com (Loyd Blankenship) Date: Thu, 18 Nov 93 09:06:04 PST Subject: hohocon In-Reply-To: <9311180744.AA07753@merde.dis.org> Message-ID: I'll be there with PGP 2.3a on my 286 laptop. Not the fastest system in the world, but I'm willing to sign the key of anyone I personally know or who can present a valid state drivers' license. Loyd p.s. with photo * Loyd Blankenship /o\ mentor at io.com (Finger for PGP key) * * Steve Jackson Games / \ "And keep on praying through that bass, * * PO Box 18957 /fnord\ for it is a link to Jah. One love, one * * Austin, TX 78760 /_______\ heart, one destiny." -- Flabba Holt * From wex at media.mit.edu Thu Nov 18 09:06:29 1993 From: wex at media.mit.edu (Alan (Gesture Man) Wexelblat) Date: Thu, 18 Nov 93 09:06:29 PST Subject: The Republic of Desire (anonymous organizations) In-Reply-To: <9311181554.AA05033@ciis.mitre.org> Message-ID: <9311181704.AA21053@media.mit.edu> This is kind of off-topic, but I thought the classic three-person cell was as follows: A / \ B - C / \ D G / \ / \ E - F H - I where a line shows cell membership. So A commands a cell of himself, B and C but knows no one below. A is either the leader, or is known by one member above. B knows D is the leader of another cell, but does not know who E and F are (or even if they exist). Similarly for C. This organization is vulnerable in two ways: any one person can give up three others; and the chain can be followed (e.g. compromising B can lead to compromising D and then to E, etc.). Because information has to flow between the cells, there is potential for compromise. I can't think of a way around this problem. If information flows from B to E, either B must know of E's existence or non-existence. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request Try not to have a good time ... This is supposed to be educational. From pmetzger at lehman.com Thu Nov 18 09:11:30 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 18 Nov 93 09:11:30 PST Subject: Key Servers In-Reply-To: <9311170305.AA05510@paycheck.cygnus.com> Message-ID: <9311181707.AA28884@snark.lehman.com> "Mark W. Eichin" says: > "MR EICHIN"? gee, last time I saw my name written that way (all caps, > no punctuation on the abbreviation) was from a direct mailing database > program. I half expected to see it followed by "You may have already Mark; Answering Detweiler's posts serves no purpose. He is not in his right mind. Most people who believe that there is a nationwide conspiracy out to get them do not need rational argument -- they need psychological care. Its unlikely he's even going to think you are a seperate person arguing against him, as he's convinced that we are all either Tim May or Eric Hughes "pseudospoofing" him. Answering him is an action similar to prodding a caged bear with a hot poker. Perry From mccoy at ccwf.cc.utexas.edu Thu Nov 18 09:11:33 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Thu, 18 Nov 93 09:11:33 PST Subject: hohocon In-Reply-To: <9311181546.AA13097@media.mit.edu> Message-ID: <199311181708.AA20978@tramp.cc.utexas.edu> "Alan (Gesture Man) Wexelblat" writes: [regarding hohocon...] > > Problem: how much trust do you have for a temporary site set up to give > Internet access? Can you assure yourself they're not capturing your telnets > and remote logins? Or can you be sure that anyone who might have access to any portion of the physical wire at any conference isn't doing it? Well, hohocon might be a good place for the Austin Cypherpunks to test out a version of telnet and ftp that should do Diffie-Hellman encryption, provided there is a machine or two running a version of some PC freenix... For people at hohocon itself we will be passing out a first draft of a "crypto infodisk" with collections of articles and information about cryptography and the importance of strong encryption in the current debate. Depending on how long it takes us to get things together we might also have a crypto source disk for people. If people can think of other things of cypherpunk interest we might be able to put onto disks to pass around let me know. jim From cfrye at ciis.mitre.org Thu Nov 18 09:12:11 1993 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Thu, 18 Nov 93 09:12:11 PST Subject: The Republic of Desire (anonymous organizations) Message-ID: <9311181718.AA06075@ciis.mitre.org> Alan followed up on my three-person cell note with: >This is kind of off-topic, but I thought the classic three-person cell was >as follows: > > A > / \ > B - C > / \ > D G > / \ / \ > E - F H - I > >where a line shows cell membership. So A commands a cell of himself, B and >C but knows no one below. A is either the leader, or is known by one member >above. B knows D is the leader of another cell, but does not know who E and >F are (or even if they exist). Similarly for C. > >This organization is vulnerable in two ways: any one person can give up >three others; and the chain can be followed (e.g. compromising B can lead to >compromising D and then to E, etc.). Because information has to flow >between the cells, there is potential for compromise. Alan's version is correct. Best regards, Curtis D. Frye cfrye at ciis.mitre.org "If you think I speak for MITRE, I'll tell you how much they pay me and make you feel foolish." From wex at media.mit.edu Thu Nov 18 09:21:29 1993 From: wex at media.mit.edu (Alan (Gesture Man) Wexelblat) Date: Thu, 18 Nov 93 09:21:29 PST Subject: hohocon In-Reply-To: <9311181655.AA08484@jobe.shell.portal.com> Message-ID: <9311181717.AA22357@media.mit.edu> It seems to me that a simpler solution than challenge-response would be to emultate the tear-sheet crypto systems and just have a series of one-shot passwords generated. Each time you log in, it requires the next password from the sheet, so capturing the old one does no good (just as breaking the one-time codes from tear sheets doesn't help). Now if I could just figure out a simple way to do this on UNIX... --Alan From smb at research.att.com Thu Nov 18 09:34:31 1993 From: smb at research.att.com (smb at research.att.com) Date: Thu, 18 Nov 93 09:34:31 PST Subject: hohocon Message-ID: <9311181732.AA14420@toad.com> We use challenge/response devices from the Internet: \begin{figure} \begin{quote} \logsize \begin{verbatim} $ telnet guard.research.att.com Trying... Connected to guard.research.att.com. Escape character is '^]'. This is the new inet. Authorized use only. Authentication Server. Id? ches challenge: 348201 response: d2c3f97d TCP host name? cetus rlogin cetus -l ches IRIX Release 4.0.5C System V cetus.research.att.com Copyright 1987-1992 Silicon Graphics, Inc. All Rights Reserved. cetus=; exit Connection closed.Connection closed by foreign host. $ \end{verbatim} \end{quote} \caption{\label{fig:hha-connect} The full text of an actual terminal session using our challenge/response-based guard.} \end{figure} From smb at research.att.com Thu Nov 18 09:41:31 1993 From: smb at research.att.com (smb at research.att.com) Date: Thu, 18 Nov 93 09:41:31 PST Subject: hohocon Message-ID: <9311181739.AA14588@toad.com> It seems to me that a simpler solution than challenge-response would be to emultate the tear-sheet crypto systems and just have a series of one-shot passwords generated. Each time you log in, it requires the next password from the sheet, so capturing the old one does no good (just as breaking the one-time codes from tear sheets doesn't help). Now if I could just figure out a simple way to do this on UNIX... See @article{lamport-pw, author = {Leslie Lamport}, journal = {Communications of the ACM}, month = {November}, number = 11, pages = {770--772}, title = {Password Authentciation with Insecure Communication}, volume = 24, year = 1981 } The Bellcore S-Key system implements this scheme, and is, I think, freely available. I know that it's included in TIS's firewall toolkit: \software{ftp.tis.com}{/pub/firewalls/toolkit} From allan at elvis.tamu.edu Thu Nov 18 09:51:32 1993 From: allan at elvis.tamu.edu (Allan Bailey) Date: Thu, 18 Nov 93 09:51:32 PST Subject: The Republic of Desire (anonymous organizations) In-Reply-To: <9311181554.AA05033@ciis.mitre.org> Message-ID: <9311181749.AA16590@elvis.tamu.edu> "Alan (Gesture Man) Wexelblat" writes: [[..deletia..]] > >This organization is vulnerable in two ways: any one person can give up >three others; and the chain can be followed (e.g. compromising B can lead to >compromising D and then to E, etc.). Because information has to flow >between the cells, there is potential for compromise. > >I can't think of a way around this problem. If information flows from B to >E, either B must know of E's existence or non-existence. > The cell structure of 3 people wouldn't necessarily need to know the "True Names" of anyone in other cells. That's what the crypto-anarchy tools are for: anonymous credentials, DC-nets and webs-of-trust, digital signatures, etc. These tools can be used for "authenticating" the other cells, and communicating with them without compromising (well... hopefully) your True Name and security. Knowing only anonymous Ids of other "persons" in the other cells is useless to the "authorities". Unless of course they can get your passwords and keys and spoof you. Now how can we make a protocol for protection against such spoofing? Some sort of Zero Knowledge proof scheme? -- Allan Bailey, allan at elvis.tamu.edu | "Freedom is not free." Infinite iversity in Infinite Combinations | allan.bailey at tamu.edu GCS -d+ p--- c++++ l+++ u++ e++ m++ s n+ h+ f g+ w+ t+ r y+ "Liberty means responsibility. That is why most men dread it." -- George Bernard Shaw "Armadillos....those are the meanest suckers you're ever gonna wanna see... But you gotta kill 'em the first time, otherwise they get this revenge thing in their heads and they come lookin' for ya......." -- (i got this from the 'zine Armadillo Culture) From warlord at MIT.EDU Thu Nov 18 09:57:11 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 18 Nov 93 09:57:11 PST Subject: hohocon In-Reply-To: <9311181717.AA22357@media.mit.edu> Message-ID: <9311181756.AA12723@toxicwaste.media.mit.edu> > Now if I could just figure out a simple way to do this on UNIX... This exists. It is called S/KEY, and you can retreive this via anonymous ftp from thumper.bellcore.com, somewhere... It uses MD4 as a one-way hash to generate a series of pseudorandom words. It's a neat system. -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Secretary, MIT Student Information Processing Board (SIPB) PGP key available from pgp-public-keys at pgp.mit.edu warlord at MIT.EDU PP-ASEL N1NWH From mg5n+ at andrew.cmu.edu Thu Nov 18 10:06:32 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 18 Nov 93 10:06:32 PST Subject: List of one-shot passwords In-Reply-To: <9311181717.AA22357@media.mit.edu> Message-ID: "Alan (Gesture Man) Wexelblat" wrote: > It seems to me that a simpler solution than challenge-response would > be to emultate the tear-sheet crypto systems and just have a series of > one-shot passwords generated. Each time you log in, it requires the > next password from the sheet, so capturing the old one does no good > (just as breaking the one-time codes from tear sheets doesn't help). > > Now if I could just figure out a simple way to do this on UNIX... You can use a sequential PRNG to do this, and then add a scrambling system to the output (to confuse anyone trying to break the pattern). I once wrote a program to do this (just for experimentation, and not in UNIX...). From tcmay at netcom.com Thu Nov 18 10:14:33 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 18 Nov 93 10:14:33 PST Subject: hohocon In-Reply-To: <9311181546.AA13097@media.mit.edu> Message-ID: <199311181814.KAA23119@mail.netcom.com> > Problem: how much trust do you have for a temporary site set up to give > Internet access? Can you assure yourself they're not capturing your telnets > and remote logins? > > At a recent SF con I attended, there was a rumor going around to the effect > that the admin was doing just this. I found the idea disturbing but > eminently plausible. > > --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard We believe this happened recently at the Hackers Conference (surprise!), when Internet access was provided on a machine that was later found to have been cracked by someone. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From pmetzger at lehman.com Thu Nov 18 10:21:31 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 18 Nov 93 10:21:31 PST Subject: List of one-shot passwords In-Reply-To: Message-ID: <9311181820.AA28976@snark.lehman.com> Matthew J Ghio says: > "Alan (Gesture Man) Wexelblat" wrote: > > > It seems to me that a simpler solution than challenge-response would > > be to emultate the tear-sheet crypto systems and just have a series of > > one-shot passwords generated. Each time you log in, it requires the > > next password from the sheet, so capturing the old one does no good > > (just as breaking the one-time codes from tear sheets doesn't help). > > > > Now if I could just figure out a simple way to do this on UNIX... > > You can use a sequential PRNG to do this, and then add a scrambling > system to the output (to confuse anyone trying to break the pattern). I > once wrote a program to do this (just for experimentation, and not in > UNIX...). You want to use a cryptographically strong one, however, because most PRNGs are easily guessed. This in practice means using MD5 or DES or IDEA or something as an RNG. Perry From coe at panix.com Thu Nov 18 10:21:33 1993 From: coe at panix.com (Chester Edelman) Date: Thu, 18 Nov 93 10:21:33 PST Subject: The Republic of Desire (anonymous organizations) In-Reply-To: <9311181704.AA21053@media.mit.edu> Message-ID: <199311181816.AA01206@panix.com> > Date: Thu, 18 Nov 93 12:04:51 -0500 > From: "Alan (Gesture Man) Wexelblat" > > This is kind of off-topic, but I thought the classic three-person cell was > as follows: > > A > / \ > B - C > / \ > D G > / \ / \ > E - F H - I > > where a line shows cell membership. So A commands a cell of himself, B and > C but knows no one below. A is either the leader, or is known by one member > above. B knows D is the leader of another cell, but does not know who E and > F are (or even if they exist). Similarly for C. > > This organization is vulnerable in two ways: any one person can give up > three others; and the chain can be followed (e.g. compromising B can lead to > compromising D and then to E, etc.). Because information has to flow > between the cells, there is potential for compromise. > > I can't think of a way around this problem. If information flows from B to > E, either B must know of E's existence or non-existence. See R. A. Heinleins's ``Moon is a Harsh Mistress'' for some discussion of this topic. ------------------------------------------------------------------------------ Chet Edelman "Truth is a blanket that leaves your feet out in the cold" D.P.S. EMAIL: coe at panix.com SNAIL: 1718 Ocean Avenue, Brooklyn NY 11230 VMAIL: (718) 338-1432 From nate at VIS.ColoState.EDU Thu Nov 18 10:31:31 1993 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Thu, 18 Nov 93 10:31:31 PST Subject: Fractal cryptography In-Reply-To: <9311120740.AA19589@jobe.shell.portal.com> Message-ID: <9311181827.AA00373@vangogh.VIS.ColoState.EDU> -----BEGIN PGP SIGNED MESSAGE----- writes Hal Finney: > >Now, maybe this particular fractal cryptosystem idea will actually work >well. I don't know; I haven't seen it. But the point is that these >complex types of systems have not provided a good foundation for crypto- >graphy in the past. > (First, sorry for bringing up an old subject, I was at SC93, and now have 500 messages to surf through) I read an article in Electronic Engineering Times a while back (summer, I think), about some researchers doing encryption with chaos... they had two decryption chips (I think they used DSPs) that had a synchronized chaotic stream going between them, which they both used to [en,de]crypt the data... This seems kind of silly, since (assuming an intelligent adversary), they could just tap the chaotic flow, and start listening... Am I missing something? - -nate - -- +-----------------------------------------------------------------------+ | Nate Sammons nate at VIS.ColoState.Edu (303) 491-1578 | | Colorado State University -- Computer Visualization Laboratory | +-----------------------------------------------------------------------+ From newsham at wiliki.eng.hawaii.edu Thu Nov 18 10:42:11 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Thu, 18 Nov 93 10:42:11 PST Subject: hohocon In-Reply-To: <9311180359.aa04301@zero.cypher.com> Message-ID: <9311181841.AA15760@toad.com> > > I am wondering if anyone I plan to bring a (cheap) laptop to I can > > collect and trade (& sign) PGP keys > > John Draper has already expressed an interest in having everyone > exchange keys, and will probably mention this during his speech. > I can guarantee there will be numerous laptops, and even full > systems avaialable. Last year, we even had 4-machine internet > site going - hohocon.com. Yeah, it was great for about 5 minutes > until all the power in the wing went out. hmm.. looks like the ideal for someone to test out a dos virus that looks for the PGP passphrase and for secret key rings and tries to "get out alive" with them. Tim N. Coders start your engines. From an15489 at anon.penet.fi Thu Nov 18 11:01:33 1993 From: an15489 at anon.penet.fi (Jack Daniels) Date: Thu, 18 Nov 93 11:01:33 PST Subject: Numbered Bank Accounts (Was "privacy and rights") Message-ID: <9311181857.AA02801@anon.penet.fi> >> >> I hate to be the bringer of bad news, but to the best of my knowledge >> Switzerland no longer allows numbered bank accounts. Also, from >> my studies of international banking, bank secrecy and tax havens, >> I have never seen any reference to numbered bank accounts in >> any country other than Switzerland, including Liechtenstein (although >> Liechtenstein does have better secrecy safeguards than Switzerland. > >"Jack Daniels" has never looked hard enough -- many countries (Austria >comes to mind) allow completely anonymous accounts, with various >degrees of restriction on them. > "Perry Metzger" doesn't carefully read the postings which he directly quotes before passing judgement. I never claimed that nobody offers completely anonymous accounts. I claimed that, to the best of my knowledge, nobody offers the "numbered accounts" that used to be popular in Switzerland. Austria does offer "bearer share" accounts which are completely anonymous, but are quite different than the "numbered accounts" of old-time Switzerland. In a "numbered account", the owner uses a hand-written rendition of the account number as a signature. The hand-written number is compared against bank records to validate the authenticity of the owner. "Bearer share" accounts, which are available in Austria, are issued to the user with some sort of ceritificate of ownership. Anyone (the "bearer") who has possession of the certificate ("share") can withdraw money from the account. No signatures or hand-writen numbers are used to verify the owner. If Austria does offer true numbered accounts, then I stand corrected. "Jack Daniels" ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From wex at media.mit.edu Thu Nov 18 11:04:34 1993 From: wex at media.mit.edu (Alan (Gesture Man) Wexelblat) Date: Thu, 18 Nov 93 11:04:34 PST Subject: The Republic of Desire (anonymous organizations) In-Reply-To: <9311181749.AA16590@elvis.tamu.edu> Message-ID: <9311181902.AA06579@media.mit.edu> Sorry, I was a little unclear. When I worried about someone in a cell being compromised, I assumed that through social engineering (like throwing in jail, serving with subpoenas, seizing property, etc.) someone had pressured or tricked this person into revealing hir secret keys. If you know you're being pressured and can use a backup works-but-I'm-in-trouble key, that's a partial solution. --Alan From 72114.1712 at CompuServe.COM Thu Nov 18 11:21:33 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Thu, 18 Nov 93 11:21:33 PST Subject: CELL STRUCTURE Message-ID: <931118191113_72114.1712_FHF88-3@CompuServe.COM> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort at attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Punksters, Allan Bailey referenced "The Republic of Desire" in Gibson's /Virtual Light/. He asked: Anyone have a ref for something that discusses guerilla cell organizations? One of my all-time favorite books, Heinlein's /The Moon is a Harsh Mistress/, has a great description of how traditional guerilla cells are structured. In addition, he creates a new cell structure based on secure communications in a computer mediated setting that foreshadowed many of the concepts we deal with on this list every day. Free Luna! S a n d y >>>>>> Please send e-mail to: ssandfort at attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From allan at elvis.tamu.edu Thu Nov 18 11:24:33 1993 From: allan at elvis.tamu.edu (Allan Bailey) Date: Thu, 18 Nov 93 11:24:33 PST Subject: The Republic of Desire (anonymous organizations) In-Reply-To: <9311181902.AA06579@media.mit.edu> Message-ID: <9311181923.AA16943@elvis.tamu.edu> > >Sorry, I was a little unclear. When I worried about someone in a cell being >compromised, I assumed that through social engineering (like throwing in >jail, serving with subpoenas, seizing property, etc.) someone had pressured >or tricked this person into revealing hir secret keys. > >If you know you're being pressured and can use a backup >works-but-I'm-in-trouble key, that's a partial solution. > AAAHHH!!!! EXCELENT IDEA!!! Think about it. It's a beautiful extension to PGP, the "I'm-being-coerced" password. Seems to work, but deletes everything irreparably(sp?). I don't think the PGP coders will put something like this in, but the people in my RoD-cell will definately have it as soon as I'm done. =) -- Allan Bailey, allan at elvis.tamu.edu | "Freedom is not free." Infinite Diversity in Infinite Combinations | allan.bailey at tamu.edu GCS -d+ p--- c++++ l+++ u++ e++ m++ s n+ h+ f g+ w+ t+ r y+ "Liberty means responsibility. That is why most men dread it." -- George Bernard Shaw "Armadillos....those are the meanest suckers you're ever gonna wanna see... But you gotta kill 'em the first time, otherwise they get this revenge thing in their heads and they come lookin' for ya......." -- (i got this from the 'zine Armadillo Culture) From pmetzger at lehman.com Thu Nov 18 11:27:13 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 18 Nov 93 11:27:13 PST Subject: Numbered Bank Accounts (Was "privacy and rights") In-Reply-To: <9311181857.AA02801@anon.penet.fi> Message-ID: <9311181926.AA29344@snark.lehman.com> Jack Daniels says: > I never claimed that nobody offers completely anonymous accounts. I claimed > that, to the best of my knowledge, nobody offers the "numbered accounts" that > used to be popular in Switzerland. Well, thats a very narrow statement, but even so... > Austria does offer "bearer share" accounts which are completely > anonymous, but are quite different than the "numbered accounts" of > old-time Switzerland. In a "numbered account", the owner uses a > hand-written rendition of the account number as a signature. The > hand-written number is compared against bank records to validate the > authenticity of the owner. "Bearer share" accounts, which are > available in Austria, are issued to the user with some sort of > ceritificate of ownership. Anyone (the "bearer") who has possession > of the certificate ("share") can withdraw money from the account. > No signatures or hand-writen numbers are used to verify the owner. > > If Austria does offer true numbered accounts, then I stand corrected. Until recently at the very least, they offered accounts which used a "password" and an account number to perform transactions -- you did not require any physical certificate to access the account. Perry From mdiehl at triton.unm.edu Thu Nov 18 11:31:35 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Thu, 18 Nov 93 11:31:35 PST Subject: latest procmail and recipes. Message-ID: <9311181928.AA12504@triton.unm.edu> Hi all! I just thought I'd post to let you know that I can send any interested parties the latest version of procmail and my pgp recipes for procmail. Send me a message with the subject: send help for more details. Lagers, J. Michael Diehl ;^) |*The 2nd Amendment is there in case the mdiehl at triton.unm.edu | Government forgets about the 1st! Mike.Diehl at f29.n301.z1 |*God is a good Physicist, and an even .fidonet.org | better Mathematician. al945 at cwns9.ins.cwru.edu|*I'm just looking for the opportunity to (505) 299-2282 (voice) | be Politically Incorrect! Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703. From an41418 at anon.penet.fi Thu Nov 18 12:01:36 1993 From: an41418 at anon.penet.fi (wonderer) Date: Thu, 18 Nov 93 12:01:36 PST Subject: Signal to noise/real issues Message-ID: <9311181959.AA12707@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- I am a bit concerned about the cypherpunks list. I posted something to the list with the subject "All our eggs in one basket," that I believe is a real concern for cypherpunks. The posting has prompted a lot of personal correspondence, and maybe even a co-authorship on a paper if we can find a place willing to include a nym as an author. A few of you wrote me back messages complimenting my post. What worries me is that nobody has continued the discussion on the list, whereas the posts by L.D. and S. Boxxx seem to generate a lot of heated discussion. If my post was really not as important as those, then maybe I'm in the wrong mailing list. I think I'll post a copy of that message to sci.crypt where people are interested in real crypto issues. Wonderer -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLOu+Qh1kTJuroDD9AQHDVwH9HFILw/wtEH/8r6rYkbRQlgGynzsDM528 pOsT5ffqqLbulJ1FN+2xOkfYx/fDQqBzrpmHZaV/bk0GdwUmYchyAg== =4JSu -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From ravage at wixer.bga.com Thu Nov 18 12:26:36 1993 From: ravage at wixer.bga.com (Jim choate) Date: Thu, 18 Nov 93 12:26:36 PST Subject: PGP keys, laptops, HoHo Con Message-ID: <9311182012.AA16029@wixer> On the topic of HoHo Con and keys, I should have access to at least 2 laptops rrunning PGP under linux. I believe that mentor at io.com will vouch for my authenticity at least for casual casual key generation. From strick at osc.versant.com Thu Nov 18 12:26:39 1993 From: strick at osc.versant.com (henry strickland) Date: Thu, 18 Nov 93 12:26:39 PST Subject: FCC policy In-Reply-To: <199311181037.CAA25558@well.sf.ca.us> Message-ID: <9311182025.AA08535@osc.versant.com> # From: "George A. Gleason" # # Re Strick's item on "used to be legal to listen to anything that passed # through your airspace as long as you didn't (divulge or sell)..." Yes this # used to be the case. I'm not sure if ECPA is what changed it, but.... there # is some hope of getting it changed back again... I agree that Clinton's shift to value individual liberties is a good thing. (However his support for anything is always subject to change....) However what we have now is a list of frequencies that it is illegal for you to listen to -- 2600 published the list as a service to its members :-). The cypherpunk platform here should be not merely for more liberty to use electronic gadgets, but for relying on technology rather than laws to assure privacy. This argument could be made regardless of whether an administration wanted to see more or less liberty/privacy -- as long as it wants there to be some liberty/privacy. I'm sure you already know these, I think it's important to distinguish the arguments. strick From jef at ee.lbl.gov Thu Nov 18 12:34:32 1993 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Thu, 18 Nov 93 12:34:32 PST Subject: hohocon Message-ID: <9311182033.AA25177@ace.ee.lbl.gov> At Hackers 8.0 a hallway discussion (including Eric Hughes) came up with an amusing variation on these sniff-resistant authentication schemes: use a pager. It goes like this. You telnet from an insecure site to your home system, and type your userid. Instead of prompting you for a password, your system looks up your pager number, dials out to the pager service, and pages you with a random but syntactically valid phone number. Then it prompts you. You receive the page and type that number as your password. Authentication is based on physical posession of the pager, and knowing what userid/machine it corresponds to. A possible attack would be to monitor the pager frequencies and try to snag the number out of the air. Possible defense against this would be to require a special password before the page is generated - an attacker would have to monitor both the network and the radio. Not military grade security, but lots of folks have pagers and could hack together something like this in a day or so. --- Jef From crunch at netcom.com Thu Nov 18 12:36:36 1993 From: crunch at netcom.com (John Draper) Date: Thu, 18 Nov 93 12:36:36 PST Subject: HoHoCon key exchanges Message-ID: <199311182036.MAA04806@mail.netcom.com> in relation to the HoHoCOn event... >> >> I am wondering if anyone I plan to bring a (cheap) laptop to I can >> collect and trade (& sign) PGP keys > John Draper has already expressed an interest in having everyone > exchange keys, and will probably mention this during his speech. > I can guarantee there will be numerous laptops, and even full > systems avaialable. Last year, we even had 4-machine internet > site going - hohocon.com. Yeah, it was great for about 5 minutes > until all the power in the wing went out. Yes... And lets have at least SOMEONE who can have a Mac at HoHoCon this time.... Last time there was NOBODY that had one. Yukk!! whatta bummer.... I am also interested if there is any rave taking place on the weekend of the HoHoCon. I sure want to get in some dancing while I'm there :-) .... CC From spin at iastate.edu Thu Nov 18 13:07:17 1993 From: spin at iastate.edu (spin at iastate.edu) Date: Thu, 18 Nov 93 13:07:17 PST Subject: send mail for more details In-Reply-To: <9311181928.AA12504@triton.unm.edu> Message-ID: <199311182106.AA06668@mailhub.iastate.edu> Hmm... I recently discovered that though we have man pages for procmail installed the executable doesn't seem to be there. If you read this (instead of just having it processed) could you direct me to anywhere I could get the source to procmail? Thanks... From jim at bilbo.suite.com Thu Nov 18 13:08:48 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 18 Nov 93 13:08:48 PST Subject: All our eggs in one basket? Message-ID: <9311182106.AA19057@bilbo.suite.com> > What would happen if your bank suddenly told you that it had no proof that > you really had an account there? > > Wonderer > Theoretically, this problem is prevented by using protocols that incorporate non-repudiation mechanisms. The bank wound not be able to make such a claim. Or, another way of saying it, were the bank to make such a claim, you would be able to prove them wrong. However, proving them wrong while also retaining your anonymity may be a trick. It would depend on the design of the non-repudiation mechanisms. How do you prove to a third party that someone is falsely repudiating a valid contract or transaction without revealing any information about yourself? Conversely, how do you defend yourself against false claims of repudiation without revealing any information about yourself? After all, someone might try to discover your identity by making false claims about you, and forcing you to defend yourself. (Sound familiar?) Jim_Miller at suite.com From jthomas at pawpaw.mitre.org Thu Nov 18 13:22:18 1993 From: jthomas at pawpaw.mitre.org (Joe Thomas) Date: Thu, 18 Nov 93 13:22:18 PST Subject: HoHoCon key exchanges Message-ID: <9311182124.AA16613@pawpaw.mitre.org> In my experience, mass key-signing on a few laptops is a waste of time. It might be a fun waste of time at a convention, but it made the one Washington Cypherpunk meeting to date kind of a drag. Far more efficient is to print up a paper certificate with your key and its fingerprint, run off a bunch of copies, and sign them. Pass them out and let people verify your credentials; everyone does a batch signing when they get some free time. Then everyone mails their key ring to a server, waits a few days, and collects all their new signatures off the same server. But, again, maybe that takes the fun out of it. To each his own... Joe From hfinney at shell.portal.com Thu Nov 18 13:31:36 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Thu, 18 Nov 93 13:31:36 PST Subject: hohocon Message-ID: <9311182129.AA19727@jobe.shell.portal.com> > From: Timothy Newsham > > hmm.. looks like the ideal for someone to test out a dos virus that > looks for the PGP passphrase and for secret key rings and tries to > "get out alive" with them. > > Tim N. > > Coders start your engines. > Don't type your PGP passphrase on a PC owned by someone else! You don't have to use your passphrase to exchange keys. Keys can be extracted, added, etc. without the passphrase being entered. I don't see any way a virus could be spread via PGP key exchange. At best (worst) a virus could somehow attach itself to the PGP key file but it would be just passive data. It wouldn't do anything. Hal From baldwin at LAT.COM Thu Nov 18 13:32:18 1993 From: baldwin at LAT.COM (Bob Baldwin) Date: Thu, 18 Nov 93 13:32:18 PST Subject: Duress Passwords/PINs/Combinations Message-ID: <9311182123.AA14221@LAT.COM> Having a separate authentication mechanism that is used under duress is a very good idea that some existing systems already employ. I'll pass along the ones I have had contact with. From a systems point of view, it is hard to figure out exactly how the system should respond when it recognizes a duress authentication. There are competing interests as I'll explain after some examples. The safe inside the ATM machines used by BayBanks (Boston Mass) can be opened with two combinations. One combination sends an alarm to the bank via a separate phone line (not the one used to perform the ATM transaction). The alarm phone line is also connected to a conventional panic switch. A fellow I know has a central-office alarm in his home. When the alarm goes off, the office calls his house to ask if it was a false alarm. They ask for a password to verify, and no matter what password you give they say "OK, I'll log it as a false alarm." If you gave the wrong password, they call the police and notify them of a crime in progress with hostages. If no one answers the phone, they send one of their patrol cars. The challenge-response token that Attalla sells (which is a repackaging of someone else's token) supports a fixed or variable duress pin. In the fixed duress pin mode, a special PIN, usually "1111", causes the device to use a fixed different key to compute the response to the challenge. The code that authenticates the response checks for a use of the duress key if the response does not correspond to the value expected for the user's key. The variable duress PIN approach is a feature of the card where the user can set which PIN value causes the card to use the alternate key. From a software point of view, the authentication procedure returns Yes/No/Duress. Note it is possible to have a collision between a duress response and a regular response. The competing interest problem is illustrated by the following possibility: A criminal makes an ATM money-filler open the safe at gun point (the ATM repair people do not know the safe combination). The criminal says that she knows about the duress combination and threatens to shoot the kneecaps off the person if they use the duress combination. The criminal will take the money-filler hostage for a few minutes to guarantee a clean get-away. So what does the money-filler do? To use the duress combination requires faith that the bank will handle the situation in a subtle way and thus avoid major knee surgery. For the bank, why risk loosing any money or loosing the criminal. In fact, why not just refuse to open the safe in the first place? What is the right balance between these interests? How does each party trust that the other will behave as expected? What is the benefit of this approach when the criminals already know about it? It works well against criminals that don't know about it, but is that enough to justify the overhead? These questions are not show stoppers. Individual organizations can and do answer them in order to make rational choices about duress authentication. In the cases of communicating cells, the key benefit is giving the adjacent nodes time to cleanup their surroundings of evidence or to totally "leave town". --Bob From --spin at iastate.edu-- Thu Nov 18 13:36:36 1993 From: --spin at iastate.edu-- (--spin at iastate.edu--) Date: Thu, 18 Nov 93 13:36:36 PST Subject: Sorry... Message-ID: <9311182136.AA10616@iastate.edu> I am terribly sorry about the last message. The Cc: escaped my attention. I shall be more careful in the future. From gtoal at an-teallach.com Thu Nov 18 13:36:39 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 18 Nov 93 13:36:39 PST Subject: souls and Multiple Personality Disorder Message-ID: <8991@an-teallach.com> In article erc at wetware.com "Ed Carp" writes: > I thought this was rather tasteless. MP is real. My SO is MP. It's not > very funny. Do you know what causes MP? Childhood sexual abuse. Possibly, but more often overzealous psychiatrists with an axe to grind. (Let me guess, she had no history at all of MPD before she went to a psychiatrist for some unrelated problem, right?) G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From pmetzger at lehman.com Thu Nov 18 13:54:32 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 18 Nov 93 13:54:32 PST Subject: All our eggs in one basket? In-Reply-To: <9311182106.AA19057@bilbo.suite.com> Message-ID: <9311182152.AA29541@snark.lehman.com> Jim Miller says: > However, proving them wrong while also retaining your anonymity may > be a trick. If all transactions require digitally signed confirmation from the bank, you have an audit trail from them that they can't deny was theirs. Perry From gtoal at an-teallach.com Thu Nov 18 14:01:36 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 18 Nov 93 14:01:36 PST Subject: Signal to noise/real issues Message-ID: <9000@an-teallach.com> In article <9311181959.AA12707 at anon.penet.fi> an41418 at anon.penet.fi "wonderer" writes: > those, then maybe I'm in the wrong mailing list. I think I'll post > a copy of that message to sci.crypt where people are interested in > real crypto issues. Try talk.politics.crypto and avoid pissing off everyone on sci.crypt too :-) G From gtoal at an-teallach.com Thu Nov 18 14:01:40 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 18 Nov 93 14:01:40 PST Subject: Forwarded mail from S.Boxx Message-ID: <8994@an-teallach.com> In article <199311181642.IAA26892 at soda.berkeley.edu> hughes at soda.berkeley.edu "Eric Hughes" writes: > This one was just too good to resist. > From: an12070 at anon.penet.fi (S.Boxx) > > I've finally figured out your intense loyalty, sensitivity, and > secrecy. You're homosexual lovers. > > Quite a complex and secretive culture, these cypherpunks. ITS NOT FAIR! He doesn't accuse me of being a tentacle and I don't get any interesting love-life assigned to me either :-( Can't I have one too, pretty please Lance? ___ G \X/ (The main reason I don't use these things in my sig is coz I never could draw ascii art worth a damn...) From erc at khijol Thu Nov 18 14:11:38 1993 From: erc at khijol (Ed Carp) Date: Thu, 18 Nov 93 14:11:38 PST Subject: souls and Multiple Personality Disorder In-Reply-To: <8991@an-teallach.com> Message-ID: > In article erc at wetware.com "Ed Carp" writes: > > I thought this was rather tasteless. MP is real. My SO is MP. It's not > > very funny. Do you know what causes MP? Childhood sexual abuse. > > Possibly, but more often overzealous psychiatrists with an axe to grind. > (Let me guess, she had no history at all of MPD before she went to a > psychiatrist for some unrelated problem, right?) Err, actually, no. She has memories of at least one other personality from the age of 4. Her memory is quite good...she has memories of sexual abuse (I won't go into details) at age 3. :( :( -- Ed Carp, N7EKG erc at wetware.com 510/659-9560 an38299 at anon.penet.fi, anon-1157 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From MJMISKI at macc.wisc.edu Thu Nov 18 14:22:19 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Thu, 18 Nov 93 14:22:19 PST Subject: CryptoCards Message-ID: <23111816203152@vms2.macc.wisc.edu> Could someone send me either a vendor of SecureIds (or a similar challenge/response card) or a Spec sheet, parts list and approximate cost of manufacture of one of these monsters? I've got some ideas for Telco security schemes but Id like to see what sort of Margin Im looking at first. Thanx ahead of time. --Matt ______________________________________________________________________________ In defense of liberty, encrypt for all purposes, civil and professional. In defense of privacy, encrypt all correspondence, personal and professional. In defense of sanity, do not encrypt your dry cleaning invoice! ++++++++--------mjmiski at macc.wisc.edu (c)1993 From kovar at nda.com Thu Nov 18 14:41:38 1993 From: kovar at nda.com (David Kovar) Date: Thu, 18 Nov 93 14:41:38 PST Subject: Duress Passwords/PINs/Combinations In-Reply-To: <9311182123.AA14221@LAT.COM> Message-ID: <199311182240.RAA04041@nda.nda.com> > Having a separate authentication mechanism that is used > under duress is a very good idea that some existing systems already > employ. I'll pass along the ones I have had contact with. From a > systems point of view, it is hard to figure out exactly how the system > should respond when it recognizes a duress authentication. There are > competing interests as I'll explain after some examples. The SecureID system has a duress PIN built in to it as well. Using that PIN, you're still authenticated, but the server software knows that you entered it under duress and does the "appropriate" thing. -David From owen at autodesk.com Thu Nov 18 14:44:32 1993 From: owen at autodesk.com (D. Owen Rowley) Date: Thu, 18 Nov 93 14:44:32 PST Subject: Guerilla Cells Message-ID: <9311182009.AA06202@lux.YP.acad> > From: Matthew J Miszewski > > The sendero luminoso in Peru also works this way...Of course if you break their > rules, they break your neck! > > For security reasons each 'member' of the Shining Path is only allowed > to know of two other persons in the heirarchy. This makes for good > plausible deniability as well as qwik and efficient dissolution. In Light of my posting regarding The A./. A./. ( oh.. my use of the "./." glyph is s'posed to be an ascii representation of a glyph comprised of three dots in an equalateral traingular shape, that is when its not signifying the everlasting secret family connections of the CP's -ie:cum pigs- and stands for the erect phallus and testacles :-) it should be noted that *Sendero Luminoso - shining path* is a blatant reference to Masonic/hermetic practice. It should also be noted that Masons have been (succesfully) using graphic key based encryption of their secrets for as long as they have been around, that passwords are another key element of their craft, and that every president of the united states except one has been a mason. ( can we guess which one? :-) LUX ./. owen this message needs no NSA fodder, it is subversive enough in its directness. From owen at autodesk.com Thu Nov 18 14:46:37 1993 From: owen at autodesk.com (D. Owen Rowley) Date: Thu, 18 Nov 93 14:46:37 PST Subject: The Republic of Desire (anonymous organizations) Message-ID: <9311181956.AA06133@lux.YP.acad> > > My only problem with this is knowing how to organize the > >"guerilla cell structures" or whatever it was he mentioned. Anyone have > >a ref for something that discusses guerilla cell organizations? > > The classic Russian model (late 1800's through the October Revolution) was > to have three-person cells, each of which had one person who knew one > person above them in the hierarchy and someone who knew one person below > them. This makes for good security as there is no redundant information in > the network and one failure breaks the chain. Which was also adopted by the weather-underground in the early seventys. I think a better, and non-political, model is the Astrum Argentum. The A./.A./. is a masonic style hermetic organisation. A secret society if you will. Yes it was headed by Aleister Crowley, yes it still exists today, no I cannot tell you how to contact any part of it. Thats your task to accomplish, if that is your will. I happen to believe that the philosophical basis of the A./.A./., and the OTO, otherwise known as THELEMA, offers us a glimpse of how the future is unfolding. To those pragmatists and engineering types who scoff at Magickal organisations and its members, I can only say that I truley believe if you look without prejudice - suspend disbelief - and recognise the key nature of the basic underpinnings of hermetic philosophy, you will see that *the mysterys* are laid bare all the time, and are no mystery at all, but rather good common sense. Cypherpunks above all others should easily understand that it is possible to code information in such ways that only those who have the key can understand the hidden message (esoteric) while all others see only the filler text ( exoteric). Protect the mysterys, reveal them daily. LUX ./. owen From mg5n+ at andrew.cmu.edu Thu Nov 18 14:46:41 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 18 Nov 93 14:46:41 PST Subject: souls and Multiple Personality Disorder In-Reply-To: <8991@an-teallach.com> Message-ID: x-be2 From kovar at nda.com Thu Nov 18 14:51:37 1993 From: kovar at nda.com (David Kovar) Date: Thu, 18 Nov 93 14:51:37 PST Subject: CryptoCards In-Reply-To: <23111816203152@vms2.macc.wisc.edu> Message-ID: <199311182249.RAA04409@nda.nda.com> > Could someone send me either a vendor of SecureIds (or a similar > challenge/response card) or a Spec sheet, parts list and approximate > cost of manufacture of one of these monsters? Security Dynamics, Inc. of Cambridge, MA makes the SecurID card. -David From tjm at netcom.com Thu Nov 18 15:37:19 1993 From: tjm at netcom.com (Thomas J. Merritt) Date: Thu, 18 Nov 93 15:37:19 PST Subject: unsubscribe Message-ID: <199311182337.PAA18106@mail.netcom.com> Please remove me from the cypherpunks mailing list and add me to the cypherpunks-announce mailing list. I don't have time to filter through all this stuff. Thanks, TJ Merritt tjm at netcom.com From jim at bilbo.suite.com Thu Nov 18 16:32:20 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 18 Nov 93 16:32:20 PST Subject: All our eggs in one basket? Message-ID: <9311190031.AA22296@bilbo.suite.com> Perry Metzger writes > Jim Miller says: > > However, proving them wrong while also retaining your anonymity may > > be a trick. > > If all transactions require digitally signed confirmation from the > bank, you have an audit trail from them that they can't deny was theirs. > So to prove that the bank is lying you show a third party your copy of the digitally signed receipt of the disputed transaction? I assume the third party uses the bank's public key and your public key to verify the receipt. This brings up a good question: How does the withdraw of digital money from a bank account work? In particular, how does the bank simultaneously give you money and a receipt that neither party could repudiate? I can see how they could give you the money and a receipt signed by the bank. I do not yet see how they could simultaneously give you the money and a receipt signed by both parties. I imagine the bank would use one of the simultaneous contract signing protocols and somehow produce an encryption key as the last step. The key would be used to decrypt the digital money, which was sent in an earlier step in an encrypted form. However, how can the person withdrawing the money verify the digital money is for the amount stated in the receipt if they only get the key after the last step in the receipt signing protocol. I am confused. I must not be thinking of the correct protocol. How is this situation handled? Jim_Miller at suite.com From an49149 at anon.penet.fi Thu Nov 18 16:34:58 1993 From: an49149 at anon.penet.fi (an49149 at anon.penet.fi) Date: Thu, 18 Nov 93 16:34:58 PST Subject: Attn: BlackNet. Message-ID: <9311190032.AA24844@anon.penet.fi> -----BEGIN PGP MESSAGE----- Version: 2.2 hIwCHO5QWqKhlGkBBACXLS6twtV8fsrSfa4HTrWwMCFAdhMzBR81G93ZbwG3yFV6 93WkQJMitzpT9fOxEZV8bHl3VvHAqvIv0MvQJIs+pbo2I0GskXeHWJLYOf1ritMM 8Wc6/U8FA8oe9O7RfN9fyRdipRtpAcWBsXTr2aA/lxWRThAS8dpqcfv5JN7t66YA AALtRPjG7ID8ZdrBVt8uDMUlNkEpaHyCIFG0ptdf2Q3wFOKVCrEKBDkPDW1GSYQl dAWyjCls/354X1RsP4Y+szG3B2PkT0QptXLIVBTS8SG6sn31PMNYBDyGWQvlI/mK 6VBX6/gioiDFCNGD0J/8Ig2Sbv60XxQ00DmxnNc+4uvYj7QGFBRxCYI2cX3xr9XL WxR1UvfBszM91xLNcpBE7n9onfJrmf6rsGkGlzD2gFIJDorsnY9hk6cEmj8831M0 jRUneOhMQH7Z19LGxfmv9E7Lg+pyGVJ2XWlSJVJhAwEjFuLpGM6p5vpLLEEULdsS k45wqpnIUoBEMFoTb4IyMt/Om/ZrnxH+I6zruMURCBqUTNyA32l56PRHXoHdu+0s k/4BY3y1obQMNy9PWEj5G3pSXcMeXlU3ZC4RhBApPU/VPAxMsQ5kxIspHmrLSihl EwIHoKbFCax7Maxa2LGSVkXawdS4Y68LXb8zpWM0XEoc4YzQUDo4TGVqVpexAVVQ TUklzPDjKxRyLvB8fVG+2ewTeorLG3tTlnzjcyvPtcx7/iPtggQ0uJMS5XLlOoM2 vzryYVf/D+davG0zmZI8ldlimFcpNGxKPZvWLGG0UQhDtNn27OBNfwfC4kaLwSIl 7PTDYzicDTrvtqLy/YlkJLsG/lAstrfAQ3znzc+bVHwoniZBUs3wAzbpuq2iuXyi qvcNAC7q7AqGWrU/M/XUrCr6UulxpNWFM8ta98AtoCwHQ3LtvyqPpoZJJ9syLDhq aWr2kbYM9AVZ01RdBDMuZ6Ly19rXcl8+OmXMUoEc9yYSyxBHtLS3+JkLIAwkU9lo ktdmj3QQvhaAgUBjzkad+uirk5I+x99Q+3xoG9izFfb8r6mglVgA4hOgt25bnSDb JarYlqYK0qTutg8NV+dwU4q98vdPHmlLs4EW+1zbaD6RZrXJKrODcpN1MzhbSrN0 lMxTho7XjOUHykvoab/JxSykogwZWcDWGER+/5Xo1tA= =FMfy -----END PGP MESSAGE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From michael at sdl.hitachi.co.jp Thu Nov 18 16:51:38 1993 From: michael at sdl.hitachi.co.jp (michael at sdl.hitachi.co.jp) Date: Thu, 18 Nov 93 16:51:38 PST Subject: UNSUBSCRIBE Message-ID: <9311190050.AA27639@hsdlgw92.sdl.hitachi.co.jp> Please remove me from your cypherpunks mailing list. Could you add me to the cypherpunks-announce mailing list instead? Thanks, M.B. From erc at khijol.yggdrasil.com Thu Nov 18 16:51:41 1993 From: erc at khijol.yggdrasil.com (Ed Carp) Date: Thu, 18 Nov 93 16:51:41 PST Subject: ytalk help Message-ID: Help! I got ytalk from soda.berkeley.edu and compiled it. Now it complains it can't find the ytalk daemon! There's a ytalkd.c, but it won't compile, and there's no target in the Makefile for ytalkd. Help!!! The documentation is a big lose, and the author doesn't answer his email :( :( -- Ed Carp, N7EKG erc at wetware.com 510/659-9560 an38299 at anon.penet.fi, anon-1157 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From kone at courier1.sha.cornell.edu Thu Nov 18 16:52:20 1993 From: kone at courier1.sha.cornell.edu (kone at courier1.sha.cornell.edu) Date: Thu, 18 Nov 93 16:52:20 PST Subject: The Republic of Desire (anonymous organ Message-ID: <2CEC4202@COURIER1.SHA.CORNELL.EDU> < A < / \ < B - C < / \ < D G < / \ / \ < E - F H - I < Another problem in this set up is: What if "B" is caught and put in jail/killed? How are "D" and company (including "J, K, L" and on) going to stay in touch? Some one posted that useing a "I am caught" key might help cover the trail. I think it would cut down on the uptree pateren but might not pass on info downtree. Would a side to side contact help? A / \ B - C / \ D G / \ / \ E - F - H - I How would one keep the cross over safe? An "in case of loss of contact, use PGP Key xxx?" Ideas? Will From pmetzger at lehman.com Thu Nov 18 16:54:37 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 18 Nov 93 16:54:37 PST Subject: All our eggs in one basket? In-Reply-To: <9311190031.AA22296@bilbo.suite.com> Message-ID: <9311190052.AA29960@snark.lehman.com> Jim Miller says: > So to prove that the bank is lying you show a third party your copy > of the digitally signed receipt of the disputed transaction? I > assume the third party uses the bank's public key and your public > key to verify the receipt. Presumably something like that. > > This brings up a good question: How does the withdraw of digital > money from a bank account work? In particular, how does the bank > simultaneously give you money and a receipt that neither party could > repudiate? > I can see how they could give you the money and a receipt signed by the bank. > I do not yet see how they could simultaneously give you the money > and a receipt signed by both parties. It needn't be signed by both parties. The bank could always simply claim that you'd never given them an order to withdraw money and refuse to give it to you -- cheating halfway into giving you a receipt isn't interesting, so it also needn't be simultaneous. What needed is a) the bank has to be able to show a third party a signed request for every transaction they've performed, and b) you have to be able to show a third party a signed (by the bank) receipt for every transaction you've performed. In other words, you are protected because the bank can't simply claim to the arbitrator "oh, he withdrew all his money yesterday" because they can't show an order. The bank is protected because you can't claim "oh, I deposited ten million dollars yesterday" if you can't show a receipt. Perry From jim at bilbo.suite.com Thu Nov 18 18:51:42 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 18 Nov 93 18:51:42 PST Subject: All our eggs in one basket? Message-ID: <9311190248.AA24338@bilbo.suite.com> Perry Metzger writes > What needed is a) the bank has to be able to show a third party a > signed request for every transaction they've performed, and b) you > have to be able to show a third party a signed (by the bank) receipt > for every transaction you've performed. In other words, you are > protected because the bank can't simply claim to the arbitrator "oh, > he withdrew all his money yesterday" because they can't show an order. > The bank is protected because you can't claim "oh, I deposited ten > million dollars yesterday" if you can't show a receipt. > I'm still confused, only in a different way. Let's let I want to withdraw $10,000... 1) I send the bank a signed request to withdraw 10,000 dollars 2) The bank withdraws the money but doesn't sends it to me. I go to the arbitrator and say: "The bank cheated me!!" The bank says: "We sent you the money. Here is your withdraw request, signed by you. You are lying." ------ How can I prove that the bank did not send me the money? The withdraw protocol must somehow produce a receipt, signed by *me*, saying I receiving the money. If the bank cannot present such a receipt, then the arbitrator shouldn't believe that the bank really sent the money. Yet why would I sign a receipt before verifying that the bits the bank sent me was a valid chunk of digital money? Does this mean the bank sends me valid digital money first and I reply with a signed receipt? If so, what if I claim that the transmition failed and I didn't receive the money, but I really *did* get the money? I could then tell the bank that I changed my mind and I want them to rollback the withdraw transaction? I would walk off with a valid chuck of digital money, yet my account was not decremented. Obviously I'm still missing something. Jim_Miller at suite.com From sommerfeld at orchard.medford.ma.us Thu Nov 18 19:21:42 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Thu, 18 Nov 93 19:21:42 PST Subject: hohocon In-Reply-To: <9311181655.AA08484@jobe.shell.portal.com> Message-ID: <199311190304.WAA00965@orchard.medford.ma.us> For the hohocon case you could have a calculator programmed with some one-way function (DES is available for the HP48); the remote system could generate a challenge number and you would use your calculator to DES-encrypt it with a fixed secret key, then type the result in, and the remote system would check it. In fact, that's exactly why I wrote it :-) . Maybe I should go dig up the source to the challenge-response program I wrote to go along with it.. - Bill From cdodhner at indirect.com Thu Nov 18 19:31:42 1993 From: cdodhner at indirect.com (Christian D. Odhner) Date: Thu, 18 Nov 93 19:31:42 PST Subject: Remailer cdodhner@indirect.com DOWN (temp) Message-ID: My sysadmin, due to some sort of security concern, has decreed that .forward files shall not be able to call any execution of code other than certain designated filters. Thus my remailer rolled over and died and lost three days of my mail. My sysadmin is helping me devise a workaround now so my remailer can be the exception to the rule, or bypass the rule entirely without compromiseing security of the site. I'll post to the list when it's back up. (btw, I'm off the cypherpunks list now, on cp-request) Happy Hunting, -Chris Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" My opinions are shareware. To register your copy, send me 15$ in DigiCash. Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 From Tim.Finin at cs.umbc.edu Thu Nov 18 19:34:38 1993 From: Tim.Finin at cs.umbc.edu (Timothy Finin) Date: Thu, 18 Nov 93 19:34:38 PST Subject: axe me Message-ID: <199311190333.AA05810@retriever.cs.umbc.edu> Please remove me from cypherpunks. I can't handle the volume, it seems. Tim From sommerfeld at orchard.medford.ma.us Thu Nov 18 19:51:42 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Thu, 18 Nov 93 19:51:42 PST Subject: Remailer cdodhner@indirect.com DOWN (temp) In-Reply-To: Message-ID: <199311190345.WAA01079@orchard.medford.ma.us> Yup, there was a recent CERT advisory on sendmail; see comp.mail.sendmail for the details on the attack, but basically you can jam nasty things down the throat of the sendmail "program" mailer over the net.. I'm surprised more remailers haven't been hit by this problem... - Bill From rharder at nermal.santarosa.edu Thu Nov 18 20:54:40 1993 From: rharder at nermal.santarosa.edu (Robert Harder) Date: Thu, 18 Nov 93 20:54:40 PST Subject: unsubscribe Message-ID: Please unsubscribe me from (to?) your mailing list Thank you. Rob From erc at khijol.yggdrasil.com Thu Nov 18 21:54:40 1993 From: erc at khijol.yggdrasil.com (Ed Carp) Date: Thu, 18 Nov 93 21:54:40 PST Subject: souls and Multiple Personality Disorder In-Reply-To: <8991@an-teallach.com> Message-ID: > In article erc at wetware.com "Ed Carp" writes: > > I thought this was rather tasteless. MP is real. My SO is MP. It's not > > very funny. Do you know what causes MP? Childhood sexual abuse. > > Possibly, but more often overzealous psychiatrists with an axe to grind. > (Let me guess, she had no history at all of MPD before she went to a > psychiatrist for some unrelated problem, right?) Err, actually, no. She has memories of at least one other personality from the age of 4. Her memory is quite good...she has memories of sexual abuse (I won't go into details) at age 3. :( :( -- Ed Carp, N7EKG erc at wetware.com 510/659-9560 an38299 at anon.penet.fi, anon-1157 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From unicorn at access.digex.net Fri Nov 19 00:11:44 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 19 Nov 93 00:11:44 PST Subject: privacy and rights (short reply) Message-ID: <199311190810.AA06308@access.digex.net> Having worked in Liechtenstein banks, I can assure you numbered accounts exist. From jrk at sys.uea.ac.uk Fri Nov 19 05:11:50 1993 From: jrk at sys.uea.ac.uk (Richard Kennaway) Date: Fri, 19 Nov 93 05:11:50 PST Subject: Useless anonymity Message-ID: <12282.9311191315@s5.sys.uea.ac.uk> We are accustomed to seeing useless messages of various sorts on this and other electronic forums. Messages that quote a long article only in order to add "Me too" at the end, messages of no interest to anyone but the individual they are directed to, content-free banter, ego-driven flame wars, and so on. They still happen -- inexperienced people are always joining the net -- but most people eventually learn to avoid making these faux pas. Anonymity brings a new class of useless message, of which the following from Black Unicorn is a recent example. I quote it in its entirety: >Having worked in Liechtenstein banks, I can assure you numbered >accounts exist. "Black Unicorn" is an obvious pseudonym, and I'm assuming that it is not one with an established reputation. (For all I know, "Black Unicorn" might be as famous as the Legion of Doom, but for the sake of argument I'll assume that it isn't.) What is the use of an unsubstantiated assertion, from an unreputed[*] source, with no means of verification? Having read Black Unicorn's bald asertion, I am as ignorant as before of whether numbered accounts exist, in Liechtenstein or elsewhere. New ideas or arguments can be useful regardless of their source. Likewise pointers to places where evidence may be obtained. Assertions by reputable sources may be taken on trust (I place far more weight on Perry Metzger's comments about numbered accounts than the Black Unicorn's). The quoted message does none of these. It is wholly useless, a waste of its author's time, and of ours. [*] "unreputed": a word I just coined as an opposite to "reputable", meaning not "disreputable", i.e. having a bad reputation, but having no reputation at all. -- ____ Richard Kennaway __\_ / School of Information Systems Internet: jrk at sys.uea.ac.uk \ X/ University of East Anglia uucp: ...mcsun!ukc!uea-sys!jrk \/ Norwich NR4 7TJ, U.K. From honey at citi.umich.edu Fri Nov 19 05:56:49 1993 From: honey at citi.umich.edu (peter honeyman) Date: Fri, 19 Nov 93 05:56:49 PST Subject: Forwarded mail from S.Boxx Message-ID: <9311191355.AA03429@toad.com> lance has another epiphany. (grep for epiphany in the archives if you want more confirmation of the s. boxx identity.) and if you don't deny it, he will treat that as confirmation. i pointed out in private mail to him that this is mccarthyism. peter From honey at citi.umich.edu Fri Nov 19 06:06:52 1993 From: honey at citi.umich.edu (peter honeyman) Date: Fri, 19 Nov 93 06:06:52 PST Subject: Encryption: A Testimonial Message-ID: <9311191405.AA03550@toad.com> > Actually, you could fool a lot of people by creating a hidden disk > partition. Nobody would know there was anything hidden unless they did > a detailed sector-scan of the disk. Is there any good software for > doing this with modern operating systems? this is very easy in unix: put your secret stuff in a directory, then mount a file system on that directory. peter From VACCINIA at UNCVX1.OIT.UNC.EDU Fri Nov 19 06:32:34 1993 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Fri, 19 Nov 93 06:32:34 PST Subject: use cypherpunks-request@toad.com to unsubscribe Message-ID: <01H5HTUR9VYQ0030GX@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- Is there some reason that all these people are unsubscribing to the list? It's getting quite annoying. To anyone who wishes to unsubscibe, please do so to cypherpunks-request at toad.com, I do believe that's the correct format. I already know why your unsubscribing, you don't have to tell me either of the two reasons. Scott G. Morham !The First, Vaccinia at uncvx1.oit.unc.edu ! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLOnGuj2paOMjHHAhAQFeegQAoLjOfj3QrpZrSadjNwCMGHKgvyWarqXM RsD3ZoOLKFZ3bIY52cD4ZlxKEe6a/XeRnnSfwBJiNRDw9N7hpMoiNDWUWOSJJ7bb mZsSLkjF3daGGjikRXdqJWjpPVSMoVgERjY/76+lMMu/PKkzmxPa8vIn5vikIU9q 8BxidRWlcGs= =8WA2 -----END PGP SIGNATURE----- From pmetzger at lehman.com Fri Nov 19 08:21:55 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 19 Nov 93 08:21:55 PST Subject: All our eggs in one basket? In-Reply-To: <9311190248.AA24338@bilbo.suite.com> Message-ID: <9311191618.AA05532@snark.lehman.com> Jim Miller says: > Perry Metzger writes > > > What needed is a) the bank has to be able to show a third party a > > signed request for every transaction they've performed, and b) you > > have to be able to show a third party a signed (by the bank) receipt > > for every transaction you've performed. In other words, you are > > protected because the bank can't simply claim to the arbitrator "oh, > > he withdrew all his money yesterday" because they can't show an order. > > The bank is protected because you can't claim "oh, I deposited ten > > million dollars yesterday" if you can't show a receipt. > > > > > I'm still confused, only in a different way. Let's let I want to withdraw > $10,000... > > > 1) I send the bank a signed request to withdraw 10,000 dollars > > 2) The bank withdraws the money but doesn't sends it to me. > > I go to the arbitrator and say: "The bank cheated me!!" > > The bank says: "We sent you the money. Here is your withdraw request, signed > by you. You are lying." > > ------ > > How can I prove that the bank did not send me the money? You can't with the partial protocol I've described thus far, but assuming that you have to do something like signing the digital draft in order to spend it, the bank's failure to provide a signed copy of the draft with your signature demonstrates that you haven't spent the money. The arbitrator needn't care if you already got the cash -- he can order the bank to send you another copy of the draft that they sent you. I must admit that I haven't worked out the protocols for this yet, but from the sketches I've made I think a quite workable system is practical. I don't think you can cover all forms of cheating by the bank, but I think you can construct things such that if someone tries to cheat you you can prove it. Perry From p00445 at psilink.com Fri Nov 19 09:04:45 1993 From: p00445 at psilink.com (A.J. Janschewitz) Date: Fri, 19 Nov 93 09:04:45 PST Subject: FTP archive for PGP Message-ID: <2962814393.0.p00445@psilink.com> Sorry for the list post of a FAQ, but I've been away from this area of the net for a while. What are current ftp sites for PGP? Please reply by direct email ... thanks. From mech at eff.org Fri Nov 19 09:06:55 1993 From: mech at eff.org (Stanton McCandlish) Date: Fri, 19 Nov 93 09:06:55 PST Subject: CYPHERPUNK CRIMINAL t-shirts Message-ID: <199311191704.MAA10471@eff.org> Several people apparently missed the original post and have no idea what t-shirt is being referred to. Here it is again. So far I've gotten about 30 "I want one" responses. I'm not sure if the customization is doable, especially the digital signature, but we'll see. _______ begin fwd ______________ > L. Detweiler has a rather hefty essay in the latest Risks on the > subject of `pseudospoofing', social parasites, "a criminal group > called the CryptoAnarchists" (with members such as "Eric May" and > "T.C. Hughes"), and such matters. I will not forward it to the > list, unh unh, no way. Reminds me of one of my proudest moments: L.D. (who this time claimed their first name was Linda; what a pseudospoofer!) in a fit of rage labelled me a "CYPHERPUNK CRIMINAL", caps L.D.'s. I'm thinking of having one of those little desk signs made, saying "Anton Mechanism, Cypherpunk Criminal" just for kicks. Or maybe a t-shirt. Hell I could market these, personalized: Stanton McCandlish, mech at eff.org [pgp sig here] CCCC Y Y PPPP H H EEEEE RRRR PPPP U U N N K K C Y Y P P H H E R R P P U U NN N K K C Y PPPP HHHHHH EEEEE RRRR PPPP U U N N N KKK C Y P H H E R R P U U N N N K K CCCC Y P H H EEEEE R RR P UUU N NN K K CCCC RRRR IIIII M M IIIII N N A L C R R I MM MM I NN N A A L C RRRR I M MM M I N N N A A L C R R I M M I N N N AAAAA L CCCC R RR IIIII M M IIIII N NN A A LLLLL Anyone buying? _____________ end fwd __________________ They'd be black w/white lettering of course, so they glow mightily under the black light. What I'm looking to do is *maybe* make these shirts, mostly in XL, but some XXL's also since people ask for them, and in a good weight of cotton, then sell them at a not unreasonable profit. Probably $10 or $15 + p/h. This will not be done immediately, I'm still trying to figure out how much it would cost to do this, especially if they are customized. Probably will make a non-custom version, and if possible a custom one that would cost a little more. Time will tell, but I can't guarantee anything yet, since many of the details are up in the air, and I'll have to see whether or not I can afford the initial outlay (I'm planning to move by Jan., so this proj might get backburnered until Feb. or something. If you are in, just send a note, and I'll add you to the list (probably w/o replying) of people that want one. Please specify if you would NOT be interested if it's not customized, as that's significant. Now back to the regularly scheduled flames, code haggling and NSA bashing. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From cme at sw.stratus.com Fri Nov 19 09:11:57 1993 From: cme at sw.stratus.com (Carl Ellison) Date: Fri, 19 Nov 93 09:11:57 PST Subject: CryptoCards Message-ID: <199311191707.MAA11185@ellisun.sw.stratus.com> One reader writes: >please send your contacts since I need to do price comparisons. Thanks. OK -- it's enough work typing that I'm sending this to the whole list. These are about a year old so they might have changed. Racal-Guardata 480 Spring Park Place - Suite 900 Herndon VA 22070 TEL 703-471-0892 FAX 703-437-9333 (my contact: Marc Paulina) Cylink 310 No. Mary Ave Sunnyvale CA 94086 TEL 408-735-5885 FAX 408-735-6645 (my contact: John C. Kennedy; jk at cylink.com) Digital Pathways 221 West Grand Avenue Montvale NJ 07645-2019 TEL 201-391-5100 FAX 201-391-9138 Security Dynamics One Alewife Center Cambridge MA 02140-2312 TEL 617-547-7820 FAX 617-354-8836 (my contact: Susan Symanski) Enigma Logic 2151 Salvio, Suite 301 Concord CA 94520 TEL 510-827-5707 FAX 510-827-2593 - <> - Carl Ellison cme at sw.stratus.com - Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783 - 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488 From hfinney at shell.portal.com Fri Nov 19 09:34:44 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Fri, 19 Nov 93 09:34:44 PST Subject: All our eggs in one basket? Message-ID: <9311191734.AA10094@jobe.shell.portal.com> Some of Jim's points can be addressed with existing protocols. When the bank sends you cash which you have withdrawn they would want to send it in such a way that they get a return receipt from you. That way they can prove you have received it. Schneier's book describes such a "digital certified mail" protocol in section 6.3 of his book, but it looks like it uses a lot of data. More concise implementations may exist. Other forms of cheating could be imagined. I could send cash to a company, and they could refuse to send me goods, but claim that they had done so. Or I could receive goods from a company, but claim that they never arrived. These could also be addressed with certified mail, either paper or digital, depending on whether the goods are physical or electronic. In an online system, the bank could refuse to accept a cash deposit, even though it was valid cash, claiming that it had already been deposited. To prevent this, the bank would have to record who made each deposit in the past and stand ready to reveal this information. A merchant could collude with the bank to provide forged deposit records to help with this scam. I don't see how to solve this one, but if it were done on a large scale people might become suspicious about the excess of apparent double-spending via a small number of merchants. The bank's reputation would suffer, as long as people found out about it. Perhaps customers should demand that banks publish statistics about (apparent) double-spending in order to detect this scam. Hal Finney hfinney at shell.portal.com From p00445 at psilink.com Fri Nov 19 09:51:54 1993 From: p00445 at psilink.com (A.J. Janschewitz) Date: Fri, 19 Nov 93 09:51:54 PST Subject: Thanks. Message-ID: <2962817340.0.p00445@psilink.com> Thanks to the several who have responded to my info request ... I'm all set. From mkapor at kei.com Fri Nov 19 10:01:54 1993 From: mkapor at kei.com (Mitchell Kapor) Date: Fri, 19 Nov 93 10:01:54 PST Subject: Nightly Business Report Message-ID: <199311191427.JAA23332@kei.com> Announcement suitable for reposting. Please pass this around all the usual places. On Thursday, November 25th, the Nightly Business Report, which is broadcast nationally on PBS, will feature a Thanksgiving Day special on "The Informationm Highway". Guests include Ray Smith, CEO of Bell-Atlantic, and Mitch Kapor of EFF. Check local listings for times. I taped this yesterday and think it will be worth watching. ................................................................... Mitchell Kapor, Chairman Electronic Frontier Foundation *** Join EFF!!! Send mail to membership at eff.org for information *** From wex at media.mit.edu Fri Nov 19 10:31:57 1993 From: wex at media.mit.edu (Alan (Gesture Man) Wexelblat) Date: Fri, 19 Nov 93 10:31:57 PST Subject: All our eggs in one basket? In-Reply-To: <9311191734.AA10094@jobe.shell.portal.com> Message-ID: <9311191831.AA04377@media.mit.edu> It seems we're worrying about something that is between a non-problem and a simple copy of an existing problem. Today we use paper cash and paper forms. I go to the bank to make a withdrawal, I fill out a paper form requesting money. They take the form, fail to give me cash, claim that I have been given cash. What recourse do I have? (Several is the answer, but the point is that it's not a problem new to digicash.) Today I order from a supplier. I send a paper form of payment (P.O., check, paper copy of my CC #, etc.). They cash such form and do not send me goods (or claim that they did and they were lost in transit). What recourse do I have? (Again, several. Again the point is that digicash does not seem to be introducing new problems; rather it's giving us new forms of old ones.) As a side note: one of the reasons I use credit cards (even though it gives a record of my purchases that can be used for marketing and other unintended purposes) is that the CC company does a large volume of business and guarantees my transaction. If I dispute a charge with the merchant, the CC company automatically takes my side. They take it out of the merchant's hide. Plus, since the merchant doesn't want to be in a bad way with a big customer (Visa, say) -- there is a huge incentive for him to make good, much more incentive than if he were dealing with me directly. For these reasons, I think that something like CC houses will still prosper under a digicash regime. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request Try not to have a good time ... This is supposed to be educational. From jim at bilbo.suite.com Fri Nov 19 11:46:58 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Fri, 19 Nov 93 11:46:58 PST Subject: All our eggs in one basket? Message-ID: <9311191945.AA08821@bilbo.suite.com> > How can I prove that the bank did not send me the money? > > The withdraw protocol must somehow produce a receipt, > signed by *me*, saying I receiving the money. If the bank > cannot present such a receipt, then the arbitrator > shouldn't believe that the bank really sent the money. > > Yet why would I sign a receipt before verifying that the > bits the bank sent me was a valid chunk of digital money? > Does this mean the bank sends me valid digital money first > and I reply with a signed receipt? > Perhaps the bank would send the valid chuck of digital coin first. If I failed to reply with a signed receipt, the bank could invalidate the digital coin. I assume the bank could register the coin in a "voided coin" registry, placing my "name" in the registry along side the coin's ID. If I kept the coin, without sending a receipt, and later tried to spend it, I would eventually get caught. The coin would make its way back to the bank and when it arrived, the bank would see that it was a voided coin and it would know that I was the one who first tried to spend it. Here's the protocol so far: 1) I send the bank a signed request asking to withdraw $10,000. The bank could use this request to prove it was given permission to withdraw money from my account. 2) The bank withdraws the money from my account, mints digital coin X with value $10,000 and sends it to me. 3) I validate the coin, and send a signed receipt saying I received coin X with value $10,000. If I fail to send the receipt, the bank places my "name" and "coin X" in a voided coin registry, and refunds my account for the value of the coin. What if I send the receipt, but the bank puts the coin on the voided coin list anyways *and* fails to refund my account? I would want some way of proving that I received a valid coin, sent the receipt, and the receipt was received. To do this, we modify step 3). Instead of simply sending the bank a signed receipt, the bank and I would engage in a simultaneous contract signing protocol which would result in both parties receiving a "receipt" of the coin transfer. If the bank tried to cheat me by putting the valid coin in the voided coin registry, I would be able to prove that the bank sent me the coin (I still have the coin) and that the bank received a receipt (I have a copy of the simultaneously signed receipt). If I tried to cheat the bank by saying I never received the coin, the bank would be able to prove that I *did* received the coin (the simultaneously signed receipt indicates that I *said* I received the coin). The bank also has the signed withdraw request proving it was authorized to withdraw money from the account. If I received the coin, yet fail to engage in the receipt signing protocol, the bank would place the coin in the voided coin registry. If the bank withdrew the money yet failed to send me the coin, I could show the arbitrator my last two bank statements (before the cheating). If the bank could not produce the transfer receipt for the disputed withdraw, the arbitrator would rule in my favor. How does all this sound? I'm not claiming to have just invented something. I'm just trying to find out if I correctly understand the withdraw of digital coins from a digital bank account. Jim_Miller at suite.com From hughes at ah.com Fri Nov 19 12:21:58 1993 From: hughes at ah.com (Eric Hughes) Date: Fri, 19 Nov 93 12:21:58 PST Subject: All our eggs in one basket? In-Reply-To: <9311191945.AA08821@bilbo.suite.com> Message-ID: <9311192023.AA06333@ah.com> >If I failed to reply with a signed receipt, the bank could invalidate the >digital coin. Unfortunately for this idea, when the bank uses a blind signature to issue coins, it doesn't know what coin it just issued actually looks like. The bank signs a blinded form of the coin. The blinded form is unblinded by the withdrawer, and the bank cannot know what it looks like. Eric From unicorn at access.digex.net Fri Nov 19 13:21:58 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 19 Nov 93 13:21:58 PST Subject: anonymous postings and trust Message-ID: <199311192121.AA15255@access.digex.net> -----BEGIN PGP SIGNED MESSAGE----- Consider this -> Date: Fri, 19 Nov 93 13:15:20 GMT From: jrk at sys.uea.ac.uk (Richard Kennaway) Subject: Useless anonymity We are accustomed to seeing useless messages of various sorts on this and other electronic forums. Messages that quote a long article only in order to add "Me too" at the end, messages of no interest to anyone but the individual they are directed to, content-free banter, ego-driven flame wars, and so on. They still happen -- inexperienced people are always joining the net - -- but most people eventually learn to avoid making these faux pas. <- I agree. Especially with regard to the "Me too" analogy. - -> Anonymity brings a new class of useless message, of which the following from Black Unicorn is a recent example. I quote it in its entirety: >Having worked in Liechtenstein banks, I can assure you numbered >accounts exist. <- You would have preferred that I quote the entire thread and then add my comment? Or is it the lack of accompanying detail in the comment that you resent? - -> "Black Unicorn" is an obvious pseudonym, and I'm assuming that it is not one with an established reputation. (For all I know, "Black Unicorn" might be as famous as the Legion of Doom, but for the sake of argument I'll assume that it isn't.) <- To begin, I have been active in cypherpunks list since about last fall or winter (the exact date escapes me). I left during the summer to return home (Liechtenstein) and returned to the states with new internet arrangements recently. I don't claim to be reputed on the list, but I hope likewise that I am not notorious, certainly not on the level of the "Legion of Doom. Oh, just so everyone knows, I'm a he, not an it. - -> What is the use of an unsubstantiated assertion, from an unreputed[*] source, with no means of verification? Having read Black Unicorn's bald asertion (sic), I am as ignorant as before of whether numbered accounts exist, in Liechtenstein or elsewhere. <- What use is an unsubstantiated assertion from a "reputed" source? It is likewise dependent upon your evaluation of credibility. What I see here is a fundamental difference in the concept of anon posting. I hold a JD from Georgetown and a masters in International Relations to boot. Part of my marketability in the job market was the appearance of a conservative and level headed, status-quo loving, policy wise, right wing, go getter. Considering my employment and the nature of my (rather questionable) intellectual pursuits, (cypherpunks fitting the bill when one considers the political views of my employer and colleagues) it makes little sense to post as my self, but I prefer not to post as anXXXX at anon.penet.fi either. My access account is a nice compromise. Publicly at any rate. In E-Mail, should you wish to so correspond, I would be happy to discuss more specifically, my employment or my experience. To do so publicly is to shoot myself in the foot. I might add that for other purposes, I use anon.penet.fi as well, but this is when I'm more interested in not having any accountability what so ever. Under these circumstances, I understand the reluctance to give any weight to a post, in fact I would argue that most of the time, those who post through anXXXX don't intend that their posts be given much weight. Usually these are harassment posts or questions that posters don't want later attributed to them. The purpose is to avoid a great deal of attention, other than by those in the know (with the question example at least). You are perhaps ignorant of Liechtenstein's banking policy, most people are ignorant of Liechtenstein. My intent was to at least advise the poster that his/her research was not yet in enough depth. I really was, and am, not in a position to comment on banking policy in a public way in much detail. Even commenting at all was within an ethical gray considering my former and current connection with the industry. If what you're looking for in every post is proof, then you might as well ask for a digital signature from a large bank in Liechtenstein. A digital signature from His Serene Highness Prince Hans-Adam II might come closer. Even then it comes down to how well you trust the signature. Strictly speaking, by your argument, anything I post is to be ignored. Even posts with regard to weather (subject matter appropiateness non-withstanding). Should you be more interested in detail, I would be happy to discuss what I can in person, by telephone, or in encrypted E-Mail, in descending order of the detail I would be willing to disclose. - -> New ideas or arguments can be useful regardless of their source. <- Harmonize this with your previous and later position that my post is entirely without value. Did I contribute nothing at all? - -> Likewise pointers to places where evidence may be obtained. Assertions by reputable sources may be taken on trust (I place far more weight on Perry Metzger's comments about numbered accounts than the Black Unicorn's). <- (1) providing specific past employment information about myself publicly would tend to place me in a compromising position. (2) the amount of weight you assign any post will depend on your experience with that posters previous record and accuracy. If I used the pseudonym "Tom Jones" would you be happier? It's still not my name is it? Seems to me you are expressing trust reservations that should be based on time gained experience and not the superficial appearance of my name. If your position is solely that you have never seen posts by me before, and therefore are unaware of my credibility, fine, but characterize your criticism in that frame, not by ranting on anonymous posts. If my name had been Majud Rajakad, would a trust factor (positive or negative) be implied? What about Roosevelt Washington, or Fred Rosenberg? - -> The quoted message does none of these. It is wholly useless, a waste of its author's time, and of ours. <- I enjoy posting to cypherpunks. Hardly a waste of my time, I cannot speak for you. - -> [*] "unreputed": a word I just coined as an opposite to "reputable", meaning not "disreputable", i.e. having a bad reputation, but having no reputation at all. <- Gee, thanks. - -> - -- ____ Richard Kennaway __\_ / School of Information Systems Internet: jrk at sys.uea.ac.uk \ X/ University of East Anglia uucp: ...mcsun!ukc!uea-sys!jrk \/ Norwich NR4 7TJ, U.K. <- - -uni- (Dark) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLO03axibHbaiMfO5AQFXmAQAlLvcJ+A5W5ZTH8lUjuJtInyqkeqKFtlj zRFE7h+5h1KWcXbx7r5HzHKGZf2YQycR+l+Jn+WDSZ/nizAagMJuo+VLhvffi7+a U5y7eg4cXzrW3pG0eCwR53Ivll6AxZGS56aAuJAiUQafuZOvHHa8loMTAjlT3P4O siQtqR/6ruM= =ksGs -----END PGP SIGNATURE----- From hfinney at shell.portal.com Fri Nov 19 13:22:39 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Fri, 19 Nov 93 13:22:39 PST Subject: All our eggs in one basket? Message-ID: <9311192122.AA24764@jobe.shell.portal.com> Although Jim's protocol doesn't quite work, as Eric pointed out, because of the re-blinding, it does suggest another approach. If the bank sent you a coin and you claim you never got it (maybe you're telling the truth, maybe not), they can just send it again. You can't cheat because at best this will allow you to get two copies of the same coin. Contrariwise, if the bank cheats and never sends you the coin, just ask them to send it again. They have no basis for refusal. Here we see a case where the ease of duplication of digital money is actually an advantage, rather than the disadvantage it usually seems to be. Hal Finney hfinney at shell.portal.com . From baum at newton.apple.com Fri Nov 19 13:46:59 1993 From: baum at newton.apple.com (Allen J. Baum) Date: Fri, 19 Nov 93 13:46:59 PST Subject: Digital futures - the catastrophic edge Message-ID: <9311192142.AA04263@newton.apple.com> There's been a lot of talk about digital money, digital identities, how it might work, protocols for verifiability in the face of spoofing, how to remain anonymous in spite of the best efforts of someone to find you, etc, etc. They all (to my unpracticed eye) rely on someone knowing a secret. And only that someone knowing the secret. Well, what if someone else finds it? What if someone breaks into your house, finds it written somewhere, or in some file somewhere? It's one thing to say "anyone who allows that to happen is stupid"- but people can be pretty stupid. Or, conversely, what if the number of people who know it is <1, rather than >1, i.e. what if you lose your secret key. In a world where your identity is digital, the consequences could be catastrophic. I can think of some extremely nasty consequences. It makes the recent stories of people who have been mistaken (& prematurely) declared dead seem pretty minor. So, my question is, what are the damage control mechanisms? Has anyone thought about this much? ************************************************** * Allen J. Baum tel. (408)974-3385 * * Apple Computer, 20525 Mariani Ave, MS 305-3B * * Cupertino, CA 95014 baum at apple.com * ************************************************** From hughes at ah.com Fri Nov 19 14:21:58 1993 From: hughes at ah.com (Eric Hughes) Date: Fri, 19 Nov 93 14:21:58 PST Subject: All our eggs in one basket? In-Reply-To: <9311192122.AA24764@jobe.shell.portal.com> Message-ID: <9311192220.AA06614@ah.com> >If the bank sent >you a coin and you claim you never got it (maybe you're telling the truth, >maybe not), they can just send it again. In fact, if the bank signs a committment to give you a particular coin, the bank can't claim to have never received your request. For high value transactions where timeliness is a concern, this prevents the bank from claiming that they didn't get the original request and thus making a "delay of service" attack against you. Delay of service is the denial of the service of timeliness. Eric From hughes at ah.com Fri Nov 19 14:26:59 1993 From: hughes at ah.com (Eric Hughes) Date: Fri, 19 Nov 93 14:26:59 PST Subject: Digital futures - the catastrophic edge In-Reply-To: <9311192142.AA04263@newton.apple.com> Message-ID: <9311192226.AA06623@ah.com> re: # parties != 1 knowing secrets The secrets in cryptography are too long to be memorized. Therefore, some computer hardware will need to be the storage container. Secure containers for such secrets can be constructed at much less cost than the value of having the secret escape. Since secrets come in different levels of value, so will containers. Since the secrets are data, they can be backed up as well, with a variety of redundancy mechanisms and social constraints. One can use encrypted data with human-recallable pass phrase (as PGP secret keys) or secret sharing to multiple trustees, or a combination. Eric From unicorn at access.digex.net Fri Nov 19 15:11:59 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 19 Nov 93 15:11:59 PST Subject: anonymous posts Message-ID: <199311192308.AA02672@access.digex.net> -> You say that you wish to remain anonymous, then state where you got your JD etc., but you can't give any details about banking knowledge that may be useful in digital cash schemes. This is a bit inconsistant. I would have (possibly) known less about you if you had just put some new info out to the list. <- Well, what did I tell you? You know that I have a JD from Georgetown and a Masters from some ( not accidently unnamed ) school in International Relations. Considering GU's 600+ member class, and my age (which could range from 26-76) that doesn't narrow it down much does it? In that I admitted being male, I suppose that about halfs the number, but doesn't leave you with much to go on. However, If I provided details about my place of employment and that banks I was associated with in Liechtenstein, where would I be? Not many U.S. educated types in Liechtenstein. Fewer still with a law degree. As it is however, you'd have to file through extensive personal lists past and present in a very secretive country. Even so I'm not about to disclose my former Liechtenstein employer publicly. Without this info, you'd be much better off trying to find all the people who graduated Georgetown and hold a masters in IR from XYZ. That's a lot more comfortable for me. -uni- (Dark) From an15489 at anon.penet.fi Fri Nov 19 16:16:59 1993 From: an15489 at anon.penet.fi (Jack Daniels) Date: Fri, 19 Nov 93 16:16:59 PST Subject: Privacy/Money Orders Message-ID: <9311200014.AA06267@anon.penet.fi> Many people use local check cashing stores to cash pay checks and buy money orders. Money orders are particularly useful when you want to retain some level of privacy when purchasing things like dirty magazines, subversive literature, etc. There are currently two bills in the House that may force these businesses to close. HR 1448 and HR 3235. I don't have the text of these bills, but some of the check cashing stores in my 'hood are asking customers to write their Hon. Misrepresentative immediately and ask them to block these bills. Does anyone have access to the text of these bills? Jack ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From an15489 at anon.penet.fi Fri Nov 19 16:17:04 1993 From: an15489 at anon.penet.fi (Jack Daniels) Date: Fri, 19 Nov 93 16:17:04 PST Subject: Privacy/Money Orders Message-ID: <9311200014.AA06272@anon.penet.fi> Many people use local check cashing stores to cash pay checks and buy money orders. Money orders are particularly useful when you want to retain some level of privacy when purchasing things like dirty magazines, subversive literature, etc. There are currently two bills in the House that may force these businesses to close. HR 1448 and HR 3235. I don't have the text of these bills, but some of the check cashing stores in my 'hood are asking customers to write their Hon. Misrepresentative immediately and ask them to block these bills. Does anyone have access to the text of these bills? Jack ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From jim at bilbo.suite.com Fri Nov 19 16:56:59 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Fri, 19 Nov 93 16:56:59 PST Subject: All our eggs in one basket? Message-ID: <9311200054.AA13432@bilbo.suite.com> Eric Hughes writes > > Jim Miller writes > > > >If I failed to reply with a signed receipt, the bank could invalidate the > >digital coin. > > Unfortunately for this idea, when the bank uses a blind signature to > issue coins, it doesn't know what coin it just issued actually looks > like. The bank signs a blinded form of the coin. The blinded form is > unblinded by the withdrawer, and the bank cannot know what it looks > like. > I just got "Applied Cryptography" so now I know what you mean by "blinded form of the coin". I was thinking that the bank actually constructed the coin, but in fact the bank merely signs one of my blinded money orders. This signed blinded money order becomes the "coin" (at least in this scheme). That being the case, I still not sure how I am protected from a bank that cheats by bring the protocol up to the point where I unblind 99 of the money orders and the bank deducts the amount from my account but never sends me the money. I have some more reading to do, it seems. Perhaps I can simply trust the bank not to do this because it wants my future business. Still, if it were possible, I'd prefer not to have to trust the bank. After all, the bank doesn't have to trust me. Jim_Miller at suite.com From smb at research.att.com Fri Nov 19 17:11:59 1993 From: smb at research.att.com (smb at research.att.com) Date: Fri, 19 Nov 93 17:11:59 PST Subject: Privacy/Money Orders Message-ID: <9311200108.AA12849@toad.com> Many people use local check cashing stores to cash pay checks and buy money orders. Money orders are particularly useful when you want to retain some level of privacy when purchasing things like dirty magazines, subversive literature, etc. There are currently two bills in the House that may force these businesses to close. HR 1448 and HR 3235. I don't have the text of these bills, but some of the check cashing stores in my 'hood are asking customers to write their Hon. Misrepresentative immediately and ask them to block these bills. Does anyone have access to the text of these bills? You can get some information on bills via telnet to locis.loc.gov, the Library of Congress Information Service. Here's what I found on those two bills -- it may be possible to get more, if you know how to work the search engine, which I don't. ITEM 1 OF 1 SET 1: BRIEF DISPLAY FILE: C103 (ASCENDING ORDER) 1. H.R.1448: SPON=Rep Fields, C., (Cosp=34); OFFICIAL TITLE: A bill to establish a limit on the fee which certain persons may charge for cashing checks and other instruments, to require despository institutions to cash checks issued by the United States or a State, and to provide that checks drawn by the Federal Government may be mailed only to the personal residence or primary place of business of the payee, to a Federal post office box, or to a federally insured depository institution at which the payee holds an account. ITEM 1 OF 1 SET 2: BRIEF DISPLAY FILE: C103 (ASCENDING ORDER) 1. H.R.3235: SPON=Rep Gonzalez, (Cosp=6); OFFICIAL TITLE: A bill to amend subchapter II of chapter 53 of title 31, United States Code, to improve enforcement of antimoney laundering laws, and for other purposes. From ld231782 at longs.lance.colostate.edu Fri Nov 19 17:34:44 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 19 Nov 93 17:34:44 PST Subject: PRZ on Pseudospoofing Message-ID: <9311200133.AA27198@longs.lance.colostate.edu> Mr. Zimmermann gave a fantastic talk yesterday to a packed house at a Boulder (CO) Unix meeting. I really am extremely depressed that none of the CA cypherpunks showed up (NOT! ). He talked about the complex issues associated with his program. He's opposed to the Internet PEM standard because it is a weaker standard than PGP in the sense that it has a standard initialization vector, exposes recipients & senders of messages in plaintext (if I'm not mistaken, sorry, I'm not an expert but do play one on the cypherpunks list). Interestingly, he said that he thought that RSA was somewhat afraid of him because (according to an insider) they didn't want to confront his `folk hero' status. Mr. Zimmermann also had many comments on America as a police state. Unfortunately, I missed most of the talk because I am rather feckless in real-world navigation vs. cyberspace and had a difficult time zeroing in on the meeting geography coordinates (hee, hee). I would have taken copious notes that would have shamed the best CA cypherpunk and reported them wholesale if I had got there in time. I would be interested in hearing anyone else's impressions of the meeting. Mr. Zimmermann appeared to be somewhat sympathetic to my concerns about pseudospoofing, particularly on the part of cypherpunks. He entertained my suggestion of `signature revocation certificates' that would spread virus-like to revoke trust through the `web of trust' when someone realized they had been spoofed (betrayed). He seems to think that as long as everybody follows the guidelines in the PGP documentation, the `web of trust' would not really ever be corrupted. But he seemed to come around in thinking that a `signature revocation certificate' might lead to a more dynamic and responsive (and hence pure) web of trust. An audience member asked Mr. Zimmermann if his arrangement with ViaCrypt and licensing of RSA patents was `making stronger' RSA Inc. and (implicitly) their stranglehold lock on public key patents. He replied that the agreement actually made PGP stronger. BTW don't `harass' Mr. Zimmermann over any features, at least don't expect to see major revisions soon, they are all on the top of the queue while he is in the `promotion of Viacrypt' stage vs. the `major development and feature push' stage. ===cut=here=== To: prz at acm.org Subject: a simple question Date: Wed, 17 Nov 93 22:11:31 -0700 From: "L. Detweiler" [Some] cypherpunks have made it clear to me they condone, and perhaps widely practice, the following scenarios related to PGP: 1) real people signing imaginary identity's keys. I.e., I could make up different identities (pseudospoofing) and sign their identities, and have others sign these identities. 2) putting imaginary identities on the key servers. do you have some kind of opinion on these practices? they seem rather dishonest to me, to say the least. But what do I know? Subject: Re: a simple question To: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Thu, 18 Nov 93 1:39:13 MST From: Philip Zimmermann It's not something I would do myself. It strikes me as having potential to lead to bad situations, as you have described in earlier notes. I prefer to deal with people only as my real self. It strikes me as unethical if used in fraudulent ways. That's my opinion. [...] Regards, Phil From jef at ee.lbl.gov Fri Nov 19 17:54:44 1993 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Fri, 19 Nov 93 17:54:44 PST Subject: Privacy/Money Orders Message-ID: <9311200153.AA26952@ace.ee.lbl.gov> >You can get some information on bills via telnet to locis.loc.gov, >the Library of Congress Information Service. Still a few bugs in this system - amusing transcript appended. --- Jef Script started on Fri Nov 19 17:42:01 1993 % telnet locis.loc.gov Trying 140.147.254.3... Connected to locis.loc.gov. Escape character is '^]'. L O C I S : LIBRARY OF CONGRESS INFORMATION SYSTEM To make a choice: type a number, then press ENTER 1 Library of Congress Catalog 4 Braille and Audio 2 Federal Legislation 5 Organizations 3 Copyright Information 6 Foreign Law * * * * * * * * * * * * 7 Searching Hours and Basics 8 Documentation and Classes 9 Library of Congress General Information 12 Comments and Logoff Choice: 2 FEDERAL LEGISLATION These files track and describe legislation (bills and resolutions) introduced in the US Congress, from 1973 (93rd Congress) to the current Congress (the current Congress is the 103rd). Each file covers a separate Congress. CHOICE FILE 1 Congress, 1981-82 (97th) CG97 2 Congress, 1983-84 (98th) CG98 3 Congress, 1985-86 (99th) CG99 4 Congress, 1987-88 (100th) C100 5 Congress, 1989-90 (101st) C101 6 Congress, 1991-92 (102nd) C102 7 Current Congress, 1993- (103rd) C103 8 Search all Congresses from 1981-->current 9 Search all Congresses on LOCIS 1973-->current Earlier Congresses: press ENTER 12 Return to LOCIS MENU screen. Choice: 7 FRIDAY, 11/19/93 08:43 P.M. ***C103- THE LEGISLATIVE INFORMATION FILE FOR THE 103RD CONGRESS, which was updated on 11/19/93 and contains 7,958 records, is now available for your search. CURRENCY: All information is NOT current through the above date, which is machine generated when ANY information is added to the file. Bill numbers, official titles, sponsors, and status (STEP) added within 48 hours. Indexing terms and digests added later, in some cases several weeks after the bill is added to the file. TO START RETRIEVE to find: EXAMPLES: SEARCH: member name --------------> retrieve rep gingrich retrieve sen kennedy bill number --------------> retrieve h.r. 1 subject keywords ---------> retrieve day care FOR HELP: Type the word HELP and press the ENTER key. READY FOR NEW COMMAND: retrieve assault guns DFH2206I TRANSACTION BGNS ABEND AZI4 . BACKOUT SUCCESSFUL 20:44:36 help DFH2001I INVALID TRANSACTION IDENTIFICATION HELP - PLEASE RESUBMIT 20:45:34 ? DFH2001I INVALID TRANSACTION IDENTIFICATION ? - PLEASE RESUBMIT 20:45:39 oh boy DFH2001I INVALID TRANSACTION IDENTIFICATION OH - PLEASE RESUBMIT 20:45:48 select * from all DFH2206I TRANSACTION SELE ABEND SECV . BACKOUT SUCCESSFUL 20:46:05 quit DFH2001I INVALID TRANSACTION IDENTIFICATION QUIT - PLEASE RESUBMIT 20:46:23 logout DFH2312 - WELCOME TO CICS/MVS - FRIDAY NOVEMBER 19, 1993. 08:46 PM UX01 ACFAE138: ENTER YOUR PASSWORD: XXXXXXXXXXXXXXXXX EEEEEEEEEEEEEEEEE OOOOOOOOOOOOOOOOO IIIIIIIIIIIIIIIII foo ACF01004 LOGONID UT NOT FOUND DFH2312 - WELCOME TO CICS/MVS - FRIDAY NOVEMBER 19, 1993. 08:46 PM UX01 ACFAE133: ENTER LOGON ID: quit ACFAE138: ENTER YOUR PASSWORD: XXXXXXXXXXXXXXXXX EEEEEEEEEEEEEEEEE OOOOOOOOOOOOOOOOO IIIIIIIIIIIIIIIII foo ACF01004 LOGONID QUIT NOT FOUND DFH2312 - WELCOME TO CICS/MVS - FRIDAY NOVEMBER 19, 1993. 08:46 PM UX01 ACFAE133: ENTER LOGON ID: ^] telnet> close Connection closed. % exit script done on Fri Nov 19 17:46:43 1993 From ld231782 at longs.lance.colostate.edu Fri Nov 19 18:07:00 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 19 Nov 93 18:07:00 PST Subject: War of the Worlds Message-ID: <9311200205.AA27629@longs.lance.colostate.edu> Apparently, many Cypherpunks hold the Wells' program `War of the Worlds' up as a masterpiece of public deception. `The problem was that people trusted their radios.' Actually, I think the problem was that their radios betrayed them. The radio had been built up as a medium of trust -- with news reports by anchormen that were among some of the most admired and respected public people. They were betrayed by Wells. Wells had the sense to apologize, and many new safeguards and taboos evolved from the fiasco. War of the Worlds, on the radio, is similar to Medusa building up trust with tentacles in cyberspace, and then betraying trust by unplugging them when the going gets tough. Except, however, that Wells and other officials apologized for their lapse in judgement. With Medusa, there is no concept of `plugging away' to resolve an unpleasant situation. Medusa just severs a snake and runs away like a coward or a criminal. There is nothing but disreputable shame in this. When CBS (?) broadcast `the day after', a simulation of a nuclear holocaust, there was a great hullaballoo about all the care they had taken to ensure that no one took the dramatization seriously. Also, NBC ran into intensely unpleasant repercussions for their `fake exploding pickup' piece (didn't someone resign over this)? The point is that the media takes Truth very seriously. They go to the greatest lengths to achieve it. Psychopunks love to cynically talk about how the entire media is just another disinformation outlet. *You're* just another grotesque disinformation outlet, deceiving honest reporters and infecting respectable outlets like Wired and NYT with your soothing lies about `privacy' and `Big Brother' when really talking about `rights and protections for criminals'. The King is Dead. Long Live the King. From ld231782 at longs.lance.colostate.edu Fri Nov 19 18:22:00 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 19 Nov 93 18:22:00 PST Subject: Key Servers In-Reply-To: <9311170305.AA05510@paycheck.cygnus.com> Message-ID: <9311200221.AA27832@longs.lance.colostate.edu> >Perhaps this is because >they are both assuming (perhaps incorrectly) that you cannot base >trust on machinery. Machinery might help propagate existing trust... >but the trust must start with the people involved (and by that I mean >the entities themselves, *not* the service maintainers.) that's precisely correct. but we can build mechanisms that encourage human trust, rather than encourage a criminal `free for all'. I seek to find such mechanisms. Psychopunks seek to subvert, sabotage, and destroy them. For example, I proposed an arrangement on this list whereby subscribers promise not to pseudospoof. Obviously, no one here gives a damn. I proposed that key servers be implemented that signify the authors commitment to a code of honest cyberspatial interactions by their key submissions. Obviously, no one here gives a damn. I described a *real* and *active* conspiracy in RISKS. Obviously, only the conspiracists here give a damn. Hey, braindead cypherpunks -- do you want to know why there has always been so much NOISE in this list's SIGNAL? do you want to know why people are so GROUCHY and TYRANNICAL and incapable of any substantial AGREEMENT or PROGRESS? because it is a HOTBED OF PSEUDOSPOOFING and all this hideous cacophony is your KARMA FOR ENGAGING IN OR PASSIVELY SUBMITTING TO IT. >There was a long discussion on another mailing list (with only a >slightly higher S/N than this one, but far more politics, as the vocal >membership includes employees of NSF, CIA, ANS, IBM, STD and other >TLA's :-) about someone who was posting from an address in their name >representing a political project from an educational site. Someone >else was curious about this, and contacted the postmaster. They >contacted the account owner, and had some time of figuring out what >was going on... turns out it was the *reverse* of PSEUDOSPOOFING, >namely, there was one account with *several* true names behind it. (It >was "exposed" because they didn't "keep their stories consistent" or >something like that.) You're talking about Extropians? what list? name it, weasel. I still consider this pseudospoofing -- twisting identity in maliciously deceptive ways. Using identity to betray people. If there is any general identity conspiracy, I'll give you 100-1 odds the psychopunk bastards are behind it. I wouldn't be surprised if it was a psychopunk bastard behind the Gibson forgery/impersonation on that other mailing list. You guys have WET DREAMS over ALL OF THIS. perverts. >Now, do you find this reverse-PSEUDOSPOOFING (I leave the upper case >letters since I've never seen the world spelled without them) >objectionable as well? Just another repulsive variation on psychopunk depravity and perversions. Honest people would be repulsed by it. From an4914 at anon.penet.fi Fri Nov 19 19:22:00 1993 From: an4914 at anon.penet.fi (Nitch) Date: Fri, 19 Nov 93 19:22:00 PST Subject: Could someone briefly describe... Message-ID: <9311200321.AA05898@anon.penet.fi> Could someone please give a brief description of the "Republic of Desire" for those of us who haven't spent [US]$27 to see Gibson's _Virtual Light_? What is it? A gorilla organization of some sort? What's it for? Why is it such a neat thing to talk about? Thanks in advance... ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From unicorn at access.digex.net Fri Nov 19 20:24:45 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 19 Nov 93 20:24:45 PST Subject: Key Servers Message-ID: <199311200423.AA22951@access.digex.net> -> Just another repulsive variation on psychopunk depravity and perversions. Honest people would be repulsed by it. <- I guess it must be because I'm an attorney, I'm attracted to it. From greg at ideath.goldenbear.com Fri Nov 19 20:34:45 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Fri, 19 Nov 93 20:34:45 PST Subject: The Zen of Pseudospoofing Message-ID: L. Detweiler writes: > A psychopath asked a policeman to apologize for catching him. The > policeman refused. The psychopath called him an evil hypocrite. ---------- A policeman once lost his sense of right and wrong. He began to act like a criminal himself. The citizens did not trust him, as he had become what he had sworn to fight. One day, the other policemen arrested him. "We are throwing you in jail. You are a bad man. Go, be with your brothers the criminals." "You mustn't do that! I'm one of you!" the bad policeman said. And the other policemen put the bad policeman in jail. The criminals gathered around him, sneering and laughing and gnashing their teeth. "Look! A policeman! Let's eat him up!" they said. "You mustn't do that! I'm one of you!" the bad policeman said. "Heh heh," the criminals laughed. "Ask your brothers, the policemen, for help. We have no mercy for you." And, with that, they set upon him. The policemen listened to the bad policeman's cries, and they laughed too. "Ha ha," they said. "A criminal is getting what he deserves." -- Greg Broiles greg at goldenbear.com Baked, not fried. From newsham at wiliki.eng.hawaii.edu Fri Nov 19 20:42:00 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Fri, 19 Nov 93 20:42:00 PST Subject: Key Servers In-Reply-To: <9311200221.AA27832@longs.lance.colostate.edu> Message-ID: <9311200441.AA15408@toad.com> > Hey, braindead cypherpunks -- do you want to know why there has always > been so much NOISE in this list's SIGNAL? do you want to know why > people are so GROUCHY and TYRANNICAL and incapable of any substantial > AGREEMENT or PROGRESS? because it is a HOTBED OF PSEUDOSPOOFING and all > this hideous cacophony is your KARMA FOR ENGAGING IN OR PASSIVELY SUBMITTING > TO IT. > 'HOTBED OF PSEUDOSPOOFING' ? You are starting to sound like a politician trying to get re-elected with your made up vocabulary. I would like to remind you that a great deal of the noise on this list is seeded by your posts. I dont disagree with everything you say but your assessment of this list is incorrect. From MIKEINGLE at delphi.com Fri Nov 19 20:52:01 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Fri, 19 Nov 93 20:52:01 PST Subject: RSA Patent valid? Message-ID: <01H5INNXYBWK935MP6@delphi.com> We were having a discussion in my Computers and Society class about intellectual property, and the professor pointed out that the courts have consistently upheld patents of devices and processes which involve computers, but have shot down patents on algorithms. With that in mind, would the RSA patent stand up in court? Maybe that's why RSA has never sued anyone. They know the patent might not hold up, and it's easier to just keep their licensing fees lower than the cost of a lawsuit. If this is the case, it's good news for cypherpunks, because it means they will never take any action against us. From an12070 at anon.penet.fi Fri Nov 19 21:27:01 1993 From: an12070 at anon.penet.fi (Zen Master) Date: Fri, 19 Nov 93 21:27:01 PST Subject: McCarthyism vs. Watergate vs. Kennedy Assassination Message-ID: <9311200525.AA25278@anon.penet.fi> In all cases the people at the top could have insisted there was a paranoid `witchhunt' or `hysteria' going on. But in all cases, there *were* some intensely subversive and corrupt conspiracies going on. In the 50's, the Rosenberg-Soviet espionage ring was in full circle, stealing pricelessly valuable Atom Bomb secrets. The Rosenbergs were executed as traitors despite massive public uproar and appeals all the way to the Supreme Court and President Eisenhower (who was unmoved). The problem with McCarthyism was not that it was completely illegitimate (it was fueled by some actual conspiracies), but that it was carried to extremes. In Watergate, we had a corruption to the very highest levels of our executive branch of government, and a grotesque coverup that has so deeply shakened and poisoned honest people's trust in government for decades. The probes by Congress were met with evasion, stonewalling, and counterattacks. Nixon has been viewed as one of the most damaging presidents (to the institution of the presidency) ever to have been elected. In the Kennedy Assassination, according to a recent Newsweek, again there were coverups, but only by our own government to try to suppress the leaking of any information that might upset the American public into calling for retaliation against e.g. Cuba or the Soviet Union. They tried to comfort the public with a rapid investigation with foregone conclusions, rather than any systematic inquiry into the Truth. It seems to me that all are examples of how evasion, stonewalling, and counterattacks on Truth-seeking probes, by high-ranking officials seeking to promote unsavory or criminal personal `agendas' and their own respectability at all costs, led to monstrous consequences that demolished public trust in their most delicate and hallowed institutions for decades. Truly black consequences. Cypherpunks, you call it. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From ld231782 at longs.lance.colostate.edu Fri Nov 19 22:32:01 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 19 Nov 93 22:32:01 PST Subject: Key vs. Signature revocation & Trust Webs In-Reply-To: <9311200257.AA28409@longs.lance.colostate.edu> Message-ID: <9311200628.AA01474@longs.lance.colostate.edu> *key* revocation certificates are in PGP. This an author issues if his key has been compromised. *signature* revocation certificates are not. this a signor issues (in theory) if he thinks he has been betrayed (spoofed or pseudospoofed). also, notice how keys spread between servers `like a virus'. the revocation certificates should do so as well. I don't know if key revocation certificates do so in today's servers. I don't really trust these servers! Also, I do not buy arguments that `I cannot ever be fooled, the web of trust is infallible, key signature revocation is superfluous'. Anywhere there is trust, there can be betrayal. Believe me, PRZ tried quite a few of these `I am infallible, I can never be fooled' arguments on me yesterday! But, PRZ is God. He knows a good idea when he sees one and will not be influenced by some pseudospoofing campaign by Medusa's snakes or dangles (double agents) in his `inner circle'. * * * I am proposing a completely dynamic, two-way, interactive trust system. Not something like you inscribe in a book, but something like the Internet. I was talking to another person at this meeting. I described how today there is only a one-way, tenuous trust system associated with e.g. commercial transactions and credit reports. For example: if a company rips me off, I stop doing business with them, my trust level for them plunges. But wouldn't other's wish to know of my problem? (Just as if *I* find that someone is pseudospoofing, shouldn't others be informed? ). Sure, I can send everyone email saying I was ripped off, but this all happens informally. What about a *formal* system? Suppose that I put a black mark on the company in the `web of trust' in a public database -- others may revise their own trust with that company when they hear they Ripped Off L. Detweiler. Most of the cypherpunks would probably revise their trust upwards . This database would be like a yellow pages; anyone can read it when the go to do business with different companies. This obviously would be a powerful incentive to a company to mind their p's and q's, eh? Individuals should be careful though about making specific claims like `I was unsatisfied with service on date [x]' and not things like `company [x] rips people off routinely -- I should know'. Also, consider that a company puts a black mark on your credit record, erroneously. You contest it, and win. No consequence happens to the company. What if there was a negative reaction in their `trust level'? What if there was a public notice entered, `L. Detweiler was molested by company [x]'? All the trust levels associated with that company's entries decrease. Dynamic, two-way systems such as these are what will give consumers torque over Big Companies. Just as Big Companies make databases about you to influence their interactions, you can make databases about Big Companies to influence your own. These are inevitable developments. Psychopunks would rather fool Big Oppressive Companies into dealing with fake identities. But this is not acceptable. The company has a right to know who you are, as much as you have a right to know who they are. Psychopunk hypocrites, would you do business with an `anonymous bank'? hee, hee. Want to get really scared? Public web-of-trust databases will be developed for *individuals*--e.g., if you post *anywhere* public, others have a right to tabulate your actions into a central database, and even comment on them. (hee, hee, next few messages J. Dinkelacker will pop up and say `this has a very NSA feel to it.'). Others may even comment on your *private* actions in these databases if they are particularly offensive or socially dangerous, e.g. `stay away from His Royal Eminence, while he has made some contributions he is a raving lunatic, has mailbombed me, harassed my postmaster, and is really promoting the tax evasion and the collapse of governments and anarchy under the guise of Liberating Privacy.' Thanks for letting me talk about this, it all gives me some really interesting ideas about how to achieve this database. One might set up a `trust link' in a database whereby each party agrees to a transaction, and that either can later post a message to that public `link' regarding the status of that transaction. E.g., individual [x] can say `I got great service' on the `trust link' or the company can say `customer [x] failed to pay us'. Links could be cross referenced to find deadbeats and all that. People would decide who to do business with based on their trust link policies. But see how this system benefits *everyone*? You have power over the company, and the company has power over you. You trust the company, and vice versa. You can zap their reputation if they betray you, and vice versa. Another interesting idea is that of `dueling reputations'-- If I have a high reputation in some area, and I attack someone else in that area, their trust levels in that area should plummet more than if I had no reputation in the area. Today, one has to do all this informally, like posting to newsgroups trying to influence other people that one has been betrayed. Cypherpunks, this `web of trust' thing is just in its infancy. In a few years, we will have a Psychopunk's Worst Nightmare. Or an Honest Person's Civilization. From ld231782 at longs.lance.colostate.edu Fri Nov 19 22:34:46 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 19 Nov 93 22:34:46 PST Subject: Key Servers In-Reply-To: <9311200441.AA29838@longs.lance.colostate.edu> Message-ID: <9311200632.AA01654@longs.lance.colostate.edu> >I would like to remind you that a great deal of the noise on this list >is seeded by your posts. I dont disagree with everything you say but >your assessment of this list is incorrect. Mr. Newsham, please tell me how you know this list is not a HOTBED OF PSEUDOSPOOFING. What, because no *honest* people would do such a thing? because it would take too much time, patience, and money to insideously manipuate other's trust? what policy can you point to on the list that discourages pseudospoofing? `wherever there is trust, there is betrayal.' From chuck at cxf111.rh.psu.edu Fri Nov 19 22:42:01 1993 From: chuck at cxf111.rh.psu.edu (chuck) Date: Fri, 19 Nov 93 22:42:01 PST Subject: Key Servers In-Reply-To: <9311200221.AA27832@longs.lance.colostate.edu> Message-ID: <199311200640.BAA24255@cxf111.rh.psu.edu> > Hey, braindead cypherpunks -- do you want to know why there has always > been so much NOISE in this list's SIGNAL? do you want to know why > people are so GROUCHY and TYRANNICAL and incapable of any substantial > AGREEMENT or PROGRESS? because it is a HOTBED OF PSEUDOSPOOFING and all > this hideous cacophony is your KARMA FOR ENGAGING IN OR PASSIVELY > SUBMITTING TO IT. I believe you forgot this part: UN-altered REPRODUCTION and DISSEMINATION of this IMPORTANT Information is ENCOURAGED. From ld231782 at longs.lance.colostate.edu Fri Nov 19 22:57:01 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 19 Nov 93 22:57:01 PST Subject: J. Gilmore on Pseudospoofing Message-ID: <9311200655.AA01942@longs.lance.colostate.edu> I appreciate Mr. Gilmore informing me of his opinion on pseudospoofing. He does not specifically address the issue of whether he is personally aware of any on the cypherpunks list, unfortunately. Many people still don't get the pseudonymity vs. pseudanonymity. >I think that your artificial distinction between "pseudonyms" and >"pseudospoofing" is the root of where your thinking took a wrong turn. clearly, a pseudonym on a book cover does not involve active lying. more treacherous uses of pseudonyms, which I have described in detail, *do*. there is a difference between `not being obligated to reveal who you are' (anonymous or pseudonymous) and `lying about who you are' (pseudoanonymous). but I see I have failed to convince you of that. ===cut=here=== Date: Thu, 18 Nov 93 02:31:26 -0800 From: gnu at toad.com Subject: Re: RISKS15.25 To: "L. Detweiler" , gnu at toad.com Hi... I just took the time to read your rant in RISKS 15.25. I think you're way off base on several counts. * Electronic media are no different from paper media in making it possible to use multiple names. Talk to Mark Twain, Dr. Seuss, Alice Cooper, Poor Richard, Paul French, or Franklin W. Dixon if you don't believe me. My experience is that references among aliases in literary works are seen as `in-jokes', which only the truly educated (in that particular realm, like science fiction) can notice and chuckle over. It's legal to use multiple names as long as you don't use them to defraud people. I use multiple names daily. Each magazine I subscribe to, or organization I belong to, knows me as "EE Gilmore" or "CPSR Gilmore". Then when I get a mailing from some random place, I know which organization sold my name to them, and if the volume of trash becomes excessive, I can write to the offending organization to have my name removed. My girlfriend didn't do this, and she now has a foot-deep stack of glossy catalogs that were mailed to her over the last month. And she doesn't know how to stop them coming (and we don't have a woodstove :-). * Your examples imply that some of the people on cypherpunks are using pseudonyms to deceive people: > I have become aware of these serious abuses possible with pseudoanonymous > posting from my long affiliation with the Cypherpunks, an allegiance I have > now severed because of my realization of their basic hidden agenda in > promoting the practice of pseudospoofing, or using pseudoanonymous identities > in the aforementioned ways to manipulate and systematically deceive others in > cyberspace. I think that you mistake an honest advocacy of the right to use multiple names, for an advocacy of deceit. The main reason to use multiple names is so that your "enemies" cannot correlate your activities so that they can punish you in one part of your life for things they don't like in some other part. For example, if you are gay, you might use a pen name when writing for local gay publications, so your prejudiced employer won't fire you. If you drive a car, you might want to use a different name on your driver's license so that "smoke a joint, lose your license" laws will not find a record of your license if they catch you with a joint. (There is no correlation between marijuana smoking and hazardous driving -- it's simply a punishment technique that happens to be considered legal because the "right to drive" is not a right guaranteed in any constitution nearby.) Another reason to use multiple names is to track what is being done with the name you supply, as in my example above. David Chaum was the first person I noticed advocating the use of a different pseudonym for transactions with each different organization. (This was automatically done by a smart-card in his design.) Is he part of the evil conspiracy too, or does he have a point worth hearing? How would *you* turn back the trend toward having every bit of information about each person accessible to anyone who knows their name, date of birth, fingerprint, license number, license plate, vehicle ID number, passport number, genotype, bank account number, retina print, credit card number, photo, or social security number? Or do you think that this is a *good* thing? I'm not sure why you trust _me_ in this, actually, if you think that Tim May and Eric Hughes are fake people or possibly the same person. I think that your artificial distinction between "pseudonyms" and "pseudospoofing" is the root of where your thinking took a wrong turn. People are under no obligation to tell you whether the name you know them by is their only name -- the same way that they don't have to tell you that though you only know them as "captain of the baseball team", they are also "clerk in the bank" and "father of three". By assuming that "the right way for things to be" is for everyone to have a single name, uniformly used, you have found a conspiracy where there was simply a difference of opinion. You can quote this (in its entirety) to the cypherpunks if you want. Copyright 1993 John Gilmore. Reproduction permitted only in entirety. John From ld231782 at longs.lance.colostate.edu Fri Nov 19 23:12:02 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 19 Nov 93 23:12:02 PST Subject: Key Servers In-Reply-To: <9311200648.AA01837@longs.lance.colostate.edu> Message-ID: <9311200709.AA02072@longs.lance.colostate.edu> >I dont think this list should have a policy against "pseudo spoofing". >Even if it did, there would be virtually no way of upholding such a >policy. If you are so concerned by this phenomenon then you should >come up with a technological solution. there isn't a solution to enforcing honesty. that's why we have criminals. do you think there is a `code of ethics' in maintaining privacy among cypherpunks over their email? why can't we insert into that, `thou shalt not pseudospoof your fellow cypherpunks'? I can't wait to see the Cypherpunks Code of Ethics. hee, hee. Suddenly I am having visions of snowballs and Hell. I would volunteer to start a list of everyone who agrees not to pseudospoof each other on this list or in private email and distribute it. But I won't, because the pseudospoofers (esp. those at the top) will not apply. The pseudospoofers were quite amused by my pseudospoofing survey. Imagine -- even revealing that they are doing it, without revealing the identities? What kind of idiot do I think I am? Hey pseudospoofers -- you are nothing but hypocrites wrapping yourselves in the flag of privacy while urinating on it. *maybe* you have a right to imaginary identities in quarantined playpens, like the Pseudospoofing Game, but not in any serious forum. But why are you such slime in not revealing to others that you are doing it? because you want to embezzle, and part of embezzlement is never getting caught. You think you are getting back at Big Corrupt Businesses. But you are doing nothing but betraying *everyone* you come in contact with, with your little identity arsenal fantasies. The Psychopunk Code of Ethics Nothing Is Wrong. Nothing I Ever Do is Wrong. I can Never Admit To Anything because I have Never Done Anything Wrong. Privacy is Sacred -- Even if You are a Criminal -- Especially if You are a Criminal. bastards. I used to think that 1/3 of the Royalty was Pure. But it is 3/3rds Corruption. Not only rotten *at* the core, rotten *to* the core. From MIKEINGLE at delphi.com Fri Nov 19 23:17:42 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Fri, 19 Nov 93 23:17:42 PST Subject: Secure Drive 1.0 is here! Message-ID: <01H5ISFUCUO290NQ6V@delphi.com> INTRODUCING S E C U R E D R I V E 1 . 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AVAILABLE NOW Do you have confidential or sensitive information on your DOS/Windows PC or laptop? Imagine what could happen if that data were to fall into the wrong hands through theft or unauthorized access. Protect your privacy with SecureDrive. SecureDrive allows you to create an encrypted hard drive partition and encrypted floppy disks. All of your sensitive data is automatically encrypted with the state-of-the-art IDEA cipher. You simply log in with your passphrase, and the program is completely transparent to your applications. The TSR uses only 2K RAM, and encrypts at the sector level. An intruder gets nothing - not even your directory listing. You can decrypt your disks at any time. The program automatically switches on and off as you access encrypted and unencrypted floppies. Invalid passwords will cause a Drive Not Ready error, locking out writes and protecting your data from damage. The program is Copylefted under the GNU General Public License, and source code in C and assembly language is included. This program is free and always will be. This program may be freely distributed within the U.S. and Canada; do not export it. Cypherpunks Write Code! Thanks to everyone who helped me beta test this program. Note: This version is compatible with the beta version. To receive your copy: send e-mail to Specify uuencode or pgp ascii armor formats. I will make a list and broadcast the code. From eb at srlr14.sr.hp.com Fri Nov 19 23:47:01 1993 From: eb at srlr14.sr.hp.com (Eric Blossom) Date: Fri, 19 Nov 93 23:47:01 PST Subject: Encryption: A Testimonial In-Reply-To: <9311191405.AA03550@toad.com> Message-ID: <9311192245.AA07357@srlr14.sr.hp.com> > > Actually, you could fool a lot of people by creating a hidden disk > > partition. Nobody would know there was anything hidden unless they did ... > this is very easy in unix: put your secret stuff in a directory, > then mount a file system on that directory. Another nice way is to remove the dev files for the disk at shutdown time. Then at reboot, you'd have to manually create dev files (knowing the major and minor numbers) and manually mount the file system. There'd be no trace. This would work real well with big disks... Is that a 1.0, 1.1 or 1.2G filesystem? How much swap is allocated, anyway? You could also use a litte steganography and spare out a set of ``bad'' sectors. Some controllers will do the sector sparing for you (transparently to the OS)... All sorts of opportunities ;-) Eric Blossom From jkreznar at ininx.com Sat Nov 20 01:44:46 1993 From: jkreznar at ininx.com (John E. Kreznar) Date: Sat, 20 Nov 93 01:44:46 PST Subject: Privacy/Money Orders In-Reply-To: <9311200153.AA26952@ace.ee.lbl.gov> Message-ID: <9311200859.AA02960@ininx> Best laff this week! Thanks! CICS/MVS dinosaurs live on, I see. I don't think I've seen the word ABEND since the '70s! John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. From nobody at shell.portal.com Sat Nov 20 09:14:50 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sat, 20 Nov 93 09:14:50 PST Subject: "IDENTITY CHALLENGE!" Message-ID: <9311201712.AA22293@jobe.shell.portal.com> jrk at sys.uea.ac.uk (Richard Kennaway) says: + Anonymity brings a new class of useless message, of which the + following from Black Unicorn is a recent + example. I quote it in its entirety: + + Having worked in Liechtenstein banks, I can assure you numbered + accounts exist. + + "Black Unicorn" is an obvious pseudonym, and I'm assuming that it is + not one with an established reputation. (For all I know, "Black + Unicorn" might be as famous as the Legion of Doom, but for the sake of + argument I'll assume that it isn't.) + + What is the use of an unsubstantiated assertion, from an unreputed[*] + source, with no means of verification? Having read Black Unicorn's + bald asertion, I am as ignorant as before of whether numbered accounts + exist, in Liechtenstein or elsewhere. Well, that's as may be, but I would suggest to you that "actual identities" are unreliable. I believe that many here could trivially spoof almost any identity and that in any case, you would personally be unable to either verify the identity of your correspondent or hold him accountable for his output. A couple of recent examples: * A "Rikiya Asano" , apparently a severely disturbed Japanese student at Carnegie-Mellon University, has been filling several newsgroups with a remarkable torrent of cross-posted flamebait for several weeks, including racist insults against whites and Chinese, physical threats and various assaults on American institutions. These rants are composed in hilariously fractured English and gain oceans of angry responses which disrupt the normal progress of the newsgroups to which they are posted. Today, I read a post by someone who makes a convincing case that Asano isn't Japanese and that the whole thing is a spoof. Maybe "Asano" exists and maybe he doesn't, but there seems to be no way of either verifying his true identity or making him stop disrupting these newsgroups. * On the other coast, "Andy Freeman" authored a particularly nasty piece of netmail forwarded on to me by its original recipient. In it, "Andy Freeman" attacks the practice of anonymity on Internet and claims to be in the government employ, implicitly in law enforcement, surveying Internet for illegal activity. He avers that all of those who post anonymously have been investigated and identified by their true names and are on a government hitlist, presumably thanks to his participation. Maybe "Andy Freeman" really is an unhinged cop involved in an illegal investigation of remailers or maybe he is just one of those sick fucks who like to impersonate policemen and bully people. * I personally challenge you, or anyone else on the net, to establish who these creatures actually are and whether they are what they claim. I've given you their "real" names and "real" addresses. In that both are bona fide assholes in any case, there's no need to be concerned with injuring or harassing them - they've got it coming. From nobody at cicada.berkeley.edu Sat Nov 20 10:02:07 1993 From: nobody at cicada.berkeley.edu (nobody at cicada.berkeley.edu) Date: Sat, 20 Nov 93 10:02:07 PST Subject: War of the Worlds Message-ID: <9311201800.AA18503@cicada.berkeley.edu> >taken to ensure that no one took the dramatization seriously. Also, NBC >ran into intensely unpleasant repercussions for their `fake exploding >pickup' piece (didn't someone resign over this)? > Eh? I don't think you're talking about the same case: 1) GM lost a $100 million dollar lawsuit: parents of a dead teen sued GM, they alleged faulty design caused the truck to explode. 2) NBC ran a story about these exploding trucks. 3) GM claimed the trucks were rigged to explode. 4) NBC consistently denied anything of the sort. 5) GM did their OWN extensive investigation and proved NBC fudged the results. 6) NBC finally admitted to rigging the experiment. They fired three top execs of "DateLine" to COVER THEIR ASS. >The point is that the media takes Truth very seriously. They go to the >greatest lengths to achieve it. This is crap. NBC went through great lengths to cover the truth until it became clear GM had them. If for some reason you think eliminating ``pseudospoofing'' will eliminate disinformation, you're way off since if happens ALL the time NOW. From an4609 at anon.penet.fi Sat Nov 20 10:34:50 1993 From: an4609 at anon.penet.fi (Dr. Manhattan) Date: Sat, 20 Nov 93 10:34:50 PST Subject: McCarthy, etc. Message-ID: <9311201833.AA07472@anon.penet.fi> >[examples of McCarthy, Watergate, Kennedy] >It seems to me that all are examples of how evasion, stonewalling, and >counterattacks on Truth-seeking probes, by high-ranking officials >seeking to promote unsavory or criminal personal `agendas' and their >own respectability at all costs, led to monstrous consequences that >demolished public trust in their most delicate and hallowed >institutions for decades. Truly black consequences. I fail to see your point in this: was there any pseudospoofing in the above scenarios? Anybody lie about their own identity? Your argument is a non-sequitur. For example, I could expound about the crimes of Ivan the Terrible and then conclude pseudospoofing is bad. However, this doesn't make any sense. Even so, just because somebody "pseudospoofs" doesn't mean they are out to promote their own criminal agenda. Your arguments are always hypothetical: if somebody pseudospoofs then blah blah blah. Why don't you call for the ban of automobiles because innocent people are killed in accidents? ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From mg5n+ at andrew.cmu.edu Sat Nov 20 10:42:09 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sat, 20 Nov 93 10:42:09 PST Subject: "True Identities" Message-ID: <8gvaF9C00Vpg1J70VB@andrew.cmu.edu> I find it particularily interesting that on the internet (in contrast to almost every other net in existance), people have this strange fettish for worrying about anonymnity and "true names". My question is why? People on other nets never give the using of a handle or nym a second thought. (By other nets I mean Fidonet, WWIVnet, TEAMnet, C-Link, Oggnet, fvnet etc) A name is just a way of identifying a paritcular person. I don't see why people are so opposed to the use of nyms like Wonderer or Black Unicorn because those don't fit your image of what a name should be. These names identify the senders in a manner that is adequate to the discussion on Cypherpunks. Would it be any better if these people used names like Mike or John or something? Would it really make any relevant difference to the discussion on cypherpunks? From anonymous at phoenix.Princeton.EDU Sat Nov 20 12:34:50 1993 From: anonymous at phoenix.Princeton.EDU (anonymous) Date: Sat, 20 Nov 93 12:34:50 PST Subject: FWD: Publisher wimps out (PGP pulled from Ziffnet) Message-ID: <9311202021.AA09051@Princeton.EDU> > >Date: Fri, 19 Nov 1993 17:47:09 -0600 (UTC -06:00) >From: "Frank A. Kaul". >Subject: PGP pulled from Ziffnet >To: libernet at Dartmouth.EDU > >A couple of weeks ago I downloaded PGP from Ziffnet due to the >justice department crackdown. I visited their software libraries >today and was greeted with the following notice! > >> >> Pretty Good Privacy (PGPRIV.ZIP) Removed >> ---------------------------------------- >> We must extend our apologies to those of you who read the CompuServe >> Magazine article on Data Encryption and tried to find PGPRIV.ZIP here >> in our library. Due to the controversial nature of Phil Zimmerman's >> Pretty Good Privacy program and the fact that several legal questions >> surrounding this program have remained unanswered, we have removed it >> from our library. We are investigating the legal issues concerning its >> distribution, and it will remain unavailable until further notice. >> >> Again, we apologize for the inconvenience. >> > >Talk about a chilling effect. > >Frank A. Kaul >fkaul at oread.cc.ukans.edu From cman at caffeine.io.com Sat Nov 20 13:17:57 1993 From: cman at caffeine.io.com (Douglas Barnes) Date: Sat, 20 Nov 93 13:17:57 PST Subject: "True Identities" In-Reply-To: <8gvaF9C00Vpg1J70VB@andrew.cmu.edu> Message-ID: <199311202103.PAA02966@caffeine.caffeine.io.com> > > I find it particularily interesting that on the internet (in contrast to > almost every other net in existance), people have this strange fettish > for worrying about anonymnity and "true names". My question is why? > People on other nets never give the using of a handle or nym a second > thought. (By other nets I mean Fidonet, WWIVnet, TEAMnet, C-Link, > Oggnet, fvnet etc) A name is just a way of identifying a paritcular > person. I don't see why people are so opposed to the use of nyms like > Wonderer or Black Unicorn because those don't fit your image of what a > name should be. These names identify the senders in a manner that is > adequate to the discussion on Cypherpunks. Would it be any better if > these people used names like Mike or John or something? Would it really > make any relevant difference to the discussion on cypherpunks? > I think the problem stems from the way most people initially got access through the Internet, which was through fairly conservative affiliations such as the military, government or academia; I've seen relatively few military, government or academic environments that encouraged or allowed people to go by "Black Unicorn". Increasingly, however, people are using the Internet for solely personal reasons, independent of such affiliations. (Which is how Fidnonet, WWIVnet, etc. have always been.) Now, no big surprise, we have Black Unicorn, Wanderer, etc. I think it's a great testimoney to the rapidly increasing diviersity of the net. (Although CERTAIN PEOPLE I'm sure will tell me that such alleged diversity is only a PERVERTED SHAM and the number of REAL people on the net is RAPIDLY DROPPING.) -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 447-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From cman at caffeine.io.com Sat Nov 20 13:22:09 1993 From: cman at caffeine.io.com (Douglas Barnes) Date: Sat, 20 Nov 93 13:22:09 PST Subject: McCarthy, etc. In-Reply-To: <9311201833.AA07472@anon.penet.fi> Message-ID: <199311202105.PAA02978@caffeine.caffeine.io.com> > Your argument is a non-sequitur. For example, I could expound about > the crimes of Ivan the Terrible and then conclude pseudospoofing is > bad. However, this doesn't make any sense. > Oh? Do you really think is mom called him "the Terrible"? Aha! Another pseudospoofer! -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 447-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From jim at bilbo.suite.com Sat Nov 20 15:37:25 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Sat, 20 Nov 93 15:37:25 PST Subject: All our eggs in one basket? Message-ID: <9311202336.AA03499@bilbo.suite.com> Alan (Gesture Man) Wexelblat writes: > Today we use paper cash and paper forms. I go to the bank to > make a withdrawal, I fill out a paper form requesting > money. They take the form, fail to give me cash, claim that > I have been given cash. What recourse do I have? (Several > is the answer, but the point is that it's not a problem new > to digicash.) > > Today I order from a supplier. I send a paper form of > payment (P.O., check, paper copy of my CC #, etc.). They > cash such form and do not send me goods (or claim that they > did and they were lost in transit). What recourse do I > have? (Again, several. Again the point is that digicash > does not seem to be introducing new problems; rather it's > giving us new forms of old ones.) > I agree these problems are not new to digicash, but if we can design a digicash system that eliminates these problems, then we should. I don't know if it has been designed yet, or even if it's possible, but I would like to see a digicash system that does not force the user or the merchant to trust the bank. The merchant and user should be able to use an arbitrator to solve any dispute that may arrise. (assuming it gets that far) I don't feel it is good enough to trust in a reputation mechanism to prevent banks (or anyone) from cheating. We shoud try to do better. Actually, disputes may arrise without any cheating involved. Hardware and software failures may create situations that appear to be attempts to cheat. (I don't know this as a fact. Just my gut feel.) The less trust required, the easier it will be for all parties to settle disputes. (another gut feel) Jim_Miller at suite.com From warlord at MIT.EDU Sat Nov 20 16:02:10 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Sat, 20 Nov 93 16:02:10 PST Subject: Key vs. Signature revocation & Trust Webs In-Reply-To: <9311200628.AA01474@longs.lance.colostate.edu> Message-ID: <9311202358.AA05068@podge.MIT.EDU> > *signature* revocation certificates are not. > this a signor issues (in theory) if he thinks he has been betrayed While signature revocation certificates have not been implemented, their precense is possible within PGP. There is a packet header that defines such an animal! I have been a fervent supporter of having such certificates implemented. I've even, with some others, developed a fairly good way to do them: You put a timestamp on it, and if the revocation timestamp is after the signature timestamp, then the revocation takes precedence. If the signature timestamp is greater than the revocation timestamp, then the signature is kept and the revocation is thrown out. In fact, this same design can be used for UserID revocations as well, in order to get rid of bogus userIDs. > also, notice how keys spread between servers `like a virus'. the > revocation certificates should do so as well. I don't know if key > revocation certificates do so in today's servers. I don't really trust > these servers! Keys, revocations, new userIDs, signatures. *ALL* of these act like a virus. Once anything is added to a keyserver, all the keyservers get them. Revocations are propagated as quickly as new signatures, or new keys. As for trusting the servers, well, you don't seem to trust anybody, but besides that point, you should trust the cryptographic material you get back from the keyservers in that you can verify the signatures on those certificates. In other words, you should not blindly accept data you get from a keyserver as correct, without verifying the signatures on it. Anyways, hopefully this will get implemented sometime soon. Although I'm not holding my breath; there are more pressing matters. -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Secretary, MIT Student Information Processing Board (SIPB) PGP key available from pgp-public-keys at pgp.mit.edu warlord at MIT.EDU PP-ASEL N1NWH From kelly at netcom.com Sat Nov 20 16:52:10 1993 From: kelly at netcom.com (Kelly Goen) Date: Sat, 20 Nov 93 16:52:10 PST Subject: (fwd) Re: Prosody Release Cancelled Under "NSA" Pressure Message-ID: <199311210049.QAA11572@mail.netcom.com> Organization: NETCOM On-line Communication Services (408 241-9760 guest) Xref: netcom.com sci.crypt:19346 talk.politics.crypto:1241 Path: netcom.com!csus.edu!csulb.edu!library.ucla.edu!europa.eng.gtefsd.com!howland.reston.ans.net!spool.mu.edu!nigel.msen.com!yale.edu!cmcl2!mcclb0!huff From: huff at mcclb0.med.nyu.edu (Edward J. Huff) Newsgroups: sci.crypt,talk.politics.crypto Subject: Re: Prosody Release Cancelled Under "NSA" Pressure Followup-To: talk.politics.crypto Date: 13 Nov 93 04:25:15 EST Organization: NYU Medical Center, New York, NY 10016, USA Lines: 43 Distribution: world Message-ID: <1993Nov13.042515.1 at mcclb0> References: <931112.49291.KEITHWRITERS at delphi.com> NNTP-Posting-Host: mcclb0.med.nyu.edu Followups to talk.politics.crypto In article <931112.49291.KEITHWRITERS at delphi.com>, KEITHWRITERS at delphi.com writes: Technosys Press Release For More Information, Contact: Keith Boyle, marketing director keithwriters at delphi.com limetwig at mindvox.phantom.com For Release 10:47 AMEST November 12, 1993 Mirrorshades & Prosody Release Cancelled The scheduled release of Technosys' text composition program Mirrorshades and text revision/encryption program Prosody has been cancelled because of pressure from a governmental group claiming to be the National Security Administration (NSA) wishing to prevent the release of Prosody as an encryption program. The "NSA" has expressed concern over the encryption method used by Prosody. They feel that it may be using an encryption technology similar enough to another method of natural language encryption that Prosody might be able to be used to break that coding method. Therefore, they would like Technosys to hand over all existing copies of the software, technical & development notes, and software related to Prosody (i.e. Mirrorshades) for their research. Since the next step, if Technosys were to refuse, would be the seizure of all of the above materials by search warrant and criminal charges, Technosys has chosen to consent to their request and will cancel the release of these programs. However, THE MAN can't seize what's in our brain cells... (Technosys is looking for good information law representation. Anyone interested?) -=-=-=-=-=-=-=--=-=-=-=--=-=-=-=-=30-=-=-=-=-=-=-=-=-=-=---=-==-=--=-=-=-=- From jim at bilbo.suite.com Sat Nov 20 17:22:11 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Sat, 20 Nov 93 17:22:11 PST Subject: (fwd) Re: Prosody Release Cancelled Under "NSA" Pressure Message-ID: <9311210117.AA05011@bilbo.suite.com> I thought the "Prosody cancellation" post was a hoax. Anyone know anything more about it? Jim_Miller at suite.com From jim at bilbo.suite.com Sat Nov 20 17:32:10 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Sat, 20 Nov 93 17:32:10 PST Subject: Key Servers Message-ID: <9311210128.AA05178@bilbo.suite.com> > `wherever there is trust, there is betrayal.' Therefore, reducing your dependency on trust will reduce the opportunities for betrayal. Jim_Miller at suite.com From sameer at uclink.berkeley.edu Sat Nov 20 19:52:10 1993 From: sameer at uclink.berkeley.edu (Sameer) Date: Sat, 20 Nov 93 19:52:10 PST Subject: C-source for diffie-hellman? Message-ID: I was just talking with a friend, and I think it would be pretty good for medium-level security on irc to hack up something do that /dcc does diffie-hellman key exchange, and maybe triple-des or something. Is there some available C-source which would help? (I guess I should get the Schneier book.. But urgh! $50 on a "starving-student" budget is quite a bit.) From lex at mindvox.phantom.com Sat Nov 20 19:52:27 1993 From: lex at mindvox.phantom.com (Lex Luthor) Date: Sat, 20 Nov 93 19:52:27 PST Subject: "True Identities" Message-ID: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Writes: >> >> I find it particularily interesting that on the internet (in contrast to >> almost every other net in existance), people have this strange fettish >> for worrying about anonymnity and "true names". My question is why? >> People on other nets never give the using of a handle or nym a second >> thought. (By other nets I mean Fidonet, WWIVnet, TEAMnet, C-Link, >> Oggnet, fvnet etc) A name is just a way of identifying a paritcular >> person. I don't see why people are so opposed to the use of nyms like >> Wonderer or Black Unicorn because those don't fit your image of what a >> name should be. These names identify the senders in a manner that is >> adequate to the discussion on Cypherpunks. Would it be any better if >> these people used names like Mike or John or something? Would it really >> make any relevant difference to the discussion on cypherpunks? >> Douglas Barnes Writes: > >I think the problem stems from the way most people initially got access >through the Internet, which was through fairly conservative affiliations >such as the military, government or academia; I've seen relatively few >military, government or academic environments that encouraged or allowed >people to go by "Black Unicorn". > >Increasingly, however, people are using the Internet for solely personal >reasons, independent of such affiliations. (Which is how Fidnonet, WWIVnet, >etc. have always been.) Now, no big surprise, we have Black Unicorn, >Wanderer, etc. I think it's a great testimoney to the rapidly increasing >diviersity of the net. (Although CERTAIN PEOPLE I'm sure will tell me that >such alleged diversity is only a PERVERTED SHAM and the number of REAL >people on the net is RAPIDLY DROPPING.) > I agree, background is the key. This whole conversation about Nyms, pseudospoofing, etc. is interesting. >From DAY ONE of me using a computer/modem/BBS/EMAIL in 1983 all I ever knew was to use a handle/pseudonym. On the underground BBS systems, using a real name or even a real-sounding name (even if it was a handle) would cause a good deal of suspicion and would make getting verified for full access difficult. I am constantly amazed how people routinely use their real names in conversations over the internet. I don't judge them however, I don't think they are stupid either, its just DIFFERENT than the way I am used to operating. The complete opposite viewpoint seems to be prevalent among those who have been using the internet for years -- before the general public started to overrun it. Those people have been accustomed to communicating with people who seemed to be real, at least they had real sounding names. Now an increasing number of pseudo-entities are appearing on the Internet. Some are disturbed by this. To me, its more like "what took so long". With irresponsible people sending mail bombs, using personal information from 'finger' to harass people they don't agree with, etc. it isn't hard to see why some people have reservations about various anonymous or pseudo- anonymous entities. The problem lies in the fact that creating a new identity on the internet either by creating additional user accounts or through the use of anonymous remailers is so easily accomplished that the concept of trust and reputation has been eroded. This is different from my background whereas reputation was essentially EVERYTHING and the creation of a new identity that allowed one to use desirable systems/services (ie, 'elite' systems) took long periods of time. The benefit of this type of social structure was that it naturally kept abuse, deception, and harassment to a minimum. I am not sure what my ultimate point is (as you may have surmised by now) other than there are inherent differences in each Internet user's background just as there are cultural differences among races in real life. There unfortunately will always be some prejudice against those who are different. Isn't a lot of energy saved simply by basing judgement on what others SAY and DO rather than what they LOOK LIKE or in this case, what their 'name' or 'nym' is? Lex From ld231782 at longs.lance.colostate.edu Sat Nov 20 20:04:58 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sat, 20 Nov 93 20:04:58 PST Subject: EFF's Kapor on Political Philosophy Message-ID: <9311210404.AA16595@longs.lance.colostate.edu> Mr. Kapor's words of wisdom. I will not comment except to say that I don't think he has accurately characterized the Cypherpunk position. ===cut=here=== Date: Sat, 20 Nov 1993 11:46:50 -0500 From: mkapor at kei.com (Mitchell Kapor) Rich Karlgaard <0005096930 at mcimail.com> wisely observes: > ...the range of >political opinion in the U.S. is not always spread >along a single axis of left to right. I believe >there is another axis ascendant. It is >authoritarian/libertarian. > Try this exercise. Draw a left-to-right >line across a page. Then draw a vertical line from >top to bottom, labeling it Authoritarian on top, >Libertarian on bottom. You have just created a >grid with four quadrants. I have tried to illustrate his point. My deficiencies as a graphic artist are equaled only by the impoverished of ASCII as a graphical medium. Karlgaard's two axes: -----------authoritarian------------ | ^ | | | | |<----left------|------ right----> | | | | | v | -----------libertarian-------------- I want to substitute "anti-authoritarian" for "libertarian", as follows: ----------- authoritarian---------- | ^ | | | | |<----left------|------ right----> | | | | | v | -----------anti-authoritarian------- Doing this permits distinguishing two varieties of anti-authoritarian, the decentralist and the libertarian. -------------------------------------- | | | | | | |-------------------------------------| | decentralist | libertarian | | | | --------------------------------------- In my terminology Libertarian is used to refer more specifically to the right quadrant of the anti-authoritarian position. The left side of the anti-authoritarian space I have chosen to call decentralist. As Rich indicates, on some issues, like NAFTA and, I might add, the Clipper Chip, the opposing sides are divided, not on liberal-conservative political lines, but on the horizontal axis. I would claim that the lower half of the political space simply be called anti-authoritarian and that it is divided into two quadrants: on the left, the decentralist, and on the right, the libertarian. You can see how this works on Clipper chip and other privacy issues related to encryption. EFF chairs a coalition of 60 organizations, from the American Petroleum Institute to the ACLU, which opposes government control of encryption. You have cypherpunks and corporate interests aligned on this issue, because they all want decentralization of control over encryption technology. On issues where the goal is to remove government-imposed barriers, like privacy, there is easy agreement between left-leaning decentralists and right-leaning libertarians. The coherence of EFF's Board resides in the libertarian-decentralist commonality of interest which is more important than conventional divisions of left-right politics. On the other hand, the sometimes fractious nature of the public interest community, of which EFF is part, can be seen to in splits along the same horizontal axis. EFF supports private sector ownership and operation of the National Information Infrastructure,, Many other public interest organizations share the same general goals of openness for the NII as EFF but prefer approaches lying above the horizontal midline, e.g., through direct government ownership or operation of the NII. Infrastructure is a trickier issue than privacy. All anti-authoritarians would agree that a government-built NII is the wrong approach. However, there seems to be more willingness among many on the net who think of themselves as libertarians to leave it entirely to private industry to build the NII, where government abandons any role, even as referee. If we wound up with an NII controlled by an oligopoly of enormous corporate interests which resulted in centralized control over content, it would be a bad thing. If independent content providers can't easily get on the network, it would be a huge catastrophe. It seems to me that, in principle, corporate authoritarianism is as dangerous as government authoritarianism, and this is an issue which may separate left-quadrant and right-quadrant anti-authoritarians. A libertarian would argue that if government got out of the way, e.g., deregulated telecommunications and let everybody compete, it would be sufficient to achieve the right kind of NII. Personally, I think that's naive. A more considered libertarian view would be that either the market will produce the desired result by itself OR IT WON'T, but there is nothing anybody can do to alter the outcome. Thus government should stay out of it, and the public interest community should go home. To me, this is both fatalistic and simplistic. A decentralist would say that deregulation alone is not necessarily going to be sufficient to produce a decentralized NII. It might be and it might not. But if it is not, we do not need to be fatalists about it. We have the opportunity to try to influence the outcome both by working at the level of raising consciousness and through the possibility legislation which ratifies some sort of hard-fought compromise that achieves certain goals (e.g. for new common carriage or new universal service). This embodies the EFF approach. We may all get lucky in the sense that the architecture of consumer broadband networks winds up following a model which is more, rather than less, like the Internet in its openness and decentralization. This appears to be the general direction Bell Atlantic is taking. However, while their system is open (in terms of common carriage or system architecture), it is heavily asymmetrical with a big downstream pipe and a small upstream pipe, at least for the foreseeable future. If the TCI merger goes through, and if they are able to rationalize two different networks, business models, and corporate cultures, what obtains for BA will hold for TCI too. There are some mighty big ifs here, and in any event Bell Atlantic/TCI only serves 25% of the country. Other carriers, who have a different business model which does not emphasize revenue from transport a la Bell Atlantic, but revenue from content, may choose to go with closed, channelized systems. We have to see what other cable companies and telcos actually offer. Increasingly I am going to focus my efforts on understanding the likely architectural deployments of the carriers and how close they come to EFF's model of an open platform. The pragmatic question which faces us as we fill in the picture with details will be what, if anything, can be done, to nudge the system into providing alternatives which are closer to open platforms. All in all, I'd prefer to try to catalyze any necessary changes in mindset of carriers in order to secure voluntary moves. But as a pragmatist I believe that government action, or certainly the threat of it, may be useful or, in the worst case, necessary, to achieve the desired end. Further, since the whole process is already highly politicized, I think involvement to prevent bad governmental solutions from being imposed and screwing things up is clearly necessary. Thus politics is inevitably involved to carry out a an anti-authoritarian mission. At least in my view. ................................................................... Mitchell Kapor, Chairman Electronic Frontier Foundation *** Join EFF!!! Send mail to membership at eff.org for information *** From nobody at shell.portal.com Sat Nov 20 20:12:11 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sat, 20 Nov 93 20:12:11 PST Subject: Duress Codes Message-ID: <9311210357.AA19408@jobe.shell.portal.com> > From: baldwin at LAT.COM (Bob Baldwin) > A fellow I know has a central-office alarm in his home. When > the alarm goes off, the office calls his house to ask if it was a false > alarm. They ask for a password to verify, and no matter what password > you give they say "OK, I'll log it as a false alarm." If you gave the > wrong password, they call the police and notify them of a crime in > progress with hostages. For many years, I worked for a small company that provided various protective services to government, diplomatic and executive accounts. One of the services was electronic security and direct monitoring of emergency EDCs [electronic digital communicators] and other signalling devices connected to security equipment. At the beginning of my employment, the procedure you mention above was standard throughout the more mainstream electronic security industry. A series of unusually violent robberies changed this in the mid-1980s. The problem with the system is that call-backs on "panic button" or duress code activations make it clear - or at least suggest - that the victims have alerted the authorities. In an increasing number of cases, answering the callback was literally the last thing the victims ever did. In spite of frequent complaints due to false-alarm fines levied by the police and moments of great embarrassment, the common procedure became immediate notification of of the police or "other security," with no callback then or later. All duress codes on our electronic equipment was modified to perform the exact functions as non-duress codes, but activated silent duress alarms. Since that time, most manufacturers and programmers of security devices have taken that approach - identical function, but with silent alarms. From warlord at MIT.EDU Sat Nov 20 20:27:10 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Sat, 20 Nov 93 20:27:10 PST Subject: C-source for diffie-hellman? In-Reply-To: Message-ID: <9311210424.AA05539@podge.MIT.EDU> RSAREF version 1.1 (and higher) has Diffie Helman key exchange in it. I suggest you ftp this from rsa.com and try it. -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Secretary, MIT Student Information Processing Board (SIPB) PGP key available from pgp-public-keys at pgp.mit.edu warlord at MIT.EDU PP-ASEL N1NWH From markvoor at mindvox.phantom.com Sun Nov 21 07:42:21 1993 From: markvoor at mindvox.phantom.com (Mark Voorhees) Date: Sun, 21 Nov 93 07:42:21 PST Subject: unsubscribe Message-ID: unsubscribe cypherpunks subscribe announce Mark Voorhees ////////////////////// // Mark Voorhees // markvoor at phantom.com \\\\\\\\\\\\\\\ From sameer at uclink.berkeley.edu Sun Nov 21 13:57:25 1993 From: sameer at uclink.berkeley.edu (Sameer) Date: Sun, 21 Nov 93 13:57:25 PST Subject: Does someone know about irc "/on"? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Like I posted earlier, I'm working a bit to do diffie-hellman key exchange for the IRC. I was hoping to incorporate it into the source, and implement it via /dcc, but that's too tough. I've figured out a scheme which will work, but I don't know how to implement it in irc.. I'm wondering if anyone here knows how to do what I want-- (I still don't have my RNG working correctly, but I could probably grab one from someplace.. or leech off the ~/pgp/randseed.bin file.) Here's my scheme: Suppose I want to initiate an encrypted conversation with Alice. In irc, I do /startdh Alice What startdh does is call "ircdh Alice" "ircdh Alice" computes XB, saves it to a file /tmp/dh.Alice, and outputs to stdout, YB. startdh should then take the output of ircdh Alice and send it to alice, as a /ctcp send of type "dh-key" When Alice receives the /ctcp of type "dh-key" irc automatically should call: "ircdh Sameer YB" (YB is the information in the ctcp packet. ircdh will create an XA, and output YA and the key to stdout. on getting this information, irc should send YA to Sameer, and do /encrypt Sameer . (The standard encryption routine in irc is insecure, but there's a facility for an external crypt program..) When I receive the /ctcp of type "dh-key" irc automatically should call "ircdh Alice YA" (where YA is the information Alice sent me) ircdh will see that a /tmp/dh.Alice already exists, so it will grab the XB from that file, and then compute a key, which it returns. Then irc should take the output of "ircdh Alice YA" and have it do /encrypt Alice where is the output from ircdh Alice YA. So I have the program ircdh working, except for my RNG. I need help with the interface with irc. Any ircII wizards out there? Thanks. - -Sameer -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLO/jAni7eNFdXppdAQH2FgP+OtP68BVfli92iPLBH7x+d7AV+GdTXkie 4Gy4BqlbiVwcSUERehZKcvnrrI0sm22Fb2YSNMLGQIekJDQczcSXu04NkJHoKFMY cig6f4MvySaHedqX3Sfvtg9vh8QM0g0/i4TAtWKq0w0WaTNgvJGQPDP/B4Bl5Zyf 9JI/e3jGIP0= =tv31 -----END PGP SIGNATURE----- From newsham at wiliki.eng.hawaii.edu Sun Nov 21 17:43:21 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Sun, 21 Nov 93 17:43:21 PST Subject: Does someone know about irc "/on"? In-Reply-To: Message-ID: <9311220143.AA28056@toad.com> I wrote a package for doing encryption over irc called Circ. It was posted to comp.sources.misc and should be in the archives. It is currently not extremely secure, the weakest link is the random key generation which is seeded by the time. This is very easy to brute force if you have any information on the time (even if you know the time to within a year). The program uses RSA to exchange secret keys and uses tripleDes to encrypt messages. The program is implemented as a binary written in C and talks to ircII through /on's and /alias'es. The script used by Circ is included below and may give you some ideas on how to interact with ircII. # this is for ircII 2.2.4 # for some reason, /on ^public acts differently # Start up the proggie /^exec -name crypt exec new # automatically pick out protocol messages # crypt processor gets: !send nick!CLIPPER:...etc # or !our nick!SKPJACK:...etc # under 2.2.4 public has: nick channel message # the version I use has nick message # this is the difference between the two script versions /on ^public "* * CLIPPER:*" /msg %crypt !$0!$2- /on ^public "* * SKPJACK:*" /msg %crypt OURNICK:$N;/msg %crypt !$0!$2- /on ^public_other "* * CLIPPER:*" /msg %crypt !$0:$1!$2- /on ^public_other "* * SKPJACK:*" /msg %crypt OURNICK:$N;/msg %crypt !$0:$1!$2- /on ^msg "* CLIPPER:*" /msg %crypt !*$0*!$1- /on ^msg "* SKPJACK:*" /msg %crypt OURNICK:$N;/msg %crypt !*$0*!$1- # messages comming back from crypt, to server or screen? /on ^exec "crypt TCHANNL: *" /msg $C $2- /on ^exec "crypt TSCREEN: *" /echo $2- /on ^exec "crypt TNICKNM: *" /msg $2 $3- # our irc commands: # /key nick or /key nick filename # /die # /e message to be encrypted # /p message to be plaintext # /crypt (turn on automatic encryption) # /plain (turn off automatic encryption) # /emsg nick text send an encrypted message /alias key /echo K->*$0* Sending Key;/^msg %crypt SENDKEY: $0- /alias die /^msg %crypt QUITDIE:;/query /alias e /echo E> $0-;/^msg %crypt CRYPTME:$0- /alias p /msg $C $0- /alias crypt /query %crypt /alias plain /query /alias emsg /echo E->*$0* $1-;/^msg %crypt !$0!CRYPTME:$1- /echo *** Encrypted Irc Protocol loaded. From strata at fenchurch.MIT.EDU Sun Nov 21 22:42:26 1993 From: strata at fenchurch.MIT.EDU (M. Strata Rose) Date: Sun, 21 Nov 93 22:42:26 PST Subject: Virtual City Network update Message-ID: <199311220639.BAA19735@fenchurch.MIT.EDU> Virtual City Network(tm) Status Report, 11/21/93 Greetings, in some cases long overdue. If you are reading this directly (ie, not as a mailing list or netnews), your mail has been received and you have been either added to the virtual-citizens mailing list or preregistered for the Virtual City Network. I apologize for the delay in acknowledging correspondence from everyone. Here is a brief status report: Roughly a week after the initial announcement of Virtual City Network, I took a supposedly short term (one month) systems architect contract to generate income so that I could continue working on VCN. This allegedly 3/4-time position quickly turned into a 1 and 1/4 time position and will last until the first week of January. This has resulted in most of the substantive coding work on VCN being postponed in favor of design work which can be done offline, research and meetings with various interested parties, business contacts, fellow researchers, etc. For the last few months, virtual.net has been occupying a corner of a workroom at a friendly company and unofficially sharing a T1 net link. Unfortunately for us, this firm is expanding and needs the space for their own use. I have been exploring various options for office space and sharing network bandwidth to meet their deadline for moving the system. When the first of the recent sendmail bug announcements hit the Internet, we had a breakin and I had to spend a substantial amount of time going over the server to make sure nothing had been compromised. Thursday morning I logged in as usual to find that we had had *another* breakin on the server, this time much more serious than the first. Someone was allegedly using virtual-city.virtual.net as a link in a chain of telnet sessions, ultimately ending up on IRC and behaving offensively and objectionably. I am still investigating this incident. Having two (or possibly more) crackers on the system within a 3 week time period has been something of a last straw. Since I had a hard deadline of December 1st to move the system anyway, I took it offline on Friday evening (Nov 19th). At this point, the server is shut down and sitting in my livingroom. I will be bringing it up again in the next few days, and am arranging a 56K line to the house for access; right now we only have PPP 14.4Kbps service at home. I am setting up an MX server so that mail to virtual.net will continue to be delivered, that should be in place by Tuesday evening. Virtual-city.virtual.net is going to get a complete system upgrade and security overhaul before it comes back online. I will be installing a LISTSERV style mail handler for registration and automated handling of queries. I will send an announcement when the software is in place, probably sometime during the Thanksgiving weekend. I will not be turning on the virtual-citizens mailing list until the LISTSERV is set up, as I cannot respond to add and delete requests in a timely fashion while I am contracting on outside work. Mail to virtual.net will not be working until the MX record and my secondary server are both in place, so please send mail to me at either of the following addresses: strata at fenchurch.mit.edu strata at hybrid.com Please continue to send me questions and suggestions, I will respond to each and every one, albeit rather slowly. Thanks for being patient. Even though I won't be able to do much in the way of power coding until early January, I have been getting a lot accomplished. This thing has a lot of moving parts, so I'm doing comprehensive design rather than hacking stuff together. Once some of the low-level stuff is actually coded and not just on paper we should hit critical mass within a fairly short time and VCN will start living up to its potential. I am hoping to open the service to City Builders and Freelance Architects in mid to late January. New Year's Party in the Virtual City Plaza? Could still happen, but probably not with most of the interactive multimedia originally planned, we're running about a month or two behind. But you never know, I'm looking into some great Tcl/Tk stuff that may not be hard to get running in the short term, even with the massive constraints on my time right now. I will send out updates as I know more, and invite all of you to test features as they materialize. I hope to make documentation available soon on the design of VCMTA and the VCNCoreLib. Right now I am pretty deep into designing the underlying structure of VCMTA, so I will be outsourcing a fair chunk of the actual MOO hacking on the server structure. At this point I have design specs for various VCNCoreLib features (the built-in 'bot specs, Eliza handlers, etc) and am interested in contracting out the actual implementation-- I am still a novice at low-level MOO coding and want to make sure this stuff is very clean and very solid! I have some limited funding available for server hacking, especially the load and unload core functions, so if you are an experienced MOO coder who would like to do some moonlighting, please contact me. The pay isn't great, but you'll be getting paid to write public-domain MOO code that will be part of something Way Cool, and to potentially co-author a paper on extensible server design that will be submitted to a major VR conference next year. Think of it as being a grad student at a non-accredited virtual university. Not to mention your name in virtual lights on the Marquee in every CityKit that goes out. :-) Those of you who have pet projects or ideas about facilities that should be included in the Virtual City Network, please send me mail, especially if you're interested in building them yourself and making them available for others to use. People who are interested in designing spaces in the city should start to design them on paper/in bits now so that they can upload them easily once VCN opens. We will be supporting HTML documents as well as plain text for room descriptions, and will be setting up a Rogue's Gallery of players for browsing. The Rogue's Gallery will be accessible via Gopher and WWW as well-- you can work on the text of your character's description and create GIF files of the character, your planned virtual spaces, etc, right now and then have them readily available to upload later. Feel free to get started now! Design your virtual spaces and the objects that should be in them, get busy on that artwork, and watch for more mail from us. Closing the gap between Theorem Et Practicum, _Strata M. Strata Rose Unix & Network Consultant, SysAdmin & Internet Information Virtual City Network strata at virtual.net | strata at hybrid.com | strata at fenchurch.mit.edu [Virtual City Network is a trademark of VirtualNet and M. Strata Rose.] From an12070 at anon.penet.fi Mon Nov 22 00:02:27 1993 From: an12070 at anon.penet.fi (S.Boxx) Date: Mon, 22 Nov 93 00:02:27 PST Subject: The Cypherpunk Glossary Message-ID: <9311220759.AA12395@anon.penet.fi> democracy -- (1) Government by the people, exercised either directly or through elected representatives. (2) a nation or social unit with this form of government. (3) Social and political equality and respect for the individual within the community. Medusa -- (1) A Gorgon with eyes that had the power to turn an onlooker into stone, who was slain by Perseus. anarchy -- (1) absence of any form of governmental authority or law. (2) political disorder and confusion. (3) absence of any cohering principle, as a common standard or purpose; disorder and confusion. guerilla -- A member of an irregular military force that uses harassing tactics against an enemy army, usu. with the support of the local population. conspiracy -- (1) an agreement to perform together an illegal or evil act. (2) a combining or acting together, as if by evil design: `a conspiracy of natural forces'. (3) Law. An agreement between two or more persons to commit a crime or to accomplish a legal purpose through illegal action. government -- (1) the act or process of governing, esp. the political administration of an area: `the government of a state.' (2) a system by which a political unit is governed: `democratic government'. (3) a governing body or organization. (4) political science. consensus -- collective opinion or concord; general agreement: `the consensus among the voters is that the new program is a good one.' agenda -- n. a list of things to be done, esp. the program for a meeting. police state -- A country or other political unit in which the government exercises rigid control over the social, economic, and political life, esp. by means of a secret police force. oppress -- tr.v. (1) to burden harshly, unjustly, or tyrannically. (2) to weigh heavily opon the mind or spirit. tyranny -- (1) a government in which a single ruler is vested with absolute power. (2) the office, authority, or jurisdiction of such a ruler. (3) absolute power, esp. when exercised unjustly or cruelly. (4) the arbitrary use of such power; a tyrannical act. (5) extreme harshness or severity; rigor. dictator -- n. (1) a ruler who has complete authority and unlimited power, esp. a tyrant. (2) a person who dictates. (3) in ancient Rome, a magistrate appointed temporarily to deal with an immediate crisis or emergency. autocracy -- n. (1) government by a single person having unlimited power; despotism. (2) a country or state having this kind of government. autocrat -- n. (1) a ruler with absolute or unrestricted power; despot. (2) any arrogant and domineering person. dictatorship -- n. (1) the position or rule of a dictator. (2) a. a form of government in which one person or class has complete authority and unlimited power. b. a country having such a government. tyrant -- n. (1) an absolute ruler who governs arbitrarily without constitutional or other restrictions. (2) a ruler who exercise power in a harsh, cruel manner, an oppressor. (3) any tyrannical or despotic person, esp. one who demands total obedience. poison -- n. (1) any substance that causes injury, illness, or death, esp. by chemical means. (2) anything that is destructive or fatal. (3) Chem. a substance that inhibits or retards a chemical reaction. tr.v. (1) to kill or harm with poison. (2) to put poison on or into: `poison a cup'. (3) a. to pollute: `noxious fumes poison the air.' b. to have a harmful influence on; to corrupt: `Jealousy posoned their friendship.' (4) chem. To inhibit or retard (a chemical reaction). confess -- tr.v. (1) a. to make known (one's sins) to a priest or to God. b. to hear the confession of. (2) to disclose or admit (a fault): `he confessed his mistake.' (3) to admit conversationally: `I must confess that I was surprised.' (4) to acknowledge belief or failth in. intr.v. (1) to admit or acknowledge a crime or deed: `the suspect confessed to the robbery.' (2) to tell one's sins to a priest. contrite -- (1) repentant for one's sins; penitent. (2) feeling or caused by contrition: `contrite words, contrite tears.' inquisition -- n. (1) the act of inquiring into a matter; an investigation. (2) an inquest. (3) Inquisition. In the Middle Ages, a tribunal of the Roman Cotholic Church established to seek out and punish those people considered guilty of heresy. (4) any investigation that violates the privacy or rights of individuals. insidious -- adj (1) working or spreading harmfully ina subtle or stealthy manner: `an insidious disease without warning signs.' (2) intended to entrap; treacherous: `an insidious plot.' accomplice -- n. One who aids or abets a lawbreaker in a criminal act but is not necessarily present at the time of the crime. treachery -- (1) willful betrayal of loyalty, confidene, or trust; perfidy; treason. (2) a disloyal or treasonous act. treason -- (1) the betrayal of one's country, esp. by giving aid to an enemy in wartime or by plotting to overthrow the government. (2) any betrayal of a trust. moral -- adj. (1) of or concerned with the principles of right and wrong in relation to human action or charactter; ethical. (2) teaching or exhibiting rightness or goodness of character and behavior: `a moral lesson.' (3) conforming to standards of what is right or just in behavior; virtuous: `a moral decision.' (4) arising from conscience or the sense of right and wrong: `a moral obligation.' (5) psychological rather than physical or concrete in effect: `a moral victory.' (6) based upon strong probability or conviction rather than actual evidence: `a moral certainty'. n. (1) the lesson or principle taught by a fable, story, or event. (2) a concisely expressed precept or general truth; maxim. (3) morals. principles or habits of what constitutes right or wrong conduct, esp. sexual conduct. morale -- n. the condition or attitude of an individual or group in regard to the willingness to perform assigned tasks, confidence, cheerfulness, and discipline. ethics -- n. (1) The branch of philosophy that deals with the general nature of good and bad and the specific moral obligations of and chioces to be made by the individual in his relationship with others. (2) the rules or standards governing conduct, esp. of the members of a profession. punish -- tr.v. (1) to subject to a penalty for a crime, fault, or misbehavior. (2) to inflict a penalty on a criminal or wrongdoer for (an offense). (3) to handle roughly, injure, hurt: `heavy rains punished the coastal towns.' intr.v. To give punishment. corrupt -- adj. (1) Lacking in moral restraint, depraved: `the corrupt court of an aging Roman emperor.' (2) Marked by or open to bribery, the selling of political favors, etc.; dishonest: `a corrupt judge.' (3) decaying; putrid. (4) containing errors or alterations, as a text: `a corrupt translation.' tr.v. (1) to destroy or subvert the honesty or integrity of, as by bribing. (2) to ruin the morality of; to pervert or debase: `Many fear that permissiveness will corrupt the youth of America.' (3) to cause or become rotten; spoil. (4) to change the original form of (a text, language, etc.) intr.v. To become corrupt. lie -- intr.v. (1) to present false information with the intention of deceiving: `lied about his prison record.' (2) to convey a false image or impression: `appearances often lie.' n. (1) a false statement deliberately presented as being true; a falsehood. (2) anything meant to deceive or give a wrong impression. propaganda -- (1) the communication of a given doctrine to large numbers of people, esp. by constant repetition. (2) ideas, information, or other material distributed for the purpose of winning people over to a given doctrine, often without regard to truth or fairness. cult -- n. (1) a system or community of religious worship and ritual, esp. one focusing upon a single deity or spirit: `the cult of Dionysus.' (2) a. obsessive devotion or veneration for a person, priniciple, or ideal. b. the object of such devotion. (3) a group of persons sharing a common interest: `a fashionable political cult.' bystander -- n. A person who is present at some event without participating in it. integrity -- n. (1) strict personal honesty and independence: `a man of integrity'. (2) completeness; unity: `a movie shown without interruptions to maintain its integrity.' (3) the state of being unimpaired; soundness. honest -- adj. (1) marked by or displaying truthfulness and integrity; upright. (2) not deceptive or fraudulent; genuine: `honest weight'. (3) conforming to fact or to the truth; not false: `honest reporting'. (4) frank and straigtforward; sincere: `an honest opinion; an honest face.' (5) without disguise or pretense: `honest pleasure'. (6) Archaic. Chaste; virtuous. honesty -- n. (1) the quality or state of being honest; integrity. (2) truthfulness; sincerity: `in all honesty.' true -- adj. (1) consistent with fact or reality; right; accurate. (2) not imitation or counterfeit; real or genuine: `true gold.' (3) faithful; loyal: ``this above all, to thine own self be true'' (Shakespear). (4) Rightful; legitimate. (5) sincerely felt or expressed: `speaking with true emotion.' (6) a. rightfully bearing the name; properly so called: `the true vampire bat can be found only in the New World.' b. having the characteristics associated with a certain group or type; typical: `he was lusty and thickset, a true Dutchman.' c. exactly conforming to an orginal or standard: `a true copy of the birth certificate.' adv. (1) rightly; truthfully: `she speaks true.' (2) without swerving froma course; accurately: `I'll sail the ship straight and true.' pseudonym -- n. A fictitious name, esp. one assumed by an author; pen name. hypocrisy -- n. The practice or act of professing virtues and beliefs that one does not possess. pure -- (1) having a homogeneous or uniform composition; not mixed: `pure oxygen.' (2) free from adulterants or impurities; full-strength: `pure chocolate'. (3) free from dirt, defilement, or pollution. (4) free from foreign elements. (5) containing nothing inappropriate or extraneous: `a pure literary style.' (6) complete,; utter: `pure folly'. (7) without faults; perfect; sinless. (8) chaste; virgin. (9) of unmixed blood or ancestry. (10) genetics. Breeding true to parental type; homozygous. (11) Theoretical rather than applied: `pure science'. poseur -- n. a person who assumes a false attitude, character, or manner to impress others. tax -- n. (1) a charge or contribution required of persons or groups within the domain of a government for the support of that government. (2) an excessive demand; a strain. tr.v. (1) to place a tax on income, property,goods, etc. (2) to exact a tax or taxes from. (3) to make difficult or excessive demands upon: `overpopulation taxes a nation's resources.' fraud -- n. (1) a deception deliberately practiced in order to secure unfair or unlawful gain. (2) a piece of trickery; a swindle. (3) a. a person who defrauds; a cheat. b. a person who assumes a false pose. psychopath -- n. a person with a severe personality disorder, esp. one manifested in aggressively antisocial behavior. psychosis -- n. Any of a class of serious mental disorders in which the mind cannot function normally and the ability to deal with reality is impaired or lost. egomania -- n. obsessive preoccupation with the self; extreme egotism. fair -- adj. (1) pleasing to look at; beautiful; lovely: `a fair maiden'. (2) lightin color: `fair hair; fair skin.' (3) free of clouds or storms: `fair weather.' (4) characterized by evenhanded honesty; just: `fair play; a fair trial.' (5) neither good nor bad; average: `the movie was only fair.' (6) consistent with rules or logic: `a fair question'. (7) lawful to hunt or attack: `fair game.' adv. (1) in a fair manner; properly: `I believe in palying fair.' (2) directly; squarely; straight: `a blow caught fair in the stomach'. hoax -- n. Something, as a joke or fraud, that is intended to deceive or trick others. society -- n. (1) human beings in general. (2) a group of people with a common culture or way of life. (3) a group of people who unite to share a common interest: `a stamp collecting society'. (4) the rich and fashionable social class: `her introduction into society'. (5) companionship; company. obsession -- n. (1) an excessive preoccupation with an idea or emotion. (2) an often unreasonable idea or emotion that is the cause of an obsession. monomania -- (1) a mental disorder characterized by an obsession with one idea. (2) an intense preoccupation with or exaggerated enthusiasm for one subject or idea. persecute -- tr.v. (1) to cause to suffer, esp. on account of politics, religion, etc.; oppress. (2) to annoy persistently; to bother. censor -- n. (1) a person authorized to examine literature, plays, etc., and who may remove or suppress the sections considered morally or otherwise objectionable. (2) in ancient Rome, one of two officials responsible for supervising the public census and public behavior and morals. tr.v. to examine and expurgate. hallucination -- n. (1) an illusion of seeing, hearing, or otherwise sensing something that does not really exist; false perception. (2) something, as a vision or image, that occurs as a hallucination. insanity -- n. (1) serious mental illness or disorder. (2) a. Civil Law. unsoundness of mind sufficient, in the judgement of a court, to render a person unfit to maintain a legal relationship or to warrant commitment to a mental hospital. b. Criminal Law. A degree of mental malfunctioning sufficient to prevent the accused from knowing right from wrong. (3) a. extreme foolishness; total folly. b. something foolish. arrogant -- adj. Excessively and unpleasantly self-important, as in disregarding all other opinions but one's onwn; haughty; conceited: `arrogant boasts'. effigy -- n. 1. A painted or sculptured representation of a person, as on a stone wall or monument. 2. A crude image or dummy fashioned in the likeness of a hated or depised person. egomania -- obsessive preoccupation with the self; extreme egotism. vain -- adj. (1) not successful; futile: `a vain attempt'. (2) lacking substance or worht; hollow: `vain talk.' (3) overly proud of one's appearance or accomplishments; conceited. idiom. in vain. (1) to no avail; without success. (2) in an irreverent or disrespectful manner: `take the name of the Lord in vain.' vainglory -- n. (1) excessive pirde and vanity. (2) vain and ostentatious display. impostor -- n. A person who deceives by pretending to be someone else. pervert -- tr. v. (1) to cause to turn from what is considered the right or moral course; to corrupt. (2) to employ wrongly or incorrectly; misuse: `perverted the law to suit his own ends.' (3) to interpret incorrectly: `an analysis that perverts the meaning of the poem.' n. Someone whose sexual behavior is considered abnormal or unnatural. depravity -- moral corruption; a depraved condition. (2) a wicked or perverse act. delusion -- n. (1) a. the act of deluding; deception. b. the condition of being deluded. (2) a false belief held in spite of evidence to the contrary, esp. as a condition of certain forms of mental illness. truth -- n. (1) conformity to knowledge, fact, or actuality; veracity. (2) something that is the case; the real state of affairs: `tell the truth'. (3) reality; actuality: `even before the Appomattox the Civil War was in truth over.' (4) a statement proven to be or accepted as true: `scientific truths'. (5) sincerity; honesty: `tyhere was no truth in his speech or character.' leader -- (1) A person who leads others along a way; a guide. (2) A person in charge or in command of others. (3) a. The head of a political party or organization. b. A person who has an influential voice in politics. (4) a. The conductor of an orchestra, band, or choral group. b. the principal performer of an orchestral section, as the first violinist. (5) the foremost horse or other draft animal in a harnessed team. brainwash -- tr.v. to indoctrinate (someone) until he is willing to give up his own beliefs and passively accept an opposing set of beliefs. tentacle -- n. (1) Zool. One of the narrow, flexible, unjointed parts that extend from the body of certain animals, as an octopus, used for grasping, moving, etc. (2) Bot. One of the hairs on the leaves of insectivorous plants, as the sundew. (3) something resembling a tentacle, esp. in the ability to grasp or hold. attack -- (1) to set upon with violent force; begin hostilities against or a conflict with. (2) to criticize strongly or in a hostile manner. (3) to start work on with purpose and vigor: `attack a problem'. (4) to affect harmfully; afflict: `flu attacked thousands of people.' intr.v. to make an attack; launch an assault: `the troops attacked at dawn.' n. (1) the act of attacking; an assault. (2) occurrence or onset of a disease. (3) the initial movement in any task or undertaking: `an attack on a messy room.' (4) mus. the manner in which a tone, phrase, or passage is begun: a hard, cutting attack. evade -- tr.v. (1) to get away from by cleverness or deceit: `evade arrest.' (2) to avoid fulfilling, answering, or performing: `evade responsibility'. (3) to baffle or elude: `the accident evades explanation.' intr.v. To use cleverness or deceit in avoiding or escaping. harass -- (1) to bother or torment repeatedly and persistently. (2) to carry out repeated attacks or raids against. crime -- (1) an act committed or omitted in violation of a law for which punishment is imposed upon conviction. (2) unlawful activity in general: `crime in the suburbs is on the rise.' (3) any serious wrongdoing or offense, esp. against morality; a sin. (4) an unjust or senseless act or condition: ``It's a crime that so many people live in poverty.'' (5) informal. a shame; a pity: `It's a crime to waste food.' privacy -- (1) the condition of being secluded or isolated from contact with others. (2) concealment; secrecy. torment -- n. (1) great physcial pain or mental anguish; agony. (2). a source of harassment or pain. (3) torture or suffering inflicted on prisoners, as in the proceedings of the Inquisition. tr.v. (1) to cause to undergo great physical or mental anguish. (2) to annoy, pester, or harass; worry. phantom -- n. (1) something apparently seen, heard, or sensed, but having no phusical reality. (2) a ghost; specter. (3) an image that appears only in the mind. adj. (1) unreal; ghostlike. (2) phoney; fictitious: `a phantom caller'. accusation -- n. (1) the act of accusing or condition of being accused. (2) Law. A formal charge that a person is guilty of some punishable offense. paranoia -- n. (1) a serious mental disorder in which a person imagines himself to be persecuted and often has an exaggerated idea of his own importance. (2) irrational fear for one's security. traitor -- n. A person who betrays his country, a cause, or a trust, esp. one who has committed treason. disrupt -- tr.v. (1) to throw into confusion or disorder. (2) to interrupt or impede the progress or continuity of: `floods disrupted communications.' (3) to break or burst; rupture. pretend -- tr.v. (1) to put on a false show of; feign: `pretend illness.' (2) to claim or allege insincerely or falsely; profess: `pretended ignorance of the problem.' (3) to represent fictitiously in play; make believe. (4) to take upon oneself; venture: ``whether my bullets did any execution or not I cannot pretend to say.'' (W.H. Hudson). intr.v. (1) to give a false appearance, asin deceiving or playing: ``He's only pretending.'' (2) to put forward a claim: ``a nobleman who pretends to the throne.'' disreputable -- adj. Not respectable in character, action, or appearance: `a disreputable establishment; a disreputable businessman.' appropriate -- adj. suitable for a particular person, condition, occasion, or place; proper; fitting: ``apropriate clothes; an appropriate blend of music and text.'' authority -- (1) a. the right and power to command, enforce laws, determine, etc.: ``the principal had the authority to close the school.'' b. A person, group, or organization that has this right and power: `school authorities; the Transit Authority.' (2) Power delegated to others; authorization: `you have my authority to decide.' (3) an accepted source of expert information or advice, as a bookk or person: ``an authority on history.'' (4) an expert in a given field: ``a well-known plant authority.'' (5) power to influence or to affect resluting from knowledge or experience: ``write with authority.'' courtesy -- n. (1) polite behavior; gracious manner or manners. (2) a polite gesture or remark: ``He aluted me, and I returned the courtesy.'' (3) consent or favor; indulgence: ``received a fruit basket by courtesy of the hotel.'' movement -- n. (1) the act, process, or an instance of moving. (2) a group engaged in actions intended to achive a specific goal: `the labor movement.' (3) a tendency or trend: `a movement toward fiscal conservatism.' (4). a. An evacuation of the bowels. b. the matter so evacuated. (5) Mus. a. a section of a large composition, as a symphony or sonata. b. Rhythm; tempo. (6) a mechanism that producs motion, as the works of a watch. pariah -- n. (1) a member of a low caste of workers in southern India and Bruma. (2) a person who has been excluded from society, an outcase. cooperation -- n. (1) joint action: ``this treaty will promote international cooperation.'' (2) assistance; support: ``the principal sought the cooperation of the students.'' (3) willingness to cooperate: ``please show more cooperation.'' cabal -- n. (1) a small group of people organized to carry out a secret plot or conspiracy. (2) a secret scheme or plot organized by such a group. intr.v. to form a cabal; plot; conspire. cacophony -- n. harsh, jarring, dischordant sound; dissonance. stalemate -- n. (1) a drawing position in chess in which only the king can move and although not in check can move only into check. (2) a situation in which further progress is impossible; a deadlock. tr.v. to bring to a stalemate. discord -- n. (1) lack of agreement or accord; dissension: `discord within the government.' (2) a confused or harsh mingling of sounds. (3) Mus. A combination of simulatneously sounded tones that is considered to sound harsh or unpleasant; dissonance. subvert -- tr.v. (1) to destory or overthrow completely; ruin. (2) to undermine the character, morals, or allegiance of; corrupt. martyr -- n. (1) a person who suffers death rather than renouncing a religious principle or belief. (2) a person who makes great sacrifices or suffers a great deal for a cause or principle. (3) a person who endures great suffering. tr.v. (1) to make a martyr of. (2) to inflict great pain or suffering upon; torture. public -- adj. (1) of, concerning, or affecting the community or the people: `the public good.' (2) maintained for or used by the people or comunity: `a public park.' (3) participated in or attended by the people or community: ``public worhsip.'' (4) connected with or acting on behalf of the people, community, or government, rather than private matters or interests: ``public office.'' (5) open to the knowledge or judgement of all: ``made the testimony public.'' n. (1) the community or the people as a whole. (2) a group of people sharing a common interest: ``the reading public.'' (3) admirers or followers, esp. of a celebrity. revolt -- intr.v. (1) to attempt ot overthrow the authority of the stae; rebel. (2) to oppose or refuse to accept something: `revolt against high taxes.' tr.v. to fill with disgust; repel. n. (1) an uprising, esp. against state authority; rebellion. (2) an act of opposition or rejection. (3) the condition of opposition or rebellion: be in revolt. revolution -- n. (1) a. movement in an orbit around a point, esp. as distinguished from rotation on an axis. b. a spinning or rotation about an axis. c. a single complete cycle of motion about a point in a closed path. (2) a sudden or momentous change in any situation: `the revolution in physics.' (3) a sudden political overthrow or seizure of power brought about from within a given system. scapegoat -- n. someone or something that bears the blame for others. blind -- adj. (1) without the sense of sight; sightless. (2) performed without the use of sight: `blind navigation.' (3) unwilling or unable to perceive or understand: `she was blind to his faults.' (4) nto based on reason or evidence: `blind faith'. (5) without forethought or reason: `in a blind rage'. (6) hidden or screened from sight: `a blind intersection.' (7) closed at one end: `a blind alley'. (8) having no opening: `a blind wall.' (9) Informal. Drunk. n. (1) something that shuts out light or hindes vision, as on windows. (2) a shelter for concealing hunters. (3) something that conceals the true nature of an activity, esp. of an illegal or improper one; a subterfuge. adv. (1) without being able to see; blindly: `fly blind.' tr.v. (1) to deprive of sight. (2) to deprive (a person) of judgement or reason: `Greed blinded him to the dange.' (3) to dazzle. sabotage -- n. (1) the destruction of property property or the obstruction of normal operations, as by enemy agents in time of war. (2) any treacherous action to defeat or hinder a cause. tr.v. to commit sabotage against. infiltrate -- tr.v. (1) to pass (a liquid or gas) into something through small openings. (2) to fill or saturate with a liquid or gas passed through small openings. (3) to enter gradually or secretly: `foreign agents infiltrated the organziation.' intr.v. to gain entrance gradually or secretly. n. a substance that accumulates gradually in bodily tissues. subterfuge -- n. an evasive plan or tactic used to avoid capture or confrontation. ignorant -- adj. (1) without education or knowledge. `an ignorant person.' (2) exhibiting lack of education or knowledge: `ignorant assumptions'. (3) unaware or uninformed: `not having seen a newspaper, she was ignorant of the day's events.' patriotism -- n. love of and devotion to one's country. etiquette -- n. teh body of rules governing correct behavior among people, in a profession, etc.: `court etiquette; military etiquette.' rant -- intr.v. To speak violently, loudly, and at length; rave: `ranted against high taxes.' n. A loud, violent speech; a tirade. reality -- (1) the condition or quality of being real or true; actual existence. (2) a person, thing, or event that is real. exorcize -- tr.v. (1) to expel (an evil spirit) by or as if by incantation or prayer. (2) to free from evil spirits. facade -- n. (1) the main face or front of a building. (2) the face or front part of anything, esp. an artificial or false front: ``of the most famous people we know only the imposing facade'' (Edith Hamilton). false -- 1. a. contrary to fact or truth; erroneous: `a false assumption.' b. arising from mistaken ideas: `false hopes.' (2) marked by an intent to deceive; untruthful: `a false accusation'. (3) funfaithful, disloyal: `a false friend.' (4) a. not natural; artificial: `false teeth'. b. not real or genuine: `a false name'. (5) Mus. Wrong in pitch. humility -- n. the quality or condition of being humble; lack of pride. mockery -- n. (1) scornful contempt; ridicule; derision. (2) a specific example of ridicule or derision. (3) an object of scorn or ridicule. (4) a false, ridiculous, or impudent imitation; a travesty: `the trial was a mockery of justice.' network -- n. (1) an open fabric or structure in which cords, threads, or wires cross at regular intervals. (2) a system or pattern made up of a number of parts, passages, lines, or routes that cross, branch out, or interconnect: `a netowrk of roads and railways; a network of veins.' (3) a chain of interconnected radio or televion broadcasting stations, usu. sharing a large proportion of their programs. (4) a group or system of electrinc components designed to function in a specific manner. manipulate -- (1) to operate or manage by skilled use esp. of the ahnds. (2) to influence or manage shrewdly or skillfully: `manipulated public opinion.' (3) to manage artfully or deceitfully for personal gain or advantage. masquerade -- n. (1) a. a costume ball or party at which masks and elaborate costumes are worn. (2) any false outward show or pretense: `a masquerade of humility.' intr.v. (1) to wear a mask or disguise, as at a masquerade. (2) to have a deceptive appearance: `a sermon masquerading as a novel.' ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From kpj at sics.se Mon Nov 22 04:17:34 1993 From: kpj at sics.se (kpj at sics.se) Date: Mon, 22 Nov 93 04:17:34 PST Subject: Secure Drive 1.0 is here! In-Reply-To: <01H5ISFUCUO290NQ6V@delphi.com> Message-ID: <9311221215.AA02692@sics.se> I wonder if you really can have a Copyleft and disallow the program source to anybody outside the United States and Canada. As you write the code is under Copyleft, I hereby ask you for a copy of it. FYI: I am situated in the state of Sweden in Europe. What is your reply to this? From jrk at sys.uea.ac.uk Mon Nov 22 06:08:37 1993 From: jrk at sys.uea.ac.uk (Richard Kennaway) Date: Mon, 22 Nov 93 06:08:37 PST Subject: anonymous postings and trust Message-ID: <28095.9311221412@s5.sys.uea.ac.uk> Black Unicorn writes: >You would have preferred that I quote the entire thread and then >add my comment? Or is it the lack of accompanying detail in >the comment that you resent? It's mainly the lack of detail. As you and others point out, any "Fred Jones" might be a covert pseudonym, and even if it isn't, I may know equally little about its holder as abut a "Black Unicorn". So yes, it's a matter of reputations rather than true names. Obvious anonymity just makes it more noticeable. >[further details about Black Unicorn] Somehow, this makes your posting about the existence of Liechtenstein numbered accounts much more plausible, even though I have no practical way of verifying any of the circumstantial detail which (to coin a phrase) adds verisimilitude to an otherwise bald and unconvincing narrative. I can't put my finger on why this is. >Should you be more interested >in detail, I would be happy to discuss what I can in person, by >telephone, or in encrypted E-Mail, in descending order of the >detail I would be willing to disclose. Even though you don't really know who I am? I mostly lurk here, but although I'm moderately active on a couple of other mailing lists and newsgroups, even if you looked at what I write there and verified the info in my .sig, it seems to me you'd need to do some further investigation to be safe in making potentially job-threatening disclosures to me over any of these media. This raises the question of how we come to trust people in RL situations where obvious anonymity is not present. In short, why should we believe anything that anyone says at all? If we don't check their claims by personal observation, why believe them? If we can check them, why not do so instead? How is a reputation for trustworthiness built in the first place? I'm just rambling, so I'll shut up for now. -- ____ Richard Kennaway __\_ / School of Information Systems Internet: jrk at sys.uea.ac.uk \ X/ University of East Anglia uucp: ...mcsun!ukc!uea-sys!jrk \/ Norwich NR4 7TJ, U.K. From Lyle_Seaman at transarc.com Mon Nov 22 07:05:10 1993 From: Lyle_Seaman at transarc.com (Lyle_Seaman at transarc.com) Date: Mon, 22 Nov 93 07:05:10 PST Subject: Zen Master In-Reply-To: <9311200525.AA25278@anon.penet.fi> Message-ID: <0gwBGc_SMUw840mUFH@transarc.com> Reads like another L.D. "tentacle", doesn't it? Seems like the only person who clearly has multiple identities on this list is the devil himself. an12070 at anon.penet.fi (Zen Master) writes: > It seems to me that all are examples of how evasion, stonewalling, and > counterattacks on Truth-seeking probes, by high-ranking officials > seeking to promote unsavory or criminal personal `agendas' and their > own respectability at all costs, led to monstrous consequences that > demolished public trust in their most delicate and hallowed > institutions for decades. Truly black consequences. > > Cypherpunks, you call it. From jrk at sys.uea.ac.uk Mon Nov 22 09:05:06 1993 From: jrk at sys.uea.ac.uk (Richard Kennaway) Date: Mon, 22 Nov 93 09:05:06 PST Subject: Zen Master Message-ID: <4636.9311221707@s5.sys.uea.ac.uk> Lyle Seaman writes: >Reads like another L.D. "tentacle", doesn't it? > >an12070 at anon.penet.fi (Zen Master) writes: Don't look at the readable id, look at the an12070 part. Whether S.Boxx == L.Detweiler or not, S.Boxx and Zen Master (and one or two other nyms) are posting from one and the same account. Boxx, if you want to play the Medusa, changing the nick on your penet account doesn't hack it. -- ____ Richard Kennaway __\_ / School of Information Systems Internet: jrk at sys.uea.ac.uk \ X/ University of East Anglia uucp: ...mcsun!ukc!uea-sys!jrk \/ Norwich NR4 7TJ, U.K. From sameer at uclink.berkeley.edu Mon Nov 22 10:22:39 1993 From: sameer at uclink.berkeley.edu (sameer at uclink.berkeley.edu) Date: Mon, 22 Nov 93 10:22:39 PST Subject: Zen Master In-Reply-To: <4636.9311221707@s5.sys.uea.ac.uk> Message-ID: <199311221820.KAA10752@mail.netcom.com> Richard Kennaway said: > > Lyle Seaman writes: > >Reads like another L.D. "tentacle", doesn't it? > > > >an12070 at anon.penet.fi (Zen Master) writes: > > Don't look at the readable id, look at the an12070 part. Whether S.Boxx == > L.Detweiler or not, S.Boxx and Zen Master (and one or two other nyms) are > posting from one and the same account. > > Boxx, if you want to play the Medusa, changing the nick on your penet > account doesn't hack it. > Is there a way to get elm filters to look at the "body" of a message, as well? (I'll look into it, yes, I do know how to RTFM.. just posting the suggestion, in a roundabout way.) body = detweiler ? save /dev/null body = s.boxx ? save /dev/null From mimir at u.washington.edu Mon Nov 22 10:22:59 1993 From: mimir at u.washington.edu (Al Billings) Date: Mon, 22 Nov 93 10:22:59 PST Subject: Secure Drive 1.0 is here! In-Reply-To: <9311221215.AA02692@sics.se> Message-ID: On Mon, 22 Nov 1993, kpj at sics.se wrote: > I wonder if you really can have a Copyleft and disallow the program source > to anybody outside the United States and Canada. As you write the code is > under Copyleft, I hereby ask you for a copy of it. FYI: I am situated in > the state of Sweden in Europe. What is your reply to this? It isn't very smart asking him in a public forum, especially one that is pretty known to be monitored by at least some government agents. No matter what his opinion is, he's going to have to say "No." It is ILLEGAL for him to export it and you just basically stood up and yelled "Fire!" to every Fed on the list. (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*) | Al Billings aka Grendel Grettisson | "You are, each one, a priest, | | mimir at u.washington.edu | Just for yourself." | | Sysop of The Sacred Grove (206)322-5450 | | | Admin for Troth-L, The Asatru E-Mail List | -Noble Drew Ali- | (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*) From kpj at sics.se Mon Nov 22 10:38:00 1993 From: kpj at sics.se (kpj at sics.se) Date: Mon, 22 Nov 93 10:38:00 PST Subject: Secure Drive 1.0 is here! In-Reply-To: Message-ID: <9311221837.AA23712@sics.se> | It isn't very smart asking him in a public forum, especially one that is | pretty known to be monitored by at least some government agents. No | matter what his opinion is, he's going to have to say "No." It is ILLEGAL | for him to export it and you just basically stood up and yelled "Fire!" | to every Fed on the list. Naturally. I expect him to refuse. My whole question is whether it is valid to use Copyleft on code which is not freely copyable over national boundaries. From mimir at u.washington.edu Mon Nov 22 10:42:43 1993 From: mimir at u.washington.edu (Al Billings) Date: Mon, 22 Nov 93 10:42:43 PST Subject: Secure Drive 1.0 is here! In-Reply-To: <9311221837.AA23712@sics.se> Message-ID: On Mon, 22 Nov 1993, kpj at sics.se wrote: > | It isn't very smart asking him in a public forum, especially one that is > | pretty known to be monitored by at least some government agents. No > | matter what his opinion is, he's going to have to say "No." It is ILLEGAL > | for him to export it and you just basically stood up and yelled "Fire!" > | to every Fed on the list. > > Naturally. I expect him to refuse. My whole question is whether it is > valid to use Copyleft on code which is not freely copyable over national > boundaries. It is not his fault that he can't give it to you. He's made it freely available. If national boundaries interfere and paranoid US laws don't let him, I don't think you can blame HIM for that. (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*) | Al Billings aka Grendel Grettisson | "You are, each one, a priest, | | mimir at u.washington.edu | Just for yourself." | | Sysop of The Sacred Grove (206)322-5450 | | | Admin for Troth-L, The Asatru E-Mail List | -Noble Drew Ali- | (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*) From kpj at sics.se Mon Nov 22 10:45:06 1993 From: kpj at sics.se (kpj at sics.se) Date: Mon, 22 Nov 93 10:45:06 PST Subject: Secure Drive 1.0 is here! In-Reply-To: Message-ID: <9311221843.AA24116@sics.se> | It is not his fault that he can't give it to you. He's made it freely | available. If national boundaries interfere and paranoid US laws don't | let him, I don't think you can blame HIM for that. You are ``beating a dead horse''. I never wrote it was, is, or will be his fault. Nor did I blame him for anything. From peb at PROCASE.COM Mon Nov 22 10:47:41 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Mon, 22 Nov 93 10:47:41 PST Subject: Secure Drive 1.0 is here! Message-ID: <9311221844.AA14970@ada.procase.com> Since IDEA was developed outside the US, doesn't that mean it there essentially is no exporting of cryptography going on here? To be perfectly invulnerable, the code could be distributed internationally without any encryption algorithm--simply add the crypto you want that is easily obtainable. (Of course, selling crypto is the real trigger for getting attention. A copy-left certainly isn't selling.) Paul E. Baclace peb at procase.com From kpj at sics.se Mon Nov 22 10:52:42 1993 From: kpj at sics.se (kpj at sics.se) Date: Mon, 22 Nov 93 10:52:42 PST Subject: Secure Drive 1.0 is here! In-Reply-To: <9311221844.AA14970@ada.procase.com> Message-ID: <9311221849.AA24461@sics.se> | Since IDEA was developed outside the US, doesn't that mean it there | essentially is no exporting of cryptography going on here? To be | perfectly invulnerable, the code could be distributed internationally | without any encryption algorithm--simply add the crypto you want that | is easily obtainable. Actually, there are several operatib system products that do exactly that. Ex: X Windows, BSD | (Of course, selling crypto is the real trigger for getting attention. | A copy-left certainly isn't selling.) Actually, this highlights the absurdity of the old Cold War rules. From loofbour at cis.ohio-state.edu Mon Nov 22 11:22:41 1993 From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow) Date: Mon, 22 Nov 93 11:22:41 PST Subject: Secure Drive 1.0 is here! In-Reply-To: Message-ID: <9311221919.AA15082@styracosaur.cis.ohio-state.edu> Al Billings writes: > On Mon, 22 Nov 1993, kpj at sics.se wrote: > > Naturally. I expect him to refuse. My whole question is whether it is > > valid to use Copyleft on code which is not freely copyable over national > > boundaries. > > It is not his fault that he can't give it to you. He's made it freely > available. If national boundaries interfere and paranoid US laws don't > let him, I don't think you can blame HIM for that. IMHO, the relevant section of the GPL, version 2 -- assuming that this is the version of the license Mike Ingle intends -- is as follows: > 7. If, as a consequence of a court judgment or allegation of patent > infringement or for any other reason (not limited to patent issues), > conditions are imposed on you (whether by court order, agreement or > otherwise) that contradict the conditions of this License, they do not > excuse you from the conditions of this License. If you cannot > distribute so as to satisfy simultaneously your obligations under this > License and any other pertinent obligations, then as a consequence you > may not distribute the Program at all. For example, if a patent > license would not permit royalty-free redistribution of the Program by > all those who receive copies directly or indirectly through you, then > the only way you could satisfy both it and this License would be to > refrain entirely from distribution of the Program. The interpretation(s) are left to the cypherpunk esquires. nathan From nowhere at bsu-cs.bsu.edu Mon Nov 22 11:58:43 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Mon, 22 Nov 93 11:58:43 PST Subject: Applied Cryptography Errata (fwd) Message-ID: <9311221959.AA16549@bsu-cs.bsu.edu> From: schneier at chinet.chinet.com (Bruce Schneier) Subject: APPLIED CRYPTOGRAPHY Errata 1.0 - Please Distribute Far and Wide Message-ID: Organization: Chinet - Public Access UNIX Date: Mon, 22 Nov 1993 16:33:25 GMT This is the errata sheet to APPLIED CRYPTOGRAPHY. Copy it; send it to your friends; post it on ftp sites. For an on-line copy of the books table or contents and index, and information on how to buy a paper copy of the book, please e-mail me directly. If you find any more errors, pleasee-mail me directly as well. Bruce **************************************************************************** APPLIED CRYPTOGRAPHY ERRATA Version 1.0 - November 22, 1993 Page xvii: Third sentence, first line. "Part IV" should be "Part III". Page 6: Sixth and seventh lines. "against symmetric" should be "against a symmetric". Page 8: Second paragraph, first line. "q code" should be "a code". Page 13: Third paragraph. Delete parenthetical remark. Page 13: Fifth paragraph, first line. "Shift the key" should be "shift the ciphertext". Page 15: Section 1.3, first line. "Throughout the book use" should be "Throughout the book I use". Page 28: Third paragraph, third and fourth sentences should be "How to put mail in a mailbox is public knowledge. How to open the mailbox is not public knowledge." Page 30: "Attacks Against Public Key Cryptography," second paragraph. "The database also has to be protected from access by anyone" should be "The database also has to be protected from write access by anyone". Page 40: Third line. "computer can exist" should be "computer can be". Page 51: Step 5. "with what he received from Bob" should be "with what he received from Alice". Page 77: "Flipping Coins into a Well," first line. "neither party learns the result" should be "Alice and Bob don't learn the result". Page 90: Last paragraph. "step (3)" should be "step (4)". Page 91: Second line. "step (3)" should be "step (4)". Page 93: "Blind Signatures," first line. "An essential in all" should be "An essential feature in all". Page 98: First paragraph after protocol, fourth line. "to determine the DES key with the other encrypted message" should be "to determine the DES key that the other encrypted message was encrypted in." Page 131: Fifth paragraph. "each capable of checking 265 million keys" should be "each capable of checking 256 million keys". Page 141: "Reduced Keyspaces," last sentence. "don't expect your keys to stand up" should be "don't expect short keys to stand up". Page 157: Figure 8.2. "IO" should be "IV". Page 159: Figure 8.3. "IO" should be "IV". Page 164: Figure 8.7. "IO" should be "IV". Page 165: Last equation. There should be a "(P)" at the end of that equation. Page 178: Figure 8.20. In "Node 2", the subscripts should be "D_2" and "E_3". Page 191: First paragraph. "EBCDIC" should be "BAUDOT". Page 198: Fourth paragraph from bottom, second sentence. "If a and b are positive and a is less than n, you can think of a as the remainder of b when divided by n" should be "If a and b are positive and b is less than n, you can think of b as the remainder of a when divided by n". Page 199: Middle of the page. In the sentence "Calculating the power of a number modulo a number", a should not be italicized. Page 202: Middle of the page. In the sentence "Now, how do you go about finding the inverse of a modulo n?" "a" should be italicized. Page 214: Last line. "n" should be "p". Page 215: Lehman test, step 5. All three "(n-1)/2" should be exponents. Page 222: "Validation and Certification of DES Equipment," first line. "As part of the standard, the DES NIST" should be "As part of the DES standard, NIST" Page 228: Fourth paragraph, last line. "0 to 16" should be 0 to 15". Page 229: Fifth paragraph should read: "For example, assume that the input to the sixth S-box (that is, bits 31 through 36 of the XOR function) are 110010. The first and last bits combine to form 10, which corresponds to row 3 of the sixth S-box. The middle four bits combine to form 1001, which corresponds to column 9 of the same S-box. The entry under row 3, column 9 of S-box 6 is 0. (Remember, we count rows and columns from 0, and not from 1.) The value 0000 is substituted for 110010. Page 238: Last line before "Additional Results." "NSA" should be "IBM". Page 238: "Differential Cryptanalysis," third paragraph. "(1/16)^2" should be "(14/16)^2" and "5%" should be "77%". Page 250: The two functions should be: S_0(a,b) = rotate left 2 bits (a+b) mod 256) S_1(a,b) = rotate left 2 bits (a+b+1) mod 256) Note the difference in parentheses. Page 250: Figure 11.4. Note that a is broken up into four 8-bit substrings, a_1, a_2, a_3, and a_4. Page 251: Figure 11.6. The definitions for S_0 and S_1 are incorrect. See corrections from previous page. Page 262: Figure 11.9. There is a line missing. It should run from the symbol where Z_5 is multiplied with the intermediate result to the addition symbol directly to the right. Page 265: Figure 11.10. There is a line missing. It should run from the symbol where Z_5 is multiplied with the intermediate result to the addition symbol directly to the right. Pages 266-7: Since the publication of this book, MMB has been broken. Do not use this algorithm. Page 267: Sixth line from bottom. Footnote should be "[255]". Page 269: "Skipjack." First paragraph. Footnote should be "[654]". Page 271: Middle of the page. "(for example, MD2, MD5, Snefru" should be "(for example, MD2, MD4, Snefru". Page 272: Second to last line. "But it is be analyzed" should be "but it is being analyzed". Page 286: Second to last line. "Eve wants to Alice to" should be "Even wants Alice to". Page 295: First line. "Alice picks t random numbers fewer than n" should be "Alice picks t random number less than n". Page 301: Middle of the page. Delete the sentence "Since the math is all correct, they do this step." Page 305: Third paragraph, parenthetical remark. "DES meant that both" should be "DES mean both". Page 306: Fourth paragraph. Delete the word "cryptographers". Page 307: "Description of the Algorithm." "p = a prime number 2^L bits long" should be "p = a prime number L bits long". Page 330: Definitions of FF, GG, HH, and II. In all of them, "a = b +" should be "a = a +". Page 347: Second paragraph. "(For example, m should be chosen to be a prime number.)" should be "(For example, c and m should be relatively prime.)" Page 351: Second line of text. "they hold current" should be "they hold the current". Page 353: Second paragraph. "are often used from stream ciphers" should be "are often used for stream ciphers". Page 356: Source code. "ShiftRegister = (ShiftRegister ^ (mask >> 1))" should be "ShiftRegister = ((ShiftRegister ^ mask) >> 1)". Page 362: Figure 15.10. "LFSR-B" should be "LFSR- A" and vice versa. The second "a(t+n-1)" should be "a(t+n)", and the second "b(t+n-1)" should be "b(t+n)". Page 365: "Blum-Micali Generator." In the equation, "x_i" should be an exponent, not a subscript. Page 391: Second protocol, step (1). "in his implementation of DES" should be "in his implementation of DSS". Page 436: "Pretty Good Privacy." Third paragraph. Delete third sentence. Page 437: "Clipper." Second paragraph: foonote should be "[473]". Fourth paragraph: footnotes should be "[473,654,876,271,57]". Page 438: Middle of page: footnote should be "[654]". "Capstone," first paragaph: footnote should be "[655]". Page 473: Function "cpkey(from)". "while (from endp)" should be "while (from < endp)". For a current errata sheet, send a self-addressed stamped envelope to: Bruce Schneier, Counterpane Systems, 730 Fair Oaks Ave., Oak Park, IL 60302; or send electronic mail to: schneier at chinet.com. From cman at caffeine.io.com Mon Nov 22 12:25:08 1993 From: cman at caffeine.io.com (Douglas Barnes) Date: Mon, 22 Nov 93 12:25:08 PST Subject: Applied Cryptography Errata (fwd) In-Reply-To: <9311221959.AA16549@bsu-cs.bsu.edu> Message-ID: <199311222010.OAA09142@caffeine.caffeine.io.com> My candidate for the "best of" Schneier errata 1st. ed.: > > Page 238: Last line before "Additional Results." > "NSA" should be "IBM". > -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 447-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From gtoal at an-teallach.com Mon Nov 22 12:42:41 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 22 Nov 93 12:42:41 PST Subject: anonymous posts Message-ID: <9783@an-teallach.com> In article <199311192308.AA02672 at access.digex.net> > You know that I have a JD from Georgetown and a Masters from some > ( not accidently unnamed ) school in International Relations. Bloody hell, it's David Sternlight! :-) G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From Lyle_Seaman at transarc.com Mon Nov 22 14:27:41 1993 From: Lyle_Seaman at transarc.com (Lyle_Seaman at transarc.com) Date: Mon, 22 Nov 93 14:27:41 PST Subject: Zen Master In-Reply-To: <4636.9311221707@s5.sys.uea.ac.uk> Message-ID: jrk at sys.uea.ac.uk (Richard Kennaway) writes: > Lyle Seaman writes: > >Reads like another L.D. "tentacle", doesn't it? > > > >an12070 at anon.penet.fi (Zen Master) writes: > > Don't look at the readable id, look at the an12070 part. Whether S.Boxx == > L.Detweiler or not, S.Boxx and Zen Master (and one or two other nyms) are Well, golly gee, you're absolutely right. It looks like this "pseudo-spoofing" game is harder than it looks, isn't it? After all, ignorant ol' me recognized the author from the text, without even THINKING to check the anon id. I'll bet that only people who have MPD master multiple styles of discourse which are much more distinct than those of L.D, S.B. and Z.M (oh, maybe a professional writer can manage, occasionally). I'll also bet that it's a rare MPD sufferer whose various personalities share any significant accord. Lyle From jet at nas.nasa.gov Mon Nov 22 14:32:41 1993 From: jet at nas.nasa.gov (J. Eric Townsend) Date: Mon, 22 Nov 93 14:32:41 PST Subject: Parallel Computational Number Theory and Cryptography Symposium Message-ID: <9311222232.AA15068@boxer.nas.nasa.gov> [check this out. -eric] CWI - RUU SYMPOSIA "MASSIVELY PARALLEL COMPUTING AND APPLICATIONS" In 1993-1994, the Centre for Mathematics and Computer Science Amsterdam (CWI) and the University of Utrecht (RUU) are organising a series of symposia on massively parallel computing and applications. This is to announce the third meeting which centres around the theme: COMPUTATIONAL NUMBER THEORY AND CRYPTOGRAPHY Date: Friday November 26, 1993 Location: CWI, Kruislaan 413, Amsterdam Room: Z011 Program 10.00 - 10.30: Coffee/Tea 10.30 - 10.35: Welcome 10.35 - 11.20: Jean-Jacques Quisquater (Catholic University of Louvain, Belgium) Exhaustive searches, collisions, meet-in-the-middle attacks: a parallel perspective 11.30 - 12.15: Francois Morain (Ecole Polytechnique, Palaiseau, France) Distributed primality proving 12.15 - 13.30: Lunch break 13.30 - 14.15: Johannes Buchmann (Universitaet des Saarlandes, Germany) Factoring with the number field sieve 14.25 - 15.10: Peter L. Montgomery (Stieltjes Institute for Mathematics, Leiden, and CWI Amsterdam) Vectorization of the elliptic curve method 15.10 - 15.30: Tea break 15.30 - 16.15: Henk Boender (RU Leiden, and CWI Amsterdam) Factoring with some variations of the quadratic sieve on the Cray Y-MP4 Dates and themes of the previous meetings: June 4, 1993: Topics in Environmental Mathematics Sept. 24, 1993: Parallel Numerical Algorithms For further information, e.g., about how to reach CWI, contact H.J.J. te Riele (CWI, tel. 020-5924106) If you wish to receive a LaTeX-file of the abstracts of the lectures, send a message to herman at cwi.nl From unicorn at access.digex.net Mon Nov 22 14:55:06 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 22 Nov 93 14:55:06 PST Subject: anonymous posts Message-ID: <199311222254.AA00601@access.digex.net> -> In article <199311192308.AA02672 at access.digex.net> > You know that I have a JD from Georgetown and a Masters from some > ( not accidently unnamed ) school in International Relations. Bloody hell, it's David Sternlight! :-) G <- That, my friend, is an insult the scope of which I will not tolerate Any further comments along these lines will result in a (probably frivolous) suit. From mg5n+ at andrew.cmu.edu Mon Nov 22 15:02:42 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Mon, 22 Nov 93 15:02:42 PST Subject: Zen Master In-Reply-To: <4636.9311221707@s5.sys.uea.ac.uk> Message-ID: Lyle_Seaman at transarc.com wrote: > I'll bet that only people who have MPD master multiple > styles of discourse which are much more distinct than > those of L.D, S.B. and Z.M (oh, maybe a professional > writer can manage, occasionally). I'll also bet that > it's a rare MPD sufferer whose various personalities > share any significant accord. Um, not necessarily. It varies depending on the case. Some people with MPD can have very similiar personalities, and others vary widely. In other cases, a person can have many seperate personalities which are fairly similar, and a few radically different ones. From szabo at netcom.com Mon Nov 22 15:03:44 1993 From: szabo at netcom.com (Nick Szabo) Date: Mon, 22 Nov 93 15:03:44 PST Subject: anonymous postings and trust In-Reply-To: <28095.9311221412@s5.sys.uea.ac.uk> Message-ID: <199311222302.PAA00696@mail.netcom.com> Richard Kenneway raises some interesting points about reputation, asks why we should believe nyms (or otherwise relatively unknown new posters), and even to what extent we should believe people we have more experience with. Indeed, the world is filled with strangers who want to sell me things, who threaten me with violence unless I follow often obscure or completely unknown laws they have generated, etc. In a typical election, the difference between the candidates and total strangers is typically the narrow bottleneck of a few TV reports and ads, and an entry in the Voter's Guide. Yet we trust these people to be our leaders! Based on Black Unicorn's posts to cypherpunks, I'd say our level of knowledge about him is slightly better than the typical voter's knowledge of a typical political candidate. I call this the Voter Test. The good news is that Black Unicorn isn't threatening violence (as contrasted with the implicit violence threatened by politicians, and the both implicit and explicit violence threatened by our own voluminous contributor, Detweiler/S.Boxx/Zen Master), nor even trying to sell something. B.U.'s simply arguing that numbered accounts exist in Liechtenstein. I agree that the mere statement of a nym doesn't satisfy the case. The nym can greatly bolster the case by giving us "mutual information" that could be cross-referenced with what he says to resolve the issue. This does _not_ have to be personal info, and I urge B.U. to avoid the tempatation of posting where he went to college, etc. in the future. One good piece of info would be to post phone number(s) in Liectenstein, unrelated to B.U.'s own employer, that we could call to verify his claim. (For example, the number of a librarian who would know, or best of all the phone numbers of the bank(s) who offer these accounts). The side claim, that B.U. once worked in Liechtenstein, could be strengenthed by telling a trustworthy list member who has lived in Liechtenstein, info that would probably be known only by somebody who his lived for a while in Liechtenstein. (Finding such a person might be unlikely, but who knows). Perhaps there is are easier ways B.U. can demonstrate his case along these lines, if the above are too inonvenient for what may be to B.U. a fairly unimportant argument. There must be an entire artform already developed o n this kind of credentialling, selective revelation of information, etc., I'd love to hear more comments from people with insight, epxerience, etc. in the matter. Nick Szabo szabo at netcom.com From MJMISKI at macc.wisc.edu Mon Nov 22 15:25:06 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Mon, 22 Nov 93 15:25:06 PST Subject: Secure ID Thanx Message-ID: <23112217230547@vms2.macc.wisc.edu> Thanks to the many folks that replied to my post/request for SmartCard Addresses and info. I will keep you up to date once I finish my cost analysis. --MAtt ______________________________________________________________________________ In defense of liberty, encrypt for all purposes, civil and professional. In defense of privacy, encrypt all correspondence, personal and professional. In defense of sanity, do not encrypt your dry cleaning invoice! ++++++++--------mjmiski at macc.wisc.edu (c)1993 From unicorn at access.digex.net Mon Nov 22 15:37:42 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 22 Nov 93 15:37:42 PST Subject: Hughes and e-mail address's Message-ID: <199311222335.AA05919@access.digex.net> Please forgive the bandwidth waste. Mr Hughes, As the host displayed in your list post headers is unreachable from my site, I mailed to your soda.berkeley.edu address. Has this mail reached you? Same person? (Your server stored PGP key indicates the soda address) -uni- (Dark) From mech at eff.org Mon Nov 22 15:38:01 1993 From: mech at eff.org (Stanton McCandlish) Date: Mon, 22 Nov 93 15:38:01 PST Subject: Can NSA crack PGP? Message-ID: <199311222336.SAA22403@eff.org> In a FidoNet debate, it's been charged that PGP is unsafe, and that NSA can crack it. The persons holding this viewpoint espouse the idea that the NSA can crack anything, pretty much, and that anything they could not crack would not be available to the general public, but would have been supressed. Can anyone disprove this notion definitively? I'm looking for an ironclad case that this idea is incorrect. It'd especially be appreciated if anyone with reasonable "credentials" can respond. Even if you do post replies to the list/group, please at least Cc me so I don't miss them. SO, let's take this opportunity at online education, and spread the news that under current technology, PGP is in fact a secure cryptosystem. Thanks, and let the games begin! -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From cman at caffeine.io.com Mon Nov 22 16:22:42 1993 From: cman at caffeine.io.com (Douglas Barnes) Date: Mon, 22 Nov 93 16:22:42 PST Subject: Can NSA crack PGP? In-Reply-To: <199311222336.SAA22403@eff.org> Message-ID: <199311230005.SAA09945@caffeine.caffeine.io.com> > > In a FidoNet debate, it's been charged that PGP is unsafe, and that NSA > can crack it. The persons holding this viewpoint espouse the idea that > the NSA can crack anything, pretty much, and that anything they could not > crack would not be available to the general public, but would have been > supressed. The basic problem here is not whether the NSA has or hasn't cracked PGP. Certainly it's safe today from the prying eyes of even a really determined FIDO sysop, even if he keeps up with all his mathematical journals and has access to commercially available supercomputer power. This should be sufficient reason for its use... :-) In all of the literature I have read, it is acknowledged that one of the two possible things is true: 1) Factoring might not be as hard as we think it is; Bruce Schneier, for instance, cautions readers to keep informed about mathematical developments in factoring. It has not been disproved that factoring is a hard problem, but neither has it been proved. 2) The NSA may have equipment that, using massively parallel techniques, can factor small RSA keys by brute force. However, if factoring is as hard as we think it is, very large keys are probably not within the scope of the NSAs ability, unless they have access to a different universe where physical laws behave differently. [...] >> > SO, let's take this opportunity at online education, and spread the news > that under current technology, PGP is in fact a secure cryptosystem. > Security is always a relative thing, Stanton, and if the transport layer becomes sufficiently problematic, a really determined opponent will seek other weaknesses (a spike mike in your house, a tap in your computer, having burly gentlemen with names like "Butch" grab you and hold you upside down over a large body of rapidly moving water). IMHO, the real point of encrypting is to make it difficult for the NSA and their ilk to casually surf the nets for stuff, and stymie more humble opponents (whether they are sysops, employers, competitors, hackers, or France). Doug -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 447-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From szabo at netcom.com Mon Nov 22 16:37:43 1993 From: szabo at netcom.com (Nick Szabo) Date: Mon, 22 Nov 93 16:37:43 PST Subject: BlackNet Investigations Needs More Detail (fwd) Message-ID: <199311230035.QAA09981@mail.netcom.com> On the Extropians list Tim May has reminded us in his trademark dramatic style about the ability of various unknown malevolent agents to accumulate dossiers based on posts to mailing lists, Usenet news, and contents of "privte" directories on public providers like Netcom, Delphi, etc. Since Stanton McClandish asked about the "NSA can bust PGP rumors" I'll forward my post to Extropians on that thread (slightly edited to elide quoted comment), since a similar concern had been expressed about the trustworthiness of encryption: I find it extremely improbable that the NSA or anybody else can break long RSA keys (eg, those in PGP) as long as the keys are secure (eg on the private machines of trustworthy people). Even if they could break the public keys or gain access to the secret keys, they're quite unlikely to spend TM cycles and engineer time on the outside possibility of gaining evidence for a relatively minor drug violation. Furthermore, there's so much such minor crypto traffic going around now that they would require other good information (eg traffic analysis) prior to attempting to break the codes, to discriminate the potentially important messages from the gigabytes of variously encoded trivia. On the other hand, the local gendarmes in net-heavy areas like Silicon Valley could easily hire a net-savvy investigator to monitor unscrambled groups like extropians, cypherpunks, etc. and even more trivially search back archives of Usenet, to track down networks of drug users, and the like. (For example, the apparent True Name who regularly posts a market report listing street drug prices around the world to alt.drugs!) In the future this will be even easier, and the archives will still be around. The main problem is that many net users aren't using PGP and other powerful privacy tools like anon remailers, because (a) they have "nothing to hide" from the millions of total strangers, many with violent intent, who read the net, (b) the tools are too inconvenient, and (c) lack of cultural development of pseudonymity (this is quite well developed on several BBS nets, though). These problems are being tackled on several fronts. I'm writing a user-freindly Windows GUI for PGP and anon remailers. There's also work going on to integreate PGP into traditional mailers (elm, Eudora, etc.) and the MIME standard. A culture of pseudonymity is starting to spread to the Internet (with glacial slowness, and driving control freaks like Dick Depew and L.Detweiler insane in the process). There's no reason you shouldn't be able to post about your LSD experiences and the like, but make sure you're protecting your privacy with the right tools, for goodness sake. Nick Szabo szabo at netcom.com From baum at newton.apple.com Mon Nov 22 16:52:42 1993 From: baum at newton.apple.com (Allen J. Baum) Date: Mon, 22 Nov 93 16:52:42 PST Subject: Can NSA crack PGP? Message-ID: <9311230047.AA21065@newton.apple.com> I'm not exactly sure why you care whether it's easy , hard, or impossible for NSA to crack it. It probably isn't easy; it might be impossible. But, there is one thing that is true about NSA's ability to crack it: they won't give you cause to know whether they can or not. e.g., if they can, and they read some mail of yours that you REALLY don't want them to read, they won't act on that information in such a manner that you can determine that they cracked the code for your message. They couldn't use it on a warrant, & they couldn't testify as to its contents in court. To do so would advertise their capabilities, which is a no-no for them. (they might, of course, use that information to point people in the right direction so they can attribute information to an anonymous tip, but they have to be careful even there) Even now, when it's pretty certain they could crack DES, you won't find them doing it for a law enforcement agency that asks; it gives away too much. ************************************************** * Allen J. Baum tel. (408)974-3385 * * Apple Computer, 20525 Mariani Ave, MS 305-3B * * Cupertino, CA 95014 baum at apple.com * ************************************************** From jazz at hal.com Mon Nov 22 17:42:42 1993 From: jazz at hal.com (Jason Zions) Date: Mon, 22 Nov 93 17:42:42 PST Subject: Tech: Truth about Canon Copiers (fwd) Message-ID: <9311230138.AA08386@jazz.hal.com> This is interesting. Since most of the change-making machines in laundromats seem to use the side with the dead white guy, I wonder if it would work to use this copy? ----Dave REes (rees at cs.bu.edu) Nah, the changers just say "this side up" - the scanner may be looking at the underside of the bill, or at both sides (more probable). Jason From wizard at Think.COM Mon Nov 22 17:52:43 1993 From: wizard at Think.COM (Paul Gilberti) Date: Mon, 22 Nov 93 17:52:43 PST Subject: Secure ID Thanx In-Reply-To: <23112217230547@vms2.macc.wisc.edu> Message-ID: <9311230149.AA11820@gandalf.think.com> What was the request ? we use Secure-ID here. From jamie at netcom.com Mon Nov 22 18:07:43 1993 From: jamie at netcom.com (Jamie Dinkelacker) Date: Mon, 22 Nov 93 18:07:43 PST Subject: Can NSA crack PGP? Message-ID: <199311230207.SAA07205@mail.netcom.com> Irrespective of whether the NSA can crack PGP, most other potential snoops probably can't. Let's hope there's no "chilling effect" on PGP usage because it may not be perfect. Few things are. "Pretty good" likely means just that. -- ................................ Jamie Dinkelacker Palo Alto CA Jamie at netcom.com 415.941.4782 ................................ From kelly at netcom.com Mon Nov 22 18:22:43 1993 From: kelly at netcom.com (Kelly Goen) Date: Mon, 22 Nov 93 18:22:43 PST Subject: (fwd) Technosys, Prosody, the "NSA", and some unfunny BS passed off as a joke Message-ID: <199311230221.SAA09551@mail.netcom.com> Path: netcom.com!netcomsv!decwrl!sdd.hp.com!math.ohio-state.edu!howland.reston.ans.net!noc.near.net!news.delphi.com!usenet From: KEITHWRITERS at delphi.com Newsgroups: talk.politics.crypto Subject: Technosys, Prosody, the "NSA", and some unfunny BS passed off as a joke Date: Mon, 22 Nov 93 11:50:11 EST Organization: Delphi Internet Lines: 132 Message-ID: <931122.42611.KEITHWRITERS at delphi.com> NNTP-Posting-Host: delphi.com Never Rub Another Man's Rhubarb or, Why Social/Reverse Engineering is NOT Cool by Keith Eluard, Technosys -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ! The Hoax When I was planning to release Prosody and Mirrorshades, my text composition programs, I was expecting *some* backlash from governmental bodies because it would be possible to transport Prosody out of the US because I would send it via Internet. Fine. That was expected and understood when we were planning the whole shebang. With spin control, it could be good advertising for us. "If The Feds are scared of it, then it must be good..." What we were NOT expecting was what happened: on 6 November 1993, our lawyer received an email from a person claiming to be "Jerome Marshall of the NSA" (National Security Agency), stating that all persons involved in the release of Prosody would be subject to arrest and seizure of property if all of our data and notes on the project were not turned over to the "NSA". Two days later, we received a physical letter on Department of Justice stationery stating the same thing. A confession: I'm not as Hip to the Clip as I should and so thought the NSA would be under the DoJ. We were advised by our lawyer (he wishes anonymity-i wish him my foot up his butt) to comply. And we were going to do just that until a fortuitous email from John Markoff suggested that we contact the NSA ourselves via the phonebook rather than the contact numbers listed in the correspondence. It seems as if there is an ugly joke going on here, and I'm not amused by my part in it. The National Security Agency (informally and unofficially) claims that there is no employee of the NSA that should or would have contacted us, our lawyer, or anyone connected with us about Prosody, much less DEMAND OUR DATA. The contact we made at the NSA (I will not reveal her name as she cannot officially speak for the NSA) helped clear up some of the confusion thrown in our path: 1. The NSA is under the Department of Defense, not Justice. 2. Encryption is not illegal (NO SHIT) 3. My programs are not encryption, no matter what anyone says. They are not based on any accepted cryptographic method and do not pose any threat to anyone's (in)security. After discussing this with our new legal counsel, we have come to the conclusion that this entire affair was a practical joke in very bad taste or an attempt to steal the programs by using the current paranoia/hysteria that says ALL FEDS ARE BAD. Not that I saying they're good, but they're not all bad. As I said before, I'm not amused... @ What Will Happen Our plan at Technosys is this: we will revise the code for Prosody and Mirrorshades to completely cripple the "encryption" factors and then release them as PD/shareware on the internet. Meanwhile, we will encourage everyone who we talk to as we float through c-space that they join the EFF, or at least find out their data rights on the Net. Also, we will work with any other software developers out there in on the Net to create a "Concerned Citizens Network" to help monitor and prevent reverse engineering/social engineering/outright theft of our programs. Eventually, we will release a Natural Language encryption program based on accepted RSA algorithms (ala PGP), but only in physical form (i.e. diskette) to prevent raising anyone's eyebrows. All in all, about what we were going to do anyway... # What YOU Can Do Lots of things. Join the EFF. Get involved with Computer Professionals for Social Responsibility (if applicable to you). Contact your system administration to find out exactly what your data rights are (a local college here in Indianapolis will NOT allow anything sent via PGP on its host, for example). Do some research on the things that concern you about the current security/insecurity situation. Write Mr. Bill & OzoneMan (president at whitehouse.gov, vice.president at whitehouse.gov) about what you find and aren't happy with. And above all, talk to other users you know about what is wrong and what you could do to fix it. Then fix it. $ RESOURCES FOR THE CONCERNED Technosys: limetwig at mindvox.phantom.com (K Eluard) keithwriters at delphi.com (K Boyle) cert.sei.cmu.edu/pub -=-Computer/Internet Security info info at eff.org -=-address for the EFF president at whitehouse.gov vice.president at whitehouse.gov -=-sorry, when I get an address for the real potentate, I'll put HER'S here too Thanx for your patience and attention. Pax. -=-Keith Eluard * "Lord, grant me the serenity to accept the things I cannot change, the courage to try to change the things I can, and the wisdom to hide the bodies of the people I had to kill because they pissed me off." * From wex at media.mit.edu Mon Nov 22 18:45:09 1993 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Mon, 22 Nov 93 18:45:09 PST Subject: Anonymity on the net In-Reply-To: <199311230035.QAA09981@mail.netcom.com> Message-ID: <9311230243.AA27198@media.mit.edu> I find myself largely in agreement with Nick Szabo's assertions that too many people spread too much information about themselves over the Net. But I wonder about whether or not we will be doing anyone a service by making encryption and 'Nyms widespread in newsgroups. It's too long a topic to tackle all at once, so let me throw out a few opening thoughts. Case 1) technical postings of a research/white (in the sense of whitenet/ blacknet) nature. Here anonymity would be a hindrance. I post in large part to help my name be known in certain academic circles. In this case I would tend to wonder at people who posted anonymously and would (as was mentioned in this list) tend to discount their information. In research circles, name value means a lot. Case 2) technical postings of a black nature. Here anonymity is a big help, as you may have some question about the legality of what you are doing. But the question I have is: why post at all? What gain is there from publicizing this kind of information? Perhaps the gain is some assurance of safety from retaliation from parties who might feel themselves wronged by what you posted. In this case, anonymity wins. Case 3) non-technical postings (social, talk). Again I wonder what is the value of anonymity in this case. To have a social conversation is to build a community of like-minded people and to contact people whom you want to relate to in some way. Anonymity defeats this social building and relation process. A counter-response to this might be to say that we want to put privacy in, not anonymity. But again, I wonder about this. If I want my message to be read only by a certain list of people, why am I posting to a newsgroup instead of to a mailing list? There's no point in privatizing the substrate, since anyone can get a client that will decrypt at the far end. In sum, I guess I'm somewhat baffled at why one would want to use anonymity and/or privacy enhancement technology on one's news postings. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request "To pleasure!" "To passion!" "To paradise!" "To pain!" "Tonight!" From karn at qualcomm.com Mon Nov 22 19:37:43 1993 From: karn at qualcomm.com (Phil Karn) Date: Mon, 22 Nov 93 19:37:43 PST Subject: Can NSA crack PGP? In-Reply-To: <199311222336.SAA22403@eff.org> Message-ID: <199311230337.TAA00569@servo> There is only one cipher that is provably secure: the one-time-pad. All other ciphers are, at best, only "practically secure". That is, they could, in theory, be cracked given enough time and computer power, but in practice your enemy (even the NSA) *is* limited in his resources. There are several ways that NSA might crack PGP. Although I think it relatively unlikely that they are true, there is nonetheless no way to prove it. These include: 1. Attacking the RSA cryptosystem. This is a very well studied problem in civilian cryptography, but it is always possible that NSA has found a breakthrough in factoring that is still unknown to the civilian world. 2. Attacking the IDEA conventional cipher. IDEA is based on a relatively new (and different) design technique than DES. It has not had nearly the attention of the civilian cryptographic community that has been spent on RSA and DES. 3. Attacking the random number generators. This is often the weakest part of many conventional cryptosystems, but the techniques now used in PGP are thought to be pretty good. Lest people think that timing keystrokes is a poor way to generate random numbers, I should say that I once watched somebody key a STU-III (NSA-designed secure phone). At one point the phone prompted him to hit the "*" key 20 times. It didn't say why, of course, but it was pretty obvious to me. And if it's good enough for NSA... 4. Attacking the PGP implementation itself. A "black bag job" that modifies the victim's PGP executable to store or transmit pass phrases, or gives the spooks a chance to search the disk's free list for old temporary files, is almost certainly the easiest way to attack PGP. Don't forget that all computer security ultimately rests, at some level, on physical security. Phil From kone at COURIER1.SHA.CORNELL.EDU Mon Nov 22 20:03:04 1993 From: kone at COURIER1.SHA.CORNELL.EDU (kone at COURIER1.SHA.CORNELL.EDU) Date: Mon, 22 Nov 93 20:03:04 PST Subject: I got to go Message-ID: <2CF1B556@COURIER1.SHA.CORNELL.EDU> I got to leve this fun list. I am finding myself adding to the noise and not to the signal. I have learnd alot, but cant resist my two cents. Kone. Keep up the good work---code. From nobody at pmantis.berkeley.edu Mon Nov 22 20:35:08 1993 From: nobody at pmantis.berkeley.edu (nobody at pmantis.berkeley.edu) Date: Mon, 22 Nov 93 20:35:08 PST Subject: PGP-okay BBS? Message-ID: <9311230434.AA18917@pmantis.berkeley.edu> A few months ago we discussed Fidonet, securenet, and PGP. How can I find a BBS that allows PGP traffic? Is there an equivalent of the nixpub list for securenet? From greg at ideath.goldenbear.com Mon Nov 22 21:22:44 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Mon, 22 Nov 93 21:22:44 PST Subject: PGP-okay BBS? Message-ID: <7acgDc1w164w@ideath.goldenbear.com> uunet!pmantis.berkeley.edu!nobody writes: > A few months ago we discussed Fidonet, securenet, and PGP. How can I find a > BBS that allows PGP traffic? Is there an equivalent of the nixpub list for > securenet? (Sorry for posting this to the list, but an E-mail reply wasn't possible.) Look for the following post recently sent to alt.security.pgp; if you can't find it, mail me and I'll mail it to you. > From: jburrows at halcyon.com (John Burrows) > Newsgroups: alt.security.pgp > Subject: Re: Crypto-friendly Fido hubs > Message-ID: <2cptlv$pct at nwfocus.wa.com> > Date: 22 Nov 1993 00:36:15 -0800 > References: <145314Z21111993 at anon.penet.fi> > Sender: news at nwfocus.wa.com > Organization: "A World of Information at your Fingertips" > Lines: 261 > NNTP-Posting-Host: nwfocus.wa.com -- Greg Broiles greg at goldenbear.com Baked, not fried. From karn at qualcomm.com Mon Nov 22 21:27:44 1993 From: karn at qualcomm.com (Phil Karn) Date: Mon, 22 Nov 93 21:27:44 PST Subject: digital voice board at Comdex Message-ID: <199311230525.VAA00688@servo> Last week at Comdex, I happened across Digicom Systems' booth. They're selling a PC board with a programmable DSP chip from Analog Devices that can be programmed to act as a sound card or as any of several dial modems up to V.32bis. AND... it can be programmed with the GSM vocoder algorithm (approx 13 kb/s). The price was reasonable, too...in the $100 range, as I recall. This could be the enabling product for a homebrew secure telephone. The board can't act as a vocoder and modem simultaneously, so you'll need either two boards, or one board plus a conventional modem. But a vocoder that operates within dialup modem rates has been the roadblock so far in a secure telephone. Anyone interested? The address on Digicom Systems' flyer is 188 Topaz St, Milpitas CA 95035. Voice: 800-833-8900. Fax 408-262-1390. Naturally, I have no connection with this company other than as a prospective customer. --Phil From koontzd at lrcs.loral.com Mon Nov 22 21:38:05 1993 From: koontzd at lrcs.loral.com (David Koontz ) Date: Mon, 22 Nov 93 21:38:05 PST Subject: No Subject Message-ID: <9311230444.AA02393@io.lrcs.loral.com> reproduced with attributation: >From Electronic Engineering Times, November 22, 1993, issue 773, page 1 and page 78. U.S. weighs Clipper chip alternatives BY GEORGE LEOPOLD Washington - The Clinton adminstration is readying a new encryption policy that could help defuse industry opposition to introduction of the government-developed Clipper chip by embracing commercial technologies as alternatives for network security, according to government and industry sources. A National Security Council panel led by George Tenet, special presidential assistant for intelligence programs, is completing a broad review of government encryption policy with an eye toward employgin the Clipper chip, as well as commercial alternatives, to ensure privacy and security on public networks. Those would include the proposed electronic superhighway, or National Information Infrastructure (NII). Tenent could not be reached for comment on the review's status, but a U.S. official said last week the results of the seven-month National Security Council policy review will be announced soon. The Clipper chip, backed by the National Security Agency and proposed by the Clinton administration in April as a new data-encryption standard, is widely viewed by industry critics as a fait accompli, since the spy agency wants to use it to protect intelligence data. Asked in an interview last Monday whether the policy review sould resutl in modification of the Clipper chip proposal, Michael Nelson, special assistant for information technology in the White House Office of Science and Technology Policy, acknowledged the need to consider other encryption technologies for network security, including software solutions. He also said the government should have sought greater industry participation before proposing the Clipper chip. Industry opposition to the Clipper chip resurfaced at a recent government-industry summit in San Fancisco (see Nov. 8, page 1). During a panel on the NII, Nelson told angry company executives that the Clinton admininistration would no impose Clipper on industry or rule out alternative encryption technologies. "Clipper is not a silver bullet, it's not even a brass bullet," Nelson said. "It's only one approach." He added, "If we don't address these (network security) issues, people won't use the NII." Nelson said last week the National Security Council review was designed to bring industry and Congress into the process of looking for commercial solutions, besides Clipper, to the network-security issue. Industry groups said last week they have contributed to the review, which began shortly after Clipper was proposed. The review is expected to result in a decision on how to implement Clipper. A decision on how to proceed with the Clipper proposal was scheduled for Sept. 1 but was delayed in response to recommendation from a private-sector advisory group to the Commerce Department. Clipper, which scrambles telephone conversations using an encryption algorithm called Skipjack, is at the heart of an administration initiative announced in April on secure telecom networks and wireless communications links. Forced to balance the interests of companies and private citizens with law-enforcement and national-security needs, President Clinton ordered a comprehensive review of U.S. encryption policy adressing: x Privacy, including the need for voice and data encryption to protect proprietary business data. x The ability of federal law-enforcement officials to tap phones and computers. x The employment of modern technology to build the NII, including encryption technolgy needed to protect proprietary information transmitted over the information superhighway. x The need for American companies to build and export high-technology products to boost U.S. competiveness. U.S. companies may offer encryption as a feature of software sold in the United States, but are prohibited from including encryption in commercial software exports. Proponents of decontrolling encrypted software aruge that restrictions are useless because encryption technology is widely available (see Oct. 18, page 18). Acknowledging industry's concerns, the initiative also includes the creation of a key-escrow system to insure the Clipper chip would be used to protect privacy. (A Commerce Department official said last week the government has dropped the Clipper moniker, referring to it instead as the "key-escrow chip", out of concern for possible trademark infringement.) Devices incorporating the chip would have two unique software keys government investigators would need to decode encoded messages. Two key-escrow data banks would be overseen by a pair of independent agencies designated by the Justice Department and the White House. A decision on which agencies will oversee the databases has not been made, Commerce spokeswoman Anne Enright Shepherd siad last Wedesday. According to a White House statement announcing the encryption policy, "We need the Clipper chip and other approaches that can both provide law-abiding citizens the access they need and prevent criminals from using it to hide their illegal activities." Depsite the administration's insistence that Clipper and the rest of the encryption policy are voluntary efforts, many U.S. high-tech companies have opposed it (see June 21, page 28). Instead, they want policy makers to retain the ubiquitous federal Data Encryption Standard (DES) and use other public-key technologies, such as RC-2 and RC-4. DES uses a 56-bit key while Clipper employs an 80-bit key. Clipper "was forced upon [the Clinton administration] before they had the chance to evaluate its impact," Bruce Heiman, a Washington attorney representing the Business Software Alliance, said last Tuesday. "NSA sold them a bill of goods." The policy review means "they relaize that Clipper has problems ... but they don't want to rule it out entirely," Heiman said, adding that industry would accept Clipper as one alternative to network security only if it is a part of a truly voluntary program that includes public-key encryption. From mab at crypto.com Mon Nov 22 21:48:05 1993 From: mab at crypto.com (Matt Blaze) Date: Mon, 22 Nov 93 21:48:05 PST Subject: Can NSA crack PGP? In-Reply-To: <199311230337.TAA00569@servo> Message-ID: <9311230533.AA17556@crypto.com> In cypherpunks Phil Karn writes: >3. Attacking the random number generators. This is often the weakest >part of many conventional cryptosystems, but the techniques now used >in PGP are thought to be pretty good. Lest people think that timing >keystrokes is a poor way to generate random numbers, I should say that >I once watched somebody key a STU-III (NSA-designed secure phone). At >one point the phone prompted him to hit the "*" key 20 times. It >didn't say why, of course, but it was pretty obvious to me. And if >it's good enough for NSA... Minor nit: I agree that keystroke timing is good in principle for getting "true" random bits, but we should be careful not to extrapolate too much from the STU-III for general purpose computer systems. The STU may have a specially designed keypad timer, while god knows how often some random OS/ hardware combination delivers keyboard interupt times back to user processes. Compounding the issue is knowing which bits in the interarrival time are the "hotest" ones to measure on a particular system, which may be surprisingly far from the lowest order bits depending on the clock granularity and skew. Obviously the technique works well in some configurations, but there may be others where it fails badly. PGP seems to use it too good advantage, but I'd still be suspicious before trusting it on an untested platform. -matt From unicorn at access.digex.net Mon Nov 22 22:33:05 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 22 Nov 93 22:33:05 PST Subject: Clipper again Message-ID: <199311230632.AA05407@access.digex.net> According to a White House statement announcing the encryption policy, "We need the Clipper chip and other approaches that can both provide law-abiding citizens the access they need and prevent criminals from using it to hide their illegal activities." Wait, Is this the NEW policy? The one that admits problems with Clipper, or the old one? It's scary that I even have to ASK this question. If it is new, what's the bloody difference? "...and other approaches...." Smells like a tuna processing plant in here. -> that can both provide law-abiding citizens the access they need and prevent criminals from using it to hide their illegal activities. <- Please. Back to the old security v. privacy debate. Get a clue Clinton What's new here? -> Clipper "was forced upon [the Clinton administration] before they had the chance to evaluate its impact," Bruce Heiman, a Washington attorney representing the Business Software Alliance, said last Tuesday. "NSA sold them a bill of goods." <- Isn't Mr. Heiman being a touch kind here? It was all NSA's fault? That doesn't sound like someone with the true interests of the "Business Software Alliance" at heart. Please forgive me if you're here Mr. Heiman. I'd like to know if this quote was properly within context (or did the media distort it?) -> Depsite the administration's insistence that Clipper and the rest of the encryption policy are voluntary efforts, many U.S. high-tech companies have opposed it.... <- Notice how it's never said WHY it was opposed. Just kinda hinted... The appearence of flexability here is an ILLUSION. It's rhetoric. Trash. They haven't changed the policy, just worked it around a little to make it look like they are worried about concerns of industry... Please. This smokescreen trash makes me sick. Clipper, or a similar proposal will show up in basically the same form called "Splitdeck" or "Skimmer" It's not the chip we object to you IDIOT. It's the policy and all the baggage attached to the bullshit goal of balancing "Private interests and law enforcement requirements." These are almost ALWAYS two opposed concepts. Take a basic class on intelligence Clinton and friends. Security | Liberty polar opposites. -uni- Dark From newsham at wiliki.eng.hawaii.edu Mon Nov 22 22:57:44 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Mon, 22 Nov 93 22:57:44 PST Subject: pools for anonymous mail? Message-ID: <9311230645.AA04998@cygnus.com> is there a list of lists and/or newsgroups used as anonymous pools for defeating traffic analysis? Tim N. From MIKEINGLE at delphi.com Mon Nov 22 22:58:06 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Mon, 22 Nov 93 22:58:06 PST Subject: Secure Drive Copyleft / Export Problem Message-ID: <01H5MYABH5SW90OJ8M@delphi.com> Since kpj at sics.se saw fit to cc his request to the list and start this controversy, I'll forward my response to the list as well. If I get harassed by the FSF, I'll have to stop distributing and count on the connectivity of the net to keep it alive. Aarrggh, this does not encourage a person to write more code... =========================================================================== >I wonder if you really can have a Copyleft and disallow the program source >to anybody outside the United States and Canada. As you write the code is >under Copyleft, I hereby ask you for a copy of it. FYI: I am situated in >the state of Sweden in Europe. What is your reply to this? I would like to send you a copy. It is illegal for me to do so. The copyleft is not on my code; it's on the IDEA algorithm I used. The U.S. government has prosecuted people for sending crypto out of the country. PGP is copylefted, yet Phil Zimmerman refuses to export or distribute the program himself for similar reasons, even though he holds the copyright. I'm trying to do something in the spirit of PGP here; please don't put me in a bind. I'm worried enough about getting into trouble; I assume you've read about the Phil Zimmermann subpeonas. I don't like export controls any more than you do, but there's nothing I can do about them. ---- MikeIngle at delphi.com >From the PGP 1.0 manual: All the source code for PGP is available for free under the "Copyleft" General Public License from the Free Software Foundation (FSF). A copy of the FSF General Public License is included in the source release package of PGP. Export Controls --------------- The Government has made it illegal in many cases to export good cryptographic technology, and that may include PGP. This is determined by volatile State Department policies, not fixed laws. Many foreign governments impose serious penalties on anyone inside their country using encrypted communications. In some countries they might even shoot you for that. I will not export this software in cases when it is illegal to do so under US State Department policies, and I assume no responsibility for other people exporting it without my permission. From greg at ideath.goldenbear.com Mon Nov 22 23:17:44 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Mon, 22 Nov 93 23:17:44 PST Subject: Anonymity on the net Message-ID: Alan Wexelblat writes: [Asks, why is anonymity/pseudonymity useful when posting?] > Case 1) technical postings of a research/white (in the sense of whitenet/ > blacknet) nature. Here anonymity would be a hindrance. I post in large > part to help my name be known in certain academic circles. In this case I > would tend to wonder at people who posted anonymously and would (as was > mentioned in this list) tend to discount their information. In research > circles, name value means a lot. An anonymous/pseudonymous poster may want to expose faulty reasoning or research methods on the part of a previous poster, where that poster is their boss, faculty advisor, department chair, [employee of] generous donor to a nonprofit org .. etc. This is also useful for revealing insider information of a sensitive or "whistleblowing" nature; see below. > Case 2) technical postings of a black nature. Here anonymity is a big help, > as you may have some question about the legality of what you are doing. But > the question I have is: why post at all? What gain is there from > publicizing this kind of information? Perhaps the gain is some assurance of > safety from retaliation from parties who might feel themselves wronged by > what you posted. In this case, anonymity wins. This is useful for posting security holes that CERT/vendors won't acknowledge or address; it seems generally useful when posting something that might get you (a) fired or (b) sued. Consider the (ongoing, I think) litigation against the person who posted negative comments about a stock to Prodigy. SLAPP (strategic lawsuit against public participants) actions aren't (to my limited knowledge) common in the online world, but aren't so uncommon in, say, logging-protest world. Even where a SLAPP suit isn't successful (in terms of a favorable verdict), they can be very burdensome to defendants. (The suit against the poster to Prodigy may or may not be a real SLAPP, but it's at least similar.) > Case 3) non-technical postings (social, talk). Again I wonder what is the > value of anonymity in this case. To have a social conversation is to build > a community of like-minded people and to contact people whom you want to > relate to in some way. Anonymity defeats this social building and relation > process. There are still several places where it's not 'politically correct' to be known as a reader of/poster to groups like soc.motss, alt.sex.bondage, or other "controversial" groups. People may still want the sense of community that they can get from participating, while wanting to avoid the enforcement of PC-ness, possibly at the end of a baseball bat. Famous/infamous people may also want to participate in the online world without being swamped by "fan mail" - I suspect it'd be virtually impossible for, say, William Gibson to post to Usenet without being overrun by zillions of letters. I believe that Steve Wozniak (post-Apple) attended college under an assumed name for similar reasons. > A counter-response to this might be to say that we want to put privacy in, > not anonymity. But again, I wonder about this. If I want my message to be > read only by a certain list of people, why am I posting to a newsgroup > instead of to a mailing list? Distributing "secret" information widely, in an encrypted form, can frustrate traffic analysis - if I suspect that X is doing something nefarious, I could look through sendmail logs (or whatever) to see who she's talking to, and create a list of suspects. However, if X posts her secrets to the net - in an encrypted format - and those secrets are dispersed to the world, I can't draw any conclusions about anyone who happens to receive that encrypted message in their alt.test newsfeed. There's also no chance that anything peculiar will be showing up in postmaster mailboxes because of bounced mail; it's also a much easier way to talk to 200 people at once. (Assuming that it's meaningful to talk about sharing a 'secret' with 200 people .. :) > There's no point in privatizing the substrate, since anyone can get a client > that will decrypt at the far end. > > In sum, I guess I'm somewhat baffled at why one would want to use anonymity > and/or privacy enhancement technology on one's news postings. Generally, to (a) say/do something controversial, and avoid retribution; (b) for an [in]famous person to say/do something mundane; or (c) to make anonymity/pseudonymity not seem so peculiar, so instances of (a) and (b) won't stick out like sore thumbs. -- Greg Broiles greg at goldenbear.com Baked, not fried. From ld231782 at longs.lance.colostate.edu Mon Nov 22 23:23:50 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Mon, 22 Nov 93 23:23:50 PST Subject: G.Barnes -- Stellar Hypocrite Message-ID: <9311230723.AA02688@longs.lance.colostate.edu> A friend has just emailed me a copy of Mr. Barnes' outrageous invasions into my privacy from last week, which just saw for the first time, and now condemn as a grotesque fishing expedition among my personal associates with enough influence to censor me. I didn't take his earlier threats about `going to your personal associates' seriously -- I had no idea anyone could be so perverted. Mr. Barnes, your slimy tactics are absolutely obscene, and I further doubt that you are acting alone. Prominent `leading' cypherpunks are using you as their `front man' to attack and censor me rather than publicly confront my charges and confess to their own depravities of widespread, rampant, conspirational pseudospoofing, yourself included. The sheer onslaught of unremitting evil I have been subject to in the past few weeks make my RISKS articles look like feeble whimperings. The problem is not that these recent freakshows are little anomalies in the Cypherpunk `movement'. We are seeing for the first time the true, unconcealed, rotten core of it. The hideous monster that has until now hidden in blackness is rearing and screeching at the top of its lungs upon being discovered. Pseudospoofing, criminal machinations of identity, lying through the media, and subversion of the Internet and Cyberspace have been the #1 goals of the Cypherpunks from the beginning, and their heinous, vicious atrocities have already irreparably damaged and poisoned very many quarters of the Internet. The Aliens have Landed. From karn at qualcomm.com Mon Nov 22 23:27:45 1993 From: karn at qualcomm.com (Phil Karn) Date: Mon, 22 Nov 93 23:27:45 PST Subject: Secure Drive Copyleft / Export Problem Message-ID: <199311230725.XAA01415@servo> So excise the IDEA code, and refer the reader to the December 1993 issue of Dr. Dobbs Journal, which includes a complete listing and algorithm description of IDEA. Phil From mdiehl at triton.unm.edu Tue Nov 23 00:22:44 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Tue, 23 Nov 93 00:22:44 PST Subject: procmail-pgp Message-ID: <9311230820.AA01363@triton.unm.edu> Well, my server program logged several requests for my procmail recipes for pgp. Unfortuanately, I haven't heard any comments about the recipes. Is any- one using them? BTW, did anyone have any difficulties with the server software? I hacked it together in a few hours and want to make sure that it works completely. Thanx in advance. J. Michael Diehl ;^) |*The 2nd Amendment is there in case the mdiehl at triton.unm.edu | Government forgets about the 1st! Mike.Diehl at f29.n301.z1 |*God is a good Physicist, and an even .fidonet.org | better Mathematician. al945 at cwns9.ins.cwru.edu|*I'm just looking for the opportunity to (505) 299-2282 (voice) | be Politically Incorrect! Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703. From erc at khijol.yggdrasil.com Tue Nov 23 00:32:45 1993 From: erc at khijol.yggdrasil.com (Ed Carp) Date: Tue, 23 Nov 93 00:32:45 PST Subject: Anonymity on the net In-Reply-To: Message-ID: > > Alan Wexelblat writes: > > [Asks, why is anonymity/pseudonymity useful when posting?] [excellent reasoning by Mr. Broiles deleted] Also, as in the case of newsgroups such as alt*.abuse.recovery, the very fact that your perp might be on the net, and harass or attempt to extract revenge or retribution for posting, is a great reason to be anonymous. There is a very real threat that if you post about your perp and he finds out who you are, you might find yourself facing the business end of a rather large, loaded, gun in the hands of a very pissed-off individual. -- Ed Carp, N7EKG erc at wetware.com 510/659-9560 an38299 at anon.penet.fi, anon-1157 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From karn at qualcomm.com Tue Nov 23 01:02:44 1993 From: karn at qualcomm.com (Phil Karn) Date: Tue, 23 Nov 93 01:02:44 PST Subject: Can NSA crack PGP? In-Reply-To: <9311230533.AA17556@crypto.com> Message-ID: <199311230859.AAA05134@servo> >Minor nit: I agree that keystroke timing is good in principle for getting >"true" random bits, but we should be careful not to extrapolate too much from >the STU-III for general purpose computer systems. I fully agree. >Compounding the issue is knowing which bits in the interarrival time are >the "hotest" ones to measure on a particular system, which may be surprisingly >far from the lowest order bits depending on the clock granularity and skew. I think this is less of a problem. Given a good cryptograpic hash function, I would simply hash *all* of the clock bits, without regard to which are the "hottest" ones. If (important 'if') there is sufficient total entropy in the input bits, hashing should effectively "distill" the input entropy into the output bits. Phil From warlord at MIT.EDU Tue Nov 23 01:22:44 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Tue, 23 Nov 93 01:22:44 PST Subject: Can NSA crack PGP? In-Reply-To: <199311230859.AAA05134@servo> Message-ID: <9311230920.AA13996@oliver.MIT.EDU> > I think this is less of a problem. Given a good cryptograpic hash > function, I would simply hash *all* of the clock bits, without regard > to which are the "hottest" ones. If (important 'if') there is > sufficient total entropy in the input bits, hashing should effectively > "distill" the input entropy into the output bits. True. In fact, PGP does this. However, the problem is knowing how much raw data you need in order to get enough entropy into the system. That is the hardest part. For example, say that only one bit is random for every 8 you get. That is a very big difference than if 6 of the 8 bits were truely random. And each machine-type is different! Yes, you don't really need to know which bits are the hot-bits, but you need to know how many hot-bits/byte you have, and this is machine specific. You could always deal worst-case, in which you assume the worst machine-type and on machines with better hot-bit ratios you just get extra entropy. (That never hurts). -derek From gg at well.sf.ca.us Tue Nov 23 01:27:44 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Tue, 23 Nov 93 01:27:44 PST Subject: Zen Master Message-ID: <199311230926.BAA26517@well.sf.ca.us> IGNORE HIM IGNORE HIM IGNORE HIM please! People are dropping off the list because of this stuff. -gg From gg at well.sf.ca.us Tue Nov 23 01:28:51 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Tue, 23 Nov 93 01:28:51 PST Subject: Zen Master Message-ID: <199311230928.BAA26585@well.sf.ca.us> IGNORE HIM IGNORE HIM IGNORE HIM please take anything related to LD elsewhere, this stuff is causing lots of good people to drop off the list. thank you. -gg From gg at well.sf.ca.us Tue Nov 23 01:52:47 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Tue, 23 Nov 93 01:52:47 PST Subject: Canadian application? Message-ID: <199311230950.BAA27345@well.sf.ca.us> Recently there have been articles & letters in the local gay press complaining about Canadian Customs engaging in censorship by preventing gay publications from entering Canada. Seems to me this is an ideal case for setting up a special-purpose private encrypted net, and gaining a vocal constituency in our favor. What I have in mind would be to consult with various publishers in the gay community, toward the end of setting up offices in Vancouver and Toronto which would receive encrypted files from the US which could then be reassembled into printed form for regular press production and distribution within Canada: thereby entirely bypassing Customs and its censorship. I'm guessing that they'll probably want to use an authorised/licensed system such as ViaCrypt, and wonder whether that can handle magazine and book production type files, which may be text and/or graphics, full color, layout details, and so on. If anyone out there is interested in helping with this; preferably if you're in the San Francisco Bay Area, email gg at well.sf.ca.us. -gg From an12070 at anon.penet.fi Tue Nov 23 01:53:52 1993 From: an12070 at anon.penet.fi (S.Boxx) Date: Tue, 23 Nov 93 01:53:52 PST Subject: The Psychopunk Glossary (2 of 2) Message-ID: <9311230951.AA26164@anon.penet.fi> insanity -- n. (1) serious mental illness or disorder, e.g. pseudospoofing. (2) a. Civil Law. unsoundness of mind sufficient, in the judgement of a court, to render a person unfit to maintain a legal relationship or to warrant commitment to a mental hospital. ``This persecution is insanity.'' (E.Hughes) b. Criminal Law. A degree of mental malfunctioning sufficient to prevent the accused from knowing right from wrong. ``This persecution is insanity.'' (T.C.May) (3) a. extreme foolishness; total folly. b. something foolish. ``Your delusions about my pseudospoofing are insanity.'' (Medusa). (4) A state of mind that exorcists are subject to. ``Stop your insanity!'' (T.C.May) arrogant -- adj. (1) Excessively and unpleasantly self-important, as in disregarding all other opinions but one's onwn; haughty; conceited: `arrogant boasts'. (2) Eric Hughes effigy -- n. (1) A painted or sculptured representation of a person, as on a stone wall or monument. (2) A crude image or dummy fashioned in the likeness of a hated or depised person. (3) A tentacle. egomania -- adj. (1) obsessive preoccupation with the self; extreme egotism. (2) extreme vanity required as a prerequisite to pseudospoofing. vain -- adj. (1) not successful; futile: `a vain attempt at stopping the exorcisms'. (2) lacking substance or worth; hollow: `vain talk by E.Hughes on tax evasion.' (3) overly proud of one's appearance or accomplishments; conceited. ``I am not vain'' (E.Hughes) idiom. in vain. (1) to no avail; without success. ``He harassed the postmaster in vain.'' (2) in an irreverent or disrespectful manner: `Eric and Tim liked to take the name of their Lord Medusa in vain.' vainglory -- n. (1) excessive pride and vanity. (2) vain and ostentatious display. (3) the cypherpunks list. (4) the basic personality characteristic of E.Hughes and other master pseudospoofers. impostor -- n. (1) A person who deceives by pretending to be someone else. (2) a tentacle of Medusa. (3) E.Hughes (4) T.C.May pervert -- tr. v. (1) to cause to turn from what is considered the right or moral course; to corrupt. ``I like to pervert the cypherpunk cause.'' (E.Hughes) (2) to employ wrongly or incorrectly; misuse: `E.Hughes perverted the mailing list to suit his own ends.' (S.Boxx) (3) to interpret incorrectly: `an analysis that perverts the meaning of the words.' (J. Dinkelacker) n. Someone whose sexual behavior is considered abnormal or unnatural, e.g. a pseudospoofer. depravity -- n. (1) moral corruption; a depraved condition. (2) a wicked or perverse act. (3) the ideas and actions of E.Hughes delusion -- n. (1) a. the act of deluding; deception. ``I am a delusion.'' (J.Dinkelacker) b. the condition of being deluded. ``You are a delusion.'' (T.C.May) (2) a false belief held in spite of evidence to the contrary, esp. as a condition of certain forms of mental illness. ``I have no delusions about pseudospoofing.'' (T.C.May) truth -- n. (1) conformity to knowledge, fact, or actuality; veracity. ``The truth is our enemy.'' (E.Hughes) (2) something that is the case; the real state of affairs: `I never tell the truth'. (T.C.May) (3) reality; actuality: `even before S.Boxx the grotesque masquerade of the Cypherpunks was in truth over.' (4) a statement proven to be or accepted as true: `cypherpunk truths are lies'. (5) sincerity; honesty: `there was no truth in E.Hughes' speech or pseudospoofed characters.' leader -- (1) A person who leads others along a way; a guide. ``I am not your leader.'' (T.C.May) (2) A person in charge or in command of others. ``I am your leader'' (E.Hughes) (3) a. The head of a political party or organization. ``Leaders are useless.'' (J.Dinkelacker) b. A person who has an influential voice in politics. ``Listen to me, your leader!'' (Medusa) (4) a. The conductor of an orchestra, band, or choral group. b. the principal performer of an orchestral section, as the first violinist. (5) the foremost horse or other draft animal in a harnessed team. ``I enjoy being a leader.'' (E.Hughes) (6) Anyone but E.Hughes and T.C.May. brainwash -- tr.v. (1) to indoctrinate (someone) until he is willing to give up his own beliefs and passively accept an opposing set of beliefs. (2) to influence via the Cypherpunks mailing list and pseudospoofing. tentacle -- n. (1) Zool. One of the narrow, flexible, unjointed parts that extend from the body of certain animals, as an octopus, used for grasping, moving, etc. ``My quivering tentacles are splendid.'' (E.Hughes) (2) Bot. One of the hairs on the leaves of insectivorous plants, as the sundew. (3) something resembling a tentacle, esp. in the ability to grasp or hold. ``I control you with my tentacles.'' (T.C.May) (4) a delicacy to be treated with the utmost care. ``I value my tentacles.'' (E.Hughes) attack -- (1) to set upon with violent force; begin hostilities against or a conflict with. ``Let's attack his postmaster.'' (E.Hughes) (2) to criticize strongly or in a hostile manner. ``Don't attack me over pseudospoofing.'' (T.C.May) (3) to start work on with purpose and vigor: `attack the problem of pseudospoofing'. (4) to affect harmfully; afflict: `pseudospoofing attacked thousands of people.' intr.v. to make an attack; launch an assault: `Medusa attacked at dawn.' n. (1) the act of attacking; an assault. (2) occurrence or onset of a disease. ``I am being attacked by my own poison.'' (T.C.May) (3) the initial movement in any task or undertaking: `an attack on world cyberspatial domination.' (E.Hughes) (4) mus. the manner in which a tone, phrase, or passage is begun: a hard, cutting attack. evade -- tr.v. (1) to get away from by cleverness or deceit: `evade commenting on pseudospoofing.' (E.Hughes) (2) to avoid fulfilling, answering, or performing: `evade responsibility for pseudospoofing'. (T.C.May) (3) to baffle or elude: `S.Boxx's accusations evade explanation.' (Medusa) intr.v. To use cleverness or deceit in avoiding or escaping. harass -- (1) to bother or torment repeatedly and persistently. ``Let's harass his postmaster.'' (T.C.May) (2) to carry out repeated attacks or raids against. ``We'll harass him with tentacles even after he asked us to stop.'' (E.Hughes) (3) oppression. ``Stop harassing us!'' (T.C.May). (4) the act of courtesy or providing favors: ``Let's harass L.Detweiler.'' crime -- (1) an act committed or omitted in violation of a law for which punishment is imposed upon conviction. ``pseudospoofing is not a crime.'' (E.Hughes) (2) unlawful activity in general: `Happily, crime among the cypherpunks is on the rise.' (T.C.May) (3) any serious wrongdoing or offense, esp. against morality; a sin. ``You accuse me of crimes I have never committed.'' (T.C.May) (4) an unjust or senseless act or condition: ``It's a crime that so many people are being brainwashed on the cypherpunks list by top leadership.'' (S.Boxx) (5) informal. a shame; a pity: `It's a crime to listen to this brainwashing.' (S.Boxx) privacy -- (1) the condition of being secluded or isolated from contact with others. ``Criminals deserve their privacy.'' (E.Hughes) (2) concealment; secrecy. ``Attempts to discover the secret mailing list are invasions of privacy'' (E.Hughes) (3) Anything that is noble or virtuous. ``Cypherpunks value their privacy; Privacy is not secrecy.'' (E.Hughes). torment -- n. (1) great physical pain or mental anguish; agony. ``I like to torment people with my tentacles.'' (E.Hughes) (2). a source of harassment or pain. ``We are tormenting S.Boxx with tentacles.'' (T.C.May) (3) torture or suffering inflicted on prisoners, as in the proceedings of the Inquisition. ``Stop tormenting me with your accusations!'' (T.C.May) tr.v. (1) to cause to undergo great physical or mental anguish. ``Eric, you are tormenting me!'' (T.C.May) (2) to annoy, pester, or harass; worry. ``I'm tormented by visions of Hell'' (Medusa) phantom -- n. (1) something apparently seen, heard, or sensed, but having no physical reality. ``believe in phantoms!'' (E.Hughes) (2) a ghost; specter. ``where is the phantom exorcist?'' (S.Boxx) (3) an image that appears only in the mind. ``T.C.May's honesty stood like an invisible phantom.'' (E.Hughes) adj. (1) unreal; ghostlike. (2) phoney; fictitious: `a phantom tentacle'. accusation -- n. (1) the act of accusing or condition of being accused. ``Your accusations are without merit.'' (E.Hughes) (2) Law. A formal charge that a person is guilty of some punishable offense. ``You accuse me of pseudospoofing!?'' (H.Finney) (3) the Medieval Inquisition. ``Please, stop with your accusations!'' (T.C.May). paranoia -- n. (1) a serious mental disorder in which a person imagines himself to be persecuted and often has an exaggerated idea of his own importance. ``You are making me paranoid!'' (T.C.May). (2) irrational fear for one's security. ``Your lapse into paranoia is regrettable.'' (E.Hughes) (3) The state of mind that causes sensible individuals to accuse others of mindraping them with phantom tentacles and pseudospoofers to be afraid of them. ``Oh, what dark paranoia!'' (S.Boxx) traitor -- n. (1) A person who betrays his country, a cause, or a trust, esp. one who has committed treason. (2) Eric Hughes (2) T.C.May disrupt -- tr.v. (1) to throw into confusion or disorder. `You have disrupted our plans for world domination.' (E.Hughes) (2) to interrupt or impede the progress or continuity of: `floods of pseudospoofing by traitors disrupted communications on the cypherpunks list.' (3) to break or burst; rupture. ``S.Boxx's true accusations and the evasions and lies of the leadership disrupted the cypherpunks list.'' (Nostradamus) pretend -- tr.v. (1) to put on a false show of; feign: `pretend the Agenda is what we favor.' (T.C.May) (2) to claim or allege insincerely or falsely; profess: `pretended ignorance of pseudospoofing.' (E.Hughes) (3) to represent fictitiously in play; make believe. `Let's pretend we are respectable.' (T.C.May) (4) to take upon oneself; venture: ``whether my bullets did any execution or not I cannot pretend to say.'' (S.Boxx). intr.v. (1) to give a false appearance, akin deceiving or playing: ``Hughes is only pretending he's never pseudospoofed or has stopped.'' (S.Boxx) (2) to put forward a claim: ``Hughes is a criminal who pretends to the throne.'' (S.Boxx) disreputable -- adj. (1) Not respectable in character, action, or appearance: `a disreputable crowd; a disreputable Cypherpunk.' (neoplasm). (2) Eric Hughes. (3) T.C.May. (3) The Cypherpunks mailing list. (4) The Cypherpunks `Movement.' appropriate -- adj. (1) suitable for a particular person, condition, occasion, or place; proper; fitting: ``apropriate deification of the leaders; an appropriate blend of reality and fantasy.'' (2) something that pleases the whims of a dictator. ``You have to learn some quality in your postings.'' (E.Hughes) authority -- (1) a. the right and power to command, enforce laws, determine, etc.: ``Hughes had the authority to censor whistleblowers.'' (S.Boxx) b. A person, group, or organization that has this right and power: `cypherpunk authorities are corrupt.' (S.Boxx) (2) Power delegated to others; authorization: `Psychopunks, you have my authority to pseudospoof S.Boxx into oblivion.' (E.Hughes) (3) an accepted source of expert information or advice, as a book or person: ``E.Hughes is an authority on pseudospoofing.'' (G.Broiles) (4) an expert in a given field: ``Hughes thinks he is an authority on politics.'' (T.C.May) (5) power to influence or to affect resulting from knowledge or experience: ``I pseudospoof with authority.'' (E.Hughes) (6) A state of hierarchy that must be subverted and destroyed. ``The State has No Authority'' (E.Hughes) (7) a liberating freedom. ``Private companies and conspiracies are the only authority.'' (T.C.May) courtesy -- n. (1) polite behavior; gracious manner or manners. `No one deserves courtesy' (E.Hughes) (2) a polite gesture or remark: ``He molested me, and I returned the courtesy.''(S.Boxx) (3) consent or favor; indulgence: ``Hughes received adulation courtesy of the ignorant.'' (S.Boxx). (4) A harmonious state of human interaction that is ideally sabotaged by pseudospoofing. movement -- n. (1) the act, process, or an instance of moving. (2) a group engaged in actions intended to achive a specific goal: `the cypherpunk movement is a lie.' (S.Boxx) (3) a tendency or trend: `There is no cypherpunk movement.' (E.Hughes) (4). a. An evacuation of the bowels. ``Bowel movement?'' (J.Dinkelacker) b. the matter so evacuated. ``I live on Movements.'' (E.Huhges) (5) Mus. a. a section of a large composition, as a symphony or sonata. b. Rhythm; tempo. (6) a mechanism that produces motion, as the works of a watch. ``My depravities will be remembered as masterful movements.'' (Medusa) pariah -- n. (1) a member of a low caste of workers in southern India and Bruma. (2) a person who has been excluded from society, an outcast. (3) someone who requests the truth of a cypherpunk. (4) someone who accuses a prominent cypherpunk of pseudospoofing and is correct. cooperation -- n. (1) joint action: ``cypherpunks are not interested in international cooperation.'' (T.C.May) (2) assistance; support: ``the tyrant sought the cooperation of the sycophants.'' (S.Boxx) (3) willingness to cooperate: ``please show more cooperation.'' (E.Hughes) (4) An awkward arrangement that requires the subjugation of personal ego in the favor of group advancement. `I hate cooperation.' (E.Hughes). cabal -- n. (1) a small group of people organized to carry out a secret plot or conspiracy. (2) a secret scheme or plot organized by such a group. intr.v. to form a cabal; plot; conspire. (3) The California Cypherpunks as led by E.Hughes and T.C.May cacophony -- n. (1) harsh, jarring, dischordant sound; dissonance. (2) the sound that pseudospoofing makes on a mailing list. stalemate -- n. (1) a drawing position in chess in which only the king can move and although not in check can move only into check. (2) a situation in which further progress is impossible; a deadlock. tr.v. to bring to a stalemate. (3) the natural state of Cypherpunk progress in the face of rampant corruption and depravity. discord -- n. (1) lack of agreement or accord; dissension: `Eric Highness, discord within the ranks is growing' (T.C.May) (2) a confused or harsh mingling of sounds, e.g. those made by pseudospoofers complimenting Medusa and criticizing other respected personalities. (3) Mus. A combination of simultaneously sounded tones that is considered to sound harsh or unpleasant; dissonance. (4) the natural state of the Cypherpunks list in the face of lies and brainwashing. subvert -- tr.v. (1) to destory or overthrow completely; ruin. ``Let's subvert the world.'' (E.Hughes) (2) to undermine the character, morals, or allegiance of; corrupt. ``Subvert the DNS and SMTP software.'' (E.Hughes) martyr -- n. (1) a person who suffers death rather than renouncing a religious principle or belief. ``I will not submit to pseudospoofing.'' (S.Boxx) (2) a person who makes great sacrifices or suffers a great deal for a cause or principle. ``The Cypherpunk leaders are corrupt.'' (S.Boxx) (3) a person who endures great suffering. ``I have been assaulted by tentacles even after I asked Medusa to stop.'' (S.Boxx) tr.v. (1) to make a martyr of. ``hey everyone! let's martyr S.Boxx!' (E.Hughes) (2) to inflict great pain or suffering upon; torture. ``You're martyring him!'' (T.C.May) (3) someone who uncovers a massive interstate conspiracy and attempts to expose it. public -- adj. (1) of, concerning, or affecting the community or the people: `the public be damned.' (E.Hughes) (2) maintained for or used by the people or community: `a public mailing list.' (3) participated in or attended by the people or community: ``an idol of Medusa for public deification.'' (4) connected with or acting on behalf of the people, community, or government, rather than private matters or interests: ``corrupting a public office.'' (5) open to the knowledge or judgement of all: ``made his actions public.'' n. (1) the community or the people as a whole. ``the public must be kept in the dark about the true cypherpunk goals of tax evasion, black marketeering, and government destruction.'' (E.Hughes) (2) a group of people sharing a common interest: ``the honest public.'' (3) admirers or followers, esp. of a celebrity. ``Hughes was esteemed by the public.'' revolt -- intr.v. (1) to attempt ot overthrow the authority of the stae; rebel. ``S.Boxx revolted against the criminal leadership.'' (2) to oppose or refuse to accept something: `His Royal Eminence revolted against high taxes.' tr.v. to fill with disgust; repel. ``I find pseudospoofing, esp. by the leadership, revolting.'' (S.Boxx) n. (1) an uprising, esp. against state authority; rebellion. ``Revolt against the corruption!'' (S.Boxx) (2) an act of opposition or rejection. ``Suppress the revolt!'' (E.Hughes) (3) the condition of opposition or rebellion: be in revolt. revolution -- n. (1) a. movement in an orbit around a point, esp. as distinguished from rotation on an axis. b. a spinning or rotation about an axis. c. a single complete cycle of motion about a point in a closed path. ``the cypherpunks were going in circles because of the betrayal by the leadership in rampant pseudospoofing.'' (S.Boxx) (2) a sudden or momentous change in any situation: `the revolution in opinion after the leadership was exposed.' (3) a sudden political overthrow or seizure of power brought about from within a given system. ``S.Boxx sparked the revolution.'' (4) a movement that hides criminals, terrorists, and traitors. scapegoat -- n. (1) someone or something that bears the blame for others. (2) S.Boxx, blamed for the poisons of pseudospoofing by top leadership. blind -- adj. (1) without the sense of sight; sightless. (2) performed without the use of sight: `blind allegiance to leaders.' (3) unwilling or unable to perceive or understand: `she was blind to their corruption.' (4) not based on reason or evidence: `blind faith in their integrity'. (5) without forethought or reason: `attacked their criminality in blind rage'. (6) hidden or screened from sight: `a blind conspiracy.' (7) closed at one end: `progress hit a blind alley'. (8) having no opening: `reaching a blind end.' (9) Informal. Drunk. n. (1) something that shuts out light or hides vision, as an evasion or lie (2) a shelter for concealing hunters ``the pseudospoofers rested in the blind before they attacked S.Boxx.'' (3) something that conceals the true nature of an activity, esp. of an illegal or improper one; a subterfuge. ``The cypherpunks mailing list was a blind for a subversive terrorist organization.'' adv. (1) without being able to see; blindly: `listen to the brainwashing blindly.' tr.v. (1) to deprive of sight. ``honest cypherpunks were blinded by the lies.'' (2) to deprive (a person) of judgement or reason: `Passivity blinded them to the danger.' (3) to dazzle. ``Eric blinded everyone with his depravity.'' sabotage -- n. (1) the destruction of property property or the obstruction of normal operations, as by cypherpunk agents in time of peace. (2) any treacherous action to defeat or hinder a cause. ``the cypherpunks sabotaged all measures for identity.'' (S.Boxx) tr.v. to commit sabotage against. (3) destroying the advance of various Internet projects such as DNS, PEM, and SMTP through sabotage of mailing list discussions and developer's private mail boxes with pseudospoofed tentacles. infiltrate -- tr.v. (1) to pass (a liquid or gas) into something through small openings. (2) to fill or saturate with a liquid or gas passed through small openings. (3) to enter gradually or secretly: `cypherpunk agents infiltrated the Internet.' intr.v. to gain entrance gradually or secretly. `cypherpunk agents infiltrated other mailing lists.' n. a substance that accumulates gradually in bodily tissues. `the poisonous infiltrate drowned Cyberspace.' subterfuge -- n. (1) an evasive plan or tactic used to avoid capture or confrontation. (2) lies by the tentacles of E.Hughes, T.C.May, or other prominent cypherpunks. (3) Psychopunk honesty. ignorant -- adj. (1) without education or knowledge. `E.Hughes was an ignorant person.' (S.Boxx) (2) exhibiting lack of education or knowledge: `ignorant assumptions about the lack of pseudospoofing'. (3) unaware or uninformed: `not having seen the mailing list, she was ignorant of the massive conspiracy.' (4) an ideal state of lack of knowledge induced by perpetual brainwashing from the cypherpunks mailing list. etiquette -- n. (1) the body of rules governing correct behavior among people, in a profession, etc.: `court etiquette; military etiquette.' (2) the nonexistent state of courtesy shared among conspiring California cypherpunks and outsiders. rant -- intr.v. To speak violently, loudly, and at length; rave: `His royal eminence ranted against high taxes.' n. A loud, violent speech; a tirade. `S.Boxx ranted against the corruption of the leadership, but fortunately no one cared.' (T.C.May) reality -- (1) the condition or quality of being real or true; actual existence. (2) a person, thing, or event that is real. (3) Something to manipulate and distort. ``You live in your own reality.'' (T.C.May) exorcize -- tr.v. (1) to expel (an evil spirit) by or as if by incantation or prayer. (2) to free from evil spirits. (3) call a tentacle a `tentacle' publicly. facade -- n. (1) the main face or front of a building. ``The cypherpunks list is a facade for respectability.' (H.Finney) (2) the face or front part of anything, esp. an artificial or false front: ``of the most famous cypherpunks we know only the grotesque liars'' (L.Detweiler). (3) a beautiful deception and trickery. ``Our facade stands!'' (E.Hughes) false -- 1. a. contrary to fact or truth; erroneous: `T.C.May issued a false denial.' (S.Boxx) b. arising from mistaken ideas: `E.Hughes had false hopes in depravity.' (S.Boxx) (2) marked by an intent to deceive; untruthful: `T.C.May made a false accusation about violent threats'. (S.Boxx) (3) unfaithful, disloyal: `T.C.May and E.Huhges were false friend.' (S.Boxx) (4) a. not natural; artificial: `false person'. b. not real or genuine: `a false identity'. (5) Mus. Wrong in pitch. ``That's the Truth'' (S.Boxx) humility -- n. (1) the quality or condition of being humble; lack of pride. (2) a bizarre disorder. ``What is this humility?'' (E.Huhges) mockery -- n. (1) scornful contempt; ridicule; derision. ``S.Boxx made a mockery of the leadership.'' (T.C.May) (2) a specific example of ridicule or derision. ``J.Dinkelacker was a mockery of a human being.'' (S.Boxx) (3) an object of scorn or ridicule. ``Pseudospoofing is a mockery.'' (H.Finney) (4) a false, ridiculous, or impudent imitation; a travesty: `the cypherpunks were a mockery of virtue.' network -- n. (1) an open fabric or structure in which cords, threads, or wires cross at regular intervals. (2) a system or pattern made up of a number of parts, passages, lines, or routes that cross, branch out, or interconnect: `a network of roads and railways; a network of veins.' (3) a chain of interconnected radio or television broadcasting stations, usu. sharing a large proportion of their programs. (4) a group or system of electronic components designed to function in a specific manner. (5) an extensive system of public access Internet accounts and phone numbers used to promote a massive conspiracy and hoax by the Cypherpunks. manipulate -- (1) to operate or manage by skilled use esp. of the hands. ``Eric, stop manipulating yourself!' (T.C.May) (2) to influence or manage shrewdly or skillfully: `E.Hughes masterfully manipulated public opinion on the cypherpunks list with dozens of fake identities.' (Nostadamus) (3) to manage artfully or deceitfully for personal gain or advantage. `Why can't we successfully manipulate S.Boxx?!' (E.Hughes) masquerade -- n. (1) a. a costume ball or party at which masks and elaborate costumes are worn. ``The cypherpunks mailing list is a masquerade of tentacles.'' (S.Boxx) (2) any false outward show or pretense: `a masquerade of virtue.' intr.v. (1) to wear a mask or disguise, as a tentacle. (2) to have a deceptive appearance: `a conspiracy masquerading as a movement.' ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From an12070 at anon.penet.fi Tue Nov 23 01:55:08 1993 From: an12070 at anon.penet.fi (S.Boxx) Date: Tue, 23 Nov 93 01:55:08 PST Subject: The Psychopunk Glossary (1 of 2) Message-ID: <9311230951.AA26107@anon.penet.fi> democracy -- n. (1) Government by the people, exercised either directly or through elected representatives. ``Democracy is invariably oppressive because of the tyranny of the majority of honest citizens over the fringe criminal element.'' (N.Szabo) (2) a nation or social unit with this form of government. ``There is no pretense Cypherpunks are a democracy.'' (T.C.May) (3) Social and political equality and respect for the individual within the community. ``If I prohibited you from posting, that would not be censorship.'' (E.Hughes). (4) A subversive and oppressive structure that limits the rights of criminals. Medusa -- n. (1) A Gorgon with eyes that had the power to turn an onlooker into stone, who was slain by Perseus. ``Medusa, her snakes, and her sisters harassed S.Boxx.'' (Medusa) (2) The God worshipped by the Cypherpunk cult of pseudospoofers. anarchy -- n. (1) absence of any form of governmental authority or law. ``I'm so excited! The future is CryptoAnarchy.'' (T.C.May) (2) political disorder and confusion. ``The cypherpunks list has always been plunged into anarchy from pseudospoofing.'' (J.Dinkelacker) (3) absence of any cohering principle, as a common standard or purpose; disorder and confusion. ``Anarchy is not disorder and confusion.'' (Snake #7) (3) the hellish utopia of the psychopunks. guerilla -- n. (1) A member of an irregular military force that uses harassing tactics against an enemy army, usu. with the support of the local population. ``G.Barnes, a chief Sister of Medusa, shot S.Boxx's postmaster to the glee of the CA cypherpunks.'' (His Royal Eminence) (2) a cypherpunk who seeks to infiltrate very many sensitive internet mailing lists, stalking and assassinating opponents. conspiracy -- n. (1) an agreement to perform together an illegal or evil act. ``Cypherpunks are interested in tax evasion, black marketeering, and the destruction of governments.'' (T.C.May) (2) a combining or acting together, as if by evil design: `a conspiracy of cypherpunks'. (3) Law. An agreement between two or more persons to commit a crime or to accomplish a legal purpose through illegal action. ``Let's invade people's privacy by stealing their credit records and tapping their phones.'' (Satan) (4) The cypherpunk movement, which seeks to infiltrate all of Cyberspace with criminals, starting small by buying public access Internet accounts around the country, and interstate phone numbers redirected to the headquarters in California, to wiggle their `liberating' tentacles with evil glee. government -- n. (1) the act or process of governing, esp. the political administration of an area: `the government of the United States is repressive to criminals.' (Evil Criminal) (2) a system by which a political unit is governed: `Cypherpunks have no government.' (T.C.May) (3) a governing body or organization. `E.Hughes and T.C.May are the cypherpunk government.' (Medusa) (4) Oppression. ``The government must be stopped.'' (T.C.May) consensus -- n. (1) collective opinion or concord; general agreement: `the consensus of the cypherpunks can be manipulated readily to my ends with pseudospoofing.' (E.Hughes) (2) something to be insidiously subverted and manipulated through public postings, private email, and dozens of pseudospoofed interstate tentacles. agenda -- n. (1) a list of things to be done, esp. the program for a meeting. `We should all pretend the agenda is what we favor.' (T.C.May) `People that can't show up for the CA meetings are just SOL.' (T.C.May) (2) a public pretense for a private conspiracy originating in California called the `Cypherpunk movement.' police state -- n. (1) A country or other political unit in which the government exercises rigid control over the social, economic, and political life, esp. by means of a secret police force. ``Cypherpunks seek to erect their own police state by use of an international network of subversive pseudospoofed tentacles.'' (E.Hughes) (2) Any database, particularly one that contains information, e.g. on identity. (3) The Cypherpunks mailing list, teeming with double agents and informants. oppress -- tr.v. (1) to burden harshly, unjustly, or tyrannically. ``E.Hughes oppressed his clique of sychophants.'' ``The California cabal oppressed the honest members of the mailing list with pseudospoofed fantasies.'' (S.Boxx) (2) to weigh heavily opon the mind or spirit. ``T.C.May was oppressed, but not swayed, by his conscience.'' (H.Finney) (3) a context-dependent word that means `annoying harassment of criminals' in the context of Cypherpunk usage: ``Democracy and the government oppress us.'' (T.C.May) tyranny -- (1) a government in which a single ruler is vested with absolute power. ``The cypherpunks mailing list is a tyranny'' (S.Boxx) (2) the office, authority, or jurisdiction of such a ruler. ``E.Hughes lives high above in an Ivory Castle of Tyranny.'' (3) absolute power, esp. when exercised unjustly or cruelly. ``Cypherpunks led by E.Hughes are fond of exercising his tyranny over dozens of mailing lists by flaming and brainwashing with worthless tentacles.'' (4) the arbitrary use of such power; a tyrannical act. ``E.Hughes and the Cypherpunk conspirators hounded G.Spafford off the net with tyranny in email.'' (5) extreme harshness or severity; rigor. ``E.Hughes rules with a tyrannical, silent iron fist.' (6) Governments, democracy, or databases. ``Governments, democracy, and databases are tyranny.'' (T.C.May) dictator -- n. (1) a ruler who has complete authority and unlimited power, esp. a tyrant. ``E.Hughes is my favorite dictator.'' (J.Dinkelacker) (2) a person who dictates. ``I CONTROL YOU.'' (J. Dinkelacker) (3) in ancient Rome, a magistrate appointed temporarily to deal with an immediate crisis or emergency. ``CERT police will soon be the fascist internet dictators.'' (E.Hughes) (4) Someone who prevents cypherpunk conpirators from achieving their ends. ``CERT is the Corrupt Dictator of the Internet.'' (E.Hughes) autocracy -- n. (1) government by a single person having unlimited power; despotism. ``Cypherpunks are opposed to democracy, and in favor of autocracy.'' (E.Hughes) (2) a country or state having this kind of government. ``The Cypherpunks mailing list is a tyranical autocracy.' (S.Boxx). (3) A utopia ruled by the capricious but benificient God E.Hughes. autocrat -- n. (1) a ruler with absolute or unrestricted power; despot. ``E.Hughes is the Royal List Moderator.'' (T.C.May) (2) any arrogant and domineering person. ``I am not an autocrat! You are the insubordinate!'' (E.Hughes). (3) A Cypherpunk leader. ``E.Hughes and T.C.May are the Cypherpunk autocrats.'' dictatorship -- n. (1) the position or rule of a dictator. ``The Cypherpunks mailing list is an uplifting dictatorship.'' (E.Hughes) (2) a. a form of government in which one person or class has complete authority and unlimited power. ``California cypherpunks meetings are dictatorships under the leadership of E.Hughes and A.Abraham'' (H.Finney) b. a country having such a government. ``The U.S. is a dictatorship under Clinton.'' (E.Hughes) (3) any government structure, especially Democracy. ``Governments == Dictatorships'' (E.Hughes) tyrant -- n. (1) an absolute ruler who governs arbitrarily without constitutional or other restrictions. ``I am an enlightened tyrant.'' (E.Hughes) (2) a ruler who exercise power in a harsh, cruel manner, an oppressor. ``You are invading my privacy by revealing my perversions.'' (E.Hughes) (3) any tyrannical or despotic person, esp. one who demands total obedience. ``You will be silent or censored. The choice is yours!'' (E.Hughes) (4) someone who restricts the depravities of psychopunk criminals. ``The police are tyrants!'' (Deadbeat) poison -- n. (1) any substance that causes injury, illness, or death, esp. by chemical means. ``Pseudospoofing is poisoning the Internet.'' (S.Boxx) (2) anything that is destructive or fatal. ``We are being poisoned by frauds, poseurs, hypocrites, and traitors.'' (S.Boxx) (3) Chem. a substance that inhibits or retards a chemical reaction. ``Pseudospoofing is poisoning the growth of cyberspace.'' (S.Boxx) tr.v. (1) to kill or harm with poison. ``I am being poisoned by pseudospoofing.'' (S.Boxx) (2) to put poison on or into: ``We are having great fun poisoning the sensitive mailing lists on the Internet and future Cyberspace.'' (E.Hughes) (3) a. to pollute: `noxious fumes poison the air.' (S.Boxx). b. to have a harmful influence on; to corrupt: `Jealousy poisoned the friendship of E.Hughes and T.C.May.' (Medusa) (4) chem. To inhibit or retard (a chemical reaction). ``Honesty was poisoned on the cypherpunks list.'' confess -- tr.v. (1) a. to make known (one's sins) to a priest or to God. ``I have never done anything wrong, God. Besides, I'm an atheist.'' (E.Hughes) b. to hear the confession of. ``I can't hear you, Eric.'' (S.Boxx) (2) to disclose or admit (a fault): `Hughes would never confess to his depravities' (H.Finney) (3) to admit conversationally: `I must confess that I have masterminded a massive hoax perpetuated by pseudospoofing.' (E.Hughes) (4) to acknowledge belief or faith in. ``I confess my belief and faith in pseudospoofing as the liberation of humanity.'' (E.Hughes) intr.v. (1) to admit or acknowledge a crime or deed: `T.C.May confessed his sins to his girlfriend, but she didn't give a damn' (Medusa) (2) to tell one's sins to a priest. ``Forgive me father, for I have sinned.'' (Jesus Christ) contrite -- (1) repentant for one's sins; penitent. ``What does `contrite' mean?'' (E.Hughes) (2) feeling or caused by contrition: `contrite words, contrite tears.' (S.Boxx) (3) an aberrant psychological state to be avoided at all costs. ``Cypherpunks will never be contrite.'' (S.Boxx) inquisition -- n. (1) the act of inquiring into a matter; an investigation. ``Your accusations that I have ever pseudospoofed, am continuing to do so, or am a liar are an inquisition.'' (T.C.May) (2) an inquest. ``The inquisition has begun.'' (S.Boxx). (3) Inquisition. In the Middle Ages, a tribunal of the Roman Cotholic Church established to seek out and punish those people considered guilty of heresy. ``I will not answer your inquisitional questions'' (E.Hughes) (4) any investigation that violates the privacy or rights of individuals. ``Any investigation into pseudospoofing is by definition an inquisition.'' (E.Hughes, T.C.May). insidious -- adj (1) working or spreading harmfully ina subtle or stealthy manner: `an insidious spread of pseudospoofing on the Cypherpunks mailing list, other sensitive Internet mailing lists, and throughout all of cyberspace.' (2) intended to entrap; treacherous: `S.Boxx uncovered an insidious plot, but no one believed him.' (Medusa) (3) the most ideal state of rapture. ``OK, CA Psychopunks, We have to be as insidious as possible.'' (E.Hughes). accomplice -- n. (1) One who aids or abets a lawbreaker in a criminal act but is not necessarily present at the time of the crime. ``Honest cypherpunks are accomplices to a massive conspiracy because of their blase and unquestioning brainwashed toleration.'' (S.Boxx). (2) a friend. ``You are my best accomplice, T.C.'' (E.Hughes) treachery -- (1) willful betrayal of loyalty, confidene, or trust; perfidy; treason. ``My Pseudospoofing and lying is not treachery against cypherpunks.'' (T.C.May) (2) a disloyal or treasonous act. ``Attempts to expose me are nothing but treachery''. (E.Hughes) (3) a divine state of bliss. ``Cypherpunks, rejoice in your treachery!'' (J.Dinkelacker) treason -- (1) the betrayal of one's country, esp. by giving aid to an enemy in wartime or by plotting to overthrow the government. ``We are not advocating treason.'' (E.Hughes, T.C.May) (2) any betrayal of a trust. ``Your treason will be punished severely.'' (S.Boxx) (3) any noble action by a psychopunk. ``There is no such thing as treason.'' (T.C.May). moral -- adj. (1) of or concerned with the principles of right and wrong in relation to human action or character; ethical. ``there is no such thing as cypherpunk morality.'' (S.Boxx) (2) teaching or exhibiting rightness or goodness of character and behavior: `I've never encountered a moral lesson.' (E.Hughes) (3) conforming to standards of what is right or just in behavior; virtuous: `a moral decision escapes me.' (T.C.May) (4) arising from conscience or the sense of right and wrong: `I have a moral obligation to depravity.' (J.Dinkelacker) (5) psychological rather than physical or concrete in effect: `RISKS 15.25 represents a moral victory.' (S.Boxx) (6) based upon strong probability or conviction rather than actual evidence: `That T.C.May and E.Hughes are pseudospoofing coconspirators is a moral certainty'. (S.Boxx) n. (1) the lesson or principle taught by a fable, story, or event. ``I have no idea what the moral of `the Joy of Pseudospoofing' or `The Zen of Cyberspace' is!'' (T.C.May) (2) a concisely expressed precept or general truth; maxim ``the moral is that Cypherpunks is rotten to the core'' (S.Boxx). (3) morals. principles or habits of what constitutes right or wrong conduct, esp. sexual conduct. ``I wish I had some morals.'' (H.Finney) (4) a determination of right and wrong dependent on context. ``In many cases, cannibalism and murder are justified.'' (M.Landry) morale -- n. (1) the condition or attitude of an individual or group in regard to the willingness to perform assigned tasks, confidence, cheerfulness, and discipline. ``That E.Hughes is such a clever fellow!'' (A.Chandler) (2) something that plummets with rampant pseudospoofing. ``Why has morale stalled?'' (T.C.May) ethics -- n. (1) The branch of philosophy that deals with the general nature of good and bad and the specific moral obligations of and chioces to be made by the individual in his relationship with others. ``Pseudospoofing is entirely ethical'' (J.Gilmore) (2) the rules or standards governing conduct, esp. of the members of a profession. ``Ethics has nothing to do with pseudospoofing.'' (E.Hughes). (3) Something to subvert and obfuscate. ``I love to subvert and obfuscate ethics.'' (T.C.May) punish -- tr.v. (1) to subject to a penalty for a crime, fault, or misbehavior. ``If you have no physical location, you cannot be punished.'' (E.Hughes) (2) to inflict a penalty on a criminal or wrongdoer for (an offense). ``I resent punishment.'' (E.Hughes) (3) to handle roughly, injure, hurt: `heavy pseudospoofing punished S.Boxx.' intr.v. To give punishment. (4) what society does to hapless and repressed sociopaths. ``The punishment for depravity is outrageous.'' (T.C.May) corrupt -- adj. (1) Lacking in moral restraint, depraved: `Cypherpunks is the corrupt cabal of a sleazy California hacker.' (J.Markoff, NYT) (2) Marked by or open to bribery, the selling of political favors, etc.; dishonest: `E.Hughes takes pride in his corruption.' (S.Boxx) (3) decaying; putrid. ``Cypherpunks is corrupt.'' (K.Kelly, Wired) (4) containing errors or alterations, as a text: `a corrupt mailing list.' tr.v. (1) to destroy or subvert the honesty or integrity of, as by bribing. ``We will corrupt the entire world.'' (E.Hughes) (2) to ruin the morality of; to pervert or debase: `None fear that Cypherpunks will corrupt the Cyberspace of the Future.' (E.Hughes) (3) to cause or become rotten; spoil. ``Cypherpunks is rotten to the core.'' (S.Boxx) (4) to change the original form of (a text, language, etc.) intr.v. To become corrupt. (5) A repressive state of governments that private companies and organizations are incapable of exhibiting. ``Corruption is my life!'' (E.Hughes) lie -- intr.v. (1) to present false information with the intention of deceiving: `I am real!' (J.Dinkelacker) (2) to convey a false image or impression: `You are going insane.' (H.Finney) n. (1) a false statement deliberately presented as being true; a falsehood. ``Your accusations are too bizarre to be believed.'' (T.C.May). (2) anything meant to deceive or give a wrong impression. ``I deny it all.' (E.Hughes). (3) any statement given under the psychopunk Religion of Pseudospoofing. ``You can trust me!'' (Snake #7) propaganda -- (1) the communication of a given doctrine to large numbers of people, esp. by constant repetition. ``Cypherpunks ideas about CryptoAnarchy are the propaganda delivered by the Cypherpunks Mailing list moderated by E.Hughes.'' (T.C.May) (2) ideas, information, or other material distributed for the purpose of winning people over to a given doctrine, often without regard to truth or fairness. ``Propaganda is liberating.'' (E.Hughes). (3) the Truth. ``I value the Truth immensely.'' (E.Hughes). cult -- n. (1) a system or community of religious worship and ritual, esp. one focusing upon a single deity or spirit: `the cult of pseudospoofing cypherpunks worshipping Medusa.' (2) a. obsessive devotion or veneration for a person, priniciple, or ideal. b. the object of such devotion. (3) a group of persons sharing a common interest: `Cypherpunks is a reprehensible political cult.' (S.Boxx) (4) An invigorating clique or conspiracy. ``The next cult meeting is the second Saturday of every month.'' (E.Hughes) integrity -- n. (1) strict personal honesty and independence: `E.Hughes thinks he is a man of integrity'. (S.Boxx) (2) completeness; unity: `a mailing list without censorship to maintain its integrity.' (S.Boxx) (3) the state of being unimpaired; soundness. `T.C.May has outstanding integrity.' (J.Dinkelacker) (4) something to subvert and destroy. `There is some integrity left in SMTP and DNS software.' (E.Hughes) honest -- adj. (1) marked by or displaying truthfulness and integrity; upright. ``Pseudospoofing is an honest endeavor.'' (J.Gilmore) (2) not deceptive or fraudulent; genuine: `honest insight'. (J.Dinkelacker) (3) conforming to fact or to the truth; not false: `honest reporting'. (S.Boxx) (4) frank and straightforward; sincere: `an honest opinion; an honest person.' (J.Gilmore) (5) without disguise or pretense: `honest mailing list'. (6) Archaic. Chaste; virtuous. (7) Untrustworthy. ``Who among us is honest?'' (E.Hughes) honesty -- n. (1) the quality or state of being honest; integrity. ``Honesty is the best policy.'' (E.Hughes) (2) truthfulness; sincerity: `in all honesty.' (T.C.May). (3) something to avoid at all costs. ``I embrace honesty.'' (T.C.May) true -- adj. (1) consistent with fact or reality; right; accurate. ``The assertion that I have ever posted as J. Dinkelacker is not true.'' (T.C.May). (2) not imitation or counterfeit; real or genuine: `true consensus.' (3) faithful; loyal: ``this above all, to thine own self be true'' (Shakespeare). (4) Rightful; legitimate. ``True anonymity is liberating.'' (N.Szabo) (5) sincerely felt or expressed: `speaking with true evasion.' (T.C.May) (6) a. rightfully bearing the name; properly so called: `the pseudospoofer can be found everywhere on the cypherpunks list.' (S.Boxx) b. having the characteristics associated with a certain group or type; typical: `he was a liar and a sociopath, a true Psychopunk.' (E.Hughes) c. exactly conforming to an orginal or standard: `I forged a true copy of the birth certificate.' (E.Hughes) adv. (1) rightly; truthfully: `E.Hughes lies true.' (T.C.May) (2) without swerving from a course; accurately: `I'll pervert the Cypherpunks straight and true.' (E.Hughes) (3) Fiction or fantasy. ``That is true.'' (E.Hughes). pseudonym -- n. (1) A fictitious name, esp. one assumed by an author; pen name. (2) a method of systematic manipulation and deception promoted by esteemed individuals like J.Gilmore, also called `pseudospoofing'. hypocrisy -- n. (1) The practice or act of professing virtues and beliefs that one does not possess. (2) Eric Hughes. (3) T.C.May pure -- (1) having a homogeneous or uniform composition; not mixed: `pure lies.' (2) free from adulterants or impurities; full-strength: `pure brainwashing'. (Cypherpunk Moderator) (3) free from dirt, defilement, or pollution. (Cypherpunk mailing list) (4) free from foreign elements. (Internet Mailing Lists) (5) containing nothing inappropriate or extraneous: `a pure literary style.' (L. Detweiler) (6) complete; utter: `pure criminality'. (E.Hughes) (7) without faults; perfect; sinless. ``I am pure'' (T.C.May) (8) chaste; virgin. ``Let's rape the Pure!'' (E.Hughes) (9) of unmixed blood or ancestry. ``Cypherpunks are pure criminals.'' (S.Boxx) (10) genetics. Breeding true to parental type; homozygous. ``Incest is my favorite form of sex.'' (E.Hughes) (11) Theoretical rather than applied: `pure science of pseudospoofing'. (Einstein) poseur -- n. (1) a person who assumes a false attitude, character, or manner to impress others. (2) E.Hughes (3) T.C.May tax -- n. (1) a charge or contribution required of persons or groups within the domain of a government for the support of that government. (2) an excessive demand; a strain. tr.v. (1) to place a tax on income, property,goods, etc. (2) to exact a tax or taxes from. (3) to make difficult or excessive demands upon: `pseudospoofing taxes a mailing list's community' (4) oppress. ``The government does nothing but tax us.'' (His Royal Eminence). fraud -- n. (1) a deception deliberately practiced in order to secure unfair or unlawful gain. ``The cypherpunks are frauds.'' (S.Boxx) (2) a piece of trickery; a swindle. ``I believed in a fraud.'' (S.Boxx) (3) a. a person who defrauds; a cheat. ``I am not a fraud.'' (E.Hughes) b. a person who assumes a false pose. ``I am a fraud.'' (T.C.May) (4) An uplifting religious experience. ``War of the Worlds was the greatest fraud of all times.'' (E.Hughes) psychopath -- n. (1) a person with a severe personality disorder, esp. one manifested in aggressively antisocial behavior. (2) Eric Hughes. (3) T.C.May psychosis -- n. (1) Any of a class of serious mental disorders in which the mind cannot function normally and the ability to deal with reality is impaired or lost. (2) Any of a class of serious pseudospoofers centered in California whose minds have long ceased to function normally and the ability to deal with reality has been utterly corrupted. egomania -- n. (1) obsessive preoccupation with the self; extreme egotism. (2) Psychopunk joy. ``I am happy.'' (E.Hughes) fair -- adj. (1) pleasing to look at; beautiful; lovely: `a fair maiden was raped by a psychopunk'. (2) light in color: `fair men; fair ideas, all defiled by psychopunks.' (3) free of clouds or storms: `fair weather is nonexistent with pseudospoofing.' (4) characterized by evenhanded honesty; just: `There is no such thing as fair play or a fair trial.' (E.Hughes) (5) neither good nor bad; average: `the conspiracy was only fair.' (Hitler) (6) consistent with rules or logic: `a fair question deserves a lie'. (E.Hughes) (7) lawful to hunt or attack: `Attention! L. Detweiler is fair game.' (T.C.May) adv. (1) in a fair manner; properly: `I don't believe in playing fair.' (E.Hughes) (2) directly; squarely; straight: `a stick poked fair in the eyeballs'. (S.Boxx) (3) power that can only be attained through bribery. `The world is fair if you have enough money.' (E.Hughes) hoax -- n. (1) Something, as a joke or fraud, that is intended to deceive or trick others. (2) the cypherpunks movement. (3) H. Finney. society -- n. (1) human beings in general. ``I hate society.'' (E.Hughes) (2) a group of people with a common culture or way of life. ``Cypherpunks is not a society.'' (T.C.May) (3) a group of people who unite to share a common interest: `cypherpunks is a criminal society' (E.Hughes). (4) the rich and fashionable social class: `the conspirators believed they lived in a high society'. (S.Boxx) (5) companionship; company. `My tentacles are my society.' (T.C.May) (6) a orderly community that must be sabotaged. ``We must throw off the repressions of American society.'' (E.Hughes) obsession -- n. (1) an excessive preoccupation with an idea or emotion. ``Pseudospoofers are obsessed with lies.'' (S.Boxx) (2) an often unreasonable idea or emotion that is the cause of an obsession. ``I am an honest person.'' (T.C.May) monomania -- (1) a mental disorder characterized by an obsession with one idea. ``Nothing is wrong.'' (E.Hughes) (2) an intense preoccupation with or exaggerated enthusiasm for one subject or idea. ``I love to pseudospoof and betray others.'' (E.Hughes) persecute -- tr.v. (1) to cause to suffer, esp. on account of politics, religion, etc.; oppress. ``S.Boxx, stop persecuting me!'' (T.C.May) (2) to annoy persistently; to bother. ``S.Boxx, Stop persecuting me!'' (E.Hughes) censor -- n. (1) a person authorized to examine literature, plays, etc., and who may remove or suppress the sections considered morally or otherwise objectionable. (2) in ancient Rome, one of two officials responsible for supervising the public census and public behavior and morals. tr.v. to examine and expurgate. (3) Eric Hughes, `moderator' of the Cypherpunks Mailing list hallucination -- n. (1) an illusion of seeing, hearing, or otherwise sensing something that does not really exist; false perception. ``I was hallucinating that my tentacles were real.'' (T.C.May) (2) something, as a vision or image, that occurs as a hallucination. ``You live in a hallucination.'' (S.Boxx). (3) a majestic state of heightened mental awareness. ``I enjoy hallucinations.'' (T.C.May) ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From an12070 at anon.penet.fi Tue Nov 23 01:58:51 1993 From: an12070 at anon.penet.fi (The Executioner) Date: Tue, 23 Nov 93 01:58:51 PST Subject: The Final Ultimatum Message-ID: <9311230955.AA26875@anon.penet.fi> Cypherpunk leaders, state the truth, the whole truth, and nothing but the truth on the charges of routine, systematic, rampant, and conspirational pseudospoofing and deception of the media and your followers, publicly to all those you have affected in Cyberspace. Cypherpunk followers, demand publicly and privately of your leaders the truth, the whole truth, and nothing but the truth, and accept nothing less. Otherwise, watch the `movement' and your reputations dissolve before your eyes far beyond the present deterioration, to near total oblivion. You have 24 hours. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From strat at pancho.ksu.ksu.edu Tue Nov 23 02:33:53 1993 From: strat at pancho.ksu.ksu.edu (Steve Davis) Date: Tue, 23 Nov 93 02:33:53 PST Subject: The Psychopunk Glossary (2 of 2) In-Reply-To: <9311230951.AA26164@anon.penet.fi> Message-ID: <9311231032.AA17199@pancho.ksu.ksu.edu> Time to filter this dweeb's mail to /dev/null -- Steve Davis (strat at cis.ksu.edu) Kansas State University "I am not indecisive. Am I indecisive?" -- Jim Seibel From gnu Tue Nov 23 04:17:50 1993 From: gnu (John Gilmore) Date: Tue, 23 Nov 93 04:17:50 PST Subject: EE Times Nov 22, p1: "US weighs Clipper chip alternatives" Message-ID: <9311231216.AA10306@toad.com> The story, by George Leopold, has some obvious errors [like the "fait accompli"], but may have nuggets of new info. I expecially like the paragraph about the purpose of the encryption review. It's half right: the half about its purpose being to shove Clipper down our throats. But if they wanted to bring Congress and industry into the review process, they should've run it declassified and in open meetings. US weighs Clipper chip alternatives by George Leopold "The Clinton administration is readying a new encryption policy that could help defuse industry opposition to introduction of the government developed Clipper chip by embracing commercial technologies as alternatives for network security, according to government and industry sources. "A National Security Council panel led by George Tenet [sic], special presidential assistant for intelligence programs, is completing a broad review of government encryption policy with an eye toward employing the Clipper chip, as well as commercial alternatives, to ensure privacy and security on public networks. Those would include the proposed electronic superhighway, or National Information Infrastructure. "Tenet could not be reached for comment on the review's status, but a U.S. official said last week the results of the seven-month National Security Council policy review will be announced soon. "The Clipper chip, backed by the National Security Agency and proposed by the Clinton administration in April as a new data-encryption standard, is widely viewed by industry critics as a fait accompli, since the spy agency wants to use it to protect intelligence data. "Asked in an interview last Monday whether the policy review would result in modification of the Clipper chip proposal, Michael Nelson, special assistant for information technology in the White House Office of Science and Technology Policy, acknowledged the need to consider other encryption technologies for network security, including software solutions. He also said the government should have sought greater industry participation before proposing the Clipper chip. "Industry opposition to the Clipper resurfaced at a recent government-industry technology summit in San Francisco (see Nov 8, page 1). During a panel on the NII, Nelson told angry company executives that the Clinton administration would not impose Clipper on industry or rule out alternative encryption technologies. "``Clipper is not a silver bullet, it's not even a brass bullet,'' Nelson said. ``It's only one approach.'' "He added, ``If we don't address these [network security] issues, people won't use the NII.'' "Nelson said last week the National Security Council review was designed to bring industry and Congress into the process of looking for commercial solutions, besides Clipper, to the network-security issue. Industry groups said last week they have contributed to the review, which began shortly after Clipper was proposed. The review is expected to result in a decision on how to implement Clipper. "A decision on how to proceed with the Clipper proposal was scheduled for Sept 1 but was delayed in response to a recommendation from a private-sector advisory group to the Commerce Dpeartment." ... "Acknowledging industry's concerns, the initiative also includes creation of a key-escrow system to ensure the Clipper chip would be used to protect privacy." ... ... "Two key-escrow data banks would be overseen by a pair of independent agencies designated by the Justice Department and the White House. A decision on which agencies will oversee the databases has not been made, Commerce spokeswoman Anne Enright Shepherd said last Wednesday." ... "Clipper ``was forced upon [the Clinton administration] before they had a chance to evaluate its impact,'' Bruce Heiman, a Washington attorney representing the Business Software Alliance, said last Tuesday. ``NSA sold them a bill of goods.'' "The policy review means ``they realize that Clipper has problems... but they don't want to rule it out entirely,'' Heiman said, adding that industry would accept Clipper as one alternative to network security only if it is part of a truly voluntary program that includes public-key encryption." -- John Gilmore gnu at toad.com -- gnu at cygnus.com -- gnu at eff.org ``This committee has not tried to determine whether the National Security Agency tendency to advance exaggerated claims of authority ... stems from conscious policy or the actions of individual NSA employees.'' The Government's Classification of Private Ideas, House Report 96-1540, p. 67 From wex at media.mit.edu Tue Nov 23 06:22:55 1993 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Tue, 23 Nov 93 06:22:55 PST Subject: Anonymity on the net In-Reply-To: Message-ID: <9311231419.AA29570@media.mit.edu> From: greg at ideath.goldenbear.com (Greg Broiles) >An anonymous/pseudonymous poster may want to expose faulty reasoning or >research methods on the part of a previous poster, where that poster is >their boss, faculty advisor, department chair, [employee of] generous donor >to a nonprofit org .. etc. This is closer to my case 2 in the sense that it's something black or nefarious that is being discussed. In these cases, as I noted before, anonymity may help, but ultimately reputable researchers will have to review the results to determine if there is in fact a fraud or other deception. In addition, public "exposure" by anonymous sources is -- at best -- questionable. The anonymous poster may simply be a rival with hir own axe to grind and no interest in promoting the truth. One or two instances of this happening and people will (if they don't already) simply start discounting anonymous denunciations. There is a very good reason why our legal system provides for people being able to face their accusers. If you really need to get out information of this sort, posting is probably a very poor second to informing a source with the ability to do a real investigation. This is what happened in the Patriot case: the Pentagon was claiming amazingly high accuracy for the Patriot missile in the Gulf War. Someone inside the Pentagon knew this was false; shortly thereafter about a dozen people in the Establishment, in industry, in the media, and in academe got information they could use to expose the fraud. [I happen to know one of these people personally; another is a professor at MIT.] >This is useful for posting security holes that CERT/vendors won't >acknowledge or address; it seems generally useful when posting something >that might get you (a) fired or (b) sued. Consider the (ongoing, I think) Again, we're in agreement here: Case 2 requires anonymity. I continue to harbor the dream that someday this country will move to a position where people will be able to more freely speak their minds, no matter how ugly their minds happen to be. >There are still several places where it's not 'politically correct' to be >known as a reader of/poster to groups like soc.motss, alt.sex.bondage, or >other "controversial" groups. People may still want the sense of community >that they can get from participating, while wanting to avoid the enforcement >of PC-ness, possibly at the end of a baseball bat. Yeah, this is true. I'm on a very large mailing list which discusses a number of private issues. Many people get the list at their work email addresses and contribute to the list anonymously for reasons like these. I guess I'm just too much of an idealist -- Greg is probably right here as well. I will just note that I tend to believe the gay theorists who note that the closeted-ness of gays makes homophobia easier and more widespread. Still, it should be each individual's decision how much sie wants to be "out." >Distributing "secret" information widely, in an encrypted form, can >frustrate traffic analysis [...] (Assuming that it's meaningful to talk >about sharing a 'secret' with 200 people .. :) This is sort of the equivalent of the old coded-message-in-the-personals approach. Delivering a text which has no meaning except to a specific intended recipient is probably a reasonable idea, but I wish there was a better use of network resources than sending hundreds of bogus copies of something to hide the real intended recipients. >for an [in]famous person to say/do something mundane That's a good point I hadn't thought of! I'm still so jizzed about getting my name recognized here and there it hadn't occurred to me that there would be times I'd rather not be recognized at all. Good points all! Thanks for contributing to discussion. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request "To pleasure!" "To passion!" "To paradise!" "To pain!" "Tonight!" From MERCURY at lcc.edu Tue Nov 23 06:48:58 1993 From: MERCURY at lcc.edu (Michael E. Marotta) Date: Tue, 23 Nov 93 06:48:58 PST Subject: Pyrrhus Cracks RSA? Message-ID: <6E4CCAA7E0204AD3@sleepy.egr.msu.edu> CAN THE GOVERNMENT BUILD AN ATOMIC BOMB? by mercury at well.sf.ca.us Long ago, Captain Kirk and his crew stumbled on a Nazi planet. A Federation dude found them earlier and decided to industrialize their society by the "most efficient" means possible. No one was surprised at this. In "Mirror, Mirror" Spock-2 predicts that the Evil Federation will collapse. This was also accepted without comment. Star Trek, perhaps more than any other mass media production, reflects the American psyche. Americans, of course, are humans. Human nature accepts dualities easily. On the one hand, people admire the conqueror. On the other, the historical evidence is never denied: empires always collapse. (Look at what remains: farming, writing, arithmetic, ships and chariots, clothing,... These are useful.) Not so long ago, Ayn Rand showed that evil only triumphs when good people work f+ it. When good people do nothing, evil fails. Cypherpunks know that centralized systems are inefficient, yet they fear the NSA. Cypherpunks know that government employees are slugabeds, yet they fear the NSA. Cypherpunks know that qinnovation and enterprise are the antithesis of socialism, yet they fear the NSA. They don't fear that the NSA will kick in their doors and shoot them in a cybernetic Kristallnacht or burn t(their homes the way the Romans and Mongols did to Carthage and Samarkand. (Waco comes to mind, here.) No, the Cypherpunk is afraid that the government has "powerful computers" capable of a "brute force attack" on their algorithms. It may be true. Having Archimedes in town only bought the Syracusans time, it didn't assure them victory. The US Govt drafted 90% of the physicists in the world, gave them virtually unlimited resources and in five years, it had atomic bombs. The American and Soviet governments proved that they could harness nineteenth century technology and shoot things into space. (According to Willey Ley what made their rockets possible was the pumps which came from fire trucks.) Ask "anyone" and they will tell you that World War Two brought us nuclear power, spaceships, radar, television, the transistor, the computer, canned food, and recycling. In fact, it brought none of these. They already existed. Absent the person with an idea, the Government would still be beating farmers with rods for not giving up their goats and grain. (The pharoah's toughs used sticks with sharp stones in them until bronze came along. Later, their bronze weapons were chopped up by people with iron. Why didn't the pharoah's priests discover bronze and iron?) Both William Friedman and the man he detested, Herbert O. Yardley, despaired in wartime for the lack of people with "cipher sense." An infinite number of clerks with typewriters could not break the simplest code. The government enlisted people who liked crossword puzzles, mathematicians, polyglots, anyone and everyone who played with symbols. It made no difference. There was no way to tell who had "cipher sense" and there was no way to TEACH it. Friedman was an obsessive-compulsive who worked himself into a neurotic frenzy, breaking the Purple Code. Turing delivered the "Bombe" that broke Enigma. You know the people who could break DES, RSA, PGP, etc. Shamir unpacked Diffie's knapsack. What is most probable, is that these ciphers will stand for some unforeseeable time until someone who may not be born yet comes along and breaks them all as an idle {exercise on her way to greatness in another field. But the NSA? No way, Jose. They might be nerds who hacked some code at 3 am. But you put them on a salary and benefits in a pyramid, then tell them not to talk about their work, and you thwart whatever creativity they had. The NSA can kill you. But t({they can never out-think you. qiM{iW{x From gbarnes at nyx.cs.du.edu Tue Nov 23 06:57:56 1993 From: gbarnes at nyx.cs.du.edu (Gary Barnes) Date: Tue, 23 Nov 93 06:57:56 PST Subject: G.Barnes --Stellar Hypocrite Message-ID: <9311231455.AA14336@nyx.cs.du.edu> Surely you mean D.Barnes, Mr/Ms ld231782? I wouldn't normally mention it, but the Subject: line did rather jump out of my mailbox at me! Yours, Gary Barnes From pfarrell at netcom.com Tue Nov 23 07:13:00 1993 From: pfarrell at netcom.com (Pat Farrell) Date: Tue, 23 Nov 93 07:13:00 PST Subject: Washington Post story: nov 23 Message-ID: <36705.pfarrell@netcom.com> On page 1 of today's Post Business section (below the fold) "Bill would ease curbs on encoding software exports" Lead paragraphs: "A buill that could signal a showdown between America's high tech industries and the national security establishment was introduced into the House Yesterday. Rgp Maria Cantwell (D-Wash) submitted legislation to liberalize export controls on software with features that allow users to encrypt data." I'll leave out the rest to save bandwidth and typing. If some one is dying for all the text, let me know and I'll email it. Not much new info, NSA against, indussry for, the famous "genie lack in the bottle" quote from Conrgessman Gejdenson, etc. For folks outside the beltway, Congress is trying like crazy to go home for Thanksgiving and stay there until January. Nothing will happen on this bill until next year. The release timing was simply to get some favorablelXmas brownie points when the congresscritters hit the local rubber chicken circuit. Pat Pat Farrell Grad Student pfarrell at netcom.com Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From an4914 at anon.penet.fi Tue Nov 23 08:09:04 1993 From: an4914 at anon.penet.fi (Nitch) Date: Tue, 23 Nov 93 08:09:04 PST Subject: Tech: Truth about Canon Copiers Message-ID: <9311231608.AA21050@anon.penet.fi> > > This is interesting. Since most of the change-making machines in > laundromats seem to use the side with the dead white guy, I wonder if it > would work to use this copy? > ----Dave REes (rees at cs.bu.edu) > >Nah, the changers just say "this side up" - the scanner may be looking at >the underside of the bill, or at both sides (more probable). > Or, they may not "scan" at all! Ever wonder why wrinkles, folds, and other mutilations wreck their ability to recognize your cash? I think many of them may be measuring paper thickness, folks. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From pmetzger at lehman.com Tue Nov 23 08:15:18 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 23 Nov 93 08:15:18 PST Subject: The Final Ultimatum In-Reply-To: <9311230955.AA26875@anon.penet.fi> Message-ID: <9311231613.AA29319@snark.lehman.com> The Executioner says: > Cypherpunk leaders, state the truth, the whole truth, and nothing but > the truth on the charges of routine, systematic, rampant, and > conspirational pseudospoofing and deception of the media and your > followers, publicly to all those you have affected in Cyberspace. > > Cypherpunk followers, demand publicly and privately of your leaders the > truth, the whole truth, and nothing but the truth, and accept nothing less. > > Otherwise, watch the `movement' and your reputations dissolve before > your eyes far beyond the present deterioration, to near total oblivion. > > You have 24 hours. Folks, Detweiler is psychotic. Answering this message of his, even to flame him, isn't going to get anyone anywhere. There isn't any point to it. Perry From cfrye at ciis.mitre.org Tue Nov 23 08:27:56 1993 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Tue, 23 Nov 93 08:27:56 PST Subject: Pyrrhus Cracks RSA? Message-ID: <9311231633.AA08407@ciis.mitre.org> >You know the people who could break DES, RSA, PGP, etc. Shamir >unpacked Diffie's knapsack. What is most probable, is that these >ciphers will stand for some unforeseeable time until someone who >may not be born yet comes along and breaks them all as an idle >{exercise on her way to greatness in another field. > >But the NSA? No way, Jose. They might be nerds who hacked some >code at 3 am. But you put them on a salary and benefits in a >pyramid, then tell them not to talk about their work, and you >thwart whatever creativity they had. The NSA can kill you. But >t({they can never out-think you. Strong words that, IMHO, put way too much faith in the argument that a "restrictive" work environment inevitably crushes individualism and creativity. Any organization, .gov or !.gov, that: * recruits the best and the brightest and pays them well; * gives access to substantial computing/financial resources and academic knowledge; * fosters team-building, creativity, and competition *within the group*; * rewards achievement and provides status *within the group*; and * provides other movitivation, be it patriotism/pride/whatever, will produce more than its fair share of advances in a field. Given a concentrated environment and an advanced set of tools, it seems improbable that any group, regardless of organizational affiliation, could be outperformed *on an evolutionary basis* by a loose band of academicians and private researchers with irregular contact. Revolutionary change is impossible to predict, though I feel that no organization with sufficient resources would throw away promising methods without thorough investigation. Even so, I do personally believe that private individuals may have an edge in revolutionary research. Unfortunately, both statements are unverifiable. The key point to remember is that motivation is relative - regardless of our personal opinions, if someone seeks status within a group then more "restrictive" environments are not a hindrance to creativity. -- Best regards, Curtis D. Frye cfrye at ciis.mitre.org "If you think I speak for MITRE, I'll tell you how much they pay me and make you feel foolish." From boone at psc.edu Tue Nov 23 09:02:55 1993 From: boone at psc.edu (Jon 'Iain' Boone) Date: Tue, 23 Nov 93 09:02:55 PST Subject: Pyrrhus Cracks RSA? In-Reply-To: <9311231633.AA08407@ciis.mitre.org> Message-ID: <9311231701.AA28299@igi.psc.edu> cfrye at ciis.mitre.org (Curtis D. Frye) writes: > > >But the NSA? No way, Jose. They might be nerds who hacked some > >code at 3 am. But you put them on a salary and benefits in a > >pyramid, then tell them not to talk about their work, and you > >thwart whatever creativity they had. The NSA can kill you. But > >t({they can never out-think you. > > Strong words that, IMHO, put way too much faith in the argument that a > "restrictive" work environment inevitably crushes individualism and > creativity. Any organization, .gov or !.gov, that: > > * recruits the best and the brightest and pays them well; Do you know how much NSA employees get paid? I'm wondering, because it is certainly _not_ the case in the CIA. The "analysts" may make somewhere between the $30K - $45K range, but that's hardly "good pay" for people who are experts on that kind of analysis, especially when they have Ph.D.s. > * gives access to substantial computing/financial resources and academic > knowledge; > * fosters team-building, creativity, and competition *within the group*; > * rewards achievement and provides status *within the group*; and > * provides other movitivation, be it patriotism/pride/whatever, > > will produce more than its fair share of advances in a field. Given a > concentrated environment and an advanced set of tools, it seems improbable > that any group, regardless of organizational affiliation, could be > outperformed *on an evolutionary basis* by a loose band of academicians and > private researchers with irregular contact. > > Curtis D. Frye > cfrye at ciis.mitre.org > "If you think I speak for MITRE, I'll tell you how much they > pay me and make you feel foolish." Please tell me how much MITRE pays you. Is your above description a description of MITRE? Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959 From lefty at apple.com Tue Nov 23 09:13:01 1993 From: lefty at apple.com (Lefty) Date: Tue, 23 Nov 93 09:13:01 PST Subject: The Final Ultimatum Message-ID: <9311231704.AA07663@internal.apple.com> >Folks, Detweiler is psychotic. Answering this message of his, even to >flame him, isn't going to get anyone anywhere. There isn't any point >to it. Well, gosh, Perry, thanks for taking upon yourself to respond for the rest of us. A truly noble undertaking on your part. Many people are, in fact, capable of making decisions without your input, strange as this concept may appear to you. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From pcw at access.digex.net Tue Nov 23 09:13:17 1993 From: pcw at access.digex.net (Peter Wayner) Date: Tue, 23 Nov 93 09:13:17 PST Subject: Pyrrhus Cracks RSA? Message-ID: <199311231712.AA09581@access.digex.net> I've always felt that the NSA and its corp of mathematicians has a much greater chance of breaking anything than the folks in the University. Even in the best situation (MIT), a professor must devote substantial time to raising money to support themselves, their travel expenses and their graduate students. There aren't many folks who hold positions in these schools. The rest are in schools where the professor must also teach 2-4 classes to pay for food. Research is nice in these places, but it doesn't pay the rent. Very, very few people have the freedom and the time to devote to deep exploration of problems like cracking RSA. Most of them are in the NSA. There is no doubt that the restrictive work environment is a pain in the neck. But, most mathematicians don't really have many choices. They can go to a small college and teach forever. They can go to industry and work hard on the industry's problems. Or they can go to the NSA. It really isn't a bad choice in many respects. No classes. No students whining about their grades or asking for an extension. No endless search for grant money. If you want to do algebra or number theory or a host of other problems, it might be considered one of the best environments you could get short of the Institute for Advanced Study. From cfrye at ciis.mitre.org Tue Nov 23 09:22:56 1993 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Tue, 23 Nov 93 09:22:56 PST Subject: Pyrrhus Cracks RSA? Message-ID: <9311231727.AA09153@ciis.mitre.org> >> = cfrye at ciis.mitre.org (Curtis D. Frye) > = boone at psc.edu (Jon Boone) >> Strong words that, IMHO, put way too much faith in the argument that a >> "restrictive" work environment inevitably crushes individualism and >> creativity. Any organization, .gov or !.gov, that: >> >> * recruits the best and the brightest and pays them well; > > Do you know how much NSA employees get paid? I'm wondering, because it > is certainly _not_ the case in the CIA. The "analysts" may make somewhere > between the $30K - $45K range, but that's hardly "good pay" for people > who are experts on that kind of analysis, especially when they have Ph.D.s. While I'm not intimately familiar with the workings of the NSA, I would guess that folks w/ Ph.D.'s and no/little work experience are probably brought in near the top end of that range, though the advanced degree would allow for quicker advancement to senior technical or management positions and correspondingly greater pay. Also, be sure to include the labor surplus, government benefits and job satisfaction as factors in considering salary adequacy. > >> * gives access to substantial computing/financial resources and academic >> knowledge; >> * fosters team-building, creativity, and competition *within the group*; >> * rewards achievement and provides status *within the group*; and >> * provides other movitivation, be it patriotism/pride/whatever, >> >> will produce more than its fair share of advances in a field. Given a >> concentrated environment and an advanced set of tools, it seems improbable >> that any group, regardless of organizational affiliation, could be >> outperformed *on an evolutionary basis* by a loose band of academicians and >> private researchers with irregular contact. >> >> Curtis D. Frye >> cfrye at ciis.mitre.org >> "If you think I speak for MITRE, I'll tell you how much they >> pay me and make you feel foolish." > > Please tell me how much MITRE pays you. Is your above description a > description of MITRE? MITRE pays me significantly less than what they would pay a Senior VP, which is about the level where I would feel comfortable stating that I "speak for" MITRE. As for the team-building observations I made above, they are made from a general management perspective and are open to debate, though that discussion might be a bit off-topic for cypherpunks if removed from the crypto framework. -- Best regards, Curtis D. Frye cfrye at ciis.mitre.org "If you think I speak for MITRE, I'll tell you how much they pay me and make you feel foolish." From mech at eff.org Tue Nov 23 10:14:04 1993 From: mech at eff.org (Stanton McCandlish) Date: Tue, 23 Nov 93 10:14:04 PST Subject: Pardon my vanity, but... In-Reply-To: <9311230814.AA04570@ininx> Message-ID: <199311231812.NAA02644@eff.org> > Ah you are still around! Postings from you have been so scarce in > recent days that I thought you might have left for the holidays. Nope, I'm still here! > Is it possible that you missed my reply to you last week, repeated > below Yep, I missed it. I read so much mail/news, some times I scan too quickly. > In-Reply-To: Stanton McCandlish's message of Tue, 16 Nov 1993 18:23:59 -0500 (EST) <199311162324.AA29258 at eff.org> > Subject: Should we oppose the Data Superhighway/NII? > > > Part of the effort that must be made is to knock some sense into the > > rapidly merging entertainment/information/telecom conglomerates, and try > > to at very least keep a large section of the "data highway" (or whatever > > one chooses to call it) an Internet-like many-to-many communications > > medium, if not fused with Internet itself. Convincing the govt. of this > > is will also take some doing. One certainly can't IGNORE the govt. No > > matter how much we may wish it'd just go away, it won't, and has to be > > dealt with. > > The beauty of cypherpunk technology is that it provides means to _avoid_ > the tyranny of government, rather than trying to redirect that tyranny > on behalf of one's own ends. This is a commendable goal, but one can't rely on a trickle to do the job of a river. I'm all for cp tech, and I'm all for reducing the power of the govt. as much as possible and as soon as possible. I'm _not_ all for expecting to accomplish this immediately. > Government gets its power from its hundred million clients. Hmm I tend to think govt. gets its power from the adequately backed-up threat that it can rob (fine), enslave (imprison) or kill (execute or shoot while resisting arrest) you if you don't do what it says. If someone holds me hostage, I tend to think of them as a coercive kidnapper, not a business that I am patronizing. This is not to say that everything the govt does is nefarious. Most of what it does is inefficient handwaving and ignorant blundering. In these cases, I see it as a something akin to a large automobile with an incompetent driver behind the wheel. I might criticize, even yell and fly them the bird, but I'll get the hell out of the way. > To join > that clientele is not consistent with wanting government power to > whither away. Recognizing that in the very rapidly unfolding "data highway" plan (if anything this chaotic and free-for-all can be called a "plan"), the govt WILL play one role or another, like it or not, is not joining the govt's clientele. Much as I'd like to see no govt. involvement, it is inevitable in the current socio-political climate. 5 EFFs could pop up, with twice our funding each, and all scream bloody murder about govt involvement in the "national information infrastructure", and all 5 of them would be utterly ignored. Working more carefully, rather that pursuing an all out barrage, can be more effective in some cases, and we think this to be one of them. I think it's wise to look at the realities of the situation, whatever one's outlook whether libertarian or otherwise, and recognize that sometimes unpleasant things like an unwieldy state simply have to be dealt with. Whether govt involvement is wrong or not is really irrelevant, until cp tech, and cp/libertarian attitudes are in a position to DO something about it. It's like being confronted by a mugger: you can point out that they have no right to rob you and are using coercive force to violate your civil liberties, but it's not going to make them go away if you don't have the physical power to defend yourself. The time's just not right for a cypherpunk "War on Govt". Cypherpunks will lose. As the NII is coming on fast, the govt has to be dealt with NOW, to reduce their impact and involvement, rather than hope that, w/o DigiCash, w/o a large base of support in the culture at large, w/o our own infrastructure, CPs will convince the govt to just give up and go away. They'll trample that idea into the dirt, because they have the money and power to do so, right or wrong, and you'd end up with a net.fcc and 5000 channels of crud, metered out byte by byte, requirements for a net.license to be a provider rather than consumer, and taxed into oblivion. I'd like to point out also that it's much easier to prevent large scale govt involvement and reduce small scale involvement later, that fight against ANY govt involvement, lose, and a be faced with trying to get rid of it later after it's become law and granted the govt all sorts of powers. Try to eliminate the FCC. Good luck! This stance does of course presume vigilance to prevent the govt from expanding their small base of power into a bigger one. I look forward to seeing the power of the govt wane in coming years, and I am certain that it will happen, but I don't think it's going to happen this month, or next year. When we've got a DigiCash-based banking system, when the majority of the population are computer-literate, when cryptography is fully legal and unstigmatized, when CP tech is easy to use for the non-techie and built in to applications and hardware, when anti-authoritarianism returns as the focus of the country's political thought, and when the govt begins to collapse under the weight of it's own failures, then we'll see the changes come. But, I tend to expect that things will get worse before they get better, in the big picture. People aren't mad enough yet to get up off their commercial-brainwashed, apathetic couch potato butts and DO much of anything yet, but would rather go to the mall or play with their Game Boys. "Give Me Convenience or Give Me Death" as Jello Biafra mocked. Have a look at the stuff EFF's doing - to reduce/eliminate ITAR restrictions, to combat unjust laws, to defend people who's civil liberties have been violated by "law enforcement" that doesn't even seem to know what the law is, to educate about privacy and encryption, to make using the internet easy for "Big Dummies", to encourage grassroots real-world networking on the local level, and to ensure that whatever the "superhighway" will be, it provides for full-bandwidth, open platform, and openly accessible many-to-many participation - before tossing us on the garbage heap as govt lubbers. :) I don't think anyone here LIKES the idea that we have to haggle and play the game w/the govt, but that's just the way it stands, and any step that reduces govt interference in any way even if it doesn't bring on the glorious anarcho-capitalist revolution, is still a step in the right direction. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From goebelc1 at student.msu.edu Tue Nov 23 10:15:11 1993 From: goebelc1 at student.msu.edu (Christopher Garrett Goebel) Date: Tue, 23 Nov 93 10:15:11 PST Subject: Case Studies Info Request Message-ID: <9311231813.AA11484@student2.cl.msu.edu> I'm looking for info, articles, archives, book and journal leads on info related to applied cryptology in the 20th century... for a senior thesis I'm writing on cryptology, warfare, and national security. Specifically, I'm looking for o Clipper chip archives of articles o Articles on Phil (PGP) and RSA disputes o Articles on the export of cryptology I'd also like info on cryptology in the Cold War or leads to such info. Please send info to: genghis at blue.engin.umich.edu. Thanks, Garrett From The Tue Nov 23 11:03:00 1993 From: The (The) Date: Tue, 23 Nov 93 11:03:00 PST Subject: NSA Message-ID: <199311231859.AA12212@bashful.cc.utexas.edu> Hey all, I just wanted to let you know (as an ex-SEAL), the NSA (and to a limited extent CIA) have UNBELIEVEABLE resources! If anyone could crack RSA, DES, OPP...they could. Never underestimate the power of a "black" budget (or for that matter soup) The PUNISHER Judge; Jury; Executioner....All in a day's work Mob Boss: "500 of my men killed; there is a limit to revenge you know" Punisher: "I haven't reached mine yet" From owen at autodesk.com Tue Nov 23 11:03:20 1993 From: owen at autodesk.com (D. Owen Rowley) Date: Tue, 23 Nov 93 11:03:20 PST Subject: (fwd) Technosys, Prosody, the "NSA", and some unfunny BS passed off as a joke Message-ID: <9311231850.AA28531@lux.YP.acad> And people think that corporations are going to entrust their information assets, and valuable corporate data/communication to a network where forgery is this easy. Right, and I am the emperor of China! This is classic. Expect to see lots more of these *harmless pranks*. LUX ./. owen From owen at autodesk.com Tue Nov 23 11:04:10 1993 From: owen at autodesk.com (D. Owen Rowley) Date: Tue, 23 Nov 93 11:04:10 PST Subject: Can NSA crack PGP? Message-ID: <9311231843.AA28497@lux.YP.acad> > From: baum at newton.apple.com (Allen J. Baum) > But, there is one thing that is true about NSA's ability to crack it: > they won't give you cause to know whether they can or not. This statement, like the following, is like a rich vein of valuable insight into the extra-technical aspects of the issue. I found myself reading this next part over several times, and each pass I found that I associated what I understood to other unspoken questions I have. > e.g., if they can, and they read some mail of yours that you REALLY don't > want them to read, they won't act on that information in such a manner that > you can determine that they cracked the code for your message. They > couldn't use it on a warrant, & they couldn't testify as to its contents in > court. To do so would advertise their capabilities, which is a no-no for > them. (they might, of course, use that information to point people in the > right direction so they can attribute information to an anonymous tip, but > they have to be careful even there) and thus revealing that if you become a target of genuine scorn from that corner, it will operate from a position which is beyond accountability itself. I think that Doug Barnes hit the nail on the head by pointing out that sheer volume of stuff to filter through has the potential of affording us an edge. > Even now, when it's pretty certain they could crack DES, you won't > find them doing it for a law enforcement agency that asks; it gives away > too much. Anything you are *required* to keep secret, is more valuable to the *requiring agency* than to you. Anything you are expected to accept on faith, can't be proven. LUX ./. owen From goebelc1 at student.msu.edu Tue Nov 23 11:18:04 1993 From: goebelc1 at student.msu.edu (Christopher Garrett Goebel) Date: Tue, 23 Nov 93 11:18:04 PST Subject: CORRECTION READ FIRST Message-ID: <9311231915.AA89121@student2.cl.msu.edu> Don't mail those case studies to genghis at blue.engin.umich.edu It was a dormant account my brother used to keep in touch with friends from work (when he worked there). He said he could forward mail to me from there... well, it looks like they've closed down that account. Sorry, send mail to goebelc1 at studentg.msu.edu Thanks, Garrett From tcmay at netcom.com Tue Nov 23 11:23:00 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 23 Nov 93 11:23:00 PST Subject: Comments on NSA (was: "Pyrrhus Cracks RSA?") In-Reply-To: <6E4CCAA7E0204AD3@sleepy.egr.msu.edu> Message-ID: <199311231920.LAA06189@mail.netcom.com> Michael Marotta writes an intruiging political essay, though I have some corrections/disagreements. I'll also talk about NSA employment of mathematicians, from the 1950s on, the founding and funding of Engineering Research Associates, Cray Research, the Institute for Defense Analysis, and the ultra-secretive Jasons Group. > CAN THE GOVERNMENT BUILD AN ATOMIC BOMB? > by mercury at well.sf.ca.us > Cypherpunks know that centralized systems are inefficient, yet > they fear the NSA. Cypherpunks know that government employees > are slugabeds, yet they fear the NSA. Cypherpunks know that > qinnovation and enterprise are the antithesis of socialism, yet > they fear the NSA. They don't fear that the NSA will kick in > their doors and shoot them in a cybernetic Kristallnacht or burn > t(their homes the way the Romans and Mongols did to Carthage and > Samarkand. (Waco comes to mind, here.) No, the Cypherpunk is > afraid that the government has "powerful computers" capable of a > "brute force attack" on their algorithms. Some Cypherpunks (me, at least) are not afraid of the NSA's powerful computers. We understand that the mathematics of today's algorithms means the race is always won by the encryptor, not the cryptbreaker. If a dozen Crays at the Fort can--somehow--factor a 150-digit number, and thus break a 512-bit RSA key (more or less), then the encryptor can trivially move to a 1024-bit key....safe for many generations, even with 10,000 Crays munching away. Crypto is economics, as Eric Hughes likes to point out (but he's just one of my many tentacles, so I can freely quote him), and the public key math favors the encryptor over the would-be cypher breaker to an incredible extent, with the advantage growing ever-greater as key lengths increase. (Work out the math yourself...the advantage lies with the user of one-way functions...barring unforeseen breakthroughs in factoring, of which there is no evidence, or the reported proof that P = NP from Kryptogorodok, the secret city of Russian cryptographers in the Urals.) As Phil Karn and several others have noted, the weak link is physical security. Black bag jobs, viruses, etc. For example, my Macs have "keyboard capture" buffers, as Unix systems often do, that capture and stores _all_ keyboard entry in files, as an aid to recovering text entered. Great for writers, but a terrible security hole. (Watch out for this on Macs or Unix systems you may use!) These are the real weaknesses. Floppy disks laying around or "lost" that have one's secret key on them, combined with keyboard capture of the PGP passphrase. I expect at least some people have already had their PGP privacy turned into Pretty Crummy Privacy. And not by brute-force cracking. ... > pumps which came from fire trucks.) Ask "anyone" and they will > tell you that World War Two brought us nuclear power, spaceships, > radar, television, the transistor, the computer, canned food, and > recycling. In fact, it brought none of these. They already Well, some of these things existed in some form prior to WW II, but many key innovations reached fruition during the war: radar, rocketry, gyroscopes, etc. Some things were clearly invented _during_ the war: nuclear reactors, nuclear bombs, computers, etc. And the transistor, by the way, came after the war (the ordinary Shockley et. al. transistor at Bell Labs....the 1930s German work on metal-insulator-semiconductor devices, by Lillienfeld (as I dimly recall), was not really a precursor--the significance was not appreciated until decades later). > unpacked Diffie's knapsack. What is most probable, is that these > ciphers will stand for some unforeseeable time until someone who > may not be born yet comes along and breaks them all as an idle > {exercise on her way to greatness in another field. Maybe. But if factoring is shown to be NP-complete (it hasn't been so far, though most suspect it), then this future Gauss will truly be a giant. > But the NSA? No way, Jose. They might be nerds who hacked some > code at 3 am. But you put them on a salary and benefits in a > pyramid, then tell them not to talk about their work, and you > thwart whatever creativity they had. The NSA can kill you. But > t({they can never out-think you. For many years the NSA hired as consultants some of the brightest mathemeticians in the world, including Claude Shannon (information theory), Andrew Gleason (math), E. Berlenkamp (algebraic coding theory), David Huffman (Huffman codes), Richard Garwin (physics), Luis Alvarez (physics, later known for the dinosaur extinction work--the idea that a giant meteor hit the NSA and killed it...just kidding), John R. Pierce (communications), Hendrik Bode (Bode plots), and so on.The NSA also funded Seymour Cray at Engineering Research Associates in the 1950s and even--many people claim--funded Cray Research in the early 1970s. NSA also was centrally involved in formation of Mitre Corp., The Institute for Defense Analysis (IDA), and it built and paid for the "Communications Research Division" building at Princeton University...linked to what is now the John von Neumann Supercomputer Center (I may have the exact title wrong). (Source: Bamford's "The Puzzle Palace," 1982, and discussions with Brian Snow of the NSA at the 1988 Crypto Conference.) Yes, the NSA has long had many "tentacles" into academia. What was probably so shocking to them about the mid-70s breakthroughs in public key, by Diffie, Hellman, and Merkle, was that (presumably) this was work done outside their usual network of contract mathematicians. (NSA has been making noises about how they'd already discovered public key crypto years before Diffie and Hellman did. This could be face-saving bragadoccio. Time will tell. Any NSA readers out there are free to post anonymously to this group or to alt.whistleblowers, or to "sell" your memoirs on BlackNet.) Mathematicians have to seek funding from somewhere. For many years, NSA was a prime source--and may still be. The "SCAMP" program ("Summer Campus, Advanced Mathematics Program") meets in a special building on the UCLA campus to discuss items of interest to the Agency, and to fund mathematicians who attend. Much like the ultra-secret "Jasons" and their summer work on La Jolla, California. A fascinating topic. I sure do wish someone would write another book on the Agency. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From wak at next11.math.pitt.edu Tue Nov 23 11:47:59 1993 From: wak at next11.math.pitt.edu (walter kehowski) Date: Tue, 23 Nov 93 11:47:59 PST Subject: NYT: Virus; NeXT (unrelated) Message-ID: <9311231947.AA00442@next11.math.pitt.edu> Cypherpunks and Extropians: Two articles of interest in today's NYT: 1) [Front Page, lower right] A software vendor allegedly planted a virus in a customer's machine because he threatened to stop payment on the software he bought. The virus was programmed to shutdown the customer's computer. 2) [Front page, bottom, Business section] NeXT and Sun have announced a partnership. Apparently, Sun is to invest 10mil in NeXT for access to the source of their OOP environment. BTW, how much did Sun make last year? How much is 10mil by comparison? Walter A. Kehowski From 75260.1646 at CompuServe.COM Tue Nov 23 11:55:10 1993 From: 75260.1646 at CompuServe.COM (Bruce C. Dovala) Date: Tue, 23 Nov 93 11:55:10 PST Subject: ViaCrypt Details? Message-ID: <931123164343_75260.1646_CHL85-1@CompuServe.COM> Hi, Does anyone have any details on ViaCrypt? Particularly availabilty, sources, user interface, compatibility with PGP, etc. Please post or write. Thanx, Bruce From smb at research.att.com Tue Nov 23 11:57:59 1993 From: smb at research.att.com (smb at research.att.com) Date: Tue, 23 Nov 93 11:57:59 PST Subject: Comments on NSA (was: "Pyrrhus Cracks RSA?") Message-ID: <9311231955.AA21239@toad.com> (NSA has been making noises about how they'd already discovered public key crypto years before Diffie and Hellman did. This could be face-saving bragadoccio. Time will tell. Any NSA readers out there are free to post anonymously to this group or to alt.whistleblowers, or to "sell" your memoirs on BlackNet.) There was an interesting discussion on this point at the ACM Conference on Computer and Communications Security a few weeks ago. At the ``Festcolloquium'' in honor of Gus Simmons, someone who used to work for NSA (his name escapes me, but I have it at home) stated that in 1963, President Kennedy signed a memorandum calling for -- in today's language -- the use of digital signatures for nuclear weapons command and control. The memo -- National Action Security Memorandum (NASM) 160 -- is still classified. Someone else on this list (I'll let him speak for himself) has contacted the JFK library about it. It may already be going through clearance release; if not, forms have been submitted to initiate the release process. And there's always FOIA if that fails. It will be very interesting to see the memorandum when it comes out. (Btw, it was written by Jerome Weisner, Kennedy's science advisor.) A lot of wisdom consists of asking the right questions; if the phrasing was right, I would tend to believe that NSA did indeed have public key technology in the mid-60's, once they were asked to create something with those properties. But if that was true, why didn't Simmons himself know of it? He said that he learned of public key from the Martin Gardener column in Scientific American, as I recall. Simmons was familiar with NASM-160, though; in fact, he was the one who supplied the number. --Steve Bellovin From cme at sw.stratus.com Tue Nov 23 12:03:00 1993 From: cme at sw.stratus.com (Carl Ellison) Date: Tue, 23 Nov 93 12:03:00 PST Subject: Can NSA crack PGP? Message-ID: <199311231959.OAA07686@ellisun.sw.stratus.com> > [ Stanton McCandlish wrote ] >The persons holding this viewpoint espouse the idea that >the NSA can crack anything, pretty much, and that anything they could not >crack would not be available to the general public, but would have been >supressed. That view allocates to the NSA the power they wish they had over cryptographic creativity. I wonder if the author is really NSA him/her self. Vernam's one-time-tape [-file, for us] is provably unbreakable and not suppressed. RSA with enough modulus bits is unbreakable and not suppressed (although they tried). [We don't know how many bits is "enough", however.] There are ways to use DES which increase the difficulty of breaking -- but again we don't know how many instances we have to use to achieve enough security to foil the NSA. We know we can get there, however, and I'm willing to bet it's not difficult. Of course, I don't know and don't want to know. I want the NSA to be good at what it does. I want our team to be able to read the other team's signals. All I want is to preserve my freedom to use any cryptosystem of my own concoction -- straight invention or cobbled together from others'. I've had that freedom for all my life and intend to preserve it. ----------- Can NSA break PGP? Who knows? I'm not sure I care. I don't see the NSA as my enemy, per se. (That does *not* mean I'll hand them a skeleton key to my traffic, eg., via Clipper.) My secrets are from people I think of as criminals (in or out of government) and I want to use strong cryptography to foil them. I would trust PGP for that. I trust RIPEM with triple DES (and 1024 bit RSA keys) a bit more, for its better-tested conventional algorithm. For even better security, I would use: 2000 bit RSA keys true hardware ranno generator for session keys des-cbc|tran|des-cbc|tran|des as the conventional cryptosystem but, of course, there are always TEMPEST attacks, bugs in my office, ..., and as Diffie points out -- you have no control over the recipient. S/he might send cleartext of your messages right to the person you're trying to foil. Fact remains: there is *no* absolute privacy. There is only a computational hindrance on eavesdropping. - Carl From jim at chiba.Tadpole.COM Tue Nov 23 12:13:01 1993 From: jim at chiba.Tadpole.COM (Jim Thompson) Date: Tue, 23 Nov 93 12:13:01 PST Subject: NYT: Virus; NeXT (unrelated) Message-ID: <9311232011.AA12466@chiba.tadpole.com> Sun has over $1B in 'the bank'. From owen at autodesk.com Tue Nov 23 12:13:19 1993 From: owen at autodesk.com (D. Owen Rowley) Date: Tue, 23 Nov 93 12:13:19 PST Subject: Canadian application? Message-ID: <9311231910.AA28569@lux.YP.acad> > Recently there have been articles & letters in the local gay press > complaining about Canadian Customs engaging in censorship by preventing gay > publications from entering Canada. Seems to me this is an ideal case for > setting up a special-purpose private encrypted net, and gaining a vocal > constituency in our favor. Queer people are used to codes and semiotic communication, we are pretty good at steganographic social posturing too. On ething I've found though is a definite trend not to volunteer as guinea pigs for social agendas beyond attaining the basic rights now denied us. Oh, and I'm not so sure that a vocal queer constituency is all that helpfull these days :-) > > What I have in mind would be to consult with various publishers in the gay > community, toward the end of setting up offices in Vancouver and Toronto > which would receive encrypted files from the US which could then be > reassembled into printed form for regular press production and distribution > within Canada: thereby entirely bypassing Customs and its censorship. As I understand it the few Gay-Lesbian bookstores who are commited to the cause just drive over the border to pick up their shipments, and then smuggle them back. besides introducing a doubling effect on the physical production process would probably not be worth the expense for that market when simpler methods suffice. > > I'm guessing that they'll probably want to use an authorised/licensed system > such as ViaCrypt, and wonder whether that can handle magazine and book > production type files, which may be text and/or graphics, full color, layout > details, and so on. This could be like waving a red flag in the face of a psychotic bull. Giving the Gummint an excuse to claim probable cause due to contraband sexually explicit material just doesn't sound like a good idea to me? > If anyone out there is interested in helping with this; preferably if you're > in the San Francisco Bay Area, email gg at well.sf.ca.us. There are plenty of issues regarding abuse of this network by psychopathic e-terrorist, most of 'em directly analogous to this lists current controversial bad-boy. I for one, would much rather see some attention to methods of dealing with that! LUX ./. owen From jet at nas.nasa.gov Tue Nov 23 12:33:04 1993 From: jet at nas.nasa.gov (J. Eric Townsend) Date: Tue, 23 Nov 93 12:33:04 PST Subject: discussion on crypto rights *NOW* (1230PST, 23Nov93) Message-ID: <9311232029.AA25092@boxer.nas.nasa.gov> KPFA, 94.1FM is having some sort of discussion on crypto exports and whatnot. Some woman from SPA talking about crypto export rights. -eric From mech at eff.org Tue Nov 23 14:55:11 1993 From: mech at eff.org (Stanton McCandlish) Date: Tue, 23 Nov 93 14:55:11 PST Subject: ANNOUNCEMENT: Markey Bill debuts in House Message-ID: <199311232253.RAA06596@eff.org> Followup-To: comp.org.eff.talk Reps. Markey and Fields Introduce H.R. 3636, the "National Communications Competition and Information Infrastructure Act of 1993": EFF Applauds Inclusion of Open Platform Provisions On Monday, November 22, 1993, EFF applauded House Telecommunications and Finance Subcommittee Chairman Edward Markey (D-Mass.), Minority Chairman Jack Fields (R-Tex.), and other cosponsors for introducing the "National Communications Competition and Information Infrastructure Act of 1993." The Markey/Fields legislation, which incorporates EFF's Open Platform philosophy, is built on three concepts: open platform services, the entry of telephone companies into video cable service, and universal service. Reacting to the open platform provisions, Mitchell Kapor, EFF Board Chairman, stated: "The sponsors of this bill are to be commended for proposing legislation that incorporates a truly democratic vision of the emerging data highway. Open platform service can end channel scarcity once and for all and make it possible for any information provider to offer voice, data, and video services on the data highway. Every citizen will be able to access a true diversity of information and programming." EFF Executive Director Jerry Berman added that "we believe public interest and nonprofit groups, as well as computer and communications industry leaders will work very hard for the open platform provisions. Our goal is to keep them in the bill and make them even stronger before its enactment." BELOW, EFF BRIEFLY SUMMARIZES THE BILL'S PROVISIONS RELATING TO OPEN PLATFORM SERVICES, THE ENTRY OF TELEPHONE COMPANIES INTO VIDEO CABLE SERVICE, AND UNIVERSAL SERVICE. AN EFF ANALYSIS OF THE IMPACT OF THE BILL ON PUBLIC INTEREST GOALS OF UNIVERSAL SERVICE, COMMON CARRIAGE, AND CONSUMER EQUITY WILL BE RELEASED AS SOON AS IT IS COMPLETED. OPEN PLATFORM Under the Markey/Fields bill, open platform service is designed to give residential subscribers access to voice, data, and video digital telephone service on a switched, end-to-end basis. Information of the customer's choosing would be transmitted to points specified by the customer. The bill directs the Federal Communications Commission to investigate the policy changes needed to provide open platform service at affordable rates. To ensure affordability, open platform service would be tariffed at reasonable rates. ENTRY OF TELEPHONE COMPANIES INTO VIDEO CABLE SERVICE The bill promotes the entry of telephone companies into video cable service and seeks to benefit consumers by spurring competition in the local telephone and cable television industries. The bill envisions that telephone companies, cable companies, and others will be interconnected and have equal access to facilities of the local telephone companies. The bill would rescind the ban on telephone company ownership and delivery of video programming that was enacted in the Cable Act of 1984. Telephone companies would be allowed to provide video programming, through a separate subsidiary, to subscribers in its telephone service area. Telephone companies would be required to establish a "video platform" upon which to offer their video programming. Telephone companies, on a nondiscriminatory basis, would be required to allow other providers to offer video programming to subscribers using the same video platform. Other providers would be allowed to use up to 75 percent of the video platform capacity. Telephone companies would be prohibited from buying cable systems within their telephone service territory, with only tightly drawn exceptions. The Federal Communications Commission (FCC) would be required to establish rules for compensating local telephone companies for providing interconnection and equal access. UNIVERSAL SERVICE To ensure that universal digital services are available to residential subscribers at affordable rates as local telephone service becomes more competitive, the Markey/Fields bill would establish a joint Federal-State Board to perpetuate universal provision of high-quality telephone service. The Board would be required to define the nature and extent of the services encompassed within a telephone company's universal service obligation. The Board also would be charged with promoting access to advanced telecommunications technology. The FCC is required to prescribe standards necessary to ensure that advances in network capabilities and services deployed by common carriers are designed to be accessible to individuals with disabilities, unless an undue burden is posed by such requirements. Additionally, within one year of enactment, the bill requires the FCC to initiate an inquiry to examine the effects of competition in the provision of both telephone exchange access and telephone exchange service furnished by rural carriers. Mary Beth Arnett Staff Counsel Electronic Frontier Foundation 1001 G Street, NW Suite 950 East Washington, DC 20001 (202) 347-5400 VOICE (202) 393-5509 FAX -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From ogr at wyvern.wyvern.com Tue Nov 23 15:43:03 1993 From: ogr at wyvern.wyvern.com (Jason Plank) Date: Tue, 23 Nov 93 15:43:03 PST Subject: Crays vs Message-ID: There has been a lot of type of what kind of resources the US (in particluar the NSA) has in defeating various encryption schemes. I've read that they have 100+ Crays scattered throughout the country. My question is this, what kind of systems is the "other" side using? The US has export restrictions on super computers, such as the Cray. I know for a fact that the US .gov wouldn't allow the sale of a Cray to India, because .gov thought that it could be used in the manufacture of weapons. -- Signature? I don't need no *stinking* signature! Confucius say "Clinton Happens" Touch me for 'the key (2.3)' From tcmay at netcom.com Tue Nov 23 15:58:03 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 23 Nov 93 15:58:03 PST Subject: Crays vs In-Reply-To: Message-ID: <199311232356.PAA14433@mail.netcom.com> Jason Plonk writes: > There has been a lot of type of what kind of resources the US (in > particluar the NSA) has in defeating various encryption schemes. I've read > that they have 100+ Crays scattered throughout the country. > My question is this, what kind of systems is the "other" side using? > The US has export restrictions on super computers, such as the Cray. I know > for a fact that the US .gov wouldn't allow the sale of a Cray to India, > because .gov thought that it could be used in the manufacture of weapons. The "other" side? I don't think the Cypherpunks have _any_ Crays all for themselves, though some Cypherpunks work in rooms full of Crays and at least several of them work with networks of many hundreds of workstations. Or by "other" side did you mean the Medellin Cartel and the importers for illegal and politically incorrect novels? Surely you didn't mean our new trading partners in Russia? On a more serious note, strong crypto will allow "foreigners" to send computing jobs to sites nearly anywhere in the world and have them run on compute servers. So much for export controls on the physical hardware! (And the "computing with encrypted instances" work of Joan Feigenbaum and others means in principle that the site doing the computing may not even be able to tell if they're computing bomb yields or crop watering schedules.) --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From tcmay at netcom.com Tue Nov 23 16:03:03 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 23 Nov 93 16:03:03 PST Subject: Crays vs In-Reply-To: Message-ID: <199311240000.QAA14967@mail.netcom.com> Jason Plank writes: > -- > Signature? I don't need no *stinking* signature! > Confucius say "Clinton Happens" > Touch me for 'the key (2.3)' In my last message I called him "Jason Plonk." This was not meant as an insult ("*plonk*"), but reflected the fact that once I was in my editor, I couldn't see his name and I misremembered it. My friend Perry Metzger has long argued that sigs should not be present at all in the body of a message, that the header conveys adequate information. Well, I disagree, and I always include my name and whatnot in the body of my messages. Heads off confusion like we just saw. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From jim at bilbo.suite.com Tue Nov 23 16:23:03 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Tue, 23 Nov 93 16:23:03 PST Subject: strong crypto => increase in rubber-hose attacks? Message-ID: <9311240019.AA06621@bilbo.suite.com> I remember seeing a news report a while back that said the number of violent car thefts has increased because more people are using sophisticated car alarms and/or car tracking devices. According to the news report, instead of breaking into cars when the owners were away, car thieves would wait until the owner shows up and deactivates the car alarm. The thieves then pounce on the owner, killing or severely injuring him/her, and take the car. Regardless of the actually magnitude of this problem (the media would call increase of 1 a major new trend) this did get me to thinking. Assume you use strong crypto to protect your secrets. Assume a lot of people start using crypto to protect their secrets. Assume there are people who want to discover these secrets. Might we some day see an increase in the number physical attacks as bad guys resort to rubber-hose methods to get at the keys that protect the secrets? Don't get me wrong, I'm still in favor of using strong crypto. I'm just wondering about some of the social implications. Jim_Miller at suite.com From marc at security.ov.com Tue Nov 23 16:28:03 1993 From: marc at security.ov.com (Marc Horowitz) Date: Tue, 23 Nov 93 16:28:03 PST Subject: Secure Drive 1.0 is here! Message-ID: <9311240026.AA10426@dun-dun-noodles.aktis.com> IMHO, the relevant section of the GPL, version 2 -- assuming that this is the version of the license Mike Ingle intends -- is as follows: > 7. If, as a consequence of a court judgment or allegation of patent > . From marc at security.ov.com Tue Nov 23 16:43:03 1993 From: marc at security.ov.com (Marc Horowitz) Date: Tue, 23 Nov 93 16:43:03 PST Subject: Secure Drive 1.0 is here! Message-ID: <9311240041.AA10436@dun-dun-noodles.aktis.com> (sorry, ignore that last message) Nathan Loofbourrow writes: IMHO, the relevant section of the GPL, version 2 -- assuming that this is the version of the license Mike Ingle intends -- is as follows: > 7. If, as a consequence of a court judgment or allegation of patent > .... Um, keep reading: 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. If you read the GPL carefully, you will notice that it does not require me to freely redistribute something I put under GPL to anyone. What it does say is that once I give it to someone, I cannot restrict what they do with it. So, if someone wants to export the GPL DES implementation I write, they can feel free. But I have no responsibility when the State Dept comes knocking on their door. The GPL also requires that if I give you an executable, I must make source available to you, or to anyone to whom you give the executeable. This could be a potential problem. Programs which use DES for authentication or integrity but not confidentiality have been approved for export. If such a program were distributed under copyleft, it still couldn't be published outside the US, since the GPL requires that if I give the executeable to a person (even in Iraq), that I must give them source if they ask. The underlying DES source, since it could be used for confidentiality, would be export-controlled. Here, I just incorporate a limitation as in section 8, restricting distribution to the US only. So, kpj at sics.se, Mike Ingle's answer to you should be "I'm sorry, but the Government won't let me give you anything." This does not violate any clause of the GPL. If you think it does, please spell it out; I'm unable to determine anything. (Of course, I Am Not A Lawyer.) Marc From frode at toaster.SFSU.EDU Tue Nov 23 16:53:05 1993 From: frode at toaster.SFSU.EDU (Frode Odegard) Date: Tue, 23 Nov 93 16:53:05 PST Subject: Crays vs Message-ID: <9311240049.AA26750@toaster.SFSU.EDU> > The "other" side? I don't think the Cypherpunks have _any_ Crays [..] > [..] Maybe he meant, you know, the Russians. Ha ha. They're supposed to be our friends now, right? Now, the FRENCH on the other hand.. - frode From crunch at netcom.com Tue Nov 23 17:38:04 1993 From: crunch at netcom.com (John Draper) Date: Tue, 23 Nov 93 17:38:04 PST Subject: PGP info plus Internet access from Miami Message-ID: <199311240136.RAA12041@mail.netcom.com> Hi, I am trying to get a copy of PGP for the IBM PC to my friend in Miami. Is there anyone in the Miami area who has a copy, and would it be possible for my friend to pick it up? Is PGP still on Soda.berkeley.edu in IBM-PC form. He will need to get the documentation as well. He isn't on the Net yet, but is also looking for any service with Internet access thats local to the Miami area. Is there such a service that provides an internet dialup like Netcom or Panex? Any information would be approciated.... John Draper Cap'n Crunch From romana at apple.com Tue Nov 23 17:58:04 1993 From: romana at apple.com (Romana Machado) Date: Tue, 23 Nov 93 17:58:04 PST Subject: Announcing Stego 1.0a2 - Steganography for the Mac Message-ID: <9311240155.AA10238@apple.com> Announcing Stego 1.0a2 The First Steganography Tool For The Macintosh by Romana Machado of Paradigm Shift Research 11/21/93 What is steganography? Steganography is a method by which a message can be disguised by making it appear to be something else. It derives from two Greek roots. "Steg-" means "roof", the same root used in "stegosaur", called a "roof lizard" because of the large bony plates that decorate its back, and "-graphy" means writing. "Steganography" means "roofed", or covert writing. What is Stego? Stego is a tool that enables you to embed data in, and retrieve data from, Macintosh PICT format files, without changing the appearance of the PICT file. Though its effect is visually undetectable, do not expect cryptographic security from Stego. Be aware that anyone with a copy of Stego can retrieve your data from your PICT file. Stego can be used as an "envelope" to hide a _previously encrypted_ data file in a PICT file, making it much less likely to be detected. How does Stego work? Stego works by slightly altering pixel values. Every computer graphics image is made up of an array of tiny dots of color, called pixels. The color of each pixel is determined by its pixel value. The pixel value is a number. In a computer, all numbers, and all data are expressed by sequences of bits, or ones and zeroes. For example, in an 8 bit computer graphics image, each pixel's color is determined by a sequence of 8 bits. The first bit in the sequence is called the "most significant bit", because it affects the pixel value the most, and the last bit in the sequence is called the "least significant bit", because it affects the pixel value the least. Stego hides data by reading your data file one bit at a time, and copying each bit to the least significant bit of each pixel value as it scans across the image. Stego Tips Stego can hide data in 8, 16, and 32 bit Macintosh PICT files. Stego can hide data from the data fork of Macintosh files only. If you need to steg something that has resources, use a utility like BinHex, or an encryption or compression utility, to convert it to a binary data file first. Stego Commands Open... will only display PICT files. When you select a file, Stego displays it with an info window across the top that tells you how much data can be stegged into the file. Steg... becomes enabled when a PICT file is open. It allows you to choose any type of file to steg, and informs you if the file has resources, or if it will not fit in the PICT file. Unsteg... also becomes enabled when a PICT file is open. It asks you to specify an output file, and unstegs the data in the least significant bits of the PICT file. It will produce an output file even if nothing's been previously stegged into the file. Change File Info... This function allows you to change the file type and creator of any file, and is enabled when no PICT file is currently open. You may need to change the file type and creator of your data file back to what they were before your file was stegged, because Stego does not save file type and creator. The default output file of Stego is a TeachText file, with a file type of 'TEXT' and a file creator of 'ttxt', so that if you double- click on a Stego output file, TeachText will launch and display it. If you're in doubt whether you need this function, you can experiment by using the Change File Info... command to look at the file type and creator of your data file before you steg your data file, then unstegging to an output file, closing the PICT file, and using the Change File Info... command to set the file type and creator back to what they were originally. Good News I plan to release the code for Stego, but it's not fully groomed yet. In the mean time,it is available on request. Stego may be expanded to handle other image formats, and other digital media: audio, video, etc. Output file type and creator defaults will be configurable in the next release. The next release will be able to steg and unsteg PICT resources in Macintosh files. I'd like to hear your suggestions for further development of Stego. I have heard that new versions of PGP are being developed that can produce cyphertext that does not have the telltale headers and footers attached to the cyphertext, which would make cyphertext less detectable when stegged into a carrier. Meanwhile, other encryption methods exist that can produce cyphertext that appears to be nothing more than a collection of random numbers. This kind of file is ideal for stegging. Technical Notes Stego rasterizes the image, then stegs data into the least significant bit (or LSB) of each of the RGB color values. (In the case of indexed color, Stego stegs data into the LSB of the index values.) The file length of the data file to be stegged is hidden in the LSB's of the first 32 steggable bytes. To disguise this value somewhat, I take the second to least significant bits of the second 32 steggable bytes and XOR these with the 32 bit file length, and then steg the XOR'd file length into the LSB's of the first 32 steggable bytes. Where Can I Get Stego? Stego is available via anonymous ftp from sumex- aim.stanford.edu. A text file containing abstracts of all available files is available in the info-mac/help/ directory. Stego is also available via anonymous ftp from soda.berkeley.edu. Don't Forget! Stego is shareware. You can help to support further development by sending $15.00 or any stegosaur to: Romana Machado 21090 Grenola Drive Cupertino, CA 95014 Bugs? Questions? EMail: romana at apple.com From cme at sw.stratus.com Tue Nov 23 19:58:04 1993 From: cme at sw.stratus.com (Carl Ellison) Date: Tue, 23 Nov 93 19:58:04 PST Subject: an exchange on the pem-dev list Message-ID: <199311240357.WAA08298@ellisun.sw.stratus.com> >Message-Id: <199311231010.AA02853 at mitsou.inria.fr> >To: Steve Kent >Cc: pem-dev at TIS.COM >Subject: Re: desire to use multiple keys, at least in RIPEM >In-Reply-To: Your message of "Mon, 22 Nov 1993 17:09:30 EST." > <9311222207.AA26212 at relay.tis.com> >Date: Tue, 23 Nov 1993 11:10:11 +0100 >From: Christian Huitema > >Steve, > >The "use two key" version may also be a result of strict cryptographic >requirement. The services-that-be may well end up only allowing us to use >relatively short RSA keys for session-key encryption purposes. E.g. if I want >to send an encrypted message in France to you, I should pick one of your keys >wich is short enough (say, 256 bits) and use that to pass the session key. I >can still sign with my 1024 bits RSA key -- signature is not a problem. Our >local variation of key escrow, I suppose... > >Christian Huitema > >From cme Tue Nov 23 22:53:11 1993 >To: Christian.Huitema at sophia.inria.fr >Subject: Re: desire to use multiple keys, at least in RIPEM >Cc: kent at bbn.com > >No need. > >I hate to offer aid and comfort to the spies -- but if your gov't had such >a dumb rule, it could have its own 1024-bit RSA key and you could include it as >a cc: on all messages. > >Oops. I just realized that your gov't *does* have such a dumb rule. > >...time for another Bastile Day? > > - Carl > >:-| From pdn at dwroll.dw.att.com Tue Nov 23 20:53:04 1993 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Tue, 23 Nov 93 20:53:04 PST Subject: Give me your password- OR ELSE! In-Reply-To: <9311240019.AA06621@bilbo.suite.com> Message-ID: <9311240450.AA01367@toad.com> Jim Miller writes : > > Assume you use strong crypto to protect your secrets. > > Assume a lot of people start using crypto to protect their secrets. > > Assume there are people who want to discover these secrets. > > > Might we some day see an increase in the number physical attacks as bad guys > resort to rubber-hose methods to get at the keys that protect the secrets? > I think this phenomenon is more or less inevitable, unless serious thought is given to a way to prevent it. Let's take a simple example and progress to a more complex scenario: If I want your money, I could steal your ATM card and try to deduce the PIN number (tough), or I could wait in the bushes with a .44 until you use the ATM and either steal the money you get out (easy) or convince you to tell me the PIN number (harder, although a .44 is remarkably persuasive). However, it's easy for you to lock me out of your accounts by changing the PIN number the next day - to get continued access to your account, I'd have to get the PIN number and then kill you (begging your pardon, of course). Even if I did all that, all I'd have is a bank account. Hardly worth it. If I want your *life* (metaphorically speaking; your network connections, your digicash, your 'reputation capital', etc.) and all I have to do to get it is beat your PGP pass phrase out of you and kill you afterwards, you're in much more danger. I could lie in wait, get your pass phrase, (ahem) remove the evidence, and step into your net.shoes the next day. Bottom line: As the value protected by our encryption systems increases, we must devote more effort to the solution of problems like the thug with the .44 (or the jealous co-worker; insert favorite bogey-man here) who wants our password. Key revocation certificates are nice, for example, assuming you are able to issue one - 'dead men revoke no keys,' however. Duress codes seem like a better deal; even though the enemy may kill you after you give him a code that (seemingly) works, your 'estate' would be protected. What we *really* need is a hat trick that makes strong-arm tactics useless - any ideas? When the tactic of beating a pass phrase out of a citizen becomes as stupid as killing for a PIN number, we'll know we've succeeded. Damn! My coffee's gone cold. I'm off to get a refill- talking about killing people has given me a definite chill. Not my favorite topic. ........................................................................ Philippe D. Nave, Jr. | The person who does not use message encryption pdn at dwroll.dw.att.com | will soon be at the mercy of those who DO... Denver, Colorado USA | PGP public key: by arrangement. From kotze1 at batis.bis.und.ac.za Tue Nov 23 21:53:29 1993 From: kotze1 at batis.bis.und.ac.za (Christopher Kotze) Date: Tue, 23 Nov 93 21:53:29 PST Subject: Lockit v 3.01 is here. Message-ID: <9311240553.AA02649@toad.com> Well, After seeing the article on Secure Drive version 1.0, I decided to inform the world that Lockit v 3.01 is here at last. I know this, because I finished it yesterday. It is also a hard disk locking program, except that it boots before DOS, and it has this truly wonderful way on hanging debuggers that trace the boot up sequence. After having Broken 5th Generations DiskLock (tm) I discovered several ways to encrypt executable code, (although they did not employ any such routines => consequently it was an easy program to break). Well, I'll keep ya posted. Cheers Chris. ****** Assembler for President ****** From ld231782 at longs.lance.colostate.edu Tue Nov 23 23:29:12 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 23 Nov 93 23:29:12 PST Subject: Pitch Black Message-ID: <9311240728.AA27483@longs.lance.colostate.edu> Someone, I forget who, recently had some words about pseudoanonymity here. I (once) deeply respected this person and hoped he could lead me from my madness with some reassuring words to comfort my anxieties about pseudospoofing and other deceptions by cypherpunk leadership -- someone who could indicate to me that there was concern over morality at the topmost level. I realize now that was a totally hopeless, impossible, futile expectation. The supposedly credible and reputable person, in response to my concerns about integrity, only further perpetuated the ad hominem slurs on my sanity and the attacks on my efforts at honesty. I have nothing but another few K of obfuscations and disinformation in favor of the Religion of Pseudospoofing, myself the Foremost Blasphemous Heretic, burned at the stake for my crimes. All I can do is attempt to stop the oozing blood and untwist the knife with some final feeble rasps. I am on my Cypherpunk deathbed, with tears streaming down my face at having had faith and trust in murderous betrayors. Upon whose hands is my blood? > * Electronic media are no different from paper media in making > it possible to use multiple names. Talk to Mark Twain, Dr. > Seuss, Alice Cooper, Poor Richard, Paul French, or Franklin W. > Dixon if you don't believe me. My experience is that references > among aliases in literary works are seen as `in-jokes', which only > the truly educated (in that particular realm, like science > fiction) can notice and chuckle over. The `entity' asserts that through all my efforts in delineating deceptive uses of identity, none exist. He equates the manipulation, propaganda, deception, disinformation, lies, betrayal, treachery, and brainwashing of tentacles as an `in-joke' that the `truly educated can notice and chuckle over'. Perhaps the same in-joke that truly enlightened gang rapists can perpetrate and chuckle over. > * Your examples imply that some of the people on cypherpunks > are using pseudonyms to deceive people: > > I think that you mistake an honest advocacy of the right to use > multiple names, for an advocacy of deceit. The main reason to > use multiple names is so that your "enemies" cannot correlate > your activities so that they can punish you in one part of your > life for things they don't like in some other part. I think we *both* have mistaken an advocacy of deceit for an honest advocacy of identity, privacy, and anonymity. I think many others are continuing to be subject to evil depravities unchecked by my wailing screeches. I think that the topmost leadership in this organization is not interested in the privacy of honest people, they are interested in protecting the privacy for criminals, like terrorists, drug dealers, tax evaders, pedophiles, spies, and traitors. I think they salivate and have orgasms over the possibility of manipulating honest people with their reputation embezzments, swindles, doublecrossing, other joyous crimes for which you are never held accountable. If you are a criminal, and your `activities' are `correlated' by Police `enemies' with depravity, God help us all that when the police grab your arm it is not a writhing severed tentacle, and that you are punished, and if you are not contrite you are punished without mercy, and that if you commit crimes like fraud against the trusting, `in one part of your life', another part of your life called your `freedom' is taken away, as you ponder your sorry predicament behind cold, unmoving steel bars. >David Chaum was the first person I noticed advocating the use of a >different pseudonym for transactions with each different organization. >(This was automatically done by a smart-card in his design.) Is he >part of the evil conspiracy too, or does he have a point worth >hearing? David Chaum does not advocate pseudoanonymity, and you are nothing but an evil liar for suggesting that he does. A Chaumian bank *knows* it is dealing with a pseudonym. It is OBVIOUSLY PSEUDOONYMOUS. Perhaps you would like to have Anonymous Contracts, so that when you BREAK ONE the OPPRESSIVE ORWELLIAN BANK, stupidly thinking it could TRACE YOU, is CHEATED BY A LIAR. Perhaps you WEEP WITH JOY at the thought of HONEST PEOPLE ENDLESSLY PAYING for the CRIMES OF SOCIAL PARASITES. If Chaum had any sense of decency he would STAY THE HELL AWAY FROM CYPHERPUNKS. Do not look for approval of your perverted Pseudospoofing Religion in your Revered Science Fiction Authors, your Eminent Cryptographic Researchers, your Pretty Good Privacy Programmer, because they are RESPECTABLE and LAW ABIDING and they have the sense to stop LIES and CORRUPTION and CONSPIRACIES. >How would *you* turn back the trend toward having every bit >of information about each person accessible to anyone who knows their >name, date of birth, fingerprint, license number, license plate, >vehicle ID number, passport number, genotype, bank account number, >retina print, credit card number, photo, or social security number? >Or do you think that this is a *good* thing? *you* wish to turn back the trend of Civilization that has moved toward accountability and reduced the ease of cheating honest people from their money. *you* advocate that *no* identification exist whatsoever, particularly the kind that prevents criminals from being prosecuted for their crimes. And you think that this is a *good* thing. >People are under no obligation to tell you whether the name you know >them by is their only name -- People are under every obligation to tell the truth in a civilized society. I choose to live in one. You can have your depraved barbarism. >By assuming >that "the right way for things to be" is for everyone to have a single >name, uniformly used, you have found a conspiracy where there was >simply a difference of opinion. By assuming that cypherpunk leadership did not necessarily have integrity, I have found a conspiracy where there is simply a vacuum of morality. >I think that your artificial distinction between "pseudonyms" and >"pseudospoofing" is the root of where your thinking took a wrong turn. I think your lies and self-deception and associations and defenses of perverts are the root of where *yours* took a wrong turn. I think, to the contrary, the `wrong turn in thinking' is the `Movement' that embraces the flag of Freedom of Speech, Privacy for the Masses, and the Cryptographic Revolution, only to throw it to the ground, trample, burn, and urinate upon it when no one is looking. The Cypherpunks succeed at nothing but hypocrisy and depravity. Led by a conspirational clique of squirmy apologists and slimy moral relativists mindraping the cybervirgins for vicious sport and the positive peer approval of fellow psychopaths. Your hideous criminal clock, your insidious time bomb, is tick-tick-ticking. Go to hell, Medusa From ld231782 at longs.lance.colostate.edu Tue Nov 23 23:48:09 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 23 Nov 93 23:48:09 PST Subject: Apocalypse Now Message-ID: <9311240747.AA27917@longs.lance.colostate.edu> Hey, I heard about a new mailing list some people here may be interested in. Pseudospoofers need not apply. (If you do, fair warning, you will be hunted down...) ===cut=here=== Postings to everyone on the cypherwonks list go to cypherwonks at Lists.EUnet.fi. Commands to the MajorDomo mail server go to in the message body. Basic commands are HELP, INFO, SUBSCRIBE, etc. * * * The Cypherwonk Charter, by L. Detweiler, Cypherwonk Janitor The cypherwonks are a splinter group from the cypherpunks also interested in promoting and implementing cryptographic technology. However, we have unique ideas on how to successfully implement these radical new capabilities to ensure privacy without encouraging criminal behaviors like forgery and `online predation'. We are also interested in a far more ambitious goal of `technological progress' that transcends a mere obsession with privacy and anonymity. The cypherwonks believe that many aspects of a identification and government are necessary and crucial for any social stability (particularly related to judicial and law enforcement systems), and are quite alarmed at talk about a `cryptoanarchy' resulting from the mere implementation of software protocols -- although we realize that radical new forms of government may appear with these new technologies, embodied in one term `Electronic Democracy'. We believe that while sometimes the `majority' can become a `tyranny', in general the idea of voting as a civilized way of resolving proposals and `one person, one vote' are sacred, and we are interested in implementing systems that promote interaction and collaboration among motivated and enthusiastic members, whether within the cypherwonk organization or within their nations (cypherwonks, of course, try to think free of local prejudices, and globally). Cypherwonks understand that *trust* and *honesty* are inherent in all human endeavors, *particularly* communication. We recognize that people trust others not to reveal our private email unless given permission, we trust others not to use information from our mail or about their identities to adverse aims, we trust that systems delivering mail will not be corrupted by criminals, or if they get caught there will be serious consequences, and many other explicit and implicit variations. We know that there are many ingenious ways of minimizing the amount of trust required in unknown components such as with the use of cryptography or pseudonyms, and we seek passionately to invent and use them, but at the root level, email is an exchange between human beings who trust each other. Therefore, we hold a sense of ethics and morality in strong reverence, and even though we're not always precisely sure what they entail, we know that they exist and we strive for the right ideal. We abhor the idea that `it's not wrong if you can get away with it' or other variations of moral relativism. We also subscribe to the idea that if you breach ethics, you should be prepared to forfeit some rights, like your `right to privacy'. Cypherwonks are also extremely interested in promoting and implementing `digital cash', but believe that while invariably the state's taxes tend to become burdensome, few civilized, technological societies are free of them, and certainly we do not advocate tax evasion, `black marketeering', or any other subversive or illegal activities through cryptographic techniques, and even beyond this we seek design protocols that discourage these subversive aims in general, because of their toxic, fragmentary effect on social unity. Cypherwonks recognize that our mailing list is extremely critical in coordinating our movement and our fellow members. It is our central nervous system. While the list is informal, we demand a professional atmosphere, and will privately object to people who are publicly rude or belligerent. But we are also extremely careful about what we say to each other in private, because people can be extremely influenced by what they receive in mail. We would be aghast and horrified to find that somebody viciously criticized someone in private mail based on public postings, for example. We place high value on being courteous to each other and minimizing disagreement where possible, forging consensus, and the art of diplomacy in surmounting political barriers. We trust each other on the list and in personal email. We wish to have an open, uplifting, inspiring, honest, representative, polite, respectful, egalitarian dialogue. We will never use the mailing list for personal or selfish reasons -- we strive to serve our fellow cypherwonks through our postings. We are what we claim to be. We abhor secrecy, `security through obscurity', and conspirational cliques. Cypherwonks are extremely interested in promoting some forms of anonymity. However, we do not necessarily believe that others are required to read anonymous postings. To the contrary, we believe that the individual should have the tools and freedom to filter his or her own mail based on real identities. In particular, we condemn the practice of `pseudospoofing,' the dangerous deception where a person builds up a pseudonym and misrepresents it as being that of a real person's identity. We police each other on the list to prevent it, and require a promise that our members refrain from it. While our trust can be betrayed, only those that are honest are true cypherwonks, and anyone who betrays our trust we consider a dishonest hypocrite, or worse, a traitor. Cypherwonks are extremely interested in building tangible systems. Engineers who love to discuss the nitty-gritty details of some scheme are at home on the cypherwonks list. We like to impress each other with our knowledge but at the same time state it in relevant and humble terms. We are not trying to win popularity contests with our postings. We are trying to accomplish ambitious endeavors. We are especially ecstatic to make connections with other cypherwonks interested in the same projects we are, and cooperating to build useful tools. We like to give status reports of our intermittent real-world meetings and progress to other cypherwonks. We do this to inspire and encourage others, not to assuage our egos or flaunt our power. We recognize that this is the true spirit of the Internet embodies in the volunteerism that build the impressive RFC and FAQ repositories. In fact, we are very fond of writing RFCs and FAQs. We keep track of all the things we have accomplished, and are very proud of this group resume, and delight in adding new items. The Cypherwonks are more inclusive than exclusive. We try to accommodate the interests of others. We consider it a high crime to `flame newbies'. In fact, we go out of our way to encourage greet new members with smiles in email. We especially like to have reporters on the list, and treat them like royalty. But we also make sure that no one is hogging the spotlight. We try to match up reporters with different people on the list. Some people are naturally `leaders', particularly the list moderator J. Helsingius, but in general we don't lionize or deify anyone. The greatest cypherwonk is always the last person who posted the most interesting, relevant, and useful article. While we thrive on the Internet, and greatly admire the system, we also realize the structure of the Internet is evolving and growing. We tend to distrust `authorities' regulating the Internet, but at the same time we recognize that the Internet exists and is popular because of a strong community feeling with a `netiquette' that places a strong taboo on things like censorship, cracking, and pseudospoofing and a strong interest in individual effort and innovation. In short, we are interested in `civilizing cyberspace' with the powerful new technological tools like cryptography and digital cash that are available but unimplemented. We believe that the current Internet is a bit raw and untamed in places, like a frontier, and just a `glimmer in the eye' of future cyberspace, and we seek to smooth out the rough spots, build elaborate and hospitable castles to live in, and invite all of humanity here to join us for a party. (In case you are wondering, the word `wonk' is slang for a `meticulous detail person'.) * * * The Cypherwonk Code of Ethics (Including Pseudospoofing and Privacy) By L. Detweiler, Cypherwonk janitor Cypherwonks owe no courtesy to someone who forfeits any expectation of respect from atrocious misbehavior. This is as simple as the maxim, if you are a criminal you forfeit your `rights' in a civilized society. If you mailbomb a cypherwonk, you have forfeited your `right to privacy'. If you email a cypherwonk's postmaster or colleagues in an attempt to censor or intimidate a cypherwonk, especially before consulting that cypherwonk, but not necessarily, you have forfeited your `right to privacy'. If you lie to a cypherwonk, you have forfeited your `right to privacy'. If you fail to adequately respond to personal accusations of impropriety or criminality, especially meeting them with evasion or stonewalling, you have forfeited your `right to privacy'. If you have ever sent a cypherwonk mail under a pseudoanonymous identity, you have forfeited your `right to privacy' -- under ALL your pseudonyms and identities. If you advocate violations of ethical or legal behavior to a cypherwonk, you forfeit your `right to privacy'. Cypherwonks, even highly reputable ones, may attempt to shame you into embarrassment or repentance for violations of ethical behavior by ridiculing you in front of people who appear to be your friends and community, if all other measures have failed. In extreme cases, even this may be ineffective, but if you have no shame, you have no humanity. * * * List topics (not exhaustive) -Projects (secure phones, etc.) -Cryptographic techniques (RSA etc.) -Anonymity -International news events in privacy/anonymity -Identity issues such as databases and pseudospoofing -Clipper -real world meetings (others and our own) -etc. Posting guidelines: we wish to minimize the number of postings to the list so as to attract the busy, influential people that get things done. Please refine your postings highly. We especially appreciate the consolodation of topics with summaries, `tables of contents', headings, etc. where appropriate. At all times, we seek to build consensus and look down on grouchy postings that do nothing but criticize. The list should be regarded as a stepping stone to `getting things done' or `resolving conflicts' in email. * * * The Cypherwonk Resume J. Helsingius has built the most popular and global anonymity server on the Internet, with thousands of active users daily. L. Detweiler has compiled a wide variety of FAQs on Internet subjects. (updates to ld231782 at longs.lance.colostate.edu) * * * Most Wanted List - key servers that are dedicated only to `true identities'. People who submit their keys promise the keys are that of their real identities and that no one else will ever post under their identities. Penalty is public exposure and stigma if caught. The protocols might also include mechanisms for `challenges' and `resolutions'. - reputation based mailing list software. One idea: people rate each other's postings in different categories. Server tracks everyone's ratings. People can screen mail based on accrued credit. - electronic democracy software (especially tied to reputations). protocols for propositions, resolutions, voting, etc. - other identity servers to prevent pseudospoofing. possibly hooking up with existing government databases. - pseudonymity servers like anon.penet.fi with public key encryption. - support of the Bunyip project for automated Internet resource tracking, including mailing lists. - support for distributed hypertext systems and protocols like XMosaic. - resume & reputation servers. a very premature idea, but these would help track people's accomplishments and reputations in different forums, perhaps even by cross indexing their postings. (additions to ld231782 at longs.lance.colostate.edu) * * * Cypherwonks of Note (Reporters, take note!) (apply to ld231782 at longs.lance.colostate.edu) J. Helsingius Operator, anon.penet.fi, first widespread reliable anonymous remailer in popular use on the Internet L. Detweiler Privacy & Anonymity FAQ, Anonymity FAQ, Whistleblowing FAQ From an12070 at anon.penet.fi Wed Nov 24 02:28:09 1993 From: an12070 at anon.penet.fi (The Executioner) Date: Wed, 24 Nov 93 02:28:09 PST Subject: tick, tick, tick, ... Message-ID: <9311241026.AA09985@anon.penet.fi> TIME'S UP ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From dmandl at lehman.com Wed Nov 24 06:38:46 1993 From: dmandl at lehman.com (David Mandl) Date: Wed, 24 Nov 93 06:38:46 PST Subject: strong crypto => increase in rubber-hose attacks? Message-ID: <9311241437.AA07209@disvnm2.lehman.com> > From: jim at bilbo.suite.com (Jim Miller) > > Assume you use strong crypto to protect your secrets. > > Assume a lot of people start using crypto to protect their secrets. > > Assume there are people who want to discover these secrets. > > Might we some day see an increase in the number physical attacks as bad guys > resort to rubber-hose methods to get at the keys that protect the secrets? Maybe. This doesn't change the need for strong crypto, though. It's a lot easier to simply intercept someone's (unencrypted) electronic mail from the comfort of your home/office than to send thugs over to her house to kneecap her. Why make it easier for them than we have to? The people who I consider to be the bad guys (governments, corporations) don't have the time or resources to use physical violence against all of their enemies, though of course they do use it against some. It's also bad PR (in the USSR, this wouldn't have stopped them, of course). So if the ONLY means available to the forces of evil were physical attacks, I wouldn't worry too much. Not that physical attacks are pleasant, mind you, but that threat can be addressed separately (as some folks have on this last have done in the last few days). It's also easier for us and harder for them if they're visible. --Dave. From wex at media.mit.edu Wed Nov 24 08:19:27 1993 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Wed, 24 Nov 93 08:19:27 PST Subject: Give me your password- OR ELSE! In-Reply-To: <9311240450.AA01367@toad.com> Message-ID: <9311241618.AA11764@media.mit.edu> It seems like it would be relatively simple to program in a sort of dead-man switch at the time of creation of the secret key. As with other double-pass systems, use of the second phrase works once, but either/both sends a silent alarm and changes the passphrase to get the secret key. If you want to get fancy, you might even program in a script that, on activation of the 2nd "duress" phrase would run around re-encrypting everything with a second private key. As you can imagine, there are increasing levels of personal security you might employ. For example, using the duress phrase might be set up to change the pass-phrase to something *you* don't know but which is known by a trusted other party (wife, mother, agent/lawyer, etc.). Knowing this phrase doesn't help them since that phrase can't access your secret until *after* you've given the duress phrase and the software has disabled your normal access phrase. Depends how paranoid you want to be and how valuable your data is, I guess... --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request "To pleasure!" "To passion!" "To paradise!" "To pain!" "Tonight!" From talon57 at well.sf.ca.us Wed Nov 24 09:09:26 1993 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Wed, 24 Nov 93 09:09:26 PST Subject: ANNOUNCEMENT: Markey Bill debuts in house. Message-ID: <199311241708.JAA11687@well.sf.ca.us> The opinions expressed are my own and do not represent the views of Ameritech or any of its alliance partners. So, Markey proposes a bill that would "allow" the RBOC's to do video..... Markey likes it.... The EFF likes it...... I wouldn't invest a dime in a proposal that stupid..... not interested.......... Brian Williams From nate at VIS.ColoState.EDU Wed Nov 24 09:18:16 1993 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Wed, 24 Nov 93 09:18:16 PST Subject: Crays vs In-Reply-To: <199311232356.PAA14433@mail.netcom.com> Message-ID: <9311241717.AA12821@vangogh.VIS.ColoState.EDU> -----BEGIN PGP SIGNED MESSAGE----- writes Timothy C. May: > >On a more serious note, strong crypto will allow "foreigners" to send >computing jobs to sites nearly anywhere in the world and have them run >on compute servers. So much for export controls on the physical >hardware! > I tend to disagree strongly with this statement. The physical export of supercomputers will still be controlled, although it may be relaxed. I think that supercomputers have been technically raised to 2000 MFLOPS, but that's another story. Getting time on crays, CMs, Paragons, KSRs, nCubes, whatever is not extremely difficult, but it's pretty improbable that you'll get time on the new Cray EL at the Pittsburg Supercomputing Center if you're a scientist living in North Korea (for example). I suppose it's possible that some very rich person (new, fully configured Cray T3D computers are $75M!) you could set up a Center that took digicash for CPU time... not really probable considering the upkeep on a Cray. Anyway, I don't see the unrestricted use of true supercomputers in the near future... very powerful desktop/deskside machines are another story. (afterall, if you buy up a bunck of 2GFLOP machines (not considered supercomputers for export) and string them together adequately, that's a hell of a machine!) - -nate - -- +-----------------------------------------------------------------------+ | Nate Sammons nate at VIS.ColoState.Edu (303) 491-1578 | | Colorado State University -- Computer Visualization Laboratory | +-----------------------------------------------------------------------+ From strick at osc.versant.com Wed Nov 24 10:58:18 1993 From: strick at osc.versant.com (henry strickland) Date: Wed, 24 Nov 93 10:58:18 PST Subject: <8c> C-source for diffie-hellman? In-Reply-To: Message-ID: <9311241857.AA24005@osc.versant.com> # I was just talking with a friend, and I think it would be # pretty good for medium-level security on irc to hack up something do # that /dcc does diffie-hellman key exchange, and maybe triple-des or # something. # Is there some available C-source which would help? (I guess I # should get the Schneier book.. But urgh! $50 on a "starving-student" # budget is quite a bit.) DH itself is a trivial algorithm. All you need is a decent multiple precsion math package. I think all it takes is -- random numbers -- primality test -- gcd -- raise-to-power-modulo-some-number There's lots of Multiple Precision libraries availble. The Gnu 'gmp' is more than sufficient. Also des is very easy to ftp. See the cypherpunks ftp site at ftp://soda.berkeley.edu/pub/cypherpunks/ for pointers. strick BTW, schneier is literally a FAQ for cypherpunks. Fantastic book. Cough up the money for it... From talon57 at well.sf.ca.us Wed Nov 24 11:13:18 1993 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Wed, 24 Nov 93 11:13:18 PST Subject: holiday Message-ID: <199311241910.LAA11564@well.sf.ca.us> Just want to wish everyone a safe and happy holiday. Party on! Brian Williams From smb at research.att.com Wed Nov 24 11:23:17 1993 From: smb at research.att.com (smb at research.att.com) Date: Wed, 24 Nov 93 11:23:17 PST Subject: <8c> C-source for diffie-hellman? Message-ID: <9311241920.AA14514@toad.com> DH itself is a trivial algorithm. All you need is a decent multiple precsion math package. I think all it takes is -- random numbers -- primality test -- gcd -- raise-to-power-modulo-some-number One more thing -- you want the base for the exponentiations to be a generator of the subgroup. Also, ideally the modulus should be a prime of the form kp+1, where p is also a prime and k is a small integer. Your DH toolkit should include routines to generate the base and modulus according to those criteria. BTW, schneier is literally a FAQ for cypherpunks. Fantastic book. Cough up the money for it... Indeed, though I've only seen some drafts; my copy of the book itself hasn't arrived yet. From owen at autodesk.com Wed Nov 24 12:03:18 1993 From: owen at autodesk.com (D. Owen Rowley) Date: Wed, 24 Nov 93 12:03:18 PST Subject: Give me your password- OR ELSE! Message-ID: <9311241849.AA03229@lux.YP.acad> > From: "Philippe Nave" > Jim Miller writes : > > > > Assume you use strong crypto to protect your secrets. > > Assume a lot of people start using crypto to protect their secrets. > > Assume there are people who want to discover these secrets. > > Might we some day see an increase in the number physical attacks as bad guys > > resort to rubber-hose methods to get at the keys that protect the secrets? > I think this phenomenon is more or less inevitable, unless serious thought > is given to a way to prevent it. Let's take a simple example and progress > to a more complex scenario: (Interesting examples deleted) One can think up all sorts of hypothetical scenes. Underneath it all however, I believe is a simple axiom. When prevention methods thwart a criminals intent, they find new methods. Car alarms and security systems didn't convince the criminals who make their living ripping off cars that the *Good ole days were over* and it was time to get a job at Burger Sri, it spurred them to find new methods to ply their trade. Beyond that it didn't bother them to up the ante regarding the level of violence they would utilise. Now extrapolate that into the concept of industrial espionage, white collar crime, and put everyone on the same wire. !!!!! LUX ./. owen From m5 at vail.tivoli.com Wed Nov 24 12:08:18 1993 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 24 Nov 93 12:08:18 PST Subject: holiday In-Reply-To: <199311241910.LAA11564@well.sf.ca.us> Message-ID: <9311242006.AA15910@vail.tivoli.com> Brian D Williams writes: > Just want to wish everyone a safe and happy holiday. > Party on! Party? PARTY?!? How the heck am I supposed to RELAX and ENJOY myself when we're all here just WAITING for the FINAL JUDGEMENT to fall on our TENTACLES?!? I'm a BASKET CASE! -- Mike McNally From tcmay at netcom.com Wed Nov 24 12:58:52 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 24 Nov 93 12:58:52 PST Subject: Threats from Detweiler Message-ID: <199311242058.MAA28362@mail.netcom.com> >Brian D Williams writes: > > Just want to wish everyone a safe and happy holiday. > > Party on! > >Party? PARTY?!? How the heck am I supposed to RELAX and ENJOY myself >when we're all here just WAITING for the FINAL JUDGEMENT to fall on >our TENTACLES?!? I'm a BASKET CASE! > >-- >Mike McNally I said I wouldn't comment further on Detweiler unless and until something changed and new information came to light. Folks, this is the time to really take care of yourself. "The Executioner" announced the "time's up" and that more drastic measures are about to occur. "an12070 at anon.penet.fi" is beyond any doubt Larry Detweiler. Many other folks have posted analyses of why this is so: the use of TeX quotes, the same vocabulary, the same agenda (against TENTACLES of the MEDUSA), and even the same arrival times of messages (I get my death threats from S. Boxx and The Executioner every night around 10 p.m. to midnight, the same time as Detweiler's rants appear). I take him seriously. He's deranged. A lot more than just slightly neurotic, he's transitioned into insanity. His religious rants ("You will be hung by the neck until dead and then sent to Hell"), his death threats, his wailings and moanings....not a lot of doubt that he's psychotic. Me, I'm keeping my guns loaded in case he decides to drive out to California and end his misery by "cutting off the Tentacles," as he keeps threatening to do.I consider this unlikely, though. Too far to drive when he's got closer targets. The "Colorado Tentacles" should be especially careful, I think. Phil Zimmermann is currently back on Larry's good side (I quote: "Phil is God"), but this may not last long. (Hint: Phil Z. was not at all happy with Larry's rant about Tentacles and his quoting of Phil's comments at that Colorado talk he gave. If Larry discovers this, as he surely will, Phil may be back in the boat with the rest of us Spawns of Satan.) I don't think I'm being alarmist in advising you all to watch out for this guy. --Tim P.S. As long as I'm on the subject, let me again say that I'm not sending Detweiler any messages at all. I don't know if he's really getting anonymous messages ("pseudospoofers"), but if he is, they're not from me. And they never have been. John Gilmore wrote a very reasonable piece, addressing Detweiler's source of confusion, and has since been flamed and ranted against. Typical. And now I'll fall silent on this matter until something new happens. I just hope it isn't a "Texas Tower" sort of violent encounter. If you've got a gun, now's the time to make sure it's handy. If you don't have a gun, consider getting one. --TCM -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: by arrangement Note: I put time and money into writing this posting. I hope you enjoy it. From arthurc at crl.com Wed Nov 24 13:03:52 1993 From: arthurc at crl.com (Arthur Chandler) Date: Wed, 24 Nov 93 13:03:52 PST Subject: holiday In-Reply-To: <9311242006.AA15910@vail.tivoli.com> Message-ID: Here is the secret to understanding everything. It also contains the TRUE identity of Dark Unicorn, S.Boxx, and in fact everyone on the list. Unfortunately, it is encrypted in an unbelievably complex algorithm based on the factoring of infinity. Well, here it is. Crack it if you can! ,+*^^*+___+++_ ,*^^^^ ) _+* ^**+_ +^ _ _++*+_+++_, ) _+^^*+_ ( ,+*^ ^ \+_ ) { ) ( ,( ,_+--+--, ^) ^\ { (@) } f ,( ,+-^ __*_*_ ^^\_ ^\ ) {:;-/ (_+*-+^^^^^+*+*<_ _++_)_ ) ) / ( / ( ( ,___ ^*+_+* ) < < \ U _/ ) *--< ) ^\-----++__) ) ) ) ( ) _(^)^^)) ) )\^^^^^))^*+/ / / ( / (_))_^)) ) ) ))^^^^^))^^^)__/ +^^ ( ,/ (^))^)) ) ) ))^^^^^^^))^^) _) *+__+* (_))^) ) ) ))^^^^^^))^^^^^)____*^ \ \_)^)_)) ))^^^^^^^^^^))^^^^) (_ ^\__^^^^^^^^^^^^))^^^^^^^) ^\___ ^\__^^^^^^))^^^^^^^^)\\ ^^^^^\uuu/^^\uuu/^^^^\^\^\^\^\^\^\^\ ___) >____) >___ ^\_\_\_\_\_\_\) ^^^//\\_^^//\\_^ ^(\_\_\_\) ^^^ ^^ ^^^ ^^ From szabo at netcom.com Wed Nov 24 13:15:24 1993 From: szabo at netcom.com (Nick Szabo) Date: Wed, 24 Nov 93 13:15:24 PST Subject: Give me your password- OR ELSE! In-Reply-To: <9311240450.AA01367@toad.com> Message-ID: <199311242115.NAA01943@mail.netcom.com> Philippe Nave: > As the value protected by our encryption systems increases, we > must devote more effort to the solution of problems like the thug... Distributed pass phrases have been mentioned, as have distress codes and dead-man switches. Along with distributed pass phrases I'd add distributed keys with M-out-of-N voting, for valuable shared data (eg corporate data, family bank account). Other options include: * steganography and foiling traffic analysis: don't let the thugs know you have valuable encrypted data in the first place. * multiple keys with multiple (easy to remember!) pass phrases. We use different keys for our house, car, safes, etc. as well as different passwords for different accounts, and this will likely be also true for our encryption strategies. For example, it's a good idea to encrypt files on one's disk with a different key than one uses to receive e-mail. The ability to choose high-entropy but easy to rememember pass phrases is an interesting art. One strategy is to pick short pass phrases with high entropy (eg by requiring mixed cases, letters+numbers, etc.) PGP allows one to pick a long phrase, easier to remember, with less entropy per character but more total entropy. I despise the current situation where I have to choose a bunch of difficult to remember alphanumeric codes for different kinds of accounts, ATM access, etc. Nick Szabo szabo at netcom.com From karn at qualcomm.com Wed Nov 24 13:19:30 1993 From: karn at qualcomm.com (Phil Karn) Date: Wed, 24 Nov 93 13:19:30 PST Subject: Give me your password- OR ELSE! In-Reply-To: <9311241849.AA03229@lux.YP.acad> Message-ID: <199311242118.NAA17299@servo> >Car alarms and security systems didn't convince the criminals who make their >living ripping off cars that the *Good ole days were over* and it was time >to get a job at Burger Sri, it spurred them to find new methods to ply >their trade. How do you know this? Clearly some crooks may have just moved to more violent methods, but it's quite probable that others moved off to other fields where it's easier to make a buck, either legal or illegal. Although widely deployed strong cryptography may well cause an increase in violent, rubber-hose cryptanalysis, this technique is likely to be useful only for stored encrypted records and for encrypted communications whose protocols are not secure against this type of attack, e.g., PGP encrypted email. But much better protocols exist where online two-way communication is possible, e.g., signed Diffie-Hellman key exchange, with periodic automatic rekeying. Once you rekey in such a system, no amount of rubber hosing will obtain prior session keys; they're gone even to the participants. And even if you rubber-hose one of the participants into revealing the RSA key he uses to sign his DH exchanges, this will only let you masquerade as him in future conversations. In order to tap his future conversations surreptitiously, you'd have to rubberhose him without his knowledge, or hypnotize him into forgetting the incident. I'd say this is difficult. More so than secretly hacking the machine he uses to capture his secrets. Once again, it comes down to some level of physical security, at least while the machine is in actual use. Phil From jef at ee.lbl.gov Wed Nov 24 13:48:19 1993 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Wed, 24 Nov 93 13:48:19 PST Subject: holiday Message-ID: <9311242145.AA05314@ace.ee.lbl.gov> > Here is the secret to understanding everything. It also contains the >TRUE identity of Dark Unicorn, S.Boxx, and in fact everyone on the list. >Unfortunately, it is encrypted in an unbelievably complex algorithm based >on the factoring of infinity. Well, here it is. Crack it if you can! Since infinity is the product of all numbers, it was fairly easy to factor. Decrypted text appended. --- Jef o&#&o. ____ ___o\_ d| "9, ?H##""'`"'""'`""`"&o. ,M |b__o=q\ .d*" ___. ,==\\`Ho. H| `"" J* .,MT ,H$odH? dH#DqHD `&?. M| ,&' .dM*' +R96]#P `HMbHP `9b. Mi .HP .#HP' `""""' `9#. M| |H' HH `H, `b H| dP # `H, H |M JM .o 9HdH |b |M. |L MT ,o,HP M| M_ M. M M| ""HM. ,. .&"#HH MM H' T.HH `Mb &#?| `\.JM M# H| |b|M `Hb.^d| .,d#' ,H T| 9L*b. `M##o______oood#&9H" dH' |M `HL`H?. `H/H&$$??????o/?&' dM* |M. `Hb ?M#b_ `*&$P#MMMM#*$/*' ,H#' Mb HHH? `*Mb. `"#H###d*'' ,MP' MM. ?H' "HHb\ .##" TMb .dP' `"#MHbooooooooodHHM *M| ,#H' ""TM"'""""' *M| MH,.oH' .d| .M| |MMH' .H* HP TH, ,H' .dP' From nate at VIS.ColoState.EDU Wed Nov 24 14:13:52 1993 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Wed, 24 Nov 93 14:13:52 PST Subject: Pseudospoofing, LD, life, the universe, and everything Message-ID: <9311242209.AA13036@vangogh.VIS.ColoState.EDU> -----BEGIN PGP SIGNED MESSAGE----- Cypherpunks, I thought that the infamous L. Detweiler had stopped his posting, but it appears that he is back, and more neurotic than ever. I thought that it was the time for me to make another post relating to him, the list in general, and LD's obsession with pseudospoofing. OK, first, LD is pissing me off, as, I am sure, he is doing to many others out there in net.land. His raves are nothing if not persistant and ever increasingly long. I, being the founding member of the Colorado Cypherpunks, am not particularly prowd of him being affiliated with the group. I don't hate him, as some of teh others on this list apparently do, I just think he is a very persistant pest, a fly in the ointment. I think it is important to remember that in every movement there are fanatics, and in the best of intentions are those who would do harm while trying to crusade the good. I believe that Detweiler is one such person. He is experiencing some very serious problems with what he believes to be a concerted effort by some devilish cabal to warp and mung his brain through the rampant use of pseudospoofing. OK, fine if he believes that, I cannot keep him from thinking that some of us are emmisaries of Satan. I can, however, wish that he would leave me the hell alone and stop posting these long, drawn-out core dumps of his mangled psyche. I can ask him to stop his madness, though I know that it will only get me on his bad side, and possibly put me in physical danger (since I live in his vicinity, lucky me). I think that's enough on Detweiler himself, and I hope I don't have to talk about him anymore. On to pseudospoofing. I think that it exists, and that it's denial is just plain naive. The world is a non-friendly place, and there are dangers out there, and people who will exploit every aspect of the system to trick, decieve, and mangle others. This should not come as a shock to anyone on the list, since we are generally on (or close to) the cutting edge of new technologies and methods to use those technologies. I, myself have never participated in any kind of conspiracy with intent to confuse, nor have i ever posted under a name other than my own, and my anon.penet.fi identity. I have not posted as anyone that I am not, and have no intention to do so. I do not, however, object to the use of these technologies, or to the act of pseudospoofing. It cannot hope to be prevented, since there are always people out there who will figure out how to exploit the system to do their bidding. Yes, it's true, I am coming out in favor of pseudospoofing. I do not object to it's use, on the premise that it cannot be stopped, and it rarely does hard, aside from those (LD) whose minds are bent by the mere thought that it is happening. Enough of that. Now onto the list. I put some serious thought into dropping from the list for the past week or so, and I have decided _not_ to leave bacause sometime there are bits of information that I get from the list that are simply not available anywhere else. Some of the members of the list are, however, pissing me off. The list has degraded from a band of freedom fighters with things they cared about in jeopardy to a bunch of fucking children bickering over the most pathetic of things. I hope that the recent barrage of postings is not indicative of what is to come. If it is, then I may just reconsider and leave. I think that's all I have to say for now... I just wanted to let people know what I was thinking, and set the record straight if there are any members who think I am still on LD's side (which I was for quite some time). Thanks, - -nate +-----------------------------------------------------------------------+ | Nate Sammons nate at VIS.ColoState.Edu (303) 491-1578 | | Colorado State University -- Computer Visualization Laboratory | +-----------------------------------------------------------------------+ From owen at autodesk.com Wed Nov 24 18:43:22 1993 From: owen at autodesk.com (D. Owen Rowley) Date: Wed, 24 Nov 93 18:43:22 PST Subject: Give me your password- OR ELSE! Message-ID: <9311250200.AA04695@lux.YP.acad> > > From: karn at qualcomm.com (Phil Karn) > >Car alarms and security systems didn't convince the criminals who make their > >living ripping off cars that the *Good ole days were over* and it was time > >to get a job at Burger Sri, it spurred them to find new methods to ply > >their trade. > How do you know this? Clearly some crooks may have just moved to more > violent methods, but it's quite probable that others moved off to > other fields where it's easier to make a buck, either legal or > illegal. Watch the nightly news or if you want to be really anal about it look up statistics about the increase in violent carjacking. Walk down the street in any San Francisco neighborhood, and count the piles of tempered glass that used to be car windows. So OK, you don't have a criminal mind, and it makes sense to you that it might be a good time to go legit, but let me offer you my sincere advice not to move into a bad neighborhood, you are at a natural disadvantage. > Although widely deployed strong cryptography may well cause an > increase in violent, rubber-hose cryptanalysis, this technique is > likely to be useful only for stored encrypted records and for > encrypted communications whose protocols are not secure against this > type of attack, e.g., PGP encrypted email. tightly focused linear thinkers are perfect targets for criminally minded predators, they are assured that you will leave them a wide arena from which to operate undetected. > > But much better protocols exist where online two-way communication is > possible, e.g., signed Diffie-Hellman key exchange, with periodic > automatic rekeying. Once you rekey in such a system, no amount of > rubber hosing will obtain prior session keys; they're gone even to the > participants. Recently a Cash machine was installed in a building which I frequent. It was placed 10 feet inside a plate glass window, and has easy access for a small truck to drive up and haul it away. It even has wheels. I noted that this presented a danger to those of us who were in the building late at night, since it was apparently so vulnerable. I was concerned that the unarmed security guard was a sitting duck, and perhaps target practice, for theives intent on driving through the window and quickly hauling the whole shebang away. The cash machine installer informed me that the unit had a cel phone and GPS that would call and give its location if tampered with, but he didn't have an answer when I remarked that this would be littel comfort to anyone shot or injured by thieves unaware of this factor. and please don't tell me that posting signs telling would-be criminals about these security precautions will do any good. They won't. > And even if you rubber-hose one of the participants into revealing the > RSA key he uses to sign his DH exchanges, this will only let you > masquerade as him in future conversations. In order to tap his future > conversations surreptitiously, you'd have to rubberhose him without > his knowledge, or hypnotize him into forgetting the incident. I'd say > this is difficult. More so than secretly hacking the machine he uses > to capture his secrets. Once again, it comes down to some level of > physical security, at least while the machine is in actual use. You are making an error if you think that any locks keep out anything but honest people. Necesity is the mother of invention. The point is that these issues are not linear, when implemented in real world situations you must consider the real world implications and provide real world solutions. LUX ./. owen From jef at ee.lbl.gov Wed Nov 24 19:13:23 1993 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Wed, 24 Nov 93 19:13:23 PST Subject: Give me your password- OR ELSE! Message-ID: <9311250313.AA06253@ace.ee.lbl.gov> >Watch the nightly news or if you want to be really anal about it look up >statistics about the increase in violent carjacking. Actually, I did that. Turns out the supposed increase that got all the media attention was solely due to the SFPD establishing a new statistical category. The actual number of incidents has not changed significantly. --- Jef From hart at chaos.bsu.edu Wed Nov 24 21:13:23 1993 From: hart at chaos.bsu.edu (Jim Hart) Date: Wed, 24 Nov 93 21:13:23 PST Subject: Tax Havens on the Net Message-ID: <199311250609.AAA01325@chaos.bsu.edu> --------------------- Tax Havens on the Net --------------------- compiled by James R. Hart sources: Internet Connectivity List -- Larry Landweber, U.Wisc. ftp.cs.wisc.edu ../connectivity_table Version 9, August 1993 Hoyt L. Barber, _Tax Havens_, McGraw-Hill 1993 Codes used to indicate sites in each country with access to the Global Multiprotocol Open Internet: BITNET b: minimal, one to five domestic BITNET sites B: widespread, more than five domestic BITNET sites IP INTERNET I: = operational, accesible from entire IP Internet i: = operational, not accesible via the NSFNET backbone UUCP u: minimal, one to five domestic UUCP sites U: widespread, more than five domestic UUCP sites FIDONET f: minimal, one to five domestic FIDONET sites F: widespread, more than five domestic FIDONET sites OSI o: minimal, one to five domestic X.400 sites O: widespread, more than five domestic X.400 sites ------------------------ and without further ado: ------------------------ Aruba net access: ---f- languages: Papiamento, English, Dutch, Spanish currency controls: none? bank secrecy: moderate (numbered accounts not permitted) preferred legal entities: Aruba Exempt Company, NV (Dutch legal tradition, bearer shares allowed) taxes: no income tax on AEC or shareholders, no witholding of any kind tax treaties: none? Austria net access: BIOUFO language: German currency controls: ?? bank secrecy: good; numbered accounts available preferred legal entities: limited liability company, stock orporation taxes: corporate tax. no bank interest tax. 20% divident ax. tax treaties: many, OECD model, primarily personal and orporate income contact: Price Waterhouse, Austria Barbados net access: --u-- language: English currency controls: some (none for offshore banks & nsurance) preferred legal entities: company, public company, offshore bank, exempt insurance company, foreign sales corporation , international business company taxes: income tax offshore banks and international business companies 2.5%, exempt insurance companies and foreign sales corporations none tax treaties: double-tax treaties with 5 major countries (incl. U.K. & U.S.) Bermuda net access: --uf-- language: English currency controls: none for nonresidents bank secrecy: moderate preferred legal entities: local (conduct business in Bermuda, must be 60% Bermuda owned), exempt (only conducts business outside Bermuda) -- min. capitalization US$12,000 -- extensive background check on the principles taxes: no income, profit, sales, value added, witholding, or capital gains taxes tax treaties: no double-tax treaties. U.S. can be provided with tax information concerning civil & criminal tax cases Costa Rica net access: bIuf- language: Spanish currency controls: only on local currency, applies only to citizens or legal entities bank secrecy: good legal entities: individual enterprise/limited liability collective company limited partnership limited-liability company stock corporation (aka chartered company): most common taxes: 15% on dividents for some nonresident shareholders, moderate corporate income, payroll, imort, real estate taxes. Exporters exempt from most taxes. tax treaties: no double-tax treaties. Caribbean Basin Initiative exchange-of-information agreeement signed but not yet ratified (as of 1/93). Hong Kong net access: BI-F- languages: Cantonese, English currency controls: none bank secrecy: moderate? preferred legal entity: limited-liability corporation (English common law Companies Ordinance) taxes: 16.5% domestic source corporate income, 15% domestic employment wages, 15% on domestic property rental income tax treaties: no double-tax agreements n.b.: treaty to return Hong Kong to Communist China in 1997 Ireland net access: BIUFO language: English currency controls: none? bank secrecy: moderate? preferred legal entity: noresident company (private corporation w/limited liability, must conduct operations outside Ireland) taxes: only on Irish operations tax treaties: many double-tax treaties n.b.: those with Irish grandparents can obtain second citizenship Leichtenstein net access: ---f- languages: German, Alemanni currency controls: none bank secrecy: excellent preferred legal entities: allows any type found anywhere in the world (!) establishment (limited liability, unlimited duration) company limited by shares foundations and trusts taxes: none for income outside Leichtenstein. Net worth tax of 0.01% on capital and reserves (min. 1,000 Swiss francs), local resident taxes tax treaties: not party directly or indirectly to any exchange-of-information agreements double-tax treaty exists only with Austria n.b.: bankers won't assist law enforcement officials with drug, fraud, theft, or tax investigations. They might assist in money laundering and insider trading investigations, informing the customer first. Luxembourg net access: bIUFO languages: Letzeburgesh, French, German, English bank secrecy: moderate preferred legal entity: holding company taxes: holding companies pays only 10% registration fee on issued shares and 0.20% annual capital tax on issued capital bonds. tax treaties: many double-tax treaties n.b.: EC member Malta net access: --u-- languages: Maltese, English currency controls: none bank secrecy: good preferred legal entities: offshore notrading, trading, banking (overseas, subsidiary, local), insurance, trusts taxes: nontrading exempt, trading very low tax treties: many double-tax treaties n.b.: EC member Netherlands net access: BIUFO language: Dutch currency controls: ?? bank secrecy: poor preferred legal entities: private or public NV (can have bearer shares) taxes: complex, high (many loopholes for large offshore companies) tax treaties: many Panama net access: b-uFO languages: Spanish, English curency controls: none bank secrecy: good; numbered accounts permissable preferred legal entity: corporation taxes: none on income generated outside Panama tax treaties: only on shipping income Singapore net access: bIuF- languages: Malay, Mandarin, Tamil, English currency controls: none bank secrecy: moderate; numbered accounts available preferred legal entities: private limited company taxes: none on dividends, foreign deposit interest, or income derived from outside Singapore. tax treaties: many Switzerland net access: BIUFO languages: French, German, Italian, Romansch currency controls: none bank secrecy: moderate to good; numbered accounts available preferred legal entity: AG (stock company under Laws of Obligation) taxes: 3.6-9.8% worldwide income tax for operating companies, 35% witholding tax on interest and dividends tax treaties: many double-tax treaties Vanuata net access: --u-- languages: Melanesian, French, English currency controls: none bank secrecy: moderate? preferred legal entities: holding, trading, agency, mgmt. service, contracting taxes: no income or capital gains taxes tax treaties: none Western Samoa net access: --u-- languages: Samoan, English currency controls: none bank secrecy: good preferred legal entities: international company, offshore bank, insurance company taxes: none for companies under offshore acts tax treaties: none If you like having this information, let me know. Also let me know what other kinds of information you need on tax havens and net access; I'd love to be of service. If you have corrections to or additional information for the Tax Havens on the Net list, I'd be happy to add it with full attribution (or full privacy, as you prefer). To preserve your privacy, feel free to use anonymous remailers and encryption. My PGP key enclosed below. James R. Hart hart at chaos.bsu.edu -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQCNAiz0Br4AAAEEAJohFjXdkx6i2Mq6nJXdJN+VGupeKwuu1SAiRvsBK7TQ1ajY d3wEFohbwaHGn3iq7A1//koipvzE5S/C6pPxIAHFeoYOUzeI/cWmh6vsuaF3/lVm K9lx/L7PyaF8rvd4FOmLqkvs1xk/24S9ZQaBb3cjhLV571NaiPCIc3SPJUKXAAUT tCJKYW1lcyBSLiBIYXJ0IDxoYXJ0QGNoYW9zLmJzdS5lZHU+ =z2UE -----END PGP PUBLIC KEY BLOCK----- From ld231782 at longs.lance.colostate.edu Wed Nov 24 23:13:24 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 24 Nov 93 23:13:24 PST Subject: The History of Cypherpunks Message-ID: <9311250709.AA28957@longs.lance.colostate.edu> Mr. N.Sammons, esteemed Founder of Colorado Cypherpunk Chapter, kindly sent me a message he apparently posted to cypherpunks commenting on the `neurotic L.Detweiler' and my `obsession with pseudospoofing' who is `pissing me off' and is not `particularly prowd' [sic] of me `being affiliated with the group.' All of this is a rather clever distortion of reality apparently designed to ingratiate Mr. N.Sammons with the CA Conspiracy Clique. Mr. Sammons, I have no idea why you want to throw in your lot with the psychopunks (esp. given they all appear to be centered in CA), but far be it for me to stand in your way. The most serious distortions, considering my own mental state, however, I must address. I have been subject to dozens of accusations of mental instability over the past few weeks from fanatic CA cypherpunks bent on silencing me in very reprehensible ways, such as exerting pressure through my postmaster, mailbombs, employer, and higher administrators in the University. I must credit the eminent Cypherpunks E.Hughes,T.C.May,P.Metzger, and D.Barnes for their glorious atrocities. Also, just recently Mr. Gilmore suggests that these efforts amount to `doing me a favor' by `asking people at my university to come talk to me' by `people who think you are becoming unstable.' The truth is that I have made their own corruptions and lies increasingly unstable. The Psychopunk revisionist history appears to have reached a climax in Mr. Sammons' latest note: >He is experiencing some very serious problems with what he believes to be >a concerted effort by some devilish cabal to warp and mung his brain >through the rampant use of pseudospoofing. OK, fine if he believes that, >I cannot keep him from thinking that some of us are emmisaries of Satan. >I can, however, wish that he would leave me the hell alone and stop posting >these long, drawn-out core dumps of his mangled psyche. This is all nothing but BLACK DISINFORMATION typical of the brainwashing of CA cypherpunks. (Reminds me of D.Barnes, the `stellar hypocrite', telling another cypherpunk that his majestic L.D. blackmail fishing expedition were not an invasion of privacy but a simple psychopunk demonstration of how much sensitive personal information about people is vulnerable to exposure. bastard.) Mr. Sammons, the only thing that has propelled me over several weeks of postings to Cypherpunks and elsewhere (e.g. RISKS) is the hope that some Cypherpunk leader would crack and admit to their systematic efforts in systematic, conspirational cyberspatial deception in pseudospoofing. There has never been any other issue, and to call me insane for accusing the leadership of pseudospoofing is like telling Galileo he is a heretic for saying the earth revolves around the Sun. The top leadership has cloaked their effort to develop the cult religion of pseudospoofing in the guise of `privacy for the masses' and the `cryptographic revolution'. `pseudospoofing' and `pseudopools' are the core aspects of their perverted religion. They *have* a secret mailing list hidden from the public used to promote subversions and the CA Conspiracy. They have written customized software for pseudospoofing and style analysis for cyberspatial warfare across many lists. They have built up an extensive international infrastructure of sites and public access internet accounts for manipulation of the public through the mailing list and elsewhere. They have corrupted DNS and SMTP software. They have infiltrated many sensitive lists, such as `internet mercantile protocols' and CERT lists, and derailed discussions with public and private sabotage, and stolen sensitive confidential information. They have molested me and many others (e.g. G.Spafford and other well-meaning cypherpunk list subscribers) with their numerous tentacles in my private mailbox, even after I publicly requested they stop. Virtually all of these various harassments were over project proposals on the list by `outsiders' (such as the Whistleblowing newsgroup, the disk stacker encryption program) that rubbed them the wrong way for some capricious whim. They love to post effusive messages from tentacles congratulating themselves on their vacuous achievments, and attacks on others who have accomplished anything substantial. They love to post subtle disinformation that cloaks their future aims and past depravities. They have deceived the respectable media like NYT and Wired in dark, atrocious ways, and revel in it. And they would rather censor me by inflaming those above me at my site into revoking my Internet account, with completely deceptive complaints about my `deranged' postings, than confess their depravities in front of their loyal, marching, brainwashed, braindead sycophants, who still think that J.Dinkelacker and N.Szabo are real people. And they blame the ashes of their arson on the lone firefighter. I assure you, psychopunks, this is *not* a comprehensive list! These are only some of the *cyberspatial* crimes! Your eminent leaders would rather brand or drive a man into an insane pariah than admit the truth, an investigation they cower cowardly in fear and attack as Terrorizing McCarthyist WitchHunt Inquisition, which for them it is. This is all that drives me in posting here, is the hope that everyone sane and honest still listening will have the sense to get the hell out of here. Cypherpunks, your `leaders' are nothing but cyberspatial psychopaths. None will escape culpability for complicity. It's only a matter of timing at this point! tick, tick, tick ... From cman at caffeine.io.com Wed Nov 24 23:53:24 1993 From: cman at caffeine.io.com (Douglas Barnes) Date: Wed, 24 Nov 93 23:53:24 PST Subject: The History of Cypherpunks In-Reply-To: <9311250709.AA28957@longs.lance.colostate.edu> Message-ID: <199311250738.BAA18279@caffeine.caffeine.io.com> Barnes's Law: The longer and louder someone accuses his associates of conspiring against him, the greater the odds of their forming just such a conspiracy. -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 447-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From analyst at netcom.com Thu Nov 25 00:03:24 1993 From: analyst at netcom.com (Benjamin McLemore) Date: Thu, 25 Nov 93 00:03:24 PST Subject: 900 MHz Cordless question Message-ID: <199311250803.AAA19259@mail.netcom.com> Catching up on my reading the other day, I noticed an article in the Economist about Cincinnati Microwave's 900 Mhz cordless phone. It seems that Cylink makes the actual chip that is used in the phone to do the spread-spectrum communications. My questions to the readers of this list are: 1: Given that Cylink was one of the two original companies to manufacture Clipper hardware, what does this say about the protocols that are used in this spread-spectrum chip? Was it designed to be easy for law enforcement to crack? 2: Of the digital 900 Mhz telephones available, are any of the phones better from a security standpoint than any of the others? Are they all using different protocols or the same? Enquiring minds want to know! Thanks. --------------------------------------------------------------------------- -- Benjamin McLemore analyst at netcom.com 214/522.7640 fax From kkirksey at world.std.com Thu Nov 25 08:55:31 1993 From: kkirksey at world.std.com (Ken B Kirksey) Date: Thu, 25 Nov 93 08:55:31 PST Subject: Secure Wipe Message-ID: <199311251654.AA02153@world.std.com> Hola all, I've just started working on a good Mac implementation of IDEA, but I need a little more info on something. I've got more info on IDEA than I know what to do with, but I've yet to find any good references on doing a secure wipe to remove the plaintext file from the hard disk. Can anyone point me to some good refs on the topic? Many thanks... Ken From kkirksey at world.std.com Thu Nov 25 08:56:56 1993 From: kkirksey at world.std.com (Ken B Kirksey) Date: Thu, 25 Nov 93 08:56:56 PST Subject: Schneier's _Applied Cryptography_ Message-ID: <199311251654.AA02228@world.std.com> >BTW, schneier is literally a FAQ for cypherpunks. >Fantastic book. Cough up the money for it... I'll second that motion! Waldenbooks just got my copy of _Applied Cryptography_ in yesterday, and I've pretty much had that book in my hands every minute I've been awake since. Definitely required reading. Ken ============================================================================= Ken Kirksey kkirksey at world.std.com Mac Guru & Developer ----------------------------------------------------------------------------- Among the many misdeeds of the British rule in India, history will look upon the act of depriving a whole nation of arms, as the blackest. - Mahatma Ghandi From kkirksey at world.std.com Thu Nov 25 08:58:22 1993 From: kkirksey at world.std.com (Ken B Kirksey) Date: Thu, 25 Nov 93 08:58:22 PST Subject: strong crypto => increase in rubber-hose attacks? Message-ID: <199311251654.AA02170@world.std.com> >Assume you use strong crypto to protect your secrets. > >Assume a lot of people start using crypto to protect their secrets. > >Assume there are people who want to discover these secrets. > > >Might we some day see an increase in the number physical attacks as bad guys >resort to rubber-hose methods to get at the keys that protect the secrets? Now Jim, you wouldn't be implying that our big warm fuzzy government would EVER resort to using methods like that on it's own citizens, would you? :-) Not possible, unless you count Waco, Ruby Ridge, Ken Ballew, John Lawmaster, no-knock search warrants, ad infinitum... Seriously, I think you may be right, although physical security has always seemed to me to be the weakest link in any crypto chain. All I can say is that scenarios such as you envision simply point out the wisdom of always going armed. Or did I read to much Heinlein when I was a kid? :-) Ken ============================================================================= Ken Kirksey kkirksey at world.std.com Mac Guru & Developer ----------------------------------------------------------------------------- Among the many misdeeds of the British rule in India, history will look upon the act of depriving a whole nation of arms, as the blackest. - Mahatma Ghandi From kkirksey at world.std.com Thu Nov 25 08:58:35 1993 From: kkirksey at world.std.com (Ken B Kirksey) Date: Thu, 25 Nov 93 08:58:35 PST Subject: PC Based One-Time Pad Message-ID: <199311251654.AA02190@world.std.com> While I was reading though _Applied Cryptography_ last night, a thought struck me (no damage): Why hasn't anyone come up with a good Mac or PC based One-Time Pad system. I'd envision it working something like this: * A 1.4 Meg floppy with a single file, or multiple files, of random bits. 2 copies, one for sender and one for reciever. * The first few bytes of the cyphertext file will contain the name of the pad file used, possibly the volume name where the pad file is stored, and the starting offset within the pad file. It seems like this would be a fairly easy system to implement, but since no one (to my knowledge) has yet done so, there must be something I'm missing. :-) Secure distribution and storage of the pad disk could be difficult, but not insurmountable. The only hurdle that comes to mind is that filling a 1.4 meg floppy, or even a 700k floppy, with a sequence of TRULY random bits might be difficult and/or very time consuming. Any thoughts? Ken ============================================================================= Ken Kirksey kkirksey at world.std.com Mac Guru & Developer ----------------------------------------------------------------------------- Among the many misdeeds of the British rule in India, history will look upon the act of depriving a whole nation of arms, as the blackest. - Mahatma Ghandi From russell at eternity.demon.co.uk Thu Nov 25 09:59:49 1993 From: russell at eternity.demon.co.uk (Russell Earl Whitaker) Date: Thu, 25 Nov 93 09:59:49 PST Subject: Forwarded Article Message-ID: <24762@eternity.demon.co.uk> I'll write more on the (I think successful) ECFP '93 later; for now... -- Russell This article was forwarded to you by russell at eternity.demon.co.uk (Russell Earl Whitaker): --------------------------------- cut here ----------------------------- Xref: demon alt.wired:1244 demon.local:6413 sci.crypt:10110 uk.politics:7717 alt.security.pgp:5994 Newsgroups: alt.wired,demon.local,sci.crypt,uk.politics,alt.security.pgp From: russell at eternity.demon.co.uk (Russell Earl Whitaker) Path: eternity.demon.co.uk!demon!eternity.demon.co.uk!russell Subject: MEDIA: PGP covered in London *Guardian* 25 Nov 93 Organization: Extropy Institute Reply-To: Russell at eternity.demon.co.uk X-Newsreader: Simple NEWS 2.0 (ka9q DIS 1.24) Lines: 24 Date: Thu, 25 Nov 1993 17:34:57 +0000 Message-ID: <754248897snz at eternity.demon.co.uk> Sender: usenet at demon.co.uk Thursday, 25 November 1993: All Londoners interested in the issue of communications privacy should pick up today's *Guardian*: in the Computers section is an article by Wendy Grossman, "Enter the crypto factor", subtitled "How computers could give us back the privacy that computerisation has taken away". The article discusses the "export problems" at the centre of Phil Zimmermann's recent troubles. Good job, Wendy! [She can be reached, by the way, at 70007.5537 at compuserve.com.] -- Russell Earl Whitaker whitaker at eternity.demon.co.uk Communications Editor AMiX: RWhitaker EXTROPY: The Journal of Transhumanist Thought Board member, Extropy Institute (ExI) Co-organizer, 2nd European Conference on Computers, Freedom and Privacy, London, October 1994 --------------------------------- cut here ----------------------------- From gtoal at an-teallach.com Thu Nov 25 11:19:52 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 25 Nov 93 11:19:52 PST Subject: PC Based One-Time Pad Message-ID: <10563@an-teallach.com> In article <199311251654.AA02190 at world.std.com> kkirksey at world.std.com "Ken B Kirksey" writes: > While I was reading though _Applied Cryptography_ last night, a thought > struck me (no damage): Why hasn't anyone come up with a good Mac or PC based > One-Time Pad system. Because they're trivial to write. I could do one in less that 15 minutes. > It seems like this would be a fairly easy system to implement, but since > no one (to my knowledge) has yet done so, there must be something I'm > missing. :-) Because very few people can be bothered driving half way across the country to deliver the OTPs. It's *way* too much hassle for day to day use of the kind we use pgp for. And if someone *is* doing it for real security (like say AT&T shipping around their secure phone circuit diagrams because they don't trust clipper :-) ) then they're *not* going to be mentioning it in passing on usenet news groups... G PS No, you *don't* send them in the mail. But you knew that, right? -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From remail at tamsun.tamu.edu Thu Nov 25 12:28:38 1993 From: remail at tamsun.tamu.edu (remail at tamsun.tamu.edu) Date: Thu, 25 Nov 93 12:28:38 PST Subject: Electronic commerce conference Message-ID: <9311252026.AA17760@tamsun.tamu.edu> WORLDWIDE ELECTRONIC COMMERCE: Law, Policy and Controls Conference ****************Program Details**************** Dear Colleague: Our world is getting smaller. Electronic Data Interchange (EDI), Electronic Mail (E-Mail) and other computer-based technologies (that collectively support Electronic Commerce) are drawing individuals and organizations closer together. However, these exciting developments also present significant challenges. Corresponding audit, controls, legal, policy and security issues pose potentially serious barriers to the rapid adoption and extensive use of Electronic Commerce. Worldwide Electronic Commerce will address the implementation and control issues inherent in applying Electronic Commerce to today's environment. The answers provided at this conference will address current problems as well as provide a foundation for dealing with these complex issues in the future. We have been fortunate to have secured an unusually qualified and internationally recognized faculty to share their experience, knowledge and theories on the wide range of issues identified in this brochure. We are equally pleased to have obtained a distinguished group of organizations who, in affiliation with this conference, are lending their considerable support. Please join us at this unique and ground breaking event which will be held on January 16-18, 1994 in New York City at the Waldorf-Astoria Hotel. Michael S. Baum, Esq., Conference Chair M. Todd Ostrander, Conference Co-Chair WORLDWIDE ELECTRONIC COMMERCE CONFERENCE PUT ON IN AFFILIATION WITH: -------------------------------------- American Bar Association, Section of Science & Technology Centre for Commercial Law Studies, University of London Computer Law Association EDI Association of the United Kingdom EDP Auditors Association Harvard Law School John F. Kennedy School of Government, Harvard University National Institute of Standards and Technology U.S. Council for International Business Data Interchange Standards Association Healthcare EDI Corporation International Union of Latin Notaries CONFERENCE AT A GLANCE ---------------------- SUNDAY, JANUARY 16TH - Registration 17:00 - 20:00 ------------------------------------------------- PRE-CONFERENCE TUTORIALS: 18:00 - 19:30 * Electronic Trade Overview for Beginners * Security and Audit Overview * A General Counsel's Perspective on Electronic Trade * Electronic Commerce Policy and Regulation 101 MONDAY, JANUARY 17TH - Registration 7:00 - 18:00 ------------------------------------------------ OPENING PLENARY: 8:00 - 8:50 SESSION 1: 9:00 - 10:20 * Will Legislation Keep Up with Electronic Trade? * Anatomy of a Model EDI Audit Program * Will Privacy Requirements Inhibit Electronic Commerce? * Clearing Houses and Electronic Commerce SESSION 2: 10:30 - 11:50 * U.S. Efforts in Coordinating Electronic Commerce Standards Policy * How to Audit a Third Party/Value Added Network * What is Cost Effective Commercially Reasonable Security? * Anticompetitive Restraints on Trade in Electronic Commerce LUNCH 12:00 - 13:30 SESSION 3: 13:30 - 14:50 * Trading Partner and Business Agreements in Electronic Commerce * Electronic Negotiability - What Scares the EDI Users Away? * INFOSEC Standards Coordination and Interworking * Time/Date Stamping - Options and Constraints SESSION 4: 15:00 - 16:20 * United Nations Electronic Commerce Initiatives * Directory control Issues in Electronic Messaging and EDI * Comparing Critical Cryptographic Algorithms and Standards * Financial Clearing Houses - a Foundation for EDI? SESSION 5: 16:30 - 17:50 * Model Electronic Payments Agreements * What to Save, When to Save It, and For How Long * Do "Smart Cards" Provide an "Ultimate" Control Solution? * The "FAST" Initiative - Business Trust in the Computer Era? TUESDAY, JANUARY 18TH - Registration 7:00 - 12:00 ------------------------------------------------- SESSION 6: 8:00 - 9:20 * Negotiating Electronic Trade Agreements * Back-Up, Archival and Contingency Planning Services * Security Policy in a Global Information Environment * Electronic Software Distribution (ESD) - a Pandora's Box? SESSION 7: 9:30 - 10:50 * Value Added Networks and Interconnect Agreements * Do Criminal Laws Really Protect Electronic Commerce? * Digital and Electronic Signatures and the Law * Accreditation and Certification - the New Frontier? SESSION 8: 11:00 - 12:50 * The ICC Electronic Commerce Initiatives * Admitting, Proving and Enforcing EDI Transactions * Re-engineering the Tax Filing Process * EDI Insurance - the Next Control Approach? LUNCH: 12:00 - 13:30 SESSION 9: 14:00 - 15:20 * Central and Eastern European Electronic Trade * The Role and Future of Notaries in Computer-Based Commerce * Will Healthcare Reform Profoundly Reshape EDI Law, Policy, and Controls? * The Uses of Escrow in Electronic Commerce SESSION 10: 15:30 - 16:50 * Who Owns the Standards, Functionality and Systems? * Risk Analysis in Electronic Trade * Judicial EDI * EDI Translation Software Control and Legal Considerations CONFERENCE PROGRAMMING COMMITTEE: --------------------------------- Robert Barger, Esq., Section of Science and Technology, American Bar Association Michael S. Baum, Esq., Independent Monitoring, Conference Chair Susan Caldwell, Executive Director, EDP Auditors Association Rachel Foerster and Garren Hagemeier, Healthcare EDI Corporation Mark L. Gordon, Esq., Computer Law Association Jerry Mechling, Ph.D. and Tom Fletcher,Ph.D., Kennedy School of Government, Harvard University Mario Miccoli, Natariat, Unione Internazionale Del Notariato Latino Professor Charles R. Nesson, Harvard Law School M. Todd Ostrander, EDI Program Manager, Egghead Software, Conference Co-Chair Chris Reed, Esq. and Ian Walden, Ph.D., Centre for Commercial Law Studies, University of London Peter Robinson and Bruce Wilson, U.S. Council for International Business Roy Saltman, National Institute of Standards and Technology In Memory of the Late Professor Donald Trautman, Harvard Law School SUNDAY, JANUARY 16TH: PRE-CONFERENCE TUTORIAL EVENING SESSIONS ---------------------------------------- The following tutorials provide newcomers to electronic trade with an overview of the concepts, technologies, and business practices that will make the conference more meaningful. These pre-conference sessions are scheduled from 18:00 - 19:30, January 16th, so that they will not interfere with the regular conference sessions. ELECTRONIC TRADE OVERVIEW FOR BEGINNERS An overview of "Electronic Trade" and how it applies to the business environment of the '90's & the 21st century. You will learn about the history and state of electronic commerce, including EDI, E-Mail, and other enabling computer-based trade technologies and the components necessary to implement these technologies successfully in your industry. Additionally, this session will provide an overview of electronic commerce-relevant aspects of the American National Standards Institute (ANSI), United Nations/EDI for Administration, Commerce and Trade (UN/EDIFACT) and International Standards Organization (ISO) standards development processes, how they affect you, and important differences that multi-national companies will likely encounter while implementing them. SECURITY AND AUDIT OVERVIEW The basic control structures and security guidelines for an electronic trade program including cryptographic and non-cryptographic controls will be discussed in this tutorial session. This session also provides the 'non- auditor' with a description of the unique characteristics of auditing in an electronic trade environment and an understanding of how auditors must contribute to the electronic commerce environment. A GENERAL COUNSEL'S PERSPECTIVE ON ELECTRONIC TRADE Corporate counsel are increasingly called upon to respond quickly and effectively to the demands of accelerating electronic trade implementation programs. Veteran corporate counsel will summarize the critical responsive actions they have taken, and provide perspectives on how they navigated and climbed the electronic commerce learning curve. This session will provide the electronic commerce neophyte general counsel with helpful hints for making the most of the conference. ELECTRONIC COMMERCE POLICY AND REGULATION 101 The policy and regulatory issues affecting electronic commerce continue to grow without an end in sight. As a primer for an enriching Worldwide Electronic Commerce conference, this session identifies and explains the critical policy and regulatory building blocks (and road blocks) that electronic commerce professionals simply cannot avoid. It also surveys the "tools" that are used in policy development and implementation. This session provides a useful foundation for many of the policy-oriented sessions. MONDAY, JANUARY 17TH MORNING SESSIONS ------------------------------------- SESSION 1: 9:00 - 10:20 ----------------------- 1. WILL LEGISLATION KEEP UP WITH ELECTRONIC TRADE? Viewpoints of law reform experts on the development of diverse topics of possible legislation affecting electronic commerce will be presented. Current and proposed legislation from around the globe will be presented and considered for its practicality and likelihood of impacting electronic commerce. 2. ANATOMY OF A MODEL EDI AUDIT PROGRAM More and more organizations are designing and implementing enterprise-wide EDI and electronic commerce systems. Audit standards, guidelines and practices are in the process of responding to the need for EDP and MIS systems auditors to have a detailed understanding of the requirements for auditing EDI systems. This session will outline the EDI systems audit requirements and provide an overview of the ASC X12 Model Audit Program currently under development. Experienced auditors will walk you through the results of their years of experimentation and implementation and explain an effective and practical audit program that you can implement. 3. WILL PRIVACY REQUIREMENTS INHIBIT ELECTRONIC COMMERCE? How does personal data communicated among trading partners and/or the government, particularly in open systems environments, create barriers to business transactions? Data protection is a frontier for electronic commerce. This session will distinguish privacy and confidentiality and discuss methods to protect companies from the risks associated with the improper disclosure of telecommunicated personal data. It will also consider the economic, privacy or national security requirements and restrictions imposed by governments, and their impact on electronic commerce. Various laws and directives, including the EC's proposed directive concerning the protection of individuals in relation to the processing of personal data will be identified and considered in conjunction with charting a viable approach for implementation. 4. CLEARING HOUSES AND ELECTRONIC COMMERCE Clearing houses provide administrative, legal and technical infrastructure which support various computer- based commercial trading services to bolster the reliability and enforceability of electronic transaction records, reduce legal uncertainty, and generally facili- tate electronic trade. The scope of implemented clearing house services depends upon available technology, legal and security requirements, potential liability, the availability of insurance, and, of course, business needs and costs. Clearing house services also extend well beyond "traditional" clearing house functions to provide broad-based support as a trusted entity. This session will detail how clearing houses affect electronic commerce controls and security. SESSION 2: 10:30 - 11:50 ------------------------ 1. US EFFORTS IN COORDINATING ELECTRONIC COMMERCE STANDARDS POLICY U.S. public and private sector planning for global electronic commerce requires coordination of the various standards supporting electronic commerce, and developing and presenting comprehensive U.S. positions in the various international standards setting fora. This panel will present proposals for improving such coordination and charting a path forward, and provide an expert's view on the future. The session will also address the relevant implications of the recently released report of the National Performance Review and endorse initiatives that will potentially catalyze national and international electronic commerce reform for years to come. Will these initiatives be successful and how will they impact business? 2. HOW TO AUDIT A THIRD PARTY/VALUE ADDED NETWORK This session addresses the 'how to' of conducting audits of third party service providers including third party claims clearing houses. What is needed to obtain clearance to conduct an audit? What questions are appropriate during the audit? Who should participate in such an audit? The impact of diverse relevant auditing standards and guidelines, including those of the IIA, the AICPA's SAS 70 and other relevant materials will be discussed. 3. WHAT IS COST EFFECTIVE COMMERCIALLY REASONABLE SECURITY? How much security is required in an electronic trade relationship? What is commercially acceptable and must commercially reasonable security be cost effective security? Experts will provide useful guidance on this very difficult issue. 4. ANTICOMPETITIVE RESTRAINTS ON TRADE IN ELECTRONIC COMMERCE This session will identify and provide approaches concerning three important and frequently asked questions: Can we force our trading partners to trade electronically, or can we be forced to do so? Can we be forced to use particular VANs, or one of a limited number of specified VANs? Can we charge (or be charged) a premium for failing to trade electronically? Antitrust counsel and electronic trade professionals will provide their perspectives. MONDAY, JANUARY 17TH AFTERNOON SESSIONS --------------------------------------- SESSION 3: 13:30 - 14:50 ------------------------ 1. TRADING PARTNER AND BUSINESS AGREEMENTS IN ELECTRONIC COMMERCE This session will present case studies that illustrate how trading partner agreements (agreements among parties to electronic trade transactions) have been implemented by industry and government to facilitate electronic trade. Agreements that accommodate sales, services and other types of electronic commerce will be treated. The session will consider approaches to modifying model agreements, accommodating scaling and automating computer-based contracting mechanisms. Various model agreements, including the soon-to-be released European/TEDIS agreement will be addressed. 2. ELECTRONIC NEGOTIABILITY - WHAT SCARES THE EDI USERS AWAY? Few EDI issues cause such angst in the EDI community as the issue of negotiability under EDI - whether it is for securities, bills of lading, letters of credit, or any other device that depends upon paper to transfer things of value. Is it the horrendous legal pitfalls that EDI negotiability presents as some would claim? Or is it that last vestige of paper that we all are reluctant to let go of, that causes us to hesitate before committing ourselves to an all EDI world of commerce? The history of and current efforts to develop electronic mechanisms in substitution for paper-based documents of title will be examined during this session. The panel will address the major initiatives intended to substitute or accommodate negotiable and nonnegotiable documents of title in electronic form, and will explore possible solutions. 3. INFOSEC STANDARDS - POLICY, COORDINATION AND INTERWORKING This panel will deal with current and future policy on information security standardization at the international, regional and national levels, in particular, with regard to information security standards as they apply to electronic trade and commerce. It will also share thoughts and perspectives concerning future standards direction, work programs, interworking, and coordination. 4. TIME/DATE STAMPING - OPTIONS AND CONSTRAINTS Time and date stamping of computer-based transactions is increasingly recognized as being critical to nonrepudiation, effective public key certificate and certificate revocation management, and EDI in general. This session will survey the technology, implementations and legal requirements for time and date stamping and consider the extent to which trusted entities are needed to implement time and date stamping procedures and devices, as well as the implications of electronic rather than human time stamping. SESSION 4: 15:00 - 16:20 ------------------------ 1. UNITED NATIONS ELECTRONIC COMMERCE INITIATIVES This session surveys and opines on some of the UN's legal initiatives in support of electronic commerce. UN representatives to both predecessor and current activities will share their viewpoints on legal developments, relationships to other international organizations and will describe their visions for the future. 2. DIRECTORY CONTROL ISSUES IN ELECTRONIC MESSAGING AND EDI This session presents an overview of the audit and security capabilities and legal implications of international messaging and directory standards and recommendations, including X.400, X.435, and X.500. Industry experts will describe how they have implemented these standards and addressed the security issues surrounding their use. Directory-based trading partner information, including security credentials, is increasingly indispensable for electronic commerce. However, privacy, ownership, use, revenue and accuracy of directory information remain compelling challenges. The session will also examine directory models, explore the critical issues and present a path forward. 3. COMPARING CRITICAL CRYPTOGRAPHIC ALGORITHMS AND STANDARDS How do I know you are who you say you are? Inventors, visionaries and pioneer algorithm standards developers will discuss how cryptographic techniques have been developed and standardized to address the authentication of business documents. The practical application of such technologies and their integration into small, medium and large business systems will provide an indispensable road map for improved business processes and reduced legal and control risks. 4. FINANCIAL CLEARING HOUSE RULES - A FOUNDATION FOR EDI? Major funds transfer clearing houses (such as the ACH, CHIPS, Fedwire) have developed highly sophisticated rules that address the apportionment of liability among users, financial institutions and the clearing house. As clearing houses and other trusted third parties provide various assurances to the trading public, these clearing house rules and procedures deserve close attention. A panel of the counsel and commentators to the major funds transfer clearing houses will share their collective experience with a view towards the development of generalized electronic commerce clearing houses and electronic security credentialing authorities. SESSION 5: 16:30 - 17:50 ------------------------ 1. MODEL ELECTRONIC PAYMENTS AGREEMENTS Financial EDI is increasingly a growing and indispensable aspect of electronic commerce. However, it also presents additional challenges beyond those covered by standard EDI trading partner agreements and practices. This session outlines the legal treatment of financial EDI, its relationship to EFT and funds transfer mechanisms, and the responsive model financial EDI agreements, guidelines and critical law reform initiatives. 2. WHAT TO SAVE, WHEN TO SAVE IT, AND FOR HOW LONG How long should transactions be saved? Are electronic documents subject to different retention rules? International trade rules are in play respecting retention matters. In the U.S., the Internal Revenue Service published Revenue Procedure 91-59 to address the electronic retention period and audit procedures for the electronic trade environment. To what extent does this Revenue Procedure as well as other national and international procedures provide useful models for international harmonization? This session will address the pros and cons of using such procedures to change company internal records retention policies. 3. DO "SMART CARDS" PROVIDE AN "ULTIMATE" CONTROL SOLUTION? The need for, and use of, card technologies, including magnetic stripe, smart cards, and PCMCIA, presents new options and challenges for the audit, legal and security communities. The policy issues associated with card technologies have already surfaced within the electronic benefit transfer, healthcare informatics, financial services and many other environments. The panel will identify the various card technologies and explore the relevant issues, including those concerning ownership of data on the card, impact on satisfaction of signature requirements and cost justification. 4. THE "FAST" INITIATIVE - BUSINESS TRUST IN THE COMPUTER ERA? The International Bureau of Chambers of Commerce (IBCC) - world forum of Chambers of Commerce (of the International Chamber of Commerce (ICC)), is setting up an international "registration" and "certification" chain within EDI. Coordinated by the Belgian Federation of Chambers of Commerce and Industry, the backbone of the Certified Electronic Data Interchange For Administration, Commerce and Transport (CEDI- FACT) concept included in "FAST" (First Attempt to Security Electronic Commerce), a trans-European and trans-sectoral pilot project that will soon commence under the auspices of the TEDIS program of the Commission of the European Communities. TUESDAY, JANUARY 18TH - MORNING SESSIONS ---------------------------------------- SESSION 6: 8:00 - 9:20 ---------------------- 1. NEGOTIATING ELECTRONIC TRADE AGREEMENTS A common stumbling block in implementing electronic trade is the length of time it takes for companies to negotiate electronic trade agreements. In this session you will witness a simulated negotiation session between two trading partners and their counsel. The dialogue will communicate the benefits and costs of using standard agreements that are recognized by the majority of industries, as well as the benefits and cost of not using a trading partner agreement. 2. BACK-UP, ARCHIVAL AND CONTINGENCY PLANNING SERVICES IN ELECTRONIC COMMERCE ACCELERATED TRANSACTION PROCESSING OR J.I.T. ENVIRONMENT Increasingly, the failure to contract for contingency services may create significant exposure, perhaps extending to consequential damages. Moreover, the impact of expedited electronic transactions such as just- in-time and quick response demand further consideration of contingency services. This session debates an appropriate definition of "due diligence" in electronic commerce; the issues addressed in most commercial contingency services agreements, and concludes with predictions on future issues by a panel of recognized experts. 3. SECURITY POLICY IN A GLOBAL INFORMATION ENVIRONMENT This session provides an opportunity to hear two of the key security policy makers from the Commission of the European Communities and the United States, respectively. The speakers will address critical developing information security policy issues of far reaching consequence, including whether public key infrastructure can or should be implemented for both authentication and confidentiality services or instead for authentication only; the scope and impact of pilot projects on cryptographic and secured open systems policy development; the impact of patents on the development of ubiquitous secure infrastructure; and cooperative approaches to a global path forward that will minimize national and regional fragmentation. 4. ELECTRONIC SOFTWARE DISTRIBUTION (ESD) - A PANDORA'S BOX? As in every industry, there are commercial conduct rules that apply to the software industry. As new methods of distribution are introduced (discussed) in order to make it easier for customers of software developers to obtain and manage software assets within a corporation, domestic and global legal implications are raised. This session will discuss issues surrounding ESD and the proposals to remedy them. Additionally, critical new technologies and actual implementations will be identified and demonstrated, with a view towards their security and control capabilities. SESSION 7: 9:30 - 10:50 ----------------------- 1. VALUE ADDED NETWORK AND INTERCONNECT AGREEMENTS - WHO IS LIABLE AND FOR WHAT? Third Party Service Providers ("TPSPs") including Value Added Networks ("VANs") and service bureaus have been quite successful in limiting their liability. This session examines the history, present status and future liability of VANS and other TPSPs. The extent to which VANs can or should be trusted to assure the confidentiality of user data will be addressed. The panel will provide practical legal and technical advice at grappling with these trends. The panel, which includes general counsel to VANs, will address these issues, including the enforceability of liability caps, the enforceability of trading partner terms within their "system agreements", VAN interconnects and special considerations for consumer-users. 2. CRIMINAL LAWS REALLY PROTECT ELECTRONIC COMMERCE? Liability for computer-based criminal acts is a developing area of the law and therefore, the extent and adequacy of current law remains uncertain. This session will identify the critical elements of criminal law relevant to electronic commerce and describe its inadequacies. Proposals will be presented for legislative reform. International prosecution of computer-based crime will also be considered. 3. DIGITAL AND ELECTRONIC SIGNATURES AND THE LAW Historically, the written signature has been an important (and in many cases an indispensable) aspect of commercial trade. This session will compare conventional, electronic and digital signature requirements and techniques, and explain how they are (or should be) treated in the law. The most authoritative private and administrative, legislative, judicial and audit-related decisions, rulings and pronouncements affecting digital signatures will be presented, and their future impact explained. You will learn about new methods for "tying" digital and electronic signatures to pre- established expectations and purposes. The speakers will also discuss the format and intent of relevant computer based "signature" standards and how they can be implemented in your company/industry. 4. ACCREDITATION AND CERTIFICATION - THE NEW FRONTIER? Because deserved confidence and trust in electronic credentials and the infrastructure that issues such credentials is of vital importance, mechanisms to assure its accountability, consistency and quality are indispensable. Certification and accreditation provide a process of approval or recognition by a trusted body representing that the subject of such certification and accreditation has satisfied recognized criteria, typically concerning quality, performance, ethics, experience, safety, education or competence. This session considers the legal, policy and organizational issues associated with accreditation and certification and its relevance to the satisfaction of obligations to implement "commercially reasonable security." SESSION 8: 11:00 - 12:20 ------------------------ 1. THE INTERNATIONAL CHAMBER OF COMMERCE ELECTRONIC COMMERCE INITIATIVES The ICC and its national affiliates (such as the U.S. Council for International Business) have played a continuing role in the development of electronic commerce rules and practices, beginning with the seminal publication of the "UNCID" rules, and subsequently with initiatives for "EDI-TERMS", "EDI- ready" INCOTERMS, and other projects. This session will identify relevant ICC electronic commerce initiatives, describe the ICC's future role, including with regard to other international organizations, and consider the ICC's and USCIB's work in addressing other information policy and security issues confronting the global business community. 2. ADMITTING, PROVING, AND ENFORCING EDI TRANSACTIONS This session will focus on the evidentiary requirements for electronic trade records and will contrast requirements for records in paper and electronic form. Diverse interpretations of foundation requirements of the Federal Rules of Evidence, key regulatory requirements, and related issues, including a status report on efforts to reform the Federal Rules of Evidence that are relevant to computer-based practices will be presented. 3. RE-ENGINEERING THE TAX FILING PROCESSES Tax authorities will explain how they are dealing with the electronic trade environment; and the policy, legal and security issues involved in electronically interfacing with national Governments. The implications of these activities on electronic commerce generally will be the focal point for this session. Additionally, it will consider intergovernmental relationships concerning authority to operate as a VAN or service bureau for the other, including the TaxNet Government Communications Corporation (TGCC) initiatives. 4. EDI INSURANCE - THE NEXT CONTROL APPROACH? This panel will discuss the issues and opportunities associated with offering and underwriting electronic information-related risks.. This session surveys important insurance issues that are either directly applicable to electronic commerce and cryptography, or that indirectly provide useful structures which can benefit the thoughtful consideration of competing approaches to such infrastructure. The discussion considers insurance issues in EDI, EFT, VANS, and certification authorities. To the extent insurance exists, the panelists will discuss general restrictions and what electronic information users and vendors can do to standardize and structure their systems to assist the insurance industry with broadening the scope of coverages. TUESDAY, JANUARY 18TH - AFTERNOON SESSIONS ------------------------------------------ SESSION 9: 14:00 - 15:20 ------------------------ 1. CENTRAL AND EASTERN EUROPEAN ELECTRONIC TRADE - LEGAL STATUS AND FUTURE OPTIONS This session will discuss the present position of several normative acts and legislative proposals in the Central and East European countries that are of importance for the development and use of EDI including: the status of electronic evidence, the possibilities for electronic contracting, and the legal requirements of "writing" and "signature". The case for new legislation in Central and Eastern Europe, assimilating the consequences of the development and use of computer applications on the traditional legal system, as well as the recent proposal for a new Civil Code of the Russian Federation that contains a specific regulation on an electronic version of negotiable documents, will be discussed. 2. THE ROLE AND FUTURE OF NOTARIES IN COMPUTER-BASED COMMERCE This session defines and explains conventional notary laws and practice in both common law and civil law countries; and considers the business and legal need for notarial reform to accommodate electronic transactions. It will also examine the use and sufficiency of forms of identification as a prerequisite to the issuance of electronic credentials. Furthermore, the session will provide perspectives on notarial reform, including whether current notarial practice can accommodate electronic commerce, or whether there is a need for an "electronic notary," a "super notary" or other such "trusted entities." A panel of distinguished notaires from around the world will consider whether a Latin-style notary can or should be introduced in non-civil law countries and will forecast the future for notaries in a computer-based world. 3. WILL HEALTHCARE REFORM PROFOUNDLY RESHAPE EDI LAW, POLICY AND CONTROLS? Privacy and security issues surrounding the use of EDI are advancing to the top of the priorities in the health- care field. Healthcare costs are a prime concern of governments and individuals. However, with the rapid growth of health care information networks and regional or community healthcare networks, the capture, storage and retrieval of health care data is essential to the quality of the health care delivered. Data ownership and access rights are unresolved, as well as the apportionment of liability for erroneous or improperly disclosed data. Moreover, the lack of a national (U.S.) personal ID/national identifier presents privacy and security challenges for healthcare and electronic commerce generally. These issues, with a focus on confidentiality and privacy issues will be discussed in depth by leading experts in health care law and EDI. 4. THE USES OF ESCROW IN ELECTRONIC COMMERCE The scope of escrow agents is much broader in electronic commerce than in the computer software industry. Escrow agents are increasingly being used to hold cryptographic keys associated with the privacy or authenticity of business transactions. This session will explain the world of escrow and how it can improve electronic commerce. The escrow implications of the Clinton Administration's "Clipper Capstone" proposal will also be addressed. Copies of escrow agreements will be distributed and discussed. SESSION 10: 15:20 - 16:50 ------------------------- 1. WHO OWNS THE STANDARDS, FUNCTIONALITY AND SYSTEMS? CHARTING A COURSE THROUGH COPYRIGHT ISSUES IN EDI This session evaluates the ownership, use, repudiation, licensing, and transfer of rights associated with the development and use of electronic trade standards in both paper and electronic form, nationally and internationally. Representatives from major standards making entities as well as "vocal" users of the standards will present the issues and a road map to the future. The extent to which companies can obtain or enforce proprietary rights in screen displays, data formats and similar working aspects of an EDI system will be considered. 2. RISK ANALYSIS IN ELECTRONIC TRADE Prior to decision making, an evaluation process occurs that determines the advantages and disadvantages of an investment decision. A piece of this process is sometimes known as "Risk Analysis." This session will review the process steps necessary to conduct an effective risk analysis for electronic trade and investments. The panel will explain the critical limitations of this process and how it is evolving to meet the needs of important applications. 3. JUDICIAL ELECTRONIC DATA INTERCHANGE ("JEDI") The current events, issues and projects associated with the development of EDI within the Judiciary will be discussed. The panelists will also review the procedural and evidentiary rules affecting JEDI, bankruptcy court JEDI, integration of JEDI with law office and judicial automation of justice in the future. The most noteworthy JEDI implementations throughout the world, as well as JEDI X12 transaction sets and UN/EDIFACT messages will be surveyed. 4. EDI TRANSLATION SOFTWARE CONTROL AND LEGAL CONSIDERATIONS As the heart of an EDI implementation, the adequacy of EDI translation software is increasingly important to the legal and control communities. This session will explain the important audit and security control features of EDI translation software and address concerns, pitfalls and remedial actions available to the purchaser of such software. REGISTRATION INFORMATION ------------------------ HOTEL & AIRLINE INFORMATION --------------------------- American Airlines is offering discounted air fares for the Worldwide Electronic Commerce Conference. Arrangements may be made by calling American Airlines at 1-800-433-1790 and referencing "Star" Code S1814P7. Continental Airlines is also providing discounted air travel for the Worldwide Electronic Commerce Conference. To make reservations, call 1-800-468-7022. Please reference Identification Code ZAB58. International travelers: please contact your local Continental phone number for specially discounted fares. For this conference, Continental Airlines has waived the need to stay over a Saturday night to obtain the lowest possible fare. The beautiful Waldorf-Astoria Hotel in the heart of New York City will be the sight of the Worldwide Electronic Commerce Conference. This prestigious internationally- acclaimed hotel provides the finest in accommodations and is offering a special room rate of $159 to all conference attendees. Reservations can be made by calling 1-212-355-3000. CONFERENCE HIGHLIGHTS --------------------- INTERNATIONAL SCOPE: Most conference sessions will include one or more persons from a country other than the United States, or one or more representatives from international organizations, to provide a diversity of perspectives and experiences. CONFERENCE PROCEEDINGS: Conference papers of all sessions will be bound and distributed to all participants. GROUP & STUDENT DISCOUNTS: Discounted registration fees will be offered to companies sending 3 or more individuals and to qualifying students. Call: 1- 214-516-4900 for more information. CONTINUING LEGAL EDUCATION: For information concerning C.L.E. points, call 1-214-516-4900. HOW TO REGISTER --------------- REGISTRATION FEE: $550 total conference registration fee. BY MAIL: Completed forms must be accompanied by a money order, check, or credit card number (American Express, MasterCard, or Visa). All checks should be made payable to Worldwide Electronic Commerce Conference, P.O. Box 743485, Dallas, Texas 75374, USA. BY FAX: Completed forms, when paying be credit card, may be faxed to 1-214-424-0562. BY PHONE: Call 1-214-516-4900 for payment by credit card or questions about the conference. BY E-MAIL: Worldwide Electronic Commerce can also be reached on Compuserve at 76520,3713. REGISTRATION FORM: ------------------ To register, please print out a copy of the form below, complete it by typing or printing the registration information and return one completed form with payment for each registration. Mail to P.O. Box 743485, Dallas, TX 75374, USA or Fax to: 1-214-424-0562. _____ I am registering for the Worldwide Electronic Commerce Conference (Total: $550) _____ I plan on attending one of the Pre-Conference Tutorial Sessions. (Select one below): _____ Electronic Trade Overview _____ Security & Audit Overview _____ General Counsel's Perspective _____ Electronic Commerce Policy A check is enclosed for $___________ -OR- Please bill my:___VISA ___MasterCard ___American Express Card No.______________________ Exp. Date_________________ Name on Card_____________________________________________ Signature________________________________________________ Registrant's Name________________________________________ Title____________________________________________________ Preferred First Name for Badge___________________________ Company / Organization___________________________________ MS / Dept._______________________________________________ Address__________________________________________________ City________________________ State______ Zip_____________ Telephone________________________ Fax____________________ Do You Require Special Handicapped Access? ____Yes ____No Will you be staying at the Waldorf? ____Yes ____No Final agenda subject to change, especially as the program expands and additional speakers are added. CANCELLATIONS must be received in writing and postmarked no later than December 22, 1993 to receive a 50% refund of the paid registration. No refunds will be issued after December 22, 1993, regardless of when the registration is received. NO SHOWS are liable for the entire conference fee. SPECIAL ARRANGEMENTS for the handicapped will be made if requested in advance. To make a request, contact the "Conference Coordinator" at 1-214-516-4900. From cman at caffeine.io.com Thu Nov 25 14:23:41 1993 From: cman at caffeine.io.com (Douglas Barnes) Date: Thu, 25 Nov 93 14:23:41 PST Subject: Multi-precision math in PGP Message-ID: <199311252206.QAA21043@caffeine.caffeine.io.com> Does anyone have pointers to articles, books, or online material that explains the multi-precision math that is provided in PGP? -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 447-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From nate at VIS.ColoState.EDU Thu Nov 25 19:08:42 1993 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Thu, 25 Nov 93 19:08:42 PST Subject: The History of Cypherpunks In-Reply-To: <9311250709.AA28957@longs.lance.colostate.edu> Message-ID: <9311260307.AA14263@vangogh.VIS.ColoState.EDU> -----BEGIN PGP SIGNED MESSAGE----- writes L. Detweiler: > >The top leadership has cloaked their effort to develop the cult >religion of pseudospoofing in the guise of `privacy for the masses' and >the `cryptographic revolution'. `pseudospoofing' and `pseudopools' are >the core aspects of their perverted religion. They *have* a secret >mailing list hidden from the public used to promote subversions and the >CA Conspiracy. They have written customized software for pseudospoofing >and style analysis for cyberspatial warfare across many lists. They >have built up an extensive international infrastructure of sites and >public access internet accounts for manipulation of the public through >the mailing list and elsewhere. They have corrupted DNS and SMTP >software. They have infiltrated many sensitive lists, such as `internet >mercantile protocols' and CERT lists, and derailed discussions with >public and private sabotage, and stolen sensitive confidential >information. They have molested me and many others (e.g. G.Spafford and > Um, the sheer volume of things that these horrible people have done is quite a bit more, me thinks, than such a small group of people could accomplish in such a small amount of time, unless some of them have a _lot_ of time on their hands. > >tick, tick, tick ... > Wasn't it the executioner that said this a few days ago? -- couldn't be, he was pseudospoofing ;-) - -- +-----------------------------------------------------------------------+ | Nate Sammons nate at VIS.ColoState.Edu (303) 491-1578 | | Colorado State University -- Computer Visualization Laboratory | +-----------------------------------------------------------------------+ From nate at VIS.ColoState.EDU Thu Nov 25 19:18:42 1993 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Thu, 25 Nov 93 19:18:42 PST Subject: LD's last flame of me Message-ID: <9311260317.AA14287@vangogh.VIS.ColoState.EDU> -----BEGIN PGP SIGNED MESSAGE----- CPs, I did not want to poin-blankly address some of the comments that LD made about me in his last post, but I feel it necessary. I won't say he's insane or deranged, since i know it does no good. I won't say that he is raving or frothing at the mouth, since it does no good either. I will say that I am doing my best to uphold what I believe in, and that I will not stand for the public slander of my name and reputation all across the net. If you want to slam me, L.Detweiler, please slam me in private email, since very few people put great weight on your post, at least not lately. - -nate sammons - -- +-----------------------------------------------------------------------+ | Nate Sammons nate at VIS.ColoState.Edu (303) 491-1578 | | Colorado State University -- Computer Visualization Laboratory | +-----------------------------------------------------------------------+ From jdwilson at gold.chem.hawaii.edu Thu Nov 25 21:23:45 1993 From: jdwilson at gold.chem.hawaii.edu (Jim Wilson VA) Date: Thu, 25 Nov 93 21:23:45 PST Subject: IEEE Article Speaks Out Against Clipper/Key Escrow Message-ID: <9311260521.AA04924@gold.chem.hawaii.edu> CP's: Check out IEEE Computer November 1993, V26,#11 pp 76-78, wherein the Com- mittee On Public Policy states, among other things, "Very serious consti- tutional questions exist. The government's key escrow initiative may violate the First, Fourth and Fifth Amendments of the US Bill of Rights" "Better methods already exist...Moreover, encryption software (including DES and RSA algorighms and the user-ready and popular Pretty Good Privacy secure message system) is freely downloadable from public networks around the world." "Reconsideration is in order. The administration should halt the intro- duction of its key escrow system and reconsider this half-baked scheme, which was hatched during the previous administration. And Congress should mandate a serious, open, public review of cryptography policy and its implication for society." Pretty clear statement of opinion from a body of IEEE, eh? -Jim From MJMISKI at macc.wisc.edu Thu Nov 25 23:08:45 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Thu, 25 Nov 93 23:08:45 PST Subject: Health Security Message-ID: <23112601070888@vms2.macc.wisc.edu> I realize that this is of marginal crypto import, but I need as much info as possible on Hospital Information Systems and security. Especially on CICS and AIX systems. Do any cryptographic protocols exist yet to protect huge interactive medical databases? Please send responses in mail. --Matt ______________________________________________________________________________ In defense of liberty, encrypt for all purposes, civil and professional. In defense of privacy, encrypt all correspondence, personal and professional. In defense of sanity, do not encrypt your dry cleaning invoice! ++++++++--------mjmiski at macc.wisc.edu (c)1993 From an12070 at anon.penet.fi Fri Nov 26 06:18:55 1993 From: an12070 at anon.penet.fi (The Executioner) Date: Fri, 26 Nov 93 06:18:55 PST Subject: Another Demon Message-ID: <9311261416.AA05439@anon.penet.fi> Who is zeek at io.com? ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From mkirwin at magnus.acs.ohio-state.edu Fri Nov 26 07:43:56 1993 From: mkirwin at magnus.acs.ohio-state.edu (Michael J Kirwin) Date: Fri, 26 Nov 93 07:43:56 PST Subject: BlackNet/Anon remail Message-ID: <199311261542.KAA13299@bottom.magnus.acs.ohio-state.edu> Hello 'Punks. I'm working on some Sociology/Psycology stuff and I was wondering if somone out there could give me some information on the BlackNet and Anonymous Remailers. Thanks, mkirwin at acs.ohio-state.edu From jdwilson at gold.chem.hawaii.edu Fri Nov 26 08:33:54 1993 From: jdwilson at gold.chem.hawaii.edu (Jim Wilson VA) Date: Fri, 26 Nov 93 08:33:54 PST Subject: Health Security In-Reply-To: <23112601070888@vms2.macc.wisc.edu> Message-ID: <9311261629.AA05385@gold.chem.hawaii.edu> > > I realize that this is of marginal crypto import, but I need as much info > as possible on Hospital Information Systems and security. Especially > on CICS and AIX systems. Do any cryptographic protocols exist yet to > protect huge interactive medical databases? > > Please send responses in mail. > > --Matt > ______________________________________________________________________________ > In defense of liberty, encrypt for all purposes, civil and professional. > In defense of privacy, encrypt all correspondence, personal and professional. > In defense of sanity, do not encrypt your dry cleaning invoice! > > ++++++++--------mjmiski at macc.wisc.edu (c)1993 > What specifically are you asking about? Are you talking about encrypted password protection or encryption of part or all of the databases? -Jim From gtoal at an-teallach.com Fri Nov 26 10:23:55 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 26 Nov 93 10:23:55 PST Subject: Health Security Message-ID: <10699@an-teallach.com> In article <9311261629.AA05385 at gold.chem.hawaii.edu> you write: >> I realize that this is of marginal crypto import, but I need as much info >> as possible on Hospital Information Systems and security. Especially >> on CICS and AIX systems. Do any cryptographic protocols exist yet to >> protect huge interactive medical databases? >What specifically are you asking about? Are you talking about encrypted >password protection or encryption of part or all of the databases? The company I work for does a lot of work with HISS systems. We've been told to develop a system to display selected data from a HISS on PCs for use by hospital staff. (Possibly off the premises). We asked about security and encryption, and were told we could leave all the patient data in clear but to encrypt the file containing the names and the correspondence between those names and patient data. I don't think this is sufficient - I'm sure anyone getting the data could work out who it was about from all sorts of internal detail - but that's all the UK Health Service at least expects. We will, of course, be putting in a *considerable* deal more security than they mandate as minimum, because if patient data were to get out via one of our products, it would be no use saying 'but the NHS said that was all we needed to do' - not only would we be morally negligent, but it would do our company's public image no good at all. G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From m-sh8481 at granny.cs.nyu.edu Fri Nov 26 11:23:56 1993 From: m-sh8481 at granny.cs.nyu.edu (Singh Hardayal) Date: Fri, 26 Nov 93 11:23:56 PST Subject: remove me Message-ID: <9311261921.AA09462@granny.cs.nyu.edu> Dear Systems Admin Please rm me from the list. Shall be back later. It was fun to be on the list. --------Hardayal Singh From hfinney at shell.portal.com Fri Nov 26 11:30:15 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Fri, 26 Nov 93 11:30:15 PST Subject: PGP math library Message-ID: <9311261930.AA00750@jobe.shell.portal.com> Here's a little document I threw together this morning to describe the PGP multi-precision routines. After reading about Henry Strickland's work making TCL interfaces for various crypto functions, I've been putting together a similar interface for PGP's mp library. This is mostly to teach myself TCL. But I have developed some familiarity with PGP's mp library as a result, so here is some information that will hopefully be helpful. Hal -------------------------------------------------------------------------- PGP Multi-Precision Library Functions Nov 26, 1993 Overview ======== PGP contains a multiple-precision math library to implement its cryptographic functions. This library is largely self-contained and is suitable for use in other applications. PGP's library is quite portable, working on both big- and little- endian machines, as well as machines with both 16- and 32-bit integers. It can be compiled in a mode which relies only on C code, or it can be linked with an assembly language module customized for the particular target machine to provide higher speed. Assembly language modules ship with PGP for a variety of targets. The library uses fixed-size buffers for its calculations. This means there is a ceiling on the size of the numbers which can be used. This ceiling is determined at compile time, though, so special applications can build the library with large ceilings if desired. PGP's library and its source code in general is not public domain; it is copyrighted by Philip Zimmermann, reachable at . PGP is released under licensing terms which, I believe, allow use of the source code for non-commercial purposes. It would be a good idea to talk to Phil before using the code in any product destined for widespread release. The Library =========== PGP's mp library is largely contained in the module mpilib.c. This module requires mpilib.h, usuals.h, and platform.h when it compiles. The simplest use of mpilib is to link it with your application, compiling with -D flag(s) appropriate for your target machine. (More information on the choice of flags is below.) Any module which will use the mp functions should also include mpilib.h. All of these modules will also have to be compiled with the -D flag(s) used by mpilib.c. Compiling ========= Compiling mpilib.c and other modules which include mpilib.h requires the proper choice of -D flags. The simplest case is if the target machine is one of the ones for which explicit defines exist in platform.h. In version 2.3a, these are: MSDOS, VMS, VAXC, mips, i386, sparc, mc68000, mc68020. In each of these cases, an assembly-language module exists in the PGP distribution to implement selected mp functions. If you have one of these targets, add a -D flag for the symbol from the above list to your compile command line. For example, on an MS-DOS machine, add -DMSDOS to the command line. (Actually, in most cases these symbols will be automatically defined by the target's compiler or pre-processor. But it doesn't hurt to define them explicitly.) Then you should also assemble the corresponding assembly language file. For MS-DOS it is 8086.asm; the proper choice for the other targets should be obvious from the filenames. Link the assembly language object module along with mpilib's object module into your application. If you don't have one of these targets, mpilib.c can be built in a "portable" mode which will implement all functions in C. To do this, define -DPORTABLE and -DMPORTABLE on the command line. In addition, if you are on a big-endian machine (such as a sparc or 68000-based machine), you must define -DHIGHFIRST as well. Little-endian machines don't need an explicit define for endianness. In portable mode, PGP will default to 16-bit units. If your target has 32-bit ints, you can define -DUNIT32 to get considerably more efficient code. Remember that these defines must be added to all modules which include mpilib.h, in addition to mpilib.c. (Note: in the PGP makefile you may also see other defines, -DDYN_ALLOC and -DSMALL_MEM. These are not relevant to the mp library and are not necessary for this application.) **** VERY IMPORTANT NOTE **** PGP has many alternate forms of multiple-precision multiplication and division; the appropriate one is chosen based on your particular machine. The default choice is SMITH, because that is usually the fastest. However, the SMITH algorithm has the deficiency that it does not (in version 2.3a) work correctly for small numbers. (This is not a problem for PGP because it works with large numbers of hundreds of bits. But for a general-purpose library it is not adequate.) A better choice is UPTON for the purposes of a general-purpose library. You should edit mpilib.h to have it define UPTON instead of SMITH for your particular target architecture if you are using one of the pre-defined targets. If you are building with -DPORTABLE, you can either edit mpilib.h to change the default choice, or you can define -DUPTON on the command line. Using the Library ================= Before use, the MP library must be initialized. Presently the only initialization needed is to set the precision value, which tells how many "units" (a unit is typically an int on the target machine) long the fixed-size mp buffers are. This is done by calling: set_precision (MAX_UNIT_PRECISION); To use the mp library, include mpilib.h in your module. Multi-precision variables should be declared as follows: unit temp[MAX_UNIT_PRECISION]; This declares a variable "temp" suitable for holding a multi-precision value. I like to do: typedef unit unitarr[MAX_UNIT_PRECISION]; unitarr temp; which has the same effect. MP variables may either be declared locally or as global variables as with other types of C variables. PGP's mp library functions need to be called with the address of a mp variable. Since mp variables are declared as arrays in C, this means you can just pass the variable name. For example, to add x2 to x1, you could do: unitarr x1, x2; mp_add (x1, x2); mpilib.h defines unitptr as a pointer to a unit. If you write functions which take MP values as parameters these should be declared as unitptr's. For example, a function to add three numbers and return a result might be: void mp_add3 (unitptr rslt, unitptr arg1, unitptr arg2, unitptr arg3) { mp_move (rslt, arg1); mp_add (rslt, arg2); mp_add (rslt, arg3); } Make sure you don't make the mistake of declaring a local and global variables as unitptrs and passing them to mp functions. You need to allocate space for them by declaring them as unit arrays. Library Functions ================= Most of the library functions are conceptually simple. The one exception is modular multiplication. This performs the function A*B mod M. PGP requires this to be done via two calls. First you tell it the modulus M with the stage_modulus call. Then you do the multiplication with mp_modmult. This is code to do rslt = arg1*arg2 mod m: unitarr rslt, arg1, arg2, m; stage_modulus (m); mp_modmult(rslt, arg1, arg2); If you are doing a series of multiplications with the same modulus you can call stage_modulus just once and then call mp_modmult repeatedly. Be aware that mp_modexp calls stage_modulus internally so that function will overwrite the saved modulus value. PGP is missing a few functions that you would expect. It does not have modular addition and subtraction. These should basically do A+B and then test for the range 0..(M-1), and if out of range add or subtract M once to bring it back into range. Perhaps these will be added to a future version of PGP. Some mp functions have parameters that are both inputs and outputs (e.g. mp_inc(r) increments r). In other cases, though, the inputs are separate from the outputs. In those cases you should not pass the same variable as both an input and an output parameter. For example, you should not do mp_mult (a, a, b) to get a *= b, because a is being used as both an input and an output parameter. Instead, you should do mp_mult (temp, a, b) and then mp_move (a, temp). Here are some useful PGP mpilib functions and what they do. The MP numbers are r, r1, r2, etc; non-MP integers are i, j, etc. Non-modular MP functions: mp_move(r1,r2) r1 = r2 mp_add(r1,r2) r1 += r2 mp_sub(r1,r2) r1 -= r2 mp_compare(r1,r2) -1,0,or 1 depending on (r1r2) mp_mult(r1,r2,r3) r1 = r2 * r3; mp_udiv(rem,rquot,rdend,rdor) unsigned rdend/rdor;rem=remainder,rquot=quotient mp_div(rem,rquot,rdend,rdor) signed rdend/rdor; rem=remainder, rquot=quotient mp_mod(rem,rdend,rdor) rem = rdend % rdor (unsigned) mp_abs(r) r = absolute value of r mp_inc(r) r += 1 mp_dec(r) r -= 1 mp_neg(r) r = -r mp_square(r1,r2) r1 = r2 * r2 msub(r,r1) if (r>=r1) r -= r1 Modular mp functions: stage_modulus(rm) set rm as modulus for mp_modmult mp_modmult(rslt,r1,r2) rslt = r1 * r2 mod stage_modulus value mp_modsquare(r1,r2) r1 = r2 * r2 mod stage_modulus value mp_modexp(rslt,r1,r2,rm) rslt = (r1 to the power r2) mod rm MP/Integer interface functions: mp_init(r,i) mp value r = integer value i mp_burn(r) r = 0 (for erasing sensitive data in memory) testeq(r,i) True if mp value r == integer value i testne(r,i) True if mp value r != integer value i testge(r,i) True if mp value r >= integer value i testle(r,i) True if mp value r <= integer value i significance(r) returns number of significant units in r mp_shortdiv(rquot,rdend,i) rdend/i; rquot=quotient, returns int remainder mp_shortmod(rdend,i) returns rdend % i (unsigned) I/O of MP Values ================ The PGP module mpiio.c has some routines for I/O of mp values. This module includes pgp.h (which includes a lot more files) but that is not really necessary. I advise commenting out the include of pgp.h in that module. Then you will only need to add mpiio.c and mpiio.h to your program directory. To get access to the more general I/O functions in mpiio.c you must compile it with -DDEBUG. This will allow you to call: str2reg(r,str) Convert string str to mp value r The string passed to str2reg will be assumed to be in decimal. To pass a hex string it must end in 'h'; binary strings should end in 'b', and octal strings in 'o'. Decimal strings may optionally end in '.'. (These terminating characters could be added by a pass before str2reg is called if you don't want to require them from the user or file.) display_in_base(str,r,irad) Display string r in base irad, preceded by str This will print mp value r on standard out, using base irad. It will precede it by the string str. mp_display(str,r) Display string r in hex, preceded by str This always displays in hex, and is somewhat faster than display_in_base. One function which is lacking is something to convert an mp value to a string in memory. display_in_base and mp_display always write to standard output. These routines can be fairly easily modified to output to an incrementing pointer (*bp++) to get this effect if necessary. Other PGP MP Functions ====================== The module genprime.c has several useful mp functions. Unfortunately, since the focus of this module is generating PGP random keys, it has links to other parts of PGP, such as the random number generation. It is probably best to extract source routines from this module on a selective basis. Among the routines which would be of general use are: mp_gcd(rslt,r1,r2) rslt = greatest common divisor of r1 and r2 mp_inv(rslt,r1,r2) Compute rslt such that rslt*r1 mod r2 is 1 nextprime(r) Finds the next prime above r, returns in r slowtest(r) True if r is a probable prime primetest(r) Sieve then slowtest r, true if probable prime nextprime is fast, using a combination of sieving and probabilistic primality testing. It is what is used by PGP for its RSA key generation. slowtest is used by nextprime; it applies the Fermat test with the first four primes as test values. primetest first checks r against a list of small primes for divisibility, then calls slowtest to test it. There are also some other calls in mpilib.c which I did not document above. They are somewhat lower-level, mostly, but they might be useful for some purposes. A little study of the code will reveal these routines. From an52436 at anon.penet.fi Fri Nov 26 12:38:56 1993 From: an52436 at anon.penet.fi (Mephisto) Date: Fri, 26 Nov 93 12:38:56 PST Subject: Comments on NSA (was: "Pyrrhus Cracks RSA?") Message-ID: <9311262038.AA27804@anon.penet.fi> Well, doesn't it make some sense given the utility of prime numbers in cryptography, that the NSA, or anyone else interested in breaking codes for that matter, would have simply dedicated a computer or two to the long-term project of determining all of the prime numbers under x bits long? Granted this would take a while, but the NSA has the time, the computers, and the other resources necessary to do this. Having all of these prime numbers would greatly reduce the effort necessary to crack PGP/RSA-type cryptosystems which rely on prime numbers. It would reduce the number of factors a brute-force attack would have to check dramatically. Or am I completely off-base? Mephisto ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From a2 at ah.com Fri Nov 26 14:53:56 1993 From: a2 at ah.com (Arthur Abraham) Date: Fri, 26 Nov 93 14:53:56 PST Subject: Clipper update Message-ID: <9311262245.AA01665@ah.com> From: _Electronic Engeering Times_ 22-nov-93 U.S. weights Clipper chip alternatives by GEorge Leopold Washington -- The clinton administration is readying a new encryption policy that could help defuse industry opposion to introduction of the government developed Clipper chip by embracing commercial technologies as alterntives for netword security, according to government and industry sources. A National Security Council panel lead by George Tenet, psecial presidential assistant for intelligence programs, is completing a broad review of government encryption policy with an eye toward empolying the Clipper chip, as well as commercial alternatives, to ensure privacy and security on public networks. Those would include the proposed electronic superhighway, or National Information Infrastructure (NII). Tenet could not be reached for comment on the review's status, but a U.S. official said last week the results of the seven-month National Security Council policy review will be announced soon. The Clipper chip, backed by the National Security Agency and proposed by the Clinton administration in April as a new data-encryption standard, is widely viewed by industry critics as a fait accompli, since the spy agency wants to use it to protect intelligence data. Asked in an interview last Monday whether the policy review would result in modification of the Clipper chip proposal, Micheal Nelson, special assistant for information technology in the White House Office of Science and Technology Policy, acknowledged the need to consider other encryption technologies for network security, including software solutions. He also said the government should have sought greater industry participation before proposing the Clipper chip. "Clipper is not a sliver bullet, it's not even a brass bullet," Nelson said, "It's only one approach." He added, "If we don't address these [network security] issues, people won't use the NII." Nelson said last week the National Security Council review was designed to bring industry and Congress into the process of looking for commercial solutions, besides Clipper, to the network-security issue. Industry groups said last week they have contributed to the review, which began shortly after Clipper was proposed. The review is expected to result in a decision on how to implement Clipper. A decision on how to proceed with the Clipper proposal was scheduled for Sept. 1 but was delay in response to a recommendation from a private-sector advisory group to the Commerce Department. Clipper, which scrambles telephone conversatinos using an encryption algorithm called Skipjack, is at the heart of an adminstration initiative annoumced in April on secure telecom networks and wireless communication links. Forced to balance the interests of campanies and private citizens with nation-security needs, President Clinton ordered a comprehensive review of U.S. encruytion policy addressing: * Privacy, including the need for voice and data encryption to protect proprietary business data. * The ability of federal law-enforcement officials to tap phones and computers. * The employment of modern technology to build the NII, including encryption technology needed to protect proprietary information transmitted over the information superhighway. * The need for American companies to build and export high-technology products to boost U.S. competitiveness. U.S. companies may offer encryption as a feature in software sold in the United States, but are prohibited from including encryption software in commercial software exports. Proponents of decontrolling encrypted software argue that restrictions are useless because encryption technology is widely available (see Oct. 18, page 18). Acknowledging industry's concerns, the initiative also includes creation of a key-escrow system to ensure the Cliper chip would be used to protect privacy. (A Commerce Department official said last week the government has dropped the Clipper moniker, referring to it instead as the "key- escrow chip," out of convern for possible trademark infringement.) Devices incorporation the chip would have two unique software keys government investigators would need to decode encoded messages. TWo key-escrow data banks would be overseen by a pair of independent agencies designated by the Justice Department and the White House. A decision on which agencies will oversee the detabases has not been made, Commerce spokeswoman Anne Enright Shepherd said last Wednesday. According ot a White House statement announcing the encryption policy, "We need the Clipper chip and other approaches that can both provide law-abiding citizens with access to the encryption they need and prevent criminals from using it to hide their illegal activities." Despite the administration's insistence that Clipper and the rest of the encryption policy are voluntary efforts, many U.S. high-tech companies have opposed it (see June 21, page 28). Instead, they want policy makers to retain the ubiquitous federal Data Encryption Standard (DES) and use other public-key encryption technologies, such as RC-2 and RC-4. DES uses a 56-bit key while Clipper employs an 80-bit key. Clipper "was forced upon [the Clinton adminstration] before they had a chance to evaluate its impact," Bruce Heiman, a Washington attorney representing the Business Software Alliance, said last Tuesday. "NSA sold them a bill of goods." The policy review means "they realize that Clipper has problems... but they don't want to rule it out entirely," Heiman said, adding that industry would accpet Clipper as one alternative to network security only if it is part of a truly voluntary program that includes public-key encryption. From cman at caffeine.io.com Fri Nov 26 15:03:56 1993 From: cman at caffeine.io.com (Douglas Barnes) Date: Fri, 26 Nov 93 15:03:56 PST Subject: Comments on NSA (was: "Pyrrhus Cracks RSA?") In-Reply-To: <9311262038.AA27804@anon.penet.fi> Message-ID: <199311262246.QAA22199@caffeine.caffeine.io.com> > > Well, doesn't it make some sense given the utility of prime numbers in > cryptography, that the NSA, or anyone else interested in breaking codes for that > matter, would have simply dedicated a computer or two to the long-term project > of determining all of the prime numbers under x bits long? Granted this would > take a while, but the NSA has the time, the computers, and the other resources > necessary to do this. Having all of these prime numbers would greatly reduce > the effort necessary to crack PGP/RSA-type cryptosystems which rely on prime > numbers. It would reduce the number of factors a brute-force attack would > have to check dramatically. Or am I completely off-base? > > > Mephisto Quoting from the FAQ (Bruce Schneier's "Applied Cryptography") pp. 213: 1. If everyone needs prime numbers, won't we run out? No, Santa would never run out of prime numbers for all the good little boys and girls. In fact, there are over 10^150 primes of length 512 bits or less. (For numbers of size N, the probability that a random number is prime is one in log N.) There are only 10^84 atoms in the universe. [...] Go directly to your bookstore, do not pass GO, do not collect $200 (you only need about $50, including tax) and buy this book. -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 447-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From banisar at washofc.cpsr.org Fri Nov 26 15:19:29 1993 From: banisar at washofc.cpsr.org (banisar at washofc.cpsr.org) Date: Fri, 26 Nov 93 15:19:29 PST Subject: No Subject Message-ID: <<9311211818.AA21641@hacker2.cpsr.digex.net> cpsr.digex.net> Date: Sun, 21 Nov 1993 18:18:21 +0000 From: Dave Banisar To: Cypherpunks at toad.com Subject: HR 3627 Encryption Exports Removed Maria Cantwell 1st District, Washington 1520 Longworth Building Washington, DC 20515 202-225-6311 Congress of the United States House of Representatives Washington, DC 20515-4701 For Immediate Release For More Information November 23, 1993 Larry West (202) 225-6311 Cantwell Introduces "Encryption" bill to Expand Export Markets for US Computer and Software Companies US Rep. Maria Cantwell (D-WA) has introduced legislation to amend the Export Administration Act to allow US computer and software manufacturers to compete in an international market that could mean as much as $6 billion to $9 billion a year to American high-tech industries. Cantwell's bill would liberalize export controls on software that features encryption capabilities, which protect computer data against unauthorized disclosure, theft or alteration. As communications systems link more and more computers and telephones around the world, Cantwell said, businesses and indviduals are becoming more concerned about protecting the privacy of their electronic files, messages and transactions. She said the worldwide demand for cryptographic software, and computer systems that employ such software, is growing rapidly and American companies must be allowed to meet that demand. According to Cantwell, this legislation is needed to ensure that American companies do not lose critical international markets to foreign competitors, who operate with few export restrictions. Currently, more than 200 software and hardware products for text, file and data encryption are available from 20 foreign countries. "The Export Administration Act has erected a wall between American high-tech companies and their international customers -- it's time to lower the wall," Cantwell said. "Computer and software technology are among the most competitive fields in the world, and American companies are the clear leaders. To maintain that lead, American companies must be able to respond to worldwide consumer demand." Robert Holleyman, president of the Business Software Alliance, an association of America's nine leading software companies, applauded Cantwell for introducing the leigslation and said the bill would "assist US software companies and maintaining their competitive edge in international markets." Dr. Nathan Myhrvold, senior vice president for Advance Technology at Microsoft Corporation in Redmond, Washington, also praised Cantwell for her leadership on this issue. "The ability to include encryption features in software we sell worldwide is important to our remaining competititve in foreign markets," Myhrvold said. " We commend Rep. Cantwell for recognizing the importance of this issue to the American software industry." CANTWELL ON EXPORT CONTROLS/ ADD ONE Cantwell said current export controls that prohibit the export of American software programs that offer good encryption capabilities only make it harder for American companies to compete internationally. She said the regulations ignore the realities of today's post-Cold War global economy and the needs of one of this country's most innovative and successful industries. American software companies currently command a 75 percent worldwide market share, and many of those companies earn more than 50 percent of their annual revenues from exports, but Cantwell said that could change quickly. "The United States' export control system is broken and needs to be fixed," Cantwell said. "It was designed as a tool of the Cold War, to help America fight against enemies that no longer exist. If we continue to prevent American companies from meeting the worldwide demand for cryptographic software, America gains nothing -- but those companies stand to lose $6 billion and $9 billion a year." Paul Brainerd, CEO of Aldus in Seattle, said, "Rep. Cantwell's bill would liberalize outdated export controls, which are threatening the continued success of America's software companies in world markets. In order to remain competitive worldwide, American companies must be able to offer features -- like information security -- demanded by our customers and available from foreign companies." Cantwell said her legislation would not interfere with the government's ability to control exports to nations with terrorist tendencies (such as Iran, Libya and Syria) or other embargoed countries (such as Cuba and North Korea). On the other hand, she said, current export controls on American software do not prevent anyone from obtaining cryptographic software. "Much of this is ordinary shrink-wrapped software," Cantwell said, "the kind millions of people buy every day for their home and business computers at regular retail outlets. International consumers who cannot purchase American computer systems and software programs with encryption features don't do without, they just buy those products elsewhere. They are concerned with protecting their privacy and keeping their businesses secure." Cantwell said she is determined to bring the issue out from behind closed doors and into the light of public debate before the House Subcommittee on Economic Policy, Trade and Environment marks up the Export Administration Act early next year. She said she hopes her bill will encourage the Administration to act quickly to revise export controls on software -- perhaps before Congress reconvenes in late January. "The Administration is reviewing this issue, and I think they are interested in making the changes that will allow American companies to remain competitive," Cantwell said. "I would like nothing better than to come back to Congress after the recess and discover that the problem had been solved." ### AMERICAN COMPUTER COMPANIES MUST BE ALLOWED TO EXPORT SOFTWARE WITH ENCRYPTION CAPABILITIES _Introduction and Summary_ America's computer software and hardware companies, including such well-known companies as Apple, DEC, Hewlett-Packard, IBM, Lotus, Microsoft, Novell and Wordperfect, have been among the country's most internationally competitive firms earning more than one-half of their revenues from exports. Unfortunately, this vital American industry is directly threatened by unilateral U.S. Government export controls which prevent those companies from meeting worldwide user demand for software that includes encryption capabilities to protect computer data against unauthorized disclosure, theft or alteration. Legislative action is needed to ensure that American companies do not lose critical international markets to foreign software companies that operate without significant export restrictions. _The Problem_ With ready access to powerful, interconnected, computers, business and home users increasingly are relying on electronic information storage and transmissions to conduct their affairs. At the same time, computer users worldwide are demanding that computer software offer encryption capabilities to ensure that their data is secure and its integrity is maintained. Unfortunately, current unilateral U.S. "munitions" export controls administered by the National Security Agency and the State Department effectively prohibit the export of American software programs offering good encryption capabilities. Yet these unilateral U.S. controls are _not_ effective in restricting the availability of encryption abroad. More than 200 generally available, mass-market foreign commercial programs and products, as well as many programs available from the Internet, all offer good encryption. In addition, generally available software with encryption capabilities is sold within the U.S. at thousands of retail outlets, by mail and over the phone. These programs may be transferred abroad in minutes by anyone using a public telephone line and a computer modem. The only result of continued U.S. export controls is to threaten the continued preeminence of America's computer software and hardware companies in world markets. American software companies stand to lose between $6 and $9 billion in annual revenues from sales of generally available software. In addition, American hardware companies are losing hundreds of millions of dollars in computer system sales every year, because sales increasingly are dependent on the ability of a U.S. firm to offer encryption as a feature of an integrated customer solution involving hardware, software and services. _The Solution_ Legislation introduced by U.S. Rep. Maria Cantwell would ensure that exports of software with encryption capabilities would be controlled by the Secretary of Commerce as a commercial item and would be exportable. This legislation is strongly supported by the Business Software Alliance and the Industry Coalition on Technology Transfer. ----------------------------------------------------------------------- SECTION-BY-SECTION ANALYSIS OF CANTWELL BILL EXPORT CONTROL LIBERALIZATION FOR INFORMATION ECURITY PROGRAMS AND PRODUCTS _Section 1_ Section 1 amends the Export Administration Act by adding a new subsection that specifically addresses exports of computer hardware, software and technology for information security including encryption. The new subsection has three basic provisions: 1) It gives the Secretary of Commerce exclusive authority over the export of such programs and products except those which are specifically designed for military use, including command, control and intelligence applications or for deciphering encrypted information. 2) The Government is generally prohibited from requiring a validated export license for the export of generally available software (e.g. mass market commercial or public domain software) or computer hardware simply because it incorporates such software. Nevertheless, the Secretary will be able to continue controls on countries of terrorists (like Lybia, Syria and Iran) or other embargoed countries (like Cuba and North Korea) pursuant to the Trading With The Enemy Act os the International Emergency Economic Powers Act (except for instances where IEEPA is employed to extend EAA-based controls when the EAA is not in force). 3) The Secretary is required to grant validated licenses for exports of sotware to commercial users in any country to which exports of such software has been approved for use by foreign financial institutions. Importantly, the Secretary is not required to grant such export approvals if there is substantial evidence that the software will be diverted or modified for military or terrorists' end-use or re-exported without requisite authorization. _Section 2_ Section 2 provides definitions necessary for the proper implementation of the substantive provisions. For example, generally available software is offered for sale or licensed to the public without restriction and available through standard commercial channels of distribution; sold as is without further customization; and designed to be installed by the purchaser without additional assistance from the publisher. Computer hardware and computing devices are also defined. --------------------------------------------------------------------- 103D CONGRESS H.R. 3627 1ST SESSION --------------------------------------- IN THE HOUSE OF REPRESENTATIVES MS. CANTWELL (for herself and ___) introduced the following bill which was referred to the Committee on __________. --------------------------------------- A BILL To amend the Export Administration Act of 1979 with respect to the control of computers and related equipment. 1 Be it enacted by the Senate and House of Representa- 2 tives of the United States of America in Congress Assembled, 3 SECTION 1. GENERALLY AVAILABLE SOFTWARE 4 Section 17 of the Export Administration Act of 1979 5 (50 U.S.C. App. 2416) is amended by adding at the end 6 thereof the following new subsection: 7 ``(g) COMPUTERS AND RELATED EQUIPMENT.--- 8 ``(1) GENERAL RULE.---Subject to paragraphs 9 (2) and (3), the Secretary shall have exclusive au- 2 1 thority to control exports of all computer hardware, 2 software and technology for information security 3 (including encryption), except that which is specifi- 4 cally designed or modified for military use, including 5 command, control and intelligence applications. 6 ``(2) ITEMS NOT REQUIRING LICENSES.---No 7 validated license may be required, except pursuant 8 to the Trading With The Enemy Act or the Inter- 9 national Emergency Economic Powers Act (but only 10 to the extent that the authority of such act is not 11 exercised to extend controls imposed under this act), 12 for the export or reexport of--- 13 ``(A) any software, including software with 14 encryption capabilities, that is--- 15 ``(i) generally available, as is, and is 16 designed for installation by the purchaser; 17 or 18 ``(ii) in the public domain or publicly 19 available because it is generally accessible 20 to the interested public in any form; or 21 ``(B) any computing device soley because 22 it incorporates or employs in any form software 23 (including software with encryption capabilities) 24 exempted from any requirement for a validated 25 license under subparagraph (A). 3 1 ``(3) SOFTWARE WITH ENCRYPTION CAPABILI- 2 TIES.---The Secretary shall authorize the export or 3 reexport of software with encryption capabilities for 4 nonmilitary end-uses in any country to which ex- 5 ports of software of similar capability are permitted 6 for use by financial institutions not controlled in fact 7 by United States persons, unless there is substantial 8 evidence that such software will be--- 9 ``(A) diverted to a military end-use or an 10 end-use supporting international terrorism; 11 ``(B) modified for military or terrorist end- 12 use; or 13 ``(C) reexported without requisite United 14 States authorization. 15 ``(4) DEFINITIONS.---As used in this 16 subsection--- 17 ``(A) the term `generally available' means, 18 in the case of software (including software with 19 encryption capabilities), software that is offered 20 for sale, license, or transfer to any person with- 21 out restriction through any commercial means, 22 including, but not limited to, over-the-counter 23 retail sales, mail order transactions, phone 24 order transactions, electronic distribution, or 25 sale on approval; 4 1 ``(B) the term `as is' means, in the case of 2 software (including software with encryption ca- 3 pabilities), a software program that is not de- 4 signed, developed, or tailored by the software 5 company for specific purchasers, except that 6 such purchasers may supply certain installation 7 parameters needed by the software program to 8 function properly with the purchaser's system 9 and may customize the software program by 10 choosing among options contained in the soft- 11 ware program; 12 ``(C) the term `is designed for installation 13 by the purchaser' means, in the case of soft- 14 ware (including software with encryption capa- 15 bilities)--- 16 ``(i) the software company intends for 17 the purchaser (including any licensee or 18 transferee), who may not be the actual 19 program user, to install the software pro- 20 gram on a computing device and has sup- 21 plied the necessary instructions to do so, 22 except that the company may also provide 23 telephone help line services for software in- 24 stallation, electronic transmission, or basic 25 operations; and--- 5 1 ``(ii) that the software program is de- 2 signed for installation by the purchaser 3 without further substantial support by the 4 supplier; 5 ``(D) the term `computing device' means a 6 device which incorporates one or more 7 microprocessor-based central processing units 8 that can accept, store, process or provide out- 9 put of data; and 10 ``(E) the term `computer hardware', when 11 used in conjunction with information security, 12 includes, but is not limited to, computer sys- 13 tems, equipment, application-specific assem- 14 blies, modules and integrated circuits.'' From mccoy at ccwf.cc.utexas.edu Fri Nov 26 15:28:56 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Fri, 26 Nov 93 15:28:56 PST Subject: Another Demon In-Reply-To: <9311261416.AA05439@anon.penet.fi> Message-ID: <199311262327.AA04880@tramp.cc.utexas.edu> an12070 at anon.penet.fi (The Executioner) [aka L.D.] writes: > > Who is zeek at io.com? Sigh. Well, I don't think Kevin would mind me vouching for his existence. Try fingering zeek at bongo.cc.utexas.edu, then asking directory assistence in Austin for Kevin's phone number and calling him up... jim From 72114.1712 at CompuServe.COM Fri Nov 26 17:53:56 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Fri, 26 Nov 93 17:53:56 PST Subject: THE DETWEILER PLEDGE Message-ID: <931127014946_72114.1712_FHF59-2@CompuServe.COM> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort at attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Punksters, I hereby take the following Pledge. Will you take it too? WHEREAS, Larry Detweiler has posted long and numerous messages to Cypherpunks under his own name and several pseudonyms, AND WHEREAS, over time, such messages have became more and more unintelligible, repetitive and/or threatening, AND WHEREAS, attempts to respond to such messages have resulted in ever increasing psychotic reactions from Detweiler, I, therefore, pledge never to read, nor respond to, posts written by Larry Detweiler, or his pseudonyms. Further, I pledge never to read, nor respond to, posts written in response to posts by Larry Detweiler, or to subjects raised by Larry Detweiler. I offer the above pledge in the hopes that such action, especially in concert with others on the Cypherpunks list, will deprive Larry Detweiler of an audience and thus result in his voluntarily withdrawal from this forum. S a n d y S a n d f o r t >>>>>> Please send e-mail to: ssandfort at attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From 72114.1712 at CompuServe.COM Fri Nov 26 17:54:30 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Fri, 26 Nov 93 17:54:30 PST Subject: ANOTHER FAVORABLE ARTICLE Message-ID: <931127014929_72114.1712_FHF59-1@CompuServe.COM> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort at attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Punksters, Strong encryption got another boost from the hard money crowd. The newsletter, /Strategic Investment/ featured an article called, "Escape to Cypherspace [sic]: The Information Revolution and the demise of the income tax." It was written by James Bennett who is the "Technology Editor of /Strategic Investment/ and is writing a book on nanotechnology for the M.I.T. Press. Here is the first paragraph: Readers of /Strategic Investment/ are already aware of the crucial role of the microchip in eroding the power of governments over their citizens. Recent developments herald an expansion of this role that promises to dwarf the effects seen to date. Just as atomic theory was seen as an arcane interest in 1939, so this development, known as public-key encryption, is now familiar only to a handful of academics. Yet in the coming decade, it may create consequences which change the life of everyone on the planet even more than the atomic bomb. Following this was some history and theory of public key. He had several nice paragraphs about PGP, the Clipper chip and the united front put up by "hackers and mainstream communications and computer companies" in opposing the Clipper. He explicitly mentions (and approves of) the threat offshore banks using encryption technology pose to taxing authorities. At one point he writes: This development [cypherspace commerce] will accelerate rapidly existing trends towards breakdown of large institutions and hierarchical structures. Governments will have much of their revenue base undercut--and any attempt to tighten the screws on taxpayers will just increase the escape to Cypherspace. But he later opines: Some observers of this trend predict a coming "crypto- anarchy" where governments fall apart entirely under the pressure of anonymous communication. This is not likely. Governments have shown an amazing adaptability over the millennia as they adjust to developments such as large-scale slavery, feudalism, gunpowder and industrialization. Quite a favorable article, over all. S a n d y >>>>>> Please send e-mail to: ssandfort at attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From hfinney at shell.portal.com Fri Nov 26 19:13:59 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Fri, 26 Nov 93 19:13:59 PST Subject: META: Filter Detweiler Message-ID: <9311270312.AA15108@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- It appears to me that Detweiler is not receiving the list; for example, he apparently didn't see the posting giving the names of officials at his university until it was forwarded to him several days later. I would favor adding a filter preventing Detweiler's messages from appearing on the list. I know that this is a big step to take but his messages have become so deranged that they have, IMO, no redeeming value. Whatever validity his original points may have had (and I do think there was a kernel of a valid point there), his mental state is such that his postings are now worthless. I know that I can easily filter his messages myself, but it still wastes list bandwidth and, worse, distracts people's attention from other, more worthwhile, posts. By lowering the quality of the list as a whole Detweiler discourages people from subscribing. New subscribers may take his rants as typical of what we discuss here. We are all harmed by having people who could make a contribution leave the list, or be distracted by Detweiler's messages and the responses to him. Unless others strongly disagree, I urge Eric to install software to eliminate Detweiler's postings. I believe the evidence is strong enough that the anon.penet.fi account nicknamed "S.Boxx" is actually a Detweiler pseudonym that it should be filtered as well. If other pseudonyms appear I suppose we would have to consider them on a case by case basis. In order to conserve list bandwidth, let's try to avoid "me, too" postings. If you disagree, it's worth discussing, IMO, but if you agree I'd suggest that messages be sent directly to Eric at cypherpunks-request at toad.com or hughes at ah.com. Hal Finney hfinney at shell.portal.com -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLPaZZagTA69YIUw3AQHSnAP8Cbo7o6622IpA7HwY8lQAm6h66YE9wCrc rkCZK2F6KnVRvuTxXbotvdx/RxQZPtIwZa6SmU8H1H/d/SAQSB74bavDsrzJRl5I V5BNPmVL+zFSPZWgfXOQ8Apb3KTrtWmTyhXIgRbhJle3kyO5YJU2km50j98ZoN5d 2cPpzM0wHxA= =hgGz -----END PGP SIGNATURE----- From hfinney at shell.portal.com Fri Nov 26 19:15:44 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Fri, 26 Nov 93 19:15:44 PST Subject: META: Filter Detweiler Message-ID: <9311270315.AA15336@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- It appears to me that Detweiler is not receiving the list; for example, he apparently didn't see the posting giving the names of officials at his university until it was forwarded to him several days later. I would favor adding a filter preventing Detweiler's messages from appearing on the list. I know that this is a big step to take but his messages have become so deranged that they have, IMO, no redeeming value. Whatever validity his original points may have had (and I do think there was a kernel of a valid point there), his mental state is such that his postings are now worthless. I know that I can easily filter his messages myself, but it still wastes list bandwidth and, worse, distracts people's attention from other, more worthwhile, posts. By lowering the quality of the list as a whole Detweiler discourages people from subscribing. New subscribers may take his rants as typical of what we discuss here. We are all harmed by having people who could make a contribution leave the list, or be distracted by Detweiler's messages and the responses to him. Unless others strongly disagree, I urge Eric to install software to eliminate Detweiler's postings. I believe the evidence is strong enough that the anon.penet.fi account nicknamed "S.Boxx" is actually a Detweiler pseudonym that it should be filtered as well. If other pseudonyms appear I suppose we would have to consider them on a case by case basis. In order to conserve list bandwidth, let's try to avoid "me, too" postings. If you disagree, it's worth discussing, IMO, but if you agree I'd suggest that messages be sent directly to Eric at cypherpunks-request at toad.com or hughes at ah.com. Hal Finney hfinney at shell.portal.com -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLPaZZagTA69YIUw3AQHSnAP8Cbo7o6622IpA7HwY8lQAm6h66YE9wCrc rkCZK2F6KnVRvuTxXbotvdx/RxQZPtIwZa6SmU8H1H/d/SAQSB74bavDsrzJRl5I V5BNPmVL+zFSPZWgfXOQ8Apb3KTrtWmTyhXIgRbhJle3kyO5YJU2km50j98ZoN5d 2cPpzM0wHxA= =hgGz -----END PGP SIGNATURE----- From jersmit at temp.eis.calstate.edu Fri Nov 26 20:04:00 1993 From: jersmit at temp.eis.calstate.edu (Jeremy Smith) Date: Fri, 26 Nov 93 20:04:00 PST Subject: Telnet specs. Message-ID: I know this might not be the most appropriate list to post this to, but I need to know what ports Telnet uses for standard use. Mainly, I implemented the Telnet bouncer program that was posted here a while back, and when trying to connect to hosts that don't require a port number it still asks me for one. i.e., when I try to connect to archie.sura.net through the bouncer, it asks me for a port number. When I use my standard Telnet program it will connect with just archie.sura.net as the address. Does anybody know a site where I can find this info? Thanx in advance and my apologies for any waste of bandwidth! ----------------------------------------------------------------------------- Jeremy Smith -*jersmit at eis.calstate.edu*- My views are my own and nobody else can have them! ----------------------------------------------------------------------------- From ravage at wixer.bga.com Fri Nov 26 20:14:00 1993 From: ravage at wixer.bga.com (Jim choate) Date: Fri, 26 Nov 93 20:14:00 PST Subject: Banning any subscriber... Message-ID: <9311270401.AA12984@wixer> I am new to the list as well as the local Austin CypherPunks group and have high hopes of contributing to the ongoing discussion of crypto. I have been playing w/ PGP since it first came available and crypto in general for quiite a few years. I was really attracted by the sence of community as well as the reputation of the CypherPunks. However, with the latest news that 'we' are going to start banning individuals because they have nothing to contribute is something I personaly cant support. If you want free speech then you have to give it. If you personaay want to filter your mail (equivalent to changing the channel) that is fine, but to a priori filter posts from a individual is cencorship (no letting you discuss your subject at all). I personaly do not support such authoritorian actions and will dis-associate myself from the CypherPunks and will advise others not to associate either. This type of action is un- called for and has no business on this type of communication network. I advise all subscribers to this list to NOT support any action by any individual or group to carry this idea into action. This is not what CypherPunks or freedom is about. "Those who give up essential liberty to obtain security deserve neither liberty or security." Benjamin Franklin From greg at ideath.goldenbear.com Fri Nov 26 22:29:31 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Fri, 26 Nov 93 22:29:31 PST Subject: Filter to exclude Detweiler? Message-ID: I've personally come to the conclusion that it's no longer useful to (a) attempt to communicate with Detweiler, or (b) pay attention to what he writes. I am, however, opposed to source-filtering him at philosophical and practical levels. I think his bad craziness is evident enough from his postings that anyone paying much attention will conclude he's disconnected from external reality; it shouldn't take more than a few messages for folks to reach this conclusion. (I admit with some chagrin that it took more than a few for me to do that.) I think that source filtering is at least a close kin to censorship, and I'd vote to steer clear of it. I also think that attempting to source-filter him may lead to some sort of "identity arms race", via remailers, anon-servers, and the like. Such an arms race would be distracting, annoying, and lead to further wasted time, effort, and energy on the part of people who ought to have better things to do. :) I encourage folks to look into improving technology which would allow for destination-filtering, e.g., kill-files and their ilk. (Next-generation killfiles - ones which attempt some sort of textual interpretation/classification beyond headers - implemented at the destination point have the added benefit that the filter target can't easily deduce from the list traffic what algorithm/pattern is being used, and thereby avoid it.) For what it's worth, I write the above in spite of the fact that I don't have a kill-file in the reader-agent that I read C-punks with, and I pay for every minute of transmission time used to receive C-punks, including Detweiler's lengthy messages. -- Greg Broiles greg at goldenbear.com Baked, not fried. From jthomas at access.digex.net Fri Nov 26 23:24:00 1993 From: jthomas at access.digex.net (Joe Thomas) Date: Fri, 26 Nov 93 23:24:00 PST Subject: ANOTHER FAVORABLE ARTICLE In-Reply-To: <931127014929_72114.1712_FHF59-1@CompuServe.COM> Message-ID: On cypherpunks you wrote: > Punksters, > > Strong encryption got another boost from the hard money crowd. > The newsletter, /Strategic Investment/ featured an article > called, "Escape to Cypherspace [sic]: The Information Revolution > and the demise of the income tax." It was written by James > Bennett who is the "Technology Editor of /Strategic Investment/ > and is writing a book on nanotechnology for the M.I.T. Press. > > Here is the first paragraph: Could you give me a pointer for more info on this newsletter? Sounds like it's right around where I'm ending up philosophically... Also, I quietly took my unilateral Detweiler non-response pledge a couple weeks ago. I think he's getting bored with us, actually. Unfortunately, he's shown up on imp-interest... Thanks, Joe From beker at netcom.com Sat Nov 27 00:04:00 1993 From: beker at netcom.com (Brian Beker) Date: Sat, 27 Nov 93 00:04:00 PST Subject: Where the lonely wind blows next Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Here's something funny from an12070 that popped up in comp.org.eff.talk. I won't bother to forward it all, especially in view of all the recent talk of filtering this singular voice. The rest of it is in the news. Brian [Header's here for those of you who enjoy that kind of thing....] - From netcom.com!csus.edu!wupost!howland.reston.ans.net!pipex!sunic!trane.uninett.no!news.eunet.no!nuug!news.eunet.fi!anon.penet.fi Fri Nov 26 23:49:21 1993 Xref: netcom.com talk.politics.crypto:1348 alt.privacy:9824 alt.privacy.anon-server:345 news.admin.policy:7982 comp.org.eff.talk:22312 comp.admin.policy:4449 alt.conspiracy:37431 Message-ID: <071303Z27111993 at anon.penet.fi> Path: netcom.com!csus.edu!wupost!howland.reston.ans.net!pipex!sunic!trane.uninett.no!news.eunet.no!nuug!news.eunet.fi!anon.penet.fi Newsgroups: talk.politics.crypto,alt.privacy,alt.privacy.anon-server,news.admin.policy,comp.org.eff.talk,comp.admin.policy,alt.conspiracy From: an12070 at anon.penet.fi (The Executioner) X-Anonymously-To: talk.politics.crypto,alt.privacy,alt.privacy.anon-server,news.admin.policy,comp.org.eff.talk,comp.admin.policy,alt.conspiracy Organization: Anonymous contact service Reply-To: an12070 at anon.penet.fi Date: Sat, 27 Nov 1993 07:06:26 UTC Subject: CRYPTOANARCHIST INFILTRATION ALERT Lines: 61 ATTENTION ALL INTERNET PERSONNEL THE INTERNET OUTLET szabo at netcom.com HAS BEEN IDENTIFIED AS A CRYPTOANARCHIST CYBERSPACE INFILTRATION SITE TO A 93.67% DEGREE CERTAINTY VIA PSEUDOSPOOFING DETECTION SOFTWARE. MAIL, POSTS, AND OTHER EMANATIONS FROM THIS OUTLET ARE CONSIDERED LIKELY TO BE HIGHLY SUBVERSIVE AND DANGEROUS CRYPTOANARCHIST DISINFORMATION AND PROPAGANDA FROM ONE OR MORE CRYPTOANARCHIST CO-CONSPIRATORS. MULTIPLE SENSITIVE INTERNET MAILING LISTS, FAQS, AND FORUMS HAVE BEEN CONTAMINATED. [Many more caps deleted.] -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLPcI6SJejrfgN5yJAQF+RgP9F6cAs0B/Ors7uu2e9m+BP4Elmq0dkkcb VHoEMRwQJx8xHFE+iKlgf0M0Hrme65cYjK31+hj7C41DJNgY7eymYBCjtcEL8X1y ZNLnwMFGTIVXtMUUAd/XwbfqURyGCDihzwos08mHLh/NzBOgsyHzC0Vqkp5uYjmZ Q92oCyENEJk= =xwos -----END PGP SIGNATURE----- From tcmay at netcom.com Sat Nov 27 00:24:00 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 27 Nov 93 00:24:00 PST Subject: ANOTHER FAVORABLE ARTICLE In-Reply-To: Message-ID: <199311270823.AAA20536@mail.netcom.com> Joe Thomas wrote, responding to Sandy Sandfort's message: ... > > Strong encryption got another boost from the hard money crowd. > > The newsletter, /Strategic Investment/ featured an article > > called, "Escape to Cypherspace [sic]: The Information Revolution > > and the demise of the income tax." It was written by James > > Bennett who is the "Technology Editor of /Strategic Investment/ > > and is writing a book on nanotechnology for the M.I.T. Press. > > > > Here is the first paragraph: > > Could you give me a pointer for more info on this newsletter? Sounds like > it's right around where I'm ending up philosophically... I haven't seen this newsletter myself, though I knew Jim Bennett was writing up something along these lines. Jim attended our first physical Cypherpunks meeting, in the fall of 1992, and may even still be reading this list. (Jim?) Ironically, Jim was one of the folks who first heard about "crypto anarchy" in the summer of 1988, at the home of Phil Salin and Gayle Pergamit. I spoke to a group of around a dozen and got a good reaction. One of the listeners, Dave Ross, came up with the "anonymous escrow service," the escrow agent "Esther" who his mutually anonyous to both Alice and Bob, but who is motivated to be an honest broker by reason of this anonymity. (Simply, an escrow agent is interested in a continuing revenue stream set by reputaion...this is why most businesses "work" even when in most cases they could theoretically rip-off or "burn" their customers.) It's gratifying to now see the word spreading. Speaking of which, you should all be aware that the "Wired" piece on "Crypto Rebels" is available online from the "infobot" service at "Wired." To retrieve it, send a message to "infobot at wired.com" and in the _body_ of the message (which should be otherwise blank) include this line: GET 1.2/features/crypto-rebels There is a whole command set, and index of articles, available. I believe the simple messages HELP and INDEX are the ones you want. (P.S. I don't think case matters, so HELP or help should both work.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From an32951 at anon.penet.fi Sat Nov 27 00:45:21 1993 From: an32951 at anon.penet.fi (Coerr) Date: Sat, 27 Nov 93 00:45:21 PST Subject: Looking for Remailers Message-ID: <9311270844.AA07403@anon.penet.fi> I need a couple of good remailers. Can -- er, /would/ anybody point me in the general direction of one? Coerr ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From MIKEINGLE at delphi.com Sat Nov 27 01:19:33 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Sat, 27 Nov 93 01:19:33 PST Subject: The latest lunatic rant Message-ID: <01H5SP844JLU938CEQ@delphi.com> >Newsgroups: >talk.politics.crypto,alt.privacy,alt.privacy.anon-server, >news.admin.policy,comp.org.eff.talk,comp.admin.policy,alt.conspiracy >From: an12070 at anon.penet.fi (The Executioner) >Subject: CRYPTOANARCHIST INFILTRATION ALERT As you can see, this one was pretty widely distributed. While I agree that it would be nice if he stopped bugging us, at least everyone here knows he's nuts. The same cannot be said for all of these newsgroups. Several people (especially szabo) should post replies and explain that he has been flooding our list with similar ravings and death threats for months. Those who have received death threats from the an12070 address could also send mail to Julf about him. Death threats would certainly be considered "improper use." From wknotten at cs.uct.ac.za Sat Nov 27 02:24:07 1993 From: wknotten at cs.uct.ac.za (William Knottenbelt) Date: Sat, 27 Nov 93 02:24:07 PST Subject: cryptoanarchists? Message-ID: [start posting] From bart at netcom.com Sat Nov 27 02:44:05 1993 From: bart at netcom.com (Harry Bartholomew) Date: Sat, 27 Nov 93 02:44:05 PST Subject: The other side of LD Message-ID: <199311271042.CAA28624@mail.netcom.com> I never thought I be caught dead forward an LD post, but here it is since I may be the only 'punk on the NEW-LIST announcements. Here we see the other side. I am beginning to get a funny feeling about all this. Consider: 1. The book published for profit by editing the submissions to rec.humor.funny. 2. The recent "compilation copyright" filed by Keith Peterson on the material contained in the Simtel archive. 3. The default apparent public domain into which all our postings seem to fall. Is LD, the prolific author that he obviously is, merely baiting the creative minds of the cypherpunks to gather material for his forthcoming novel(s)? Bart /////////////////////////////////////////////////////////////// Forwarded message: > From @VM1.NODAK.EDU:owner-new-list at VM1.NODAK.EDU Fri Nov 26 11:02:02 1993 > Message-Id: <199311261901.LAA15086 at mail.netcom.com> > Date: Fri, 26 Nov 1993 12:47:04 CST > Reply-To: ld231782 at longs.lance.colostate.edu, julf at eunet.fi > Sender: NEW-LIST - New List Announcements > From: "L. Detweiler" > Subject: NEW: Cypherwonks > To: Multiple recipients of list NEW-LIST > > cypherwonks at lists.eunet.fi > > The brand new cypherwonks list on Majordomo at Lists.EUnet.fi is for > ambitious, energetic, can-do, hands-on individuals interested in > general cutting-edge `cyberspatial development' projects such as in > cryptography, digital cash, and `electronic democracy'. (A `wonk' is > slang for a `meticulous detail person'.) The list is both an informal > gathering place for the technically adept and also a focal point for > branching off into serious project coordination. We place a premium > on membership by technical professionals and try to hone our posts to > accommodate the busy (who, according to the adage, are those who get > all the serious work done). We are inspired by the Internet but > don't see it as ideal yet and are particularly interested in > cooperation, building prototypes, forging standards, and `long-term > incremental evolution' in our designs and goals. We're also > intensely interested in following and influencing the technological > and political developments of the emerging `national cyberspatial > infrastructure.' > > The list is *not* for political diatribes in the `radical > libertarian' agenda, e.g. rants against all forms of government as > oppressive, corrupt, or evil, or promoting the use of cryptographic > technologies for subversive activities like tax evasion, black > marketeering, or evading law enforcement. The list is *not* for > discussions of how to manipulate the honest through the use of > software technologies. The list is *not* for unconstructive > negativism against other's proposals. Above all, we are interested > in forging a `civilized cyberspace' out of the current `Internet > wilderness'. > > Historical note: the list was formed as a less ornery, more moderate > splinter group from the Cypherpunks by J.Helsingius (creator of the > popular anon.penet.fi anonymizing service) and L.Detweiler (author of > many FAQs including `Privacy & Anonymity on the Internet). > > To subscribe, send a message with the body > subscribe cypherwonks > to Majordomo at Lists.EUnet.fi. > > A more comprehensive charter is available with the command `info > cypherwonks' in the message body. > > To post, send a message to cypherwonks at lists.eunet.fi. > -- From szabo at netcom.com Sat Nov 27 03:34:06 1993 From: szabo at netcom.com (Nick Szabo) Date: Sat, 27 Nov 93 03:34:06 PST Subject: response to Detweiler/Boxx/ad nauseum Message-ID: <199311271130.DAA23032@mail.netcom.com> I'm really at a loss how to respond to this lunatic. I hope the following doesn't just stoke his boilers more, but on a worldwide public forum I don't think I can let something like that go unanswered. Anybody out there with good advice (legal, tactical, or otherwise), I'd greatly appreciate it. Here's what I wrote: Newsgroups: talk.politics.crypto,alt.privacy,alt.privacy.anon-server, news.admin.policy,comp.org.eff.talk,comp.admin.policy,alt.conspiracy Subject: Re: CRYPTOANARCHIST INFILTRATION ALERT References: <071303Z27111993 at anon.penet.fi> an12070 at anon.penet.fi (The Executioner) writes: >ATTENTION ALL INTERNET PERSONNEL >THE INTERNET OUTLET >szabo at netcom.com >HAS BEEN IDENTIFIED AS A CRYPTOANARCHIST CYBERSPACE INFILTRATION SITE >TO A 93.67% DEGREE CERTAINTY VIA PSEUDOSPOOFING DETECTION SOFTWARE. >.... Why Mr. Detweiler, that's mighty flattering of you! I'd be even more flattered by Detweiler's singling me out, if he wasn't also making death threats and accusations of criminal violations against several people who have recently disagreed with him, trying to track down our physical locations, and otherwise doing his best to scare the shit out of net users with his digital stalking. No, Mr. Detweiler, I'm not "pseudospoofing", but with nutcases like you on the net I sure as hell wish I was. Nick Szabo szabo at netcom.com From an12070 at anon.penet.fi Sat Nov 27 03:44:06 1993 From: an12070 at anon.penet.fi (The Executioner) Date: Sat, 27 Nov 93 03:44:06 PST Subject: A Clarification on My Loyalty and Allegiance Message-ID: <9311271140.AA04304@anon.penet.fi> Cypherpunks, I thought that the infamous L. Detweiler had stopped his posting, but it appears that he is back, and more neurotic than ever. I thought that it was the time for me to make another post relating to him, the list in general, and LD's obsession with pseudospoofing. OK, first, LD is pissing me off, as, I am sure, he is doing to many others out there in net.land. His raves are nothing if not persistant and ever increasingly long. I, being the founding member of the Colorado Cypherpunks, am not particularly prowd of him being affiliated with the group. I don't hate him, as some of teh others on this list apparently do, I just think he is a very persistant pest, a fly in the ointment. I think it is important to remember that in every movement there are fanatics, and in the best of intentions are those who would do harm while trying to crusade the good. I believe that Detweiler is one such person. He is experiencing some very serious problems with what he believes to be a concerted effort by some devilish cabal to warp and mung his brain through the rampant use of pseudospoofing. OK, fine if he believes that, I cannot keep him from thinking that some of us are emmisaries of Satan. I can, however, wish that he would leave me the hell alone and stop posting these long, drawn-out core dumps of his mangled psyche. I can ask him to stop his madness, though I know that it will only get me on his bad side, and possibly put me in physical danger (since I live in his vicinity, lucky me). I think that's enough on Detweiler himself, and I hope I don't have to talk about him anymore. On to pseudospoofing. I think that it exists, and that it's denial is just plain naive. The world is a non-friendly place, and there are dangers out there, and people who will exploit every aspect of the system to trick, decieve, and mangle others. This should not come as a shock to anyone on the list, since we are generally on (or close to) the cutting edge of new technologies and methods to use those technologies. I, myself have never participated in any kind of conspiracy with intent to confuse, nor have i ever posted under a name other than my own, and my anon.penet.fi identity. I have not posted as anyone that I am not, and have no intention to do so. I do not, however, object to the use of these technologies, or to the act of pseudospoofing. It cannot hope to be prevented, since there are always people out there who will figure out how to exploit the system to do their bidding. Yes, it's true, I am coming out in favor of pseudospoofing. I do not object to it's use, on the premise that it cannot be stopped, and it rarely does hard, aside from those (LD) whose minds are bent by the mere thought that it is happening. Enough of that. Now onto the list. I put some serious thought into dropping from the list for the past week or so, and I have decided _not_ to leave bacause sometime there are bits of information that I get from the list that are simply not available anywhere else. Some of the members of the list are, however, pissing me off. The list has degraded from a band of freedom fighters with things they cared about in jeopardy to a bunch of fucking children bickering over the most pathetic of things. I hope that the recent barrage of postings is not indicative of what is to come. If it is, then I may just reconsider and leave. I think that's all I have to say for now... I just wanted to let people know what I was thinking, and set the record straight if there are any members who think I am still on LD's side (which I was for quite some time). ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From an12070 at anon.penet.fi Sat Nov 27 04:04:07 1993 From: an12070 at anon.penet.fi (The Executioner) Date: Sat, 27 Nov 93 04:04:07 PST Subject: Ways to Die Message-ID: <9311271200.AA07846@anon.penet.fi> Many psychopunks, particularly T.C.May, E.Hughes, and D.Barnes, have been upset by my latest name variation, `The Executioner', supposing in their sweaty desperation at exposure for their crimes that it represents some kind of insinuated threat. Nothing could be further from the truth. The obvious meaning of `execute' in this context is `to carry out a plan', as in `execute a program,' as in `elicit the truth'. The connotation is completely harmless. I have no idea why anyone could construe it negatively, unless, as the saying goes, they have something to hide! Sorry, but I can't be responsible for tormented psyches and consciences in the face of Truth! I don't understand why these master pseudospoofers should be upset by a trivial name change. In fact, in the face of their own plethora of faces, it seems quite hypocritical! It would be like taking the words, `I'm going to come kill your family with a rusty razor blade' seriously. This idea of `execution' reminds me of historical cases of execution. There are very many variations. One of the best and my favorite is that by a lynch mob, led by a corrupt leader. The lucky criminals get hung, with their faces bulging around, and legs dangling below, a constricting, unremitting noose, sort of like a poisonous snake around the neck. `Brave New World' ends with a delightfully novel description of a hanging: NE, N, NE, N, NW, W, SW, ... (paraphrase!) I imagine that hanging is not a very bad way to die, of all the ways invented and experienced by man. Traitors were often hung by the noose in the Civil War, as I understand it, when our country turned in on itself in disunity. Who was it who was executed with the words, `I regret I have but one life to give to my country'? The infamous spy Benedict Arnold (who put on one face to the British, and another to the Americans, quite the ingenious pseudospoofer!) was hung, I understand. Other cases of execution, of course, are more grisly. We have the Inquisition to thank for some of the more hideous variations. I don't know if Poe's Pit and the Pendulum was ever really in use, but what a fantastic way to die! The shining, razor sharp blade gently swaying to and fro, hypnotically mesmerizing, swish, swosh, subtly, imperceptibly lower, approaching like a whisper in one's ear by Death. The victim in the tale faced anonymous black judges in a dark courtroom, as they handed down the sentence, described like a druglike stuporous hallucination. As I recall the protagonist in Poe's tale had his stomache glanced by the blade, dark red blood slowly oozing forth, but he was ingenious and saved himself by turning the vicious rats in the dungeon into a useful tool! Ah, what fantastic literary irony. The Pit and the Pendulum is a sort of mental and psychic torture. I wonder how many days the blade was descending over? The end could certainly not be as painful as compared with other physical torture devices, like the rack, used to elicit confessions. Who can forget that wacky human enclosure with spikes on the door? What amazing creativity. I've always been fascinated by the Guillotine in use during the French revolution. The doctor Guillotine was very humane and was tormented by the visions of humans who had a few moments of discomfort and displeasure ensuing after failing to perfectly align their necks with the executioner's blade. Of course, one swift and single CHOP! was ideal, but sometimes the executioner was drunk, or maybe his mask was in the way, and it took more than one CHOP! CHOP! CHOP! over a period of a few seconds to dispatch the soul on its merry journey. Guillotine invented his ingenious device, and executions were very rapidly improved in reliability and accuracy. This was very useful because all kinds of terrorists, counterrevolutionaries, and criminals had hidden themselves in the guise of the Victorious Revolution, and the public turned on itself after all the discredited leaders had been accounted for (in--what else?--a `head count'). The Guillotine was really unsurpassed in its efficiency at the time, a real technological marvel. I'm sure there were many people at the time who were quite impressed by it, and said that it was a fine piece of machinery, and that even though it could be put to evil uses, `Guillotines don't kill people, people kill people' and therefore no one should have any qualms about its existence and continued use, or safeguards and restrictions and regulations governing the authority of its operation by naive and unskilled unprofessionals, or even criminals, themselves ready amateur Executioners. One said, `yes, surprising as it sounds, I'm coming out in favor of the Guillotine.' The people got what they wanted. They weren't about to let some sinister, evil, oppressive government stand in their way of exercising their true glorious birthright freedoms, like killing each other. One of the things that really fascinates me is the possibility of cyberspatial-oriented murder. It seems to me that in a CryptoAnarchic society where there is no government or social order, things like hired assassins will be more readily hired, and certainly more abundant. What do you do when you are robbed or harassed? Call the police? Ha, ha, there are none of those annoying, meddlesome, timeconsuming and troublesome Social Justice Farces in our Private Utopia. Imagine the delight of hiring hitmen with completely untraceable cash, and communicating with them with Chaum style DC nets to describe the victim and pinpoint one's enemies for execution. That reminds me of the Focaultian idea that punishment and torture is related to the human body. The theory is, if you don't have a physical body, you can't experience pain. Some pseudospoofers in the psychopunk cult have suggested that they are unaccountable in this fashion -- pseudospoofing allows them to achieve a sort of godlike omnipresence and transcendance through their myriads of ephemeral identities. Actually, this philosophy appears to originate with one of the leaders and is a central tenet of their idolatry. The `fluidity of identity' exists in Cyberspace, to some extent, but all the pseudospoofers I know still have a real-world body that bleeds like any other, and all their tricky circumventions of its existence are no match for superior technology. That's The Truth! ``Any sufficiently evil machination is indistinguishable from murder.'' --S.Boxx ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From an12070 at anon.penet.fi Sat Nov 27 04:14:05 1993 From: an12070 at anon.penet.fi (The Psychopunk) Date: Sat, 27 Nov 93 04:14:05 PST Subject: Public Enemy #1 Message-ID: <9311271213.AA10005@anon.penet.fi> I don't know where all these slanderous accusations that I am L.Detweiler come from. I want to have absolutely nothing to do with that paranoid conspiracy theorist. People who are associating me with him are nothing but scurrilous hypocrites. You only allow anonymity so long as it doesn't threaten you personally! PseudoAnonymity that attacks the government through tax evasion and black marketeering is OK, but pseudoanonymity of L.Detweiler (who is really Hitler's grandson), who attacks the Cypherpunks, is Heretic Blasphemy, and he must be tracked down and punished! Why is it that no one bothers T.C.May about BlackNet or Deadbeat, anyway? I guess stealing information is a legitimate use of anonymity, but exposing corruption through whistleblowing is not. All of you who are so smugly certain that I am L.Detweiler, where do you get your insane fantasies? The only thing I can think of that would be objective and qualitative is the extensive style analysis software of E.Hughes, but it seems to me that would also show that he is posting pseudoanonymously under G.Broiles, and besides he's not really interested in sharing any of his software with anyone anyway, especially whatever helps him pseudospoof and detect it by others. However, I have many ideas on how to get even with L.Detweiler for his callous disregard for pseudospoofing. Imagine, the sheer arrogance of attacking our holy religion, and making our leaders look like pathetic fools for their deceptions! We are left trying to defend them with increasingly worthless tentacles. Y'know the ones that penetrated RISKS? They are *really* valuable, like N.Szabo, and he is on to them all. The man is an arrogant bastard for trying to prevent us from our joyous deceptions, perversions, and depravities. We have to make him pay. What can we do? One thing to do would be to slander him in public forums. I mean, he has done the tiniest smidgeon of CryptoAnarchic work, like that Anonymity FAQ (which was usefully infiltrated by quite a few of our pseudospoofed tentacles, including the eminent N.Szabo). But otherwise, he's just a self-important asshole like G.Spafford who has no life out of cyberspace. We should show no mercy. I propose that we mailbomb him some more beyond P.Metzger's feeble assault. And D.Barnes has not gone nearly far enough to root out his personal associates and friends and find any useful blackmail or other leverage, like his employer. E.Hughes and T.C.May can try harassing his postmaster some more. Maybe we can get the Holy Grail -- get him to lose his Internet account. Damn, that would be AWESOME. We wouldn't have to put up with any more of those slimy verbose FAQs. `Privacy and Anonymity' HAH. more like Pathetic Assholery. Here's an idea. I've been tampering with REMOBZ a lot lately and have gotten pretty good at it. I hear L.Detweiler was looking for a job awhile ago. (I stole his resume with a fake job advertisement in his mailbox as bait. Hee, hee! what a dickhead.) I am going to try to tap his home phone line and figure out what employers he has been talking to. I can rig it so that when they call his number, I spoof his answering machine (this is possible by recording his own message onto my own answering machine and redirecting the phone call). The employer records his message, `you have the job, report to work at 9:00 tomorrow' like nothing is wrong. But L.Detweiler never shows up! Hee,hee. And if he tries to find out what went wrong, he looks like a hallucinating drug user. `I never got your message on my answering machine!' Ah, a grand psychopunk prank in line with the best of the legendary K.Mitnik revenge techniques. (The master!) Here's another idea. We all know how much WetLiar admires that clueless NYT reporter Markoff -- you know the guy, the one who fell for our Big Movement facade hook line and sinker. (Hee, hee! Privacy for the Masses! The Cryptographic Revolution!) I propose that we infiltrate his system and impersonate Markoff's email to L.Detweiler. Unless it is for deception, it's not illegal! No problemo! L.Detweiler will go away crestfallen that his hero comes across as a clueless idiot in email. If he calls Markoff in desperation, we can do the old `redirect the phone call' trick and do our best Markoff imitation on the phone. Detweiler is such a clueless, trusting idiot that he won't know the difference. Hee, hee! I love poking holes in other people's delusions. The world is an ugly place, and it's about time that someone did a favor to L.Detweiler and taught him that. The asshole will learn what it means to tangle with Cypherpunks. OK, here's my best idea. You know his cutesy little mama's girl girlfriend, Sonia Applegate? The one that loves to cook him those big dinners when he gets home from a hard day of battling our beauteous tenacles? The one that he is going to marry next spring? (Thanks, BlackNet spies, for all your information, the checks are in the mail, also the REMOBZ wiretapping is also a really invaluable source.) I propose that we call her up and pose as a clinician from an AIDS testing clinic and tell her that L.Detweiler has AIDS and that he listed her as a sex partner. Regurgitate her all her personal information we found off the stolen credit records and then say, Yes, Ma'am, I'm sorry. You'll have to report to the clinic immediately for testing. Hee, hee! ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From rjc at gnu.ai.mit.edu Sat Nov 27 05:39:08 1993 From: rjc at gnu.ai.mit.edu (Ray) Date: Sat, 27 Nov 93 05:39:08 PST Subject: Secret sharing program available Message-ID: <9311271337.AA04964@albert.gnu.ai.mit.edu> [Note: I'm not subscribed so if you reply, remember to Cc: me] A few hours ago I was bored so I started experimenting with Shamir "threshold" sharing in G++. The result: Cryptosplit. It's a hacked up but working implementation of polynomial interpolation over an integer field of prime order. Basically, you can take an arbitrary integer, D, generate m keys, k of which are required to reconstruct the original integer. Its inner workings are very simple. Pick a random polynomial P(x) of degree (k-1) over Z_p with constant term D, and generate m 2-tuples (x, P(x)). These "keys" are output in the form x*p+y which can be reversed by the division algorithm. The interpolation process generates a k X k matrix of linear equations by plugging (x,y) into y=a_n*x_n + ... + a_1*x + 1*D and then solving by Gaussian elimination (upper triangular matrix. element k,k is the constant term D) Right now it's not very usable since you have to choose your own prime modulus > D (I was too lazy to write a prime generation routine. I just choose Mersenne primes of sufficient size) and because it only accepts base-ten input from the command line. It needs to be optimized a lot too. If anyone wants the source (especially if they want to fix it up), let me know. -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From an12070 at anon.penet.fi Fri Nov 26 23:06:26 1993 From: an12070 at anon.penet.fi (The Executioner) Date: Sat, 27 Nov 1993 07:06:26 UTC Subject: CRYPTOANARCHIST INFILTRATION ALERT Message-ID: <071303Z27111993@anon.penet.fi> ATTENTION ALL INTERNET PERSONNEL THE INTERNET OUTLET szabo at netcom.com HAS BEEN IDENTIFIED AS A CRYPTOANARCHIST CYBERSPACE INFILTRATION SITE TO A 93.67% DEGREE CERTAINTY VIA PSEUDOSPOOFING DETECTION SOFTWARE. MAIL, POSTS, AND OTHER EMANATIONS FROM THIS OUTLET ARE CONSIDERED LIKELY TO BE HIGHLY SUBVERSIVE AND DANGEROUS CRYPTOANARCHIST DISINFORMATION AND PROPAGANDA FROM ONE OR MORE CRYPTOANARCHIST CO-CONSPIRATORS. MULTIPLE SENSITIVE INTERNET MAILING LISTS, FAQS, AND FORUMS HAVE BEEN CONTAMINATED. INFORMATION ORIGINATING FROM THIS OUTLET IN THE FOLLOWING AREAS IS PARTICULARLY SUSPECT: - PROMOTION OF PSEUDOANONYMITY AND THE COLLECTION OF MULTIPLE FAKE CYBERSPACE IDENTITIES (MISTATED AS `PURE ANONYMITY') - PROMOTION OF UNTRACEABLE `BLACK' CASH AND RELATED CRYPTOGRAPHIC TECHNIQUES (PARTICULARLY CHAUMIAN) - FALSE REFERENCES AND DISINFORMATION ON THE ACTUAL `CRYPTOANARCHIST' AGENDA - PROMOTION OF THE `COLLAPSE OF GOVERNMENTS' - SUBTLE ANTI-DEMOCRACY GOALS AND ANTI-DEMOCRATIC SENTIMENTS - PROMOTION OF DISINFORMATION, PROPAGANDA, AND DECEPTION E.G. IN THE MEDIA - PROMOTION OF TAX EVASION - PROMOTION OF CRIMINAL EVASION OF IDENTITIFICATION MEASURES FOR E.G. BLACK MARKETEERING - ELEVATING AND PERPETUATING SUBVERSIONS OF IDENTITY E.G. PSEUDOSPOOFING AND PSEUDOPOOLS AS `LIBERATING FLUIDITY OF IDENTITY' ON THE INTERNET - PROMOTION OF ABUSE OF INFORMATION THROUGH E.G. LEAKS, BURGLARY, OR ESPIONAGE - FALSE DETAILS ON PERSONAL IDENTITY AND CORROBORATION OF THE EXISTENCE OF OTHER IDENTITIES - INFILTRATION, PROVOCATION, AND SABOTAGE OF MAILING LIST DISCUSSIONS OUTSIDE OF CHARTERS INTO THE `CRYPTOANARCHIST' AGENDA - PROMOTION OF OTHER FAKE IDENTITIES - PUBLIC AND PRIVATE ATTACKS ON REAL IDENTITIES EMPLOYING COUNTERMEASURES AGAINST THE CRYPTOANARCHIST MOVEMENT - MANIPULATION AND TERRORISM IN PRIVATE MAIL - COLLECTION OF SENSITIVE PRIVATE INFORMATION AND MAIL FROM COMMUNICATING `OUTSIDE' INDIVIDUALS INTERNET INDIVIDUALS AND ORGANIZATIONS ARE ADVISED TO EXAMINE AND PURGE ARCHIVES AND RECORDS OF ALL INFORMATION ORIGINATING FROM THIS OUTLET AS CRYPTOANARCHIST DISINFORMATION. ITEMS RECOVERED FROM THIS OUTLET SHOULD BE REPOSTED FOR PUBLIC EXPOSURE. QUESTIONS REGARDING THIS ADVISORY ALERT CAN BE ADDRESSED TO cypherpunks at toad.com BACKGROUND INFORMATION ON THE CRYPTOANARCHIST MOVEMENT IS AVAILABLE IN RISKS 15.25, 15.27, AND 15.28X, FTP CRVAX.SRI.COM DIRECTORY /RISKS: ADDITIONAL BULLETINS WILL BE ISSUED AS EVENTS WARRANT. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. [end posting] > BACKGROUND INFORMATION ON THE CRYPTOANARCHIST MOVEMENT IS AVAILABLE IN > RISKS 15.25, 15.27, AND 15.28X, FTP CRVAX.SRI.COM DIRECTORY /RISKS: well, i've looked on crvax.sri.com and there is no (at least not anonymously ftp'able) risk directory. what is a cryptoanarachist anyway? see you william From nowhere at bsu-cs.bsu.edu Sat Nov 27 07:09:13 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sat, 27 Nov 93 07:09:13 PST Subject: One man - One vote - One Program (another Boardwatch excerpt) Message-ID: <9311271509.AA26873@bsu-cs.bsu.edu> excerpted from: B O A R D W A T C H M A G A Z I N E Guide to the World of Online Services Editor: Jack Rickard Volume VII: Issue 11 ISSN:1054-2760 November 1993 ============== EDITORS' NOTES ============== One Man - One Vote - One Program The National Information Infrastructure: Agenda for Action document was released September 12 and made available to the online community in full ascii text form the same day. This document outlines the administration's blueprint for a future national data highway. We don't normally devote nine pages of Boardwatch to publishing government literature. But, while the document is easily available electronically, this will probably affect everyone online at some point or another. You will undoubtedly see it quoted and analyzed in coming months, but I'm going to guess the full text is not going to be carried widely in print. So we decided to run the whole thing - albeit as "the fine print." The NII Agenda is remarkable in that they did manage to assemble every cliche in the free world regarding online communications and actually pile them all into one document. As government detritus goes, it is actually quite readable. A persistent, if effete segment of the online community has campaigned for some time for government to "get involved" online. They parade across Washington in a continuous stream attempting to get our government to fund various notions of what they want the online world to look like. And in some areas, government participation in the online process has been productive. The National Science Foundation has devoted a relatively modest amount of public investment in the Internet and this money has leveraged a hundred times that much private investment in the technology. I agree, there is a role for government in the future network. But in the context of the other things this administration is trying to do, I originally approached this topic with some trepidation. These people have no moral qualms whatsoever in saying one thing and doing quite another. The concepts of truth and lies and right and wrong are foreign to their view of the way the world works. The action items regarding encryption and copyright law revision are worded innocently enough. Beneath those words I detect an agenda more in keeping with the current health care program proposal, the budget recently passed, a corps of youth working for the government, the addition of 50,000 police officers on a national basis, and an entire political agenda focused quite single mindedly on one thing - control of the population - at all levels and in areas American's just aren't accustomed to thinking of as something anyone would want to control. This document does refer to legislation that would open the local telephone loop to competition - a concept we first came out for in 1988. The legislation they refer to basically frees the local telephone companies to provide video, information, long distance services - it has little to do with competition in the local loop other than to provide these telephone companies precisely what they've been lobbying for - freedom to exploit their monopolies on the local line infrastructure. The players are cable tv companies and telephone companies. Six months ago telco U.S. West purchased 25% of Time Warner, and this past week, Bell Atlantic and TCI, the nation's largest cable company holding group, announced a complete merger. The standoff between cable companies and telephone companies is over - and there will be LESS competition, not more. The inside deal making all of this work is that the government becomes a "partner" in developing our telecommunications infrastructure - the "controlling" influence. The more pressing current concern is encryption and privacy. The administration rolled out the Clipper Chip proposal earlier this year as a toe in the water. Clinton apologists are quick to point out that this was a Bush administration proposal. Poppycock. There are thousands of proposals making the rounds in Washington in a continous cloud - the plankton of the political seascape. A relative handful ever see the light of day. This one, given little chance under the Bush administration, did under President Clinton. The Clipper Chip concept is a bit startling. Everyone gets to encrypt their data, and in fact are encouraged to do so - with the government holding the decryption keys. I can't separate the stupid from those accused of stupid here, so I'll just note that it was proposed, and is still pursued. But they do apparently feel it important that if anyone has any "secret stuff", the government should, as a matter of course, have access to it. You have no "right" to privacy - quite the contrary. In health care, before it is over, if you want health care coverage, it will only be available in ONE place - a government office. You will present yourself in person, along with a little basket of receipts showing you've paid your taxes, registered for the draft, the national service program, given blood, quit smoking, have exercised regularly, have your car insurance in order, your driver's license, social security receipt, and anything else necessary to "make us safe." And if all your papers are in order, and you pay the fees, you will receive a little plastic card allowing you to visit a doctor or clinic. George Orwell never had it so good. And I would fear this same socialist greed for control of our lives will be applied to the online community via this National Information Infrastructure. I would, but I don't, and I'm feeling particularly enchanted right now by why I don't. First, they can be counted on to be as buffoonish about it as possible given the laws of physics. Currently, the State Department is actually pursuing a lone Boulder programmer with a Grand Jury investigation of possible infraction of export controls - alleging that he illegally exported a data encryption program - Pretty Good Privacy. The farce is of course that he never left Boulder. He posted it on a couple of local Internet sites, and of course, within about 12 minutes it was all over the world. It allows anyone to encrypt e-mail messages in such a fashion that all the kings horses and all the kings men can't figure out what the hell you said in it on a bet. And this is the heartening jewel. The online world has always moved powerfully toward the least common denominator grass roots end of the electronic path. All things that have grown have grown DOWN toward the end user, not UP toward a central authority. The entire energy in the online explosion has been OUT and DOWN and many of the innovations have been to extend functionality to the least equipment, at the least cost, in a never ending quest for "free" and something I can run on my OWN computer. The natural conclusion of this will be instant worldwide communication from a handheld $4 pocket calculator. The Internet is fascinating in that it is a belief system that allows people to connect to a common backbone for communications. That was the part we needed. Something persuasively "in the middle." But it was ALL we needed. There are now 130 million personal computers out there. And some percentage of these people are Phil Zimmermanns. This one man, with one wee little Borland compiler, wrote a piece of software. And whether they prosecute him to make him an example or not, he released ONE program in the wee hours of the morning in 1991, that will never allow the government or anyone else to put the data encryption genie back in the bottle. It did not change the world. It demonstrated that the world had changed. It's free. It's everywhere. There is no way to track down all the copies in all the world. It transcends national boundaries. He did it for the notoriety - and he got it. But he could have just as easily done it anonymously. An avowed leftist himself, he really gets just as bristley as Pat Buchanon from the far right on this thing about government control of individuals. And he's not alone. Whatever elaborate systems are contrived, at the cost of billions of dollars, with the full collusion of giant corporate telco/cable entities controlling vast territories of fiberglass and copper, they will become symbols of vanity - towers of Babel standing in testimony to the futility of trying to use electronics to control people. Electronics is a good material for building freedom, and a most notably poor one for forging chains. Wherever there is one guy with an attitude, a compiler, and a few free afternoons, all the plans and all the plots of all the kings go awry with a single program release. We have lots of guys with attitudes, lots of compilers, and lots of afternoons. Let them build the NII. Let us use it without fear. With a handful of Zimmermanns, we can remake the world to suit us. Now, if only we could get Phil to compile us a health care program.... Jack Rickard Editor Rotundus P.S. Mr. Zimmermann, guilty, innocent, free, or jailed, will undoubtedly incur the usual mountain of legal fees - poor thanks for his contribution. It might just serve an interesting purpose to make a numeric show of force on his behalf to demonstrate that the usual economic coercion won't work either. Stick a lone dollar bill in an envelope and send it to his legal defense fund. For a buck twenty-nine, it's a cheap political statement. And if enough of us do it, maybe the world will change again. Phil Zimmermann Legal Defense Fund c/o Philip Dubois, Esq. 2305 Broadway Boulder, CO 80304 From nowhere at bsu-cs.bsu.edu Sat Nov 27 07:09:42 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sat, 27 Nov 93 07:09:42 PST Subject: Pretty Good Hero? (Boardwatch excerpt) Message-ID: <9311271507.AA26829@bsu-cs.bsu.edu> excerpted from: B O A R D W A T C H M A G A Z I N E Guide to the World of Online Services Editor: Jack Rickard Volume VII: Issue 11 ISSN:1054-2760 November 1993 ============== LEGALLY ONLINE ============== by Lance Rose Phil Zimmermann is a computer programmer and good citizen with an earnest desire to help others. For much of his adult life he expressed his concern through political activism, from marches in the 70's through teaching classes in military policy in the 80's. Along the way, Zimmermann became a computer network user. As the 90's began, he saw a new threat to our civil rights surface: a movement to curtail the ability of network users to discuss matters in private. Many others on the net saw the same thing, but Zimmermann actually did something about it. He melded his humanitarian ideals with his programming and cryptographic skills to create an e-mail encryption program for Everyman called Pretty Good Privacy, or PGP. He did this at no small cost to himself. An independent computer consultant, Zimmermann shelved most of his paying gigs while finishing up PGP, missing five mortgage payments on his family's home in the process. Zimmermann finished PGP in early 1991, released it in the U.S. on the Internet from his home in Colorado, and it instantly achieved worldwide popularity among network cognoscenti. PGP is free, and its customers get a lot more than they bargained for. It uses a powerful RSA public key encryption system, in which each participant owns one or more private key/public key pairs. Messages encrypted by one key in the pair can only be decrypted using the other key. The great advantage of public key encryption is that, unlike older schemes, like DES, (the current U.S. standard), you can publicly circulate the key for encrypting messages sent to you by others, since only your secret private key can decrypt those messages. When someone sends you a private message using PGP, first it encrypts the message text using the IDEA algorithm, (the International Data Encryption Algorithm, developed in Europe and comparable to DES), and generates a unique, confidential key just for decrypting the message (we'll call it the "text key"). Then he or she uses the RSA public key they received from you to encrypt the text key, and sends you both the IDEA-encrypted message and the RSA-encrypted text key. You would then use your RSA private key to decrypt the text key, and finally use the text key in turn to decrypt IDEA-encrypted message. It would be conceptually simpler to use only the RSA public and private keys for encrypting and decrypting the text, and cut out the IDEA encryption step, but there is a practical cost. Text encryption using RSA requires far more computer processing time and power than IDEA-based encryption. Zimmermann wanted to give people the full benefit of PGP without wasting time watching their computers crunch numbers, so he used the far easier to process, (but still highly secure), IDEA technique for message texts, and saved the public key RSA process for encrypting only the IDEA text keys, which are a mere 128 bits long. Thus, PGP creates securely encrypted texts, gives people the ability to distribute their public keys far and wide with no compromise in security, and extends strong encryption capabilities to those with small computers. After its release PGP became something of a community development project, and it is now in version 2.3. Other programmers and cryptographers work on enhancing the source code, creating foreign language translations of the user interface, and porting PGP from its original DOS platform to other popular computer platforms such as Mac, Vax, and most flavors of Unix, further increasing its usefulness to network users of all stripes. In the past two months, however, some dramatic new chapters swiftly opened in the ongoing saga of Phil Zimmermann and PGP. First, on the positive side, some patent-related questions nagging PGP from the very beginning finally may be close to resolution. As soon as PGP appeared, a West Coast company called Public Key Partners, headed by Jim Bidzos, claimed it violated a patent they held in computer implementations of the RSA encryption algorithm. While Bidzos did not rush into court, he did seek to suppress PGP's distribution. Among other things, he sought out the major online distribution points for PGP, such as large online services like CompuServe and GEnie BBS's including The Well, and requested that they immediately remove the PGP files from distribution because they infringed on his patents. Most services discontinued providing PGP,and it soon became an underground classic, difficult to find unless you asked the right people. Fortunately, there were many such spread across the net. Rather than challenge the patent claim, which some net observers think a worthwhile effort, Zimmermann made many requests to Bidzos to obtain a license to use RSA without hassle in PGP. Eventually, network community and industry leaders tried to obtain some sort of compromise between Zimmermann and Bidzos. Bidzos refused all entreaties and continues to oppose PGP. In the meantime, a software company named ViaCrypt obtained a license a year or two ago from Public Key Partners, (who appear willing to license virtually anyone but Zimmermann), to use the RSA algorithm in software. ViaCrypt took some time after securing the rights to figure out how it would use them. Finally, last August, it approached Zimmermann with a proposal to create a commercial version of PGP. This was a great business opportunity. ViaCrypt could use its license to legitimize PGP for the commercial market, and both could profit from PGP's high profile among companies interested in encryption. To bring PGP within ViaCrypt's license from Bidzos, Zimmermann and ViaCrypt have been replacing PGP's existing RSA encryption subroutines with comparable licensed subroutines developed by ViaCrypt. Bidzos, through his attorney, publicly expressed some doubt about whether the new ViaCrypt product will fall within its RSA license rights. Anticipating this possibility, ViaCrypt shrewdly trumped it in advance by securing a legal opinion from Brown and Bain, considered by many computer lawyers, (this author included), to be the leading computer law firm in the country, that the hybrid product is within the scope of ViaCrypt's license from Public Key Partners. The new program, tentatively brand named ViaCrypt PGP, is scheduled for rollout on November 8th of this year. If ViaCrypt PGP succeeds in the market, Zimmermann will make some money, though he was never really was in it for the money. He is also working on a new approach to the free version of PGP that may end the patent threats that continually hinder its open distribution on the net. His current efforts center on a set of encryption subroutines called RSAREF, released by Bidzos through another of his companies, RSA Data Securities Inc. (RSADSI). There is a license to the public to use the RSAREF subroutines free for noncommercial purposes: you can't make money selling it, and you can't use it for commercial messaging. By replacing PGP's custom RSA subroutines with publicly licensed equivalents from RSAREF, Zimmermann could end the patent infringement problem. RSAREF was designed to let programmers develop privacy-enhanced mail (PEM) programs using a scheme similar to that used by PGP. The text is encrypted using an easy-to-process encryption algorithm involving a single key, ending the patent infringement problem may not have been as easy at it first seemed. The text key is encrypted using the processing-intensive RSA public key scheme. The problem is that for the text encryption stage, RSADSI chose the DES algorithm instead of the IDEA algorithm used in PGP. DES was not perceived as a problem cipher until August of this year, at a cryptographers' trade show called Crypto 93. A respected Bell Northern Research scientist named Michael Weiner dropped a bombshell on the conference by asserting, in essence, that DES was dead, as a dependably secure encryption algorithm. Weiner had designed a high-speed "inside-out" DES processor chip that could test 50 million keys per second, and serve as a the basis for a highly effective DES-cracking machine. He had also priced production of the chip with a chip fabricator, and in large but not enormous quantities it would cost about $10.50 per chip. Using these figures, he said a computer with 7,000 such chips would cost a vast amount, and could find the key to any DES-encrypted message within 7 hours by testing every possible key within that time, with a mean key-cracking time of 3.5 hours per encrypted message. For $100 million, well within intelligence agency budgets, a computer could be built that would crack the keys for DES-encrypted messages at a clip of two minutes per key. This result would be achieved for texts encrypted with 56 bit DES keys, where the decryptor has a little bit of plain text he knows would be in the encrypted message, such as someone's name, or a word or two. There are DES encryption schemes using longer keys, but the 56 bit key is the U.S. government standard, and the official or de facto standard in many industry applications as well. Weiner's brute force approach would be marvelously effective despite its lack of elegance. For PEM computer programs using RSAREF in its current form, there can no longer be dependable privacy. All texts encrypted using RSAREF's standard 56 bit DES approach will, from this point forward, be vulnerable to cracking at some point by a Weiner-type supercomputer. It will be pointless to hide the DES key inside RSA encryption. Owners of the supercomputer could find the key directly from the text, and need not bother with the encrypted key. As Phil puts it, the RSA encryption of the DES key is like those little secure boxes for holding front-door keys that realtors mount on houses being shown to prospective buyers. The little box may be nearly impossible to break into without the proper code, but there's always another possibility for getting into the house without permission: break down the door or smash in the window. There's a way to avoid this with RSAREF, by invoking deeper subroutines in the package to create PEM programs that use text encryption schemes more dependable than the suddenly-reduced DES, such as the IDEA algorithm used today in PGP. IDEA uses a 128 bit key instead of the 56 bit key standard in DES, and its security has not been seriously questioned to date, despite spirited attacks by some of the world's mightiest cryptographers. Unfortunately, the current RSAREF public license only permits programmers to use the high-level routines that require DES, and prohibits using the deeper routines to bring in other encryption algorithms - the very use necessary for PGP to remain dependably secure. However, after the Weiner revelation, RSAREF will not be in much demand if it continues to restrict PEM programmers to 56 bit DES. Accordingly, it is rumored that a public license to the deeper, roll-your-own algorithm subroutines in RSAREF may soon be forthcoming from RSADSI. If this new license is issued, Zimmermann may finally be home free in his quest to create a free, effective PGP with no specter of patent infringement hovering over it. It is possible that by the end of this year or early in the next, we will see both a commercial ViaCrypt PGP, and a free PGP for personal noncommercial use. That's the good news. The bad news is that Phil Zimmermann is now the target of an investigation by the U.S. attorney's office into violations of the International Traffic in Arms Regulations, or ITAR. ITAR is a set of laws administered by the State Department, designed to keep war-grade weapons from being exported out of the U.S. to certain foreign countries. While ITAR mainly regulates weapons-like parts for tanks, jets and submarines, it also regulates encryption devices, including encryption software, as "munitions" due to their military intelligence value. The U.S. attorney is not commenting at this early stage, but observers agree the investigation relates to PGP's worldwide distribution through the Internet. This distribution constituted a clean end run around the State Department's normal procedure of placing a roadblock against all cryptography exports, until they are reviewed by the National Security Agency for military potential. What is unclear, is whether Zimmermann did anything wrong by placing PGP on the Internet on computers located within the U.S. There are very good reasons for saying that Zimmermann's actions were totally legal, and that he should not have this cloud over his head. For one thing, Zimmermann did not intend for PGP to be exported. He was never motivated to put out an international encryption standard. To the contrary, his motivation was the perception that political forces within the U.S. seemed to be pushing towards outlawing private encryption in this country. In fact, he acted specifically to put PGP into circulation quickly while it was still legal in this country, before any laws might go into place prohibiting domestic use of privately developed encryption software. For another, Internet users outside the U.S. helped themselves to PGP. Zimmermann did not send PGP anywhere outside the country. He made it available on computers within U.S. borders, which is perfectly legal in itself. By analogy, I could legally go door-to- door in this country selling devices enabling people to encrypt their telephone discussions. I can even leave an open box of them in front of my house in New Jersey, and tell all my neighbors to pick one up for their own use. If some foreign tourists take a few and spirit them back into their own countries, why should I be held guilty for export violations? In addition, Zimmermann and all the users of PGP in this country have their First Amendment rights. Zimmermann has the right to freely publish the PGP program in this country. The Constitution says Congress will enact "no law" restricting freedom of speech and of the press. There are no Amendments to the Constitution that contain exceptions for speech or press distributed through the Internet. Additionally, people who send electronic messages to each other have the right to send them encrypted without government interference, and legal action against PGP would certainly interfere with such activities. In this instance, PGP's free speech rights derive from its assistance of PGP users in exercising their own rights of free speech. This kind of derivative free speech protection is very powerful. It is analogous to the protection of speech distributors applied in the past by the Supreme Court and other federal courts to book sellers, magazine distributors, and even CompuServe. Finally, there are privacy considerations. This is not really a legal argument, as much as a question of the limits of appropriate government intrusion into peoples' private lives. The question comes up almost daily these days, in settings ranging from the privacy of employee e-mail to the swelling commercial market for extensive data on each citizen in our country of consumers. A government push against the availability of PGP, regardless of the legal cause, would count as yet another blow against the dwindling ability of us all to retain a modicum of personal privacy. As the cypherpunks are often heard to say, "if privacy becomes outlawed, only outlaws will have privacy." Powerful as these and other arguments are, they will not deter government action on their own. The government can offer the fairly standard legal argument that Zimmermann "knew or should have known," that placing PGP on the Internet would result in worldwide export in violation of the ITAR. After speaking with Zimmermann, I am not sure he actually knew, in particular, that there was a law called ITAR, or that it applied to encryption software. As mentioned above, he certainly was not out to distribute PGP worldwide. Whether the government proceeds will depend as much on political factors as on its view of the legalities involved. The investigation is at an early stage, and in fact, has not been directed formally at Zimmermann. The only activity in public view so far was the service of subpoenas for document production by the U.S. Attorney's office in San Jose, CA on Viacrypt in Phoenix, AZ and another company named Austin Code Works in Austin, TX. Austin Code Works distributes PGP and other free software for encryption and other uses in source code form, for little more than the price of a computer disk. According to Zimmermann, he has no business relationship with Austin Code Works. He also had no idea they were distributing PGP until he read about the subpoena served on them. As soon as Austin Code Works was served, its president, Grady Ward, went public on the Internet with a ringing defense of its position. Ward claims they do not distribute executable programs, but only "source code algorithmic descriptions" of encryption techniques, thus falling under a "technical data" exception to ITAR. The State Department publicly countered that position, and is requiring Austin Code Works to register as a munitions dealer. There is no telling whether the investigation will proceed to charges against Zimmermann or others, but Zimmermann and others in the network community intend to be prepared. Phil Zimmermann's attorney, Colorado criminal lawyer Philip Dubois, is accepting contributions for Zimmermann's defense, (He can be reached at Philip Dubois, Esq., 2305 Broadway, Boulder, CO 80304, (303)444-3885, dubois at csn.org). The Electronic Frontier Foundation is also stepping forward in Zimmermann's defense, with financial commitments from EFF and several of its individual board members, and efforts to rally public support for Zimmermann and PGP. A lingering question in the current investigation is why the government waited over two years after PGP's release to start it up. Some speculate it is due to a link between the investigation and the government's efforts to establish a new encryption standard named CLIPPER as the replacement for the aging DES standard. The government has repeatedly stated it will not seek to make Clipper the only legal encryption standard in this country by outlawing all others. But if it proceeds to charge Zimmermann and PGP as a result of the current investigation, it could have the effect of using the government's legal artillery to blow away one of Clipper's most prominent competitors. Speculation aside, PGP's legal situation is slowly maturing, and within another year or so we should know for sure whether it's legal or illegal in the U.S. By that time, it will be in the hands of millions of people the world over, each using PGP to create his or her own private communications channel. Hopefully, we will not have to witness the ironic spectacle of PGP being banned in the country of its birth, while freely in use in the rest of the world. [Lance Rose is an attorney practicing high-tech and information law in Montclair, NJ. He can be found on the Internetat elrose at well.sf.ca.us, and on Compuserve at 72230,2044. He is also author of SysLaw, the legal guide for online service providers, available from PC Information Group at 800-321-8285. Pretty Good Privacy is available in it's latest July 1, 1993 release as PGP23A.ZIP with C language source code in PGP23ASR.ZIP. Phil Zimmermann can be reached at Boulder Software Engineering, 3021 Eleventh Street, Boulder, Colorado 80304; (303)541-0140 voice/fax; or via Internet at prz at acm.org ViaCrypt will make the commercial PGP available at an intro price of $100. ViaCrypt, 2104 W. Peoria, Phoenix, AZ 80209, (602) 944-1543. - Editor From ravage at wixer.bga.com Sat Nov 27 07:34:16 1993 From: ravage at wixer.bga.com (Jim choate) Date: Sat, 27 Nov 93 07:34:16 PST Subject: Banning any subscriber Message-ID: <9311271521.AA17800@wixer> Hi again, I want to thank everyone for their repsonce to my earlier mail. I do have some questions however. 1. CypherPunks supports crypto so people cant tamper w/ my mail but you want to censor somebody at the source. How can you support this? 2. Everyone says this list is private. Nowhere has this EVER been mentioned in any conversation or info that I have read. The implication in all the posts, print articles, and talk at the local group meet led me to believe CypherPunks was a public forum for discussion and implimentation of crypto related material. Was I misunderstanding something? 3. Sine at least part of the networks and hardware the mail list is used on is publily funded how can you construe it as private w/o some form of moderator or subscriction contract? 4. The responces to L.D. about mail-bombs and posing as a AIDS lab is much worse and more troublesome to me than anything I have seen L.D. post. Not only is some of the actions proposed criminal but I fail to see how a group which relies on its reputation can support or condone such comments. 5. If you don't like what he says then kill the mail and forget it. From kkirksey at world.std.com Sat Nov 27 07:49:14 1993 From: kkirksey at world.std.com (Ken B Kirksey) Date: Sat, 27 Nov 93 07:49:14 PST Subject: Give me your password- OR ELSE! Message-ID: <199311271548.AA13051@world.std.com> >>Car alarms and security systems didn't convince the criminals who make their >>living ripping off cars that the *Good ole days were over* and it was time >>to get a job at Burger Sri, it spurred them to find new methods to ply >>their trade. > >How do you know this? Clearly some crooks may have just moved to more >violent methods, but it's quite probable that others moved off to >other fields where it's easier to make a buck, either legal or >illegal. Quite. From _Point Blank: Guns & Violence in America_ by Dr. Gary Kleck: "Like noncriminals, however, criminals do many things that are casually or only weakly motivated. Indeed, much crime is impulsive or opportunistic, with criminals committing some crimes only if it requires little effort and entails little risk (Feeney 1986)." Ken ============================================================================= Ken Kirksey kkirksey at world.std.com Mac Guru & Developer ----------------------------------------------------------------------------- Among the many misdeeds of the British rule in India, history will look upon the act of depriving a whole nation of arms, as the blackest. - Mahatma Ghandi From kkirksey at world.std.com Sat Nov 27 07:49:46 1993 From: kkirksey at world.std.com (Ken B Kirksey) Date: Sat, 27 Nov 93 07:49:46 PST Subject: PC Based One-Time Pad Message-ID: <199311271548.AA13076@world.std.com> >In article <199311251654.AA02190 at world.std.com> > kkirksey at world.std.com "Ken B Kirksey" writes: > > While I was reading though _Applied Cryptography_ last night, a thought > > struck me (no damage): Why hasn't anyone come up with a good Mac or PC based > > One-Time Pad system. > >Because they're trivial to write. I could do one in less that 15 minutes. I can see that for the XOR code, but the code (and possibly hardware) for generating, testing, and managing the pad files would take considerably longer, at least for me. You may be SuperHacker, though. :-) > > It seems like this would be a fairly easy system to implement, but since > > no one (to my knowledge) has yet done so, there must be something I'm > > missing. :-) > >Because very few people can be bothered driving half way across the >country to deliver the OTPs. It's *way* too much hassle for day to >day use of the kind we use pgp for. And if someone *is* doing it >for real security (like say AT&T shipping around their secure phone >circuit diagrams because they don't trust clipper :-) ) then they're >*not* going to be mentioning it in passing on usenet news groups... Well, it would really be one of those "just to see if I can do it" projects. I think that someone might find a use for it someday, though. Besides, it would be fun to write. >PS No, you *don't* send them in the mail. But you knew that, right? No, I'm not as stupid as I look. Ken ============================================================================= Ken Kirksey kkirksey at world.std.com Mac Guru & Developer ----------------------------------------------------------------------------- Among the many misdeeds of the British rule in India, history will look upon the act of depriving a whole nation of arms, as the blackest. - Mahatma Ghandi From hazman at cco.caltech.edu Sat Nov 27 08:20:39 1993 From: hazman at cco.caltech.edu (R. Lawrence Martinez) Date: Sat, 27 Nov 93 08:20:39 PST Subject: public key encryption list Message-ID: <9311271619.AA19324@scratchy.cco.caltech.edu> Please send Hazman at cco.caltech.edu From tcmay at netcom.com Sat Nov 27 11:09:18 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 27 Nov 93 11:09:18 PST Subject: Banning any subscriber In-Reply-To: <9311271521.AA17800@wixer> Message-ID: <199311271908.LAA16939@mail.netcom.com> Jim Choate has raised some questions about the nature of the List, about its privacy, and has said that some of us are trying to scare Detweiler with phony AIDS test results. Here are my responses to these questions. I suppose I'd best copy the Cypherpunks list as well, though there's been too much noise lately about Detweiler, by Detweiler, and for Detweiler. Oh well. > I want to thank everyone for their repsonce to my earlier mail. I do have > some questions however. > > 1. CypherPunks supports crypto so people cant tamper w/ my mail but you want > to censor somebody at the source. How can you support this? Personally, I don't support it, and only a few folks have publically called for it, as is their right in a forum like ours. Their concern is likely that a single person can in fact bring down a list, can be so disruptive that the S/N drops to an unacceptable level. A better solution, if the CPU at Toad can handle the extra load, is the filtering software used now on the Extropians list. Subscribers can filter out threads they don'e want to see, users, etc. This may be coming to the Cypherpunks list. Please note that Eric Hughes never removed L. Dewtweiler from the list (nor anyone else, so far as I know). In fact, Detweiler requested that he be unsubscribed. He may or may not be subscribed under another account name, and, in any case, he seems to see some posts. And he bombards us every night with his missives. > 2. Everyone says this list is private. Nowhere has this EVER been mentioned > in any conversation or info that I have read. The implication in all the > posts, print articles, and talk at the local group meet led me to believe > CypherPunks was a public forum for discussion and implimentation of crypto > related material. Was I misunderstanding something? The list is not "private" in the sense of being a deep, dark secret. Instructions on how to join are easily available. But most mailing lists have a different "feel," a different sense of "community," than mere newsgroups have. Newsgroups encourage casual drop-ins who don't bother to read the traffic, but who just fire off a few posts and then are gone; at least with mailing lists it takes some small effort to get on and off them. We've had debates every few months about mailing list vs. newsgroup, and I can't stop this debate from happening again. There are reasons pro and con to have Cypherpunks a mailing list, and mailing lists continue to flourish for a variety of reasons. > 3. Sine at least part of the networks and hardware the mail list is used on > is publily funded how can you construe it as private w/o some form of > moderator or subscriction contract? If a car happens to drive on a public street are all rights to privacy lost? If a phone call is made and part of the signal path includes a publically-subsidized link, is all privacy lost? Is your e-mail subject to inspection by the authorities merely because it passes through systems they control? Ultimately, this is why we support encryption and free markets. (Well, many of us support free markets.) In the meantime, the Electronic Communication Privacy Act protects e-mail against certain kinds of seizures. It's not clear (to me) what this means for "quasi-private" mailing lists, but at least it may provide some legal defense should government agents cite discussions on this list as evidence of sedition, treason, conspiracy, etc. > 4. The responces to L.D. about mail-bombs and posing as a AIDS lab is much > worse and more troublesome to me than anything I have seen L.D. post. Not > only is some of the actions proposed criminal but I fail to see how a > group which relies on its reputation can support or condone such comments. Hold on there, pardner! That post you are referring to was yet another one of Detweiler's own "an12070" posts! Even if there wasn't compelling circumstantial evidence--cited by so many people here--that S. Boxx = The Executioner = Psychopunk = Zen Master = an12070 = L. Detweiler, then this latest rant would _still_ have the stylistic earmarks of a put-on. Read it again, if you can stomach it, and bear this in mind. I hope this helps. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From VACCINIA at UNCVX1.OIT.UNC.EDU Sat Nov 27 11:24:20 1993 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Sat, 27 Nov 93 11:24:20 PST Subject: Filtering LD Message-ID: <01H5TAELLP6A000APP@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- In these days with much abdication of individual responsibility to various agencies, it seems to me that we should not encourage any entity to take care of poor old us and filter *anyone*, when we can do it as individuals. Any new members who are discouraged by the rants and raves of LD or any other messenger of boredom will learn to use the delete key or killfile. If they can't hack LD for a couple of days (till they figure out his rap), then there is not much to be done for them. I think we should give most newcomers the chance (as well as the credit for having a brain) to figure out the value of list conversation on their own, warts and all. Funny thing about warts, get rid of one and, alot of times, another crops up. Scott G. Morham !The First, Vaccinia at uncvx1.oit.unc.edu ! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLPUS5z2paOMjHHAhAQEe7QP9HRQbKdgWar/72yJlgVJFvyie8I+hPGLm MCCmFt1ySwcfzWWi5JGFnAdndeTRclV6x/Jydp2IsaU2IEXkAjKfijJ2En5iEbjS mxYlV33CrreduTBox2ksGc8fBUgu7BtGR9exVsTHF7Oed9Jyv3EjIq6o0XRLPgKI todvsPgy8sA= =JidH -----END PGP SIGNATURE----- From ravage at wixer.bga.com Sat Nov 27 12:04:18 1993 From: ravage at wixer.bga.com (Jim choate) Date: Sat, 27 Nov 93 12:04:18 PST Subject: Banning any subscriber In-Reply-To: <199311271908.LAA16939@mail.netcom.com> Message-ID: <9311271955.AA08359@wixer> > > Jim Choate has raised some questions about the nature of the List, > about its privacy, and has said that some of us are trying to scare > Detweiler with phony AIDS test results. > > Here are my responses to these questions. I suppose I'd best copy the > Cypherpunks list as well, though there's been too much noise lately > about Detweiler, by Detweiler, and for Detweiler. Oh well. > > > > I want to thank everyone for their repsonce to my earlier mail. I do have > > some questions however. > > > > 1. CypherPunks supports crypto so people cant tamper w/ my mail but you wan t > > to censor somebody at the source. How can you support this? > > Personally, I don't support it, and only a few folks have publically called f or > it, as is their right in a forum like ours. Their concern is likely > that a single person can in fact bring down a list, can be so > disruptive that the S/N drops to an unacceptable level. > > A better solution, if the CPU at Toad can handle the extra load, is > the filtering software used now on the Extropians list. Subscribers > can filter out threads they don'e want to see, users, etc. This may be > coming to the Cypherpunks list. > > Please note that Eric Hughes never removed L. Dewtweiler from the list > (nor anyone else, so far as I know). In fact, Detweiler requested that > he be unsubscribed. He may or may not be subscribed under another > account name, and, in any case, he seems to see some posts. > > And he bombards us every night with his missives. > > > 2. Everyone says this list is private. Nowhere has this EVER been mentioned > > in any conversation or info that I have read. The implication in all the > > posts, print articles, and talk at the local group meet led me to believ e > > CypherPunks was a public forum for discussion and implimentation of cryp to > > related material. Was I misunderstanding something? > > The list is not "private" in the sense of being a deep, dark secret. > Instructions on how to join are easily available. But most mailing > lists have a different "feel," a different sense of "community," than > mere newsgroups have. Newsgroups encourage casual drop-ins who don't > bother to read the traffic, but who just fire off a few posts and then > are gone; at least with mailing lists it takes some small effort to > get on and off them. > > We've had debates every few months about mailing list vs. newsgroup, > and I can't stop this debate from happening again. There are reasons > pro and con to have Cypherpunks a mailing list, and mailing lists > continue to flourish for a variety of reasons. > > > 3. Sine at least part of the networks and hardware the mail list is used on > > is publily funded how can you construe it as private w/o some form of > > moderator or subscriction contract? > > If a car happens to drive on a public street are all rights to privacy > lost? If a phone call is made and part of the signal path includes a > publically-subsidized link, is all privacy lost? Is your e-mail > subject to inspection by the authorities merely because it passes > through systems they control? > > Ultimately, this is why we support encryption and free markets. (Well, > many of us support free markets.) In the meantime, the Electronic > Communication Privacy Act protects e-mail against certain kinds of > seizures. It's not clear (to me) what this means for "quasi-private" > mailing lists, but at least it may provide some legal defense should > government agents cite discussions on this list as evidence of > sedition, treason, conspiracy, etc. > > > 4. The responces to L.D. about mail-bombs and posing as a AIDS lab is much > > worse and more troublesome to me than anything I have seen L.D. post. No t > > only is some of the actions proposed criminal but I fail to see how a > > group which relies on its reputation can support or condone such comment s. > > > Hold on there, pardner! That post you are referring to was yet another > one of Detweiler's own "an12070" posts! Even if there wasn't > compelling circumstantial evidence--cited by so many people here--that > S. Boxx = The Executioner = Psychopunk = Zen Master = an12070 = L. > Detweiler, then this latest rant would _still_ have the stylistic > earmarks of a put-on. > > Read it again, if you can stomach it, and bear this in mind. > > I hope this helps. > > --Tim May > > > -- > .......................................................................... > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at netcom.com | anonymous networks, digital pseudonyms, zero > 408-688-5409 | knowledge, reputations, information markets, > W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. > Higher Power: 2^756839 | Public Key: PGP and MailSafe available. > Note: I put time and money into writing this posting. I hope you enjoy it. > First, I NEVER made any accusative statements that ANYONE was trying to scarey ANYBODY with AIDS statements or otherwise. I DID say that such statements bother me more than any statements that L.D. has made. To make such an act against somebody because they print something you don't like, no matter how heinous, is bigotry plain and simple. The ends do not justify the means (in my opionion it should be never) in this case. To react this alleged idiots posts with anything other than a simple deletion is silly and to take active steps is insane and possible criminal. Some people have sent me private e-mail saying he has threatened them and other such things and that this justifies banning (and in some mail apparently any other action). I used to work in a tech support dept. for a computer company and a customer threatened to fly from Mi. to Austin to shoot me and beat up the rest of the dept. because FedEx sent his package to Puerto Rico by mistake. Does this justify me banning him from tech support? I would say no and in reality while I am shure he broke some kind of law it ain't worth the hassle to prove I am right (it seldom is really). I would say that the only rational way to respond to the problem is to ignore it. Socio-paths thrive on attention, deny it and they go where they can get it (has anyone mentioned alt.conspiracy to this guy?)... Now some of you are going to say that I am a newbie and should be ignored. That is fine, but remember one thing - newbies is what an organization like this requires to thrive. If you really want to make CypherPunks work and get something worthwhile accomplished then please drop L.D. and this whole thread. The peace simply isn't worth the cost to obtain it...(IMHO) If this is truly a private list then you need to put more effort into being clear that this is a indivudualy supported mail-list and is not officialy associated w/ CypherPunks. I would offer the following protocol: 1. User sends mail w/ 'subscribe' in the body. 2. The mailer responds w/ a numbered header. 3. The user is requied to copy the message from #2 completely and to append 'agree'. 4. The user is then added to the list. While it is true that some of you may see this as trivial but if you really want to keep CypherPunks an open forum and this list private (ensuring that they are seen as seperate entities) it is critical that this is made at every oppportunity. From clark at metal.psu.edu Sat Nov 27 12:15:36 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Sat, 27 Nov 93 12:15:36 PST Subject: META: Filter Detweiler Message-ID: <9311272023.AA13927@metal.psu.edu> Personally, I use this in my .procmailrc: :0 * ^From.*ld231782 at longs.lance.colostate.edu #anything from det idiot #will go to idiot Of course, you may choose /dev/null or any other appropriate location. This is my last public comment on the LD/SBoxx complex. ---- Robert W. F. Clark From plaz at netcom.com Sat Nov 27 12:19:18 1993 From: plaz at netcom.com (Geoff Dale) Date: Sat, 27 Nov 93 12:19:18 PST Subject: Banning any subscriber Message-ID: <199311272018.MAA26674@mail.netcom.com> Jim choate sez: >Hi again, > >I want to thank everyone for their repsonce to my earlier mail. I do have >some questions however. > >1. CypherPunks supports crypto so people cant tamper w/ my mail but you want > to censor somebody at the source. How can you support this? I personally disagree with censorship. It would be impossible to enforce anyway. A move of this type would simply drive Detweiler to use the Cypherpunk remailers which would be harder to detect. Then what do we do? Stop accepting mail from our own remailers? >4. The responces to L.D. about mail-bombs and posing as a AIDS lab is much > worse and more troublesome to me than anything I have seen L.D. post. Not > only is some of the actions proposed criminal but I fail to see how a > group which relies on its reputation can support or condone such comments. Look again, that WAS Detweiler, posing as "Psychopunk" (the same Anon id- an12070 at anon.penet.fi - that S.Boxx and "The Executioner" have been using) trying to bait someone into doing something illegal, and to get the reaction you just gave. The twisted f*ck is now plotting against himself. People should be on the lookout, btw. I wouldn't put it past him to try past him to try to use any of these ideas against others. He's obviously been thinking about how to screw with other peoples lives remotely. >5. If you don't like what he says then kill the mail and forget it. I agree. Besides, after getting past my initial anger, I realized that Detweiler's posts are funnier than Gary Larson's 'Far Side' cartoons. I feel safer when he's posting long e-mail messages anyway, at least then he's not doing anything else. And the more he posts, the lower his credibility gets. _______________________________________________________________________ Geoff Dale -- insert standard disclaimers here -- plaz at netcom.com "Once you've gone plastic, you can never go back." - Plastic Beethoven From pfarrell at netcom.com Sat Nov 27 08:24:45 1993 From: pfarrell at netcom.com (Pat Farrell) Date: Sat, 27 Nov 1993 12:24:45 -0400 (EDT) Subject: META: Filter Detweiler Message-ID: <44687.pfarrell@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- I have to "strongly disagree" with Hal's suggestion that we source filter LD or anyone else. While I am as sick of him as the rest, I think that Sandy's Pledge is a much better idea. I've been observing my own version of the Pledge for about a month. I even thought about ignoring Hal's post. But it suggests something that is contrary to the fundamental ideas that I believe in: we should be using technology to improve privacy and our personal freedom. This starts with freedom of speach. The obvious solution is for each person to put LD, SBoxx, etc. in their own kill file. If your mail client doesn't support a kill file, you can always use the "d" command. Or find a client that supports kill files. Or even write some code! For folks that are paying good money to retreive trash messages that are simply going to be deleted, I suggest you look for an alternative service. There are many flat-rate services. Netcom is one, and I use it instead of the "free" services that GMU provides for all students. Send mail to "info_deli_server at netcom.com" with the body "get PDIAL" to get a list of servers accross the country and some international providers as well. Pat Pat Farrell Grad Student pfarrell at netcom.com Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include -----BEGIN PGP SIGNATURE----- Version: 2.3a iQBVAgUBLPeMdh9bGnaOb/KNAQEfywH8D81bolvoKbZVf1Mz8ifCPkVDBARJo17r OGPt43WkZzTlUFCBqrZnMwdPoUhSNOm+WZbP6xe4V6lC6POZyOMpvA== =a1zU -----END PGP SIGNATURE----- Pat Farrell Grad Student pfarrell at netcom.com Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From nate at VIS.ColoState.EDU Sat Nov 27 12:08:33 1993 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Sat, 27 Nov 1993 13:08:33 -0700 (MST) Subject: A Clarification on My Loyalty and Allegiance In-Reply-To: <9311271140.AA04304@anon.penet.fi> from "The Executioner" at Nov 27, 93 11:40:29 am Message-ID: <9311272008.AA18277@vangogh.VIS.ColoState.EDU> -----BEGIN PGP SIGNED MESSAGE----- The root of this thread was a complete copy of a posting that I made to the list, and mailed to L.Detweiler. Is "The Executioner" on the list, if not, this is a lot of evidence that he is L.Detweiler. BTW, this really pissed me off. He, The Executioner, could not even come up with his/her own post, they just cut and pasted mine. - -nate - -- +-----------------------------------------------------------------------+ | Nate Sammons nate at VIS.ColoState.Edu (303) 491-1578 | From mimir at u.washington.edu Sat Nov 27 13:39:18 1993 From: mimir at u.washington.edu (Al Billings) Date: Sat, 27 Nov 93 13:39:18 PST Subject: Banning any subscriber In-Reply-To: <9311271955.AA08359@wixer> Message-ID: On Sat, 27 Nov 1993, Jim choate wrote: > If this is truly a private list then you need to put more effort into being > clear that this is a indivudualy supported mail-list and is not officialy > associated w/ CypherPunks. I would offer the following protocol: "Officially" associated with Cypherpunks? I don't know about where you are but in most places in this country there is no "Official Cypherpunks Organization." This LIST is the original basis of the Cypherpunks. From there, some people who have other interested parties in their locales have gone on to form local groups. This isn't like the Extropians who have the Extropy Institute officially behind them. > 1. User sends mail w/ 'subscribe' in the body. > > 2. The mailer responds w/ a numbered header. > > 3. The user is requied to copy the message from #2 completely and to append > 'agree'. > > 4. The user is then added to the list. Why bother? > While it is true that some of you may see this as trivial but if you really > want to keep CypherPunks an open forum and this list private (ensuring that > they are seen as seperate entities) it is critical that this is made at every > oppportunity. What is the "CypherPunks" you are refering to if not this list? All mailing lists are, by the very nature, semi-private forums. You have to ask to get on them. If someone is disruptive, I see no reason they should not be asked to leave. Of course, the idiot in question isn't even on the list anymore. If you aren't the list, the list shouldn't accept your postings and mail them to members. I see no reason why non-members of the list should be able to mailbomb us all by sending to the list address. (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*) | Al Billings aka Grendel Grettisson | "You are, each one, a priest, | | mimir at u.washington.edu | Just for yourself." | | Sysop of The Sacred Grove (206)322-5450 | | | Admin for Troth-L, The Asatru E-Mail List | -Noble Drew Ali- | (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*) From VACCINIA at UNCVX1.OIT.UNC.EDU Sat Nov 27 14:49:44 1993 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Sat, 27 Nov 93 14:49:44 PST Subject: Traffic analysis and file size Message-ID: <01H5THL70MTE000B3T@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- There has been some list discussion about defeating traffic analysis of remailers by altering the incoming and outgoing size of the files. But is this not accomplished by merely encrypting with the remailers public key? Assuming it is an encryption supporting remailer that is. When the file size changes as PGP encryption is stripped off it and the files are not sent out in the exact same order as they arrive, would it not be very difficult to ascertain that file of size X enters a remailer and emerges as size X-y. Or can one easily deduce y from PGP's parameters? Even if y is easily deduced this problem can be overcome. I have used various layers of compression utilities and encryption to change message size so that as the first layer of encryption is stripped off, the file is then in a File.zip state. This is then unzipped revealing another encrypted message with an address header. Upon being sent to the next series of remailers this same course of events could then be replicated ad nauseum. Combine this strategy with file stuffers and one would likely have a hell of a time trying to match incoming/outgoing file sizes and where they originated from/are going to. Granted this is a pain, but it would seem that automation could easily be implemented. Scott G. Morham !The First, Vaccinia at uncvx1.oit.unc.edu ! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLPVDjD2paOMjHHAhAQFclQP7BeTl891Edj2ZgSQvKgtHXPtRAGweu3+h Jee+6vOf8BKvcZMlc78PQ5BF+2YNc70NdTCSG8860X/Rc4oJYiLHLfKRPRP5JlsE ogZiMHxVEvRt+YLDvQTrE3VcvOdb25HUKpcZvNggoR7Ouge1YlH+14Tvf2+oogCD VXbcFVxNi+E= =Yt/P -----END PGP SIGNATURE----- From ravage at wixer.bga.com Sat Nov 27 15:04:19 1993 From: ravage at wixer.bga.com (Jim choate) Date: Sat, 27 Nov 93 15:04:19 PST Subject: Banning any subscriber In-Reply-To: Message-ID: <9311272246.AA07573@wixer> > > On Sat, 27 Nov 1993, Jim choate wrote: > > > If this is truly a private list then you need to put more effort into being > > clear that this is a indivudualy supported mail-list and is not officialy > > associated w/ CypherPunks. I would offer the following protocol: > > "Officially" associated with Cypherpunks? I don't know about where you > are but in most places in this country there is no "Official Cypherpunks > Organization." This LIST is the original basis of the Cypherpunks. From > there, some people who have other interested parties in their locales > have gone on to form local groups. This isn't like the Extropians who > have the Extropy Institute officially behind them. > > > 1. User sends mail w/ 'subscribe' in the body. > > > > 2. The mailer responds w/ a numbered header. > > > > 3. The user is requied to copy the message from #2 completely and to append > > 'agree'. > > > > 4. The user is then added to the list. > > Why bother? > > > While it is true that some of you may see this as trivial but if you really > > want to keep CypherPunks an open forum and this list private (ensuring that > > they are seen as seperate entities) it is critical that this is made at eve ry > > oppportunity. > > What is the "CypherPunks" you are refering to if not this list? All > mailing lists are, by the very nature, semi-private forums. You have to > ask to get on them. If someone is disruptive, I see no reason they should > not be asked to leave. Of course, the idiot in question isn't even on the > list anymore. If you aren't the list, the list shouldn't accept your > postings and mail them to members. I see no reason why non-members of the > list should be able to mailbomb us all by sending to the list address. > > > (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(* ) > | Al Billings aka Grendel Grettisson | "You are, each one, a priest, | > | mimir at u.washington.edu | Just for yourself." | > | Sysop of The Sacred Grove (206)322-5450 | | > | Admin for Troth-L, The Asatru E-Mail List | -Noble Drew Ali- | > (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(* ) > > So what you are saying is that the group which recently formed here in Austin as the Austin chapter of the CypherPunks is in actuallity a fraud? If this is so then I would agree w/ you that there is no 'official' CypherPunks organization (course the existance of this list and the various user groups make a very strong oppositional argument to this position). But, if the local CypherPunk group is to be considered a serious entity w/ any kid of change in effecting legislation and public sentiment (closely related wouldn't you agree?) then some form of officialdom better be created quickly. Even if the individual groups are to have any effect on local politics then they have to band together and choose some commen forums and planks of discussion. Then again, perhaps I am mis-informed about the nature of the CypherPunks. It was my understanding they were here to help protect and guide users of cyberspace and provide some sense of security on an individual level. The presentation of the group in the electronic and print media has been one which fostered a sense of uniformity and cohesion among the various groups and individuals. I am shure I am not the only follower of the crypto scene who is new to c-punks and a little confused (a very bad thing for newbies to any kind of movement to be) about what is going on and why. You seem to miss the entire point that I am making. It is not that what you are doing is wrong or incorrect, it is simply that the reality is different from the actuality and I am simply saying that there has been very little effort to fix that. The reason to bother w/ a procedure (not necessarily the one I offered) is to make shure that eveyone is informed and knows what to expect as well as what is expected of them. To be taken seriously this has to be done as a primary goal. If you have no intention of 'doing' anything (writing code, writing letters to politicians, etc.) then by all means the structure(less) you have now is sufficient. However, there are people interested in this topic that both expect more and want to give more. These people will be put off by such handling. I agree with your position on the list PROVIDED that the subscriber is told that UP FRONT (which is not the case now). All I am saying is whatever method you choose to handle the list is fine as long as ALL NEW SUBSCRIBERS are advised of the situation. You can not assume that a user knows what is going on simply because they can manage to subscribe to it. Just be fair is what I am saying. From ravage at wixer.bga.com Sat Nov 27 15:14:44 1993 From: ravage at wixer.bga.com (Jim choate) Date: Sat, 27 Nov 93 15:14:44 PST Subject: newsgroup v news-list Message-ID: <9311272255.AA08212@wixer> I have been mulling over the pro's and con's of both for a group such as this and realy I don't see it makes a great deal of difference. The problem right now to me is staying on topic (ie crypt and politics). Neither of these forums will provide that kind of discipline w/o some kind of moderation. Also, I would appreciate any more comments on the distinctions between this mail list, CypherPunks as promoted in the media, and the CypherPunks as it realy exists. I am intrigued by the various distinctions that I have recieved in private mail (and they span the whole gamut of views). If one thing has become clear is that everyone disagrees about what c-punks is and how it works. From nowhere at bsu-cs.bsu.edu Sat Nov 27 16:24:44 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sat, 27 Nov 93 16:24:44 PST Subject: Big Brother Wants to Look Into Your Bank Account ... Message-ID: <9311280025.AA08372@bsu-cs.bsu.edu> excerpted from: W-I-R-E-D 1.6 December 1993 pages 91 through 93, 134 Big Brother Wants to Look Into Your Bank Account (Any Time It Pleases) The US Government is constructing a system to track all financial transactions in real-time -- ostensibly to catch drug traffickers, terrorists, and financial criminals. Does that leave you with the warm fuzzies -- or scare you out of your wits? by Anthony L. Kimery There wasn't much to go on. The police salvaged the slip of paper that a small-time East Coast drug dealer tried to eat before being arrested, but on it they found scribbled only a telephone number and what appeared to be the name "John." This frustrated the police. They had anticipated more incriminating information on the man they believed was the supplier not only to the dealer they'd just busted, but also to dozens of other street corner crack peddlers. With two slim leads, the police weren't technically equipped to do much more than antiquated detective work that probably wouldn't yield evidence they could use to indict John. So they turned to the quasi-secretive, federal Financial Crimes Enforcement Network (FinCEN) for the digital sleuthing they needed. Less than 45 minutes after receiving the official police request for help, FinCEN had retrieved enough evidence of criminal wrongdoing from government databases that the district attorney prosecuting the case was able to seek indictments against John on charges of money laundering and conspiracy to traffic narcotics. The local police were impressed. Launched with a low-key champagne reception at the Treasury Department in April 1990, FinCEN is the US Government's (perhaps the world's) most effective financial crime investigation unit. Even Russian President Boris Yeltsin asked for its help in locating stolen Communist Party funds. This state-of-the-art computer-snooping agency is quietly tucked away under the auspices of the Treasury Department. Its mission is to map the digital trails of dirty money, be it the laundered profits from drug sales, stolen S&L loot, hidden political slush funds, or the financing conduits of terrorists. It's the only federal unit devoted solely to the systematic collation and cross-analysis of law enforcement, intelligence, and public databases. Until August 1993, FinCEN headquarters was an old Social Security Administration building with a ceiling ravaged by asbestos abatement crews, but that didn't seem to faze director Brian Bruh (he retired in October). With 25 years of experience in law enforcement, Bruh is a seasoned cop who has headed up criminal investigations at both the IRS and the Pentagon. Prior to overseeing FinCEN, he was the chief investigator for the Tower Commission, President Reagan's blue ribbon probe into the Iran-Contra scandal. FinCEN was his crowning achievement, and he took pride in directing visitors to FinCEN's computer command center as he touted the agency's successes. In private and in testimony to Congress, statistics roll off Bruh's tongue. Last year FinCEN's computer operations center responded to priority requests for tactical intelligence on nearly 12,000 individuals and entities, doubling the 1991 workload. The 1993 total will be three times the 1991 sum. Longer-term strategic analytical reports have been completed for 715 investigations involving 16,000 other individuals and entities. Two of the government's biggest strikes against organized drug-money laundering -- operations Green Ice (a lengthy DEA operation that resulted in the arrests of high-ranking Cali and Medellin cartel financial officers and the seizure of US$54 million in cash and assets) and Polar Cap V (a spinoff of Green Ice that culminated in April 1990) -- owe a great deal to FinCEN for having identified and targeted money laundering activities via computer. In the Polar Cap operation, FinCEN's computer tracking documented more than US$500 million in financial activity by 47 individuals who have since been indicted on drug trafficking and money laundering charges. Inside FinCEN's new digs on the second floor of a gleaming high-rise office building down the road from the CIA in Vienna, Virginia (otherwise know as "Spook City"), the talents of the IRS, FBI, DEA, Secret Service, and other traditional federal cops such as customs agents and postal inspectors are pooled. According to senior intelligence officers, these investigative units can access resources of the CIA, the National Security Agency (which intercepts data on electronic currency movements into and out of the United States, some of which make their way into FinCEN's analyses), and the Defense Intelligence Agency. Bruh and other FinCEN officials openly acknowledge their association with the CIA, but refuse to discuss further any aspect of FinCEN's dealings with it or any other intelligence agency. In addition to the CIA, intelligence officials have admitted, of the record, that the National Security Council and the State Department's Bureau of Intelligence and Research (INR) have also joined FinCEN's impressive intelligence crew. In short, FinCEN is a one-of-a-kind cauldron containing all the available financial intelligence in the United States. "FinCEN is absolutely necessary," said a senior General Accounting Office (GAO) official involved in an audit of FinCEN required by new anti-money-laundering laws passed last year. The agency's report wasn't released by press time, but according to the GAO official, no irregularities were uncovered. However, the GAO's scrutiny skirted emerging concerns about privacy, civil rights, and the appropriate role of the intelligence community. FinCEN's mission _requires_ the involvement of the intelligence community, particularly in tracking the financial dealings of terrorists and in conducting financial counterintelligence, although few are willing to discuss the trend openly. Because these activities cross into the world od cloaks and daggers, some watchdogs are concerned that such endeavors will encroach on privacy and civil rights. When you look at the power of FinCEN and its proposed offspring, their fears seem justified. How to Bust a John The whiz kids at FinCEN are good. Very good. That;s why state and local police have come to depend on FinCEN to pull them out of the electronic-sleuthing quicksand. The case of John the drug supplier is a good example of one of their less-complex assignments, and it illustrates the adeptness with which the government can collate existing financial data. Seated at a computer terminal inside FinCEN's former command post, a FinCEN analyst began the hunt. He started by querying a database of business phone numbers. He scored a hit with the number of a local restaurant. Next he entered the Currency and Banking Database (CBDB), an IRS database accessed through the Currency and Banking Retrieval System. CBDB contains roughly 50 million Currency Transaction Reports (CTRs), which document all financial transactions of more than US$10,000. By law these transactions must be filed by banks, S&Ls, credit unions, securities brokers, casinos, and other individuals and businesses engaged in the exchange of large sums of money. The analyst narrowed his quest by searching for CTRs filed for transactions deemed "suspicious." Financial institutions must still file a CTR, or IRS Form 4789, if a transaction under US$10,000 is considered suspicious under the terms of an extensive federal government list. There was a hit. A series of :suspicious" CTRs existed in the restaurant's ZIP code. Punching up images of the identified CTRs on his terminal, the FinCEN analyst noted that the transactions were made by a person whose first name was John. The CTRs were suspicious all right; they were submitted for a series of transactions each in the amount of US$9,500, just below the CTR threshold of US$10,000. This was hard evidence that John structured the deposits to avoid filing a Form 4789, and that is a federal crime. Selecting one of the CTRs for "an expanded review," the analyst got John's full name, Social Security number, date of birth, home address, driver license number, and other vital statistics, including bank account number. Plunging back into the IRS database, the analyst broadened his search for all CTRs filed on behalf of the suspect, including non-suspicious CTRs. Only 20 reports deemed suspicious popped up on the screen, but more than 150 CTRs were filed in all. A review of the non-suspicious ones revealed that on several, John listed his occupation as the owner or manager of the restaurant identified by the telephone number on the slip of paper taken from the arrested drug dealer. The connection between the name and the phone number originally given to FinCEN was secured. The FinCEN analyst the tapped commercial and government databases, and turned up business information on the restaurant showing that John had reported an expected annual revenue for his eatery of substantially less than the money he had been depositing, as indicated by the CTRs. Fishing in a database of local tax assessment records, the analyst discovered that John owned other properties and businesses. With the names of these other companies, the analyst went back into the CTR database and found that suspicious transaction reports were filed on several of them as well. As routine as such assignments as this case may be, the chumminess between FinCEN and the intelligence community raises serious questions about the privacy and security of the financial records of citizens John and Jane Doe, considering the intelligence community's historic penchant for illegal spying on non-criminals. Given the cast reach and ease with which the government can now tap into an individual's or business's financial records on a whim, these questions have received far too little scrutiny. Whose privacy? "There are legitimate concerns" regarding privacy, a ranking House banking committee staffer conceded in an interview with _Wired_. "Quite frankly, there hasn't been much congressional oversight with respect to the intelligence community's involvement with FinCEN. When you start trying look into this, you start running up against all kinds of roadblocks." The GAO official involved in auditing FinCEN agreed that questions regarding the intelligence community's involvement and attendant privacy concerns haven't been addressed. If such issues have been the subject of discussion behind the closed doors of the White House and Senate intelligence committees, no one is talking openly about it. Meanwhile, the potential for abusive intrusion by government into the financial affairs of private citizens and businesses is growing almost unnoticed and unchecked. Two of the latest electronic inroads into the financial records of private citizens and businesses are "Operation Gateway," a FinCEN initiative, and the proposed Deposit Tracking System, which other intelligence agencies would like to see established. Both are inherently prone to abuse and provide a disturbing indication of the direction which the government is moving. Gateway is a pilot program launched in Texas this July that gives state and local law enforcement officials direct access to the massive federal Financial Database (FDB) through a designated FinCEN coordinator. The FDB contains the records that financial institutions have been filing under the Bank Secrecy Act for the last 25 years -- CTRs, suspicious transaction reports, International Transportation of Currency or Monetary Instruments reports, and Foreign Bank and Financial Accounts reports. In addition, Congress is expected to grant FinCEN authority to tap into the database of Forms 8300, which are reports of payments over US$10,000 received in a trade or business. These documents principally contain information on deposits, withdrawals, and the movement of large sums of currency. It is FinCEN's intent to give all state governments individual access to the FDB. Under the Gateway proposal, results from all queries would be written into a master audit file that will constantly be compared against other requests and databases to track whether the subject of the inquiry is of interest to another agency or has popped up in a record somewhere else. State coordinators designated by the FinCEN will do the logging on, as FinCEN is uncomfortable with giving 50,000 federal agents and 500,000 police officers direct electronic access to its database. "This is very sensitive information," concedes Andy Flodin, special assistant to the FinCEN director. "We'd have to have additional security safeguards before we could open it up to every police agency." But while the FDB contains only records on major money movements and thus is not as much of a threat to individual privacy, the Deposit Tracking System (DTS) is a potential menace. If implemented, the estimated US$12.5 million computer system could be used to penetrate the security of bank accounts belonging to you, me, and 388 million other bank account holders in the US. The government argues that such a system is necessary for two reasons: first, to access adequately the funding needed for federal deposit insurance and second, to locate the assets of individuals ordered by courts to make restitution for financial crimes -- like the savings and loan crooks. (It seems the government can't trace most of the money they stole.) The first reason stems from a requirement of the seemingly innocuous Federal Deposit Insurance Corporation Improvement Act of 1991 -- one of Congress's legislative responses to the savings and loan debacle. The Act requires the FDIC to study the costs, feasibility, and privacy implications of tracking every bank deposit in the United States. So far the DTS exists only on paper. The FDIC's completed feasibility study is currently being examined by Congress, but it is unlikely to act on it before late next year, For the time being, the US$12.5 million price tag seems to be the biggest drawback to its implementation. Concerns about the DTS have been widespread, although it has received scant attention in the mainstream press. But according to Diane Casey, executive director of the Independent Bankers Association of America, the DTS "would fundamentally change the relationships among banks, consumers, and the government in ways that have implications beyond banking policy. Our open and democratic society would be changed profoundly if any agency of the government maintained the scope of information on private citizens described in this proposal. It raises questions about our democracy that would have to be addressed by the highest policy-making levels of government." The American Bankers Association (ABA) voiced equally serious concerns. The ABA doubts "whether there are any privacy safeguards that would be adequate to effectively protect this database from use by government agencies and, eventually, private parties," an ABA spokesman explains. "It is inconceivable to the ABA that such a database could be used only by the FDIC in deposit insurance coverage investigations. Such a database...would provide a wealth of information for investigations being conducted by the FBI, the Drug Enforcement Administration, and the IRS, to name but a few. Like the baseball diamond in _Field_of_Dreams_, build this database and they will come. Eventually, whether legally or illegally, they will gain access to this database." The FDIC forcefully argued against the DTS in the 234-page draft report it submitted to Congress in June 1993, but it may not have the bureaucratic clout necessary to kill the proposal. _Wired_ was told by intelligence analysts and congressional sources dealing with oversight of the intelligence community that federal law enforcement and intelligence agencies are privately clamoring for the system, apparently disregarding both the privacy issues and the system's start-up cost (which does not include the additional US$20 million a year the feasibility study said would be required for facilities, for salaries and benefits, and for routine hardware and software maintenance). Further driving the intelligence agencies's desire for the DTS is the much-hyped role of economic intelligence gathering, a key focus of the Clinton administration's reform of the intelligence community. Agencies like the CIA view the system as a boon to their ability to monitor foreign financial dealings in the US, according to both congressional and intelligence sources. Adding Intelligence to the Equation Regardless of the form it takes, the sources said, the DTS and any other financial databases that come down the pike could be easily interfaced to FinCEN's Artificial Intelligence/Massive Parallel Processing (AI/MPP) program, a criminal targeting system that will go online in a few years. Because laundered money is moved undetected along with the millions of legitimate computerized wire transfers that occur daily, FinCEN's computer investigations naturally demand expert systems that can single the dirty money out of the crowd. FinCEN's current Artificial Intelligence capability allows it to search the Financial Database for suspicious, preprogrammed patterns of monetary transactions. While not very flexible, the system has successfully identified previously unknown criminal organizations and activities. But FinCEN has a hush-hush US$2.4 million contract with the US Department of Energy's Los Alamos National Laboratory to develop what Bruh and other FinCEN officials described as a powerful "money flow model." Unlike FinCEN's current system, Los Alamos's AI software will look for unexplained, atypical money flows. Coupled with a massively parallel computer system, the AI/MPP could perform real-time monitoring of the entire US electronic banking landscape. FinCEN's AI capabilities currently exploit the Financial Database for proactive targeting of criminal activity. The system automatically monitors the entire FDB database, constantly identifying suspicious financial activity in supercomputer-aided, rapid-response time. In addition to the FDB, FinCEN is applying AI to the Criminal Referral Forms that must be filed with the FinCEN whenever banks, examiners, and regulators uncover financial activities they suspect are illegal. In the near future, all of these government databases will be interfaced by way of AI/MPP technology. "MPP is critical to FinCEN's ability to analyse (banking) data to its full capacity," Bruh insists. The pure power od such a "database of databases" terrifies critics. Though FinCEN and other authorities discount the potential for abuse, tell that to the CIA. Its charter forbids it from engaging in domestic surveillance; nonetheless, it spied on Americans for seven consecutive presidential administrations (it says it finally ceased its internal spying in the mid-1970s). FinCEN's AI operation has been employed legitimately with great success. Perhaps its least-known project was assisting the CIA in identifying and tracking the flow of money between Iran's state-sponsored Islamic fundamentalist terrorist organizations and the men linked to the bombing of the World Trade Center. According to a Treasury official and confirmed by Anna Fotias, FinCEN's congressional liaison, FinCEN identified suspicious transaction reports filed by a bank in New Jersey on wire transfers from Germany to the accounts of two of the men charged in the bombing. With the bank account in Germany identified, further AI processing -- utilizing intelligence from the CIA's DESIST computer system, the world's most extensive database on terrorists -- identified a company as a front for an Iranian terrorist group. Coupled with DESIST's data on the two men's terrorist connections, FinCEN was able to identify a number of previously unknown conduits of terrorist funding in the US and abroad. Similarly, FinCEN was crucial in identifying Iraqi assets in the US that were frozen in the wake of Iraq's invasion of Kuwait, according to a Treasury official. Still, given the CIA's less-than-spotless record, privacy advocates are likely to find it disturbing that there are some within the walls of CIA headquarters -- apparently unbeknownst to anyone at FinCEN -- who want to mesh DESIST with FinCEN's eventual AI/MPP ability and with all the databases FinCEN routinely surveys. The justification for creating such a system is compelling: More likely than not it would identify scores of previously unknown financial conduits to terrorists. Advocates of a full-time DESIST/FinCEN system carry their argument one step further: Hooked into the yet-to-be-authorized Deposit Tracking System, the DESIST/FinCEN system would be able to identify terrorist financial movements in real-time, thus providing early warning of potentially imminent terrorist actions. Some within the intelligence community take it still another step: They would have the system tied into the private computers that hold credit card transactions "so that we could have a nearly instant time-tracking capability," according to one source who works closely with the CIA's Counterterrorist Center. Conversely, a CIA/FinCEN/DTS endeavor could monitor on a real-time basis the financial activity of narcotics traffickers, since drug dealing also is within the purview of the CIA. The agency's Counternarcotics Center, or CNC, already works closely with FinCEN. Before the CIA would be allowed to tap into a system as sensitive as the proposed Deposit Tracking System, it would have to clear plenty of civil liberties hurdles, not the least of which is the prohibition on the CIA from gathering intelligence on US citizens. As long as the DTS itself was shielded from direct access by the CIA, proponents could argue that the operation was allowable under law. Opponents, on the other hand, fear that the CIA would find a way to download, copy, or otherwise secretly access the DTS. "The risk of the CIA getting its hands on this is serious -- we know the kind of unscrupulous people who populate the spook world," said a Washington-area private investigator who conducts many legitimate financial investigations for a CIA-linked firm. "This kind of financial data, when coupled with other information like a person's credit history, could be used for blackmail, bribery, and extortion," said the investigator, who has a military intelligence background. Bruce Hemmings is a veteran CIA clandestine-services officer who retired in 1989. Prior to the DTS proposal, he told _Wired_ that the CIA routinely digs for financial dirt on people from whom the agency wants specific information. Typically they are foreign intelligence officers working in the US under a diplomatic guise, and this financial information is often used as leverage in getting them to talk. In less civilized venues, this is called blackmail. DTS could present an inviting mechanism for quieting unwanted dissent or for defanging an unruly congressional leader bent on exposing some questionable CIA operation. Although still in its embryonic stage and in spite of the looming privacy obstacle it will inevitably confront, FinCEN is seen by many in the government as the catalyst for a powerful, all-seeing, all-knowing, global, financial-tracking organization. In fact, FinCEN is already working closely with INTERPOL, and Bruh's deputy just resigned to head up INTERPOLs US office. As the privacy debate heats up, FinCEN's digital dirt-money trackers go on about their work, hoping they don't have to choose sides if what they do becomes a fill-blown privacy invasion problem. As Bruh puts it, "There's tons of crooks out there who are disguising their criminal profits. FinCEN needs to computerize as much as possible to be able to identify the really significant criminals and their activities." The question then becomes, at point does it stop? ------------------------------- Anthony L. Kimery covers financial industry regulatory affairs as an editor at American Banker Newsletters. From an32951 at anon.penet.fi Sat Nov 27 17:09:44 1993 From: an32951 at anon.penet.fi (Coerr) Date: Sat, 27 Nov 93 17:09:44 PST Subject: Remailers: Turnaround Times? Message-ID: <9311280109.AA00807@anon.penet.fi> Would someone experienced with the use of Cypherpunks remailers please provide me with some indication of how much time each remailer adds to a piece of email's journey? Thanks. Coerr ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From newsham at wiliki.eng.hawaii.edu Sat Nov 27 17:24:18 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Sat, 27 Nov 93 17:24:18 PST Subject: Secure Wipe In-Reply-To: <199311251654.AA02153@world.std.com> Message-ID: <9311280121.AA16389@toad.com> > > > Hola all, > > I've just started working on a good Mac implementation of IDEA, but I > need a little more info on something. I've got more info on IDEA than > I know what to do with, but I've yet to find any good references on doing > a secure wipe to remove the plaintext file from the hard disk. Can anyone > point me to some good refs on the topic? Many thanks... > > > Ken > > A crypto disk implementation for the AMIGA contains 68k assembly code for IDEA. You probably want to look into this. From binder at well.sf.ca.us Sat Nov 27 17:44:18 1993 From: binder at well.sf.ca.us (Matt Binder) Date: Sat, 27 Nov 93 17:44:18 PST Subject: health privacy radio program Message-ID: <199311280141.RAA15079@well.sf.ca.us> Thanks for your help with my story about medical record privacy. Working on the story was a real education for me, (getting to meet all kinds of interesting people is one of the main reasons why I'm a reporter) and I had a few good coincidences that added some "atmosphere" to the piece. I've included the entire script below. I hope I'm not being presumptuous. The show in which my 8.5 minute piece aired is called "The Communications Revolution, produced by the Telecommunications Radio Project, which is headquartered at KPFA-FM in Berkeley. The project is funded by the California Public Utilities Commission, through the Telecommunications Education Trust (TET), which is basically money that was overpaid to Pac Bell by its customers. Other TET grantees are Gregg McVicar's "Privacy Project", and Beth Given's "Privacy Rights Clearinghouse" in San Diego. Our project is a series of 13 one hour, live, satellite- linked panel discussion and call-in shows that air on about thirty stations around the country (but especially in California). show: HEALTH PRIVACY Matt Binder 11/12/93 draft FINAL **************************************************************** *** cut 1 *** dramatic reading of condensed version of Hippocratic Oath (Ed Markman) in: "I swear by Apollo Physician, by Asclepius, by Health, and by all the gods and goddesses that I will carry out this oath: into whatsoever houses I enter, I will enter to help the sick, and whatsoever I shall see or hear in the course of my profession, if it be what should not be published abroad, I will never divulge, holding such things to be holy secrets...." (then fade) **************************************************************** SINCE THE TIME OF ANCIENT GREECE, DOCTORS HAVE UNDERSTOOD THE SENSITIVE NATURE OF THEIR PROFESSION, AND HAVE RECITED THIS, THE HIPPOCRATIC OATH, AS A PROMISE OF CONFIDENTIALITY. UNTIL RECENTLY PHYSICIANS HAVE KEPT THE SECRETS OF THEIR PATIENTS IN THEIR HEADS, OR ON PIECES OF PAPER IN A FILE. AND THEY'VE BEEN THE GATEKEEPERS FOR OTHERS WANTING TO SEE THIS EXTREMELY PRIVATE INFORMATION. BUT NOW, FOR SOME VERY GOOD REASONS, THAT'S ALL BEGINNING TO CHANGE. ---------------------------------------------------------------- --- ambience 1 --- dialysis machine (2:00) ---------------------------------------------------------------- ---------------------------------------------------------------- --- ambience 2 --- ventilator (2:00) ---------------------------------------------------------------- ---------------------------------------------------------------- --- ambience 3 --- Dr. Ting talking to patient (1:30) (3 possible starting points) ---------------------------------------------------------------- AT THE DIALYSIS UNIT AT EL CAMINO HOSPITAL IN MOUNTAINVIEW CALIFORNIA, DOCTOR GEORGE TING USES A COMPUTER TO KEEP RECORDS, ORDER TESTS AND PRESCRIBE DRUGS FOR HIS PATIENTS. HE SAYS THE COMPUTER SAVES HIM HOURS EACH WEEK, AND CAN EVEN SAVE LIVES... **************************************************************** *** cut 2 *** Dr. Ting :15 in: "For instance if you're ordering a medication on a patient, it automatically gives you the most common prescribing doses and frequency. It does make it less likely that you're gonna make some major mistake, prescribing ten times the usual amount." (then fade) **************************************************************** ---------------------------------------------------------------- --- ambience 4 --- Nurse Holt working at computer (1:10) ---------------------------------------------------------------- ---------------------------------------------------------------- --- ambience 5 --- computer printer (1:05) ---------------------------------------------------------------- NURSE JUDY HOLT IS AN EVEN STRONGER PROPONENT OF THE COMPUTER. WHEN NEW DOCTORS COME TO THE HOSPITAL AND RESIST USING THE COMPUTER SYSTEM, SHE AND OTHER NURSES PRESSURE THEM TO GET WITH THE PROGRAM... **************************************************************** *** cut 3 *** Holt :17 in: "We're all anxious to help them learn how to use the computer because it saves us time, it saves the possibility of transcription errors, it saves: 'I can't read this doctor's writing, what on earth does it say,' and if three of us looked at it and can't figure it out, we've gotta call him..." (then fade) **************************************************************** BUT THE COMPUTERIZATION OF MEDICAL RECORDS HAS A DOWNSIDE: AMASSING HUGE DATABASES OF SENSITIVE INFORMATION COULD OPEN THE DOOR TO PRIVACY INVASIONS ON A SCALE UNIMAGINABLE WITH PAPER FILES. IT'S ALREADY HAPPENING. INSURANCE COMPANIES AND DIRECT MARKETERS, AIDED BY COMPUTERS ALL LINKED TOGETHER BY PHONE LINES ARE FINDING WAYS TO GET AHOLD OF MEDICAL DATA, AND THEY'RE SELLING AND TRADING IT ACROSS VAST NETWORKS. ---------------------------------------------------------------- --- ambience 6 --- Taylor answering door on Halloween (1:00) in: "Trick or Treat!..." ---------------------------------------------------------------- IT'S HALLOWEEN NIGHT AT THE HOME OF MARY ROSE TAYLOR IN SPRINGFIELD MASSACHUSETTS. TAYLOR RECENTLY FOUND OUT HOW EASY IT IS TO GET TRAPPED IN ONE OF THOSE DATA WEBS. SHE APPLIED FOR HEALTH INSURANCE BUT WAS REJECTED BECAUSE OF A COMPUTER ERROR AT THE MEDICAL INFORMATION BUREAU, OR MIB, A HUGE MEDICAL DATABASE KEPT BY INSURANCE COMPANIES... **************************************************************** *** cut 4 *** Taylor :20 in: "They had my name on a urinalysis that wasn't mine, and they refused to think that there was any kind of mistake or mixup, and I went without insurance for a year and a half, and had to literally go to my state representative, the insurance commissioner just to have it corrected." **************************************************************** TAYLOR TOLD MIB AND HER INSURANCE COMPANY THAT SHE'D HAD ONLY A BLOOD TEST, NOT A URINE TEST, AND THEREFORE THE ABNORMAL URINALYSIS COULDN'T POSSIBLY BE HERS. BUT THE INSURANCE COMPANY INSISTED THAT SHE GAVE A URINE SAMPLE, THAT IT SHOWED THERE WAS SOMETHING WRONG WITH HER, THOUGH THEY WOULDN'T TELL HER WHAT IT WAS... **************************************************************** *** cut 5 *** Taylor :14 in: "At one point the risk manager had me in tears (sniff). He was very nasty, really. You know, and his words, what he said to me was that computers don't make mistakes. I said I agree, but the people that feed the computer do. **************************************************************** ---------------------------------------------------------------- --- ambience 5 comes up full again --- more Halloween sound (then fades out completely before next cut starts) ---------------------------------------------------------------- **************************************************************** *** cut 6 *** Anonymous (ALTERED VOICE) :10 in: "I'm paying fifteen thousand a year for disability, personal disability and medical insurance, and that seems like a whole heck of a lot of money..." (then fade) **************************************************************** ANOTHER VICTIM OF A MEDICAL INFORMATION BUREAU ERROR IS THIS DOCTOR FROM SOUTHERN CALIFORNIA WHO WANTS TO REMAIN ANONYMOUS. WHEN SHE ASKED HER INSURANCE COMPANY WHY HER RATES WERE SO HIGH, THEY TOLD HER THAT HER MIB FILE SHOWED THAT SHE HAD ALZHEIMER'S DISEASE AND A HEART CONDITION... **************************************************************** *** cut 7 *** Anonymous (ALTERED VOICE) :23 in: "Here I am a physician who works sixteen hours a day, who's never been in the hospital has Alzheimer's disease and a heart attack!? That doesn't make sense. I don't think computers and the people who put information into the computer are advanced enough to have such control over our lives." **************************************************************** **************************************************************** *** cut 8 *** Binder stand-up at MIB :24 in: "I'm now standing outside the entrance to MIB Incorporated in Westwood Massachusetts. I've been trying for over two months to get an interview with the president of the company, Neil Day. He says he doesn't have the time, and no one else can speak for the company. But he did admit during a telephone conversation we had that four percent of the 16 million computerized medical records in this building do have errors in them." **************************************************************** **************************************************************** *** cut 9 *** Smith :10 in: "I don't think MIB really needs the good will of consumers, as does a retail store, and in many ways the less known about MIB the better perhaps for insurance companies." **************************************************************** ROBERT ELLIS SMITH IS THE EDITOR OF PRIVACY JOURNAL IN PROVIDENCE RHODE ISLAND... **************************************************************** *** cut 10 *** Smith :23 in: "The ancient Greeks knew as others did that for medical care to work properly, you have to be totally candid to your doctor. But now instead of a one on one relationship there is a triangle among the provider, your insurance company and your employer, and medical information about us flows throughout that triangle without our participation. And that's the crisis we're in right now." **************************************************************** AFTER THE INSURERS AND EMPLOYERS, IT'S PHARMACEUTICAL COMPANIES AND DIRECT MARKETERS THAT ARE THE MOST AVID COMPILERS OF MEDICAL INFORMATION. SOME OF THESE COMPANIES HAVE TOLL-FREE TELEPHONE NUMBERS YOU CAN CALL TO GET FREE SAMPLES OF THEIR PRODUCTS. WHAT THEY DON'T TELL YOU WHEN YOU CALL IS THAT YOUR PHONE NUMBER AND OFTEN YOUR NAME AND ADDRESS AUTOMATICALLY POPS UP ON THEIR COMPUTER SCREENS, AND YOUR PERSONAL PROBLEM, WHETHER IT BE ALLERGIES OR HEMORRHOIDS GOES RIGHT INTO THEIR DATABASE. AGAIN THE COMPANIES THAT RUN THESE DATABASES REFUSED TO TALK ABOUT THEM. ----------------------------------------------------------------- --- ambience 6 --- Apter talking on phone ---------------------------------------------------------------- ONE MAN WHO'S NOT SHY AT ALL ABOUT HIS DATABASE SNOOPING IS JOE APTER, PRESIDENT OF TELEPHONIC-INFO INCORPORATED OF SAINT PETERSBURG FLORIDA. HIS COMPANY ACTUALLY HAS A PRICE LIST OF INFORMATION YOU CAN OBTAIN: $49 FOR SOMEONE'S SOCIAL SECURITY NUMBER; $299 WILL GET YOU SOMETHING CALLED A "MEDICAL PROFILE" THAT APTER WOULDN'T ELABORATE ON, BUT WHICH HE SAYS COMES FROM LEGAL SOURCES... **************************************************************** *** cut 11 *** Apter :24 in: "There are people out there that are providing medical records on an illegal basis. And the method they would use to obtain that would be a pretext into a doctor, and they'd have to know the doctor, or a pretext in the insurance company to get that information. We don't do that. or: *** alternate cut 11 *** Apter :24 in: "You and I are leaving threads as we go around, and we find those threads and we weave them together to get a picture. There are people out there that are providing medical records on an illegal basis. We don't do that." **************************************************************** **************************************************************** *** cut 12 *** Hippocratic oath (fades in under last cut, up full for a couple of seconds, then under next cut, then up again after next cut.) **************************************************************** **************************************************************** *** cut 13 *** Smith :22 in: "I think the answer is for patients to insist that doctors go back to that ancient ethical standard, and insist that they not disclose information about them without their informed consent totally. The concept of informed consent about the release of medical information seems to have gotten lost in the modern age." **************************************************************** (Hippocratic Oath comes up full again, then down briefly for soc out) I'M MATT BINDER FOR THE COMMUNICATIONS REVOLUTION. From ld231782 at longs.lance.colostate.edu Sat Nov 27 19:24:19 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sat, 27 Nov 93 19:24:19 PST Subject: Web of Trust: A Proposal Message-ID: <9311280322.AA20996@longs.lance.colostate.edu> Hello everyone, I've been watching these accusations of pseudospoofing scroll by like everyone else, and have been quite upset by them. Cypherpunks should be very careful in this atmosphere. We don't know who to trust! Even the fiery responses to this message could be coming from tentacles! I think the tentacle activity has increased tremendously in the past few weeks because of the variety of recent exposures. So, with an eye to preventing this poison, I'm trying to establish an informal `Web of Trust' of cypherpunks who trust each other in posting with real, and not pseudospoofed identities. I talked about creating this list before, but there was no interest then. I think there is interest now. People want to know if the people they respect really exist and are who they say they are. They are concerned about a campaign to create fake accounts across many states to manipulate the trusting. They suspect that the incredible dischord on this list, historically and presently, is really the fault of the pseudospoofing. Many have complained to me of the `demonizing' and `discreditation' of people who are attempting to establish an honest network of real cypherpunks, turned into whimpering martyrs and scapegoats. For now, I'm especially interested in making contact with some California cypherpunks who have attended meetings and would like to help establish a completely pure `Web of Trust' free of poisoning by pseudospoofer. Gradually, we can get this net to grow to other states. The idea is simple. You contact me if you are fed up with accusations of pseudospoofing on this list and this dischord it has created. You tell me the people you are willing to vouch for, and the evidence you have of their existence. You help track down people who evade your queries. Of course, we are not going to invade anyone's privacy here. But we are going to keep track of people who think that showing some identification to a fellow cypherpunk is an Invasion of Privacy. There will be a set of `verified' and `unverified' listings, and we can continually update them in the face of new information. I'm sure that no loyal or honest cypherpunks would oppose this plan. It is very similar to the PGP `web of trust' model except applied to real identities and eyed with a much stronger view of keeping it pure and uncorrupted by people who wish to embezzle `real reputation credit' from others. The idea that fascinates me is that the most prominent cypherpunks posting here are going to attempt to discredit my plan, either directly or through pseudospoofed tentacles. In fact, I suspect that many cypherpunks are now holding Tentacles and Snakes in high esteem. This `web of trust' should help keep the integrity and honesty in our interactions. For those of you not interested in honesty or integrity, please refrain from sabotaging our plans and efforts at achieving it. So, in particular, if any CA cypherpunks are interested in helping me out, especially those who have attended meetings, please send me mail. Thanks! Some of you who think the bizarre accusations of pseudospoofing are completely unwarranted may be amused by helping me prove it. (Some day, of course, this whole process will be automated of tracking who is vouching for who and with what evidence, with powerful `identitification mechanisms' and `true name servers' but for know we have to do it tediously and manually by hand.) From an12070 at anon.penet.fi Sat Nov 27 19:39:18 1993 From: an12070 at anon.penet.fi (The Pervert) Date: Sat, 27 Nov 93 19:39:18 PST Subject: Sodomy, Homosexuality, and Pseudospoofing Message-ID: <9311280336.AA24018@anon.penet.fi> Gosh, everyone is such in a tither lately. I suspect it is because the tentacles and snakes are out in full force covering up their nonexistence! Well, I thought I would post some more of my insights into pseudospoofing for everyone's enlightenment. I was thinking how much Pseudospoofing is like Sodomy. I mean, there are a lot of interesting parallels. People are repulsed by hearing about sodomy between people they respect, even though some people think it is acceptable in some private situations, as long as participants they don't advertise it! There is definitely a strong evil tinge associated with Sodomy. The name comes from the biblical sinning capitols of Sodom and Gomorahh. (I wonder if Gonorrhea comes from `Gomorahh'). Sodomy has always been associated with evil. It is only after the Sexual Liberation (Sort of like the CryptoAnarchic Revolution) that people became more tolerant of what was previously considered a sexual perversion. (By the way, the Sexual Liberation has been instrumental in the outgrowth of neat new physical and social diseases, such as treatment-resistant STD strains, the broken home, neglected/abused children, monumental statistics in teenage pregnancy, and perhaps the increased devaluation of women and increased aggressiveness in men.) The idea of unconsensual sodomy of course is revolting. Especially when people are young and vulnerable,with impressionable minds. the Leaders of any great country have a responsibility to protect the innocent from exposures to depravities. The whole idea of the legitimacy of sodomy arose with the idea of `private acts between consenting adults.' Anything beyond that is still considered a perversion by reasonable people. I have noticed an interesting overlap between radical libertarians, cryptoanarchists, psychopunks, and people who promote sodomy. People have sent me mail explaining how laws against sodomy prove the government is a Corrupt Orwellian Oppression. As I understand it the Supreme Court upheld the state's rights to legislate against sodomy. The people in these groups believe this is an example of a worthless law. Actually, to them the term `worthless law' is a `pleonasm', the opposite of an oxymoron, a redundant phrase; every law is by definition worthless; laws are nothing but a corrupt mechanism for a depraved Majority to manipulate and oppress the Trampled and Victimized Minority. The restriction on sodomy is their favorite example: ``Any country where a loving man and a wife cannot perform sodomy in the privacy in their own home is a Corrupt Orwellian Oppression.'' I've never quite understood this implication. But the radical libertarians, cryptoanarchists, psychopunks, and sodomists (or at least the sodomy promoters) are quite an inscrutable, volatile, and inconsistent bunch, to say the very least. They have all sorts of other ways of spraying graffiti on concepts like Democracy and urinating on things like Law Enforcement and Justice. ``Anything that prevents criminals from embezzlements is just another outrageous Unconstitutional invasion of their privacy. Criminals have a constitutional right to embezzle from others!'' (Reminds me of someone who told me, `Pseudospoofing is guaranteed by the constitution!') People may go to great lengths to hide their sodomy from respectable people. This brings me to the issue of homosexuality. Obviously, pretty much any homosexual is a sodomizer. The tinge of evil in homosexuality and `paranoid homophobia' are rooted in the belief in the existence of sexual perversions even among consenting adults. Homosexuals have been persecuted for centuries. They have always had to put on different faces for different people to promote their activities, just like pseudospoofers. In recent times there has been a more open embrace of homosexuality. `homosexuality is liberating.' `people are born to be homosexuals. we should do nothing to let them practice their sodomy in public.' I have mixed feelings about all this! It seems to me that again, homosexuality is only justified in private among consenting adults. If you take away the `unconsenting' or the `private' you just have perversions. (That makes me wonder -- is Cypherpunks considered a private mailing list? I mean, on one hand there has never been any crackdown of all the deceptions and lies that have passed through here. On the other hand, it is advertised publicly, in e.g. the Privacy and Anonymity FAQ, edited by L.Detweiler, posted every 21 days to a lot of respectable newsgroups like alt.privacy and sci.crypt, with a beautiful new Latex version rumored to be out there somewhere.) That word `gay' reminds me of the term, `pseudonym'. Both words started out with completely different, innocuous, entirely uplifing meanings prior to homosexuals and pseudospoofers. `gay' once meant joyous, ecstatic, happy. But now it is taken by some as a homosexual slur like `fairy' or `queer'. Also, even among some gays, the term `gay' has militant connotations. `pseudonym' on the other hand was once something harmless that writers used to protect their privacy or play a harmless joke or prank on a few people. But pseudospoofers have invented the `pseudanonym', a name that is explicitly *mis*represented as that of a real person! Unfortunately, they still don't understand the distinction, and still call their insidious widespread interactive uses of `nyms' for espionage, sabotage, thievery, blackmail, infiltration, treachery, and betrayal `pseudonyms' and `pure anonymity' and `pseudonymity' when it is really `pseudoanonymity'. I am really quite upset at this toxic pollution of the English language, and desperately pray that `pseudonymity' does not become associated with so many pejorative connotations from unstable and quasi-criminal radicals, extremists, and terrorists the way `gay' did. The ideas of sex and identity are very closely intertwined too. When you fall in love with someone, you are falling in love with a person and their identity. Some people manipulate this trust. E.g., a pseudoRomeo romances very many women with fake identities in email, and complains about persecution when he is caught. I think the women have a right to be angry and feel vindictive! (Reminds me of Lorena Bobbit.) When you love someone, the whole idea of exclusivity is involved with romance. Both men and women will feel betrayed if their partner was `cheating' on them with someone else, or hiding evil aspects of their personality from the other, for example drug use. Unfortunately, deception is the name of the game with pseudospoofing. I wonder if anyone has ever fallen in love with a tentacle! I understand this has happened. Medusa is very wily. That would be awfully disappointing and disillusioning and alienating to find that someone you respected was not only a `fake' but a `nonexistent fake' played for you like a puppeteer manipulates his puppet. This is so devastating to psychological serenity that I'll bet that laws are passed against this, just as there are laws about rape and infidelity in breaking a marriage. Hopefully the Cryptoanarchists, psychopunks, radical libertarians, and sodomists (or at least the promoters!) will not object too much to these `invasions' of their `privacy'. Have pity on the people who enact them, who were probably burned badly and essentially mean well. The parallels between homosexuals and pseudospoofers are very strong. They are torn between believing that they are not perverted, and promoting a religion and mythology among themselves about their persecution and righteousness, when the outside public may consider their beliefs nothing but wicked depravity. Surely there is a balance somewhere. I do believe that some progress has been made in attitudes toward homosexuality with the newfound openess and honesty that many homosexuals practice. Pseudospoofers, on the other hand, have not `come out of the closet' yet. Despite little glimmers and glimpses here and there, we are left only to guess how many different identities they are maintaining. The leaders are especially resistant to openness about their practices. They will not even hint about their partners, believing that they will be discredited immediately for their elaborate frameworks of deceptions among even personal friends erected to hide it. So instead their fervent followers attempt to justify their leaders and their own religion with vague propaganda about how homosexuality is not wrong, to the contrary it is refreshing and liberating, growing, and increasingly at home everywhere, no thanks to the McCarthyist Witchunt Inquisition Intoleration and gay-bashing of backward homophobe reactionary Luddites. (I hope that no pseudospoofers are homosexuals are offended by my comments. Please don't think that this prose is actually a long, complex, painstakingly and carefully crafted masterpiece containing thousands of subtle and overt insults and flamebaits intended to throw cypherpunks dialogue into Liberating Anarchy. Please take my metaphors in the most superficial and endearing of terms and the good will I offer them in. There is nothing between the lines just as there is no pseudospoofing on the Cypherpunks list!) ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From hughes at ah.com Sat Nov 27 20:14:19 1993 From: hughes at ah.com (Eric Hughes) Date: Sat, 27 Nov 93 20:14:19 PST Subject: 900 MHz Cordless question In-Reply-To: <199311250803.AAA19259@mail.netcom.com> Message-ID: <9311280406.AA03857@ah.com> >1: Given that Cylink was one of the two original companies to manufacture >Clipper hardware ??? The two companies were VLSI Technology, who did the manufacturing, and Mycotronx, who did the design. Eric From ld231782 at longs.lance.colostate.edu Sat Nov 27 20:24:19 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sat, 27 Nov 93 20:24:19 PST Subject: Vinegar, Honey, Flies, and Snakes Message-ID: <9311280421.AA21626@longs.lance.colostate.edu> Someone told me in email that they respected what I was doing in attempting to elicit a public statement by top Cypherpunk leadership on pseudospoofing, but that I was going about it in the wrong way. He said, `you can catch more flies with honey than vinegar.' I told them that I don't think I had caught *any* flies with *either* honey or vinegar so far, after many weeks of public and private email! `What do you recommend to catch snakes?' I asked. He didn't say yet. I could certainly use some advice. I admit I've been winging it for the past few weeks. Nevertheless, he does have a point about honey vs. vinegar. So, I'm offering this neat opportunity and prize to all the spiffy cypherpunks who would like to help me out. The premiere goal is to get the CA Leadership to Come Clean on their personal knowledge and involvement in pseudospoofing. There are many ways to go about this. You can send mail to gnu at toad.com, hughes at soda.berkeley.edu, tcmay at netcom.com Of course, I've tried this to no avail, but maybe you have a better reputation among them than I do. I regret I have kind of shot mine in their eyes after the fanatic persistence in exposing the pseudospoofing. One refused to even talk to me on the phone to allay my fears about pseudospoofing. You might also ask the journalists who have covered the cypherpunks if they know anything about the promotion of deception, or would be interested in helping uncover a hoax or a conspiracy. (I have a few in that area, but they are `silent and deadly' and it will take awhile.) Another interesting technique is that of exposing the tentacles and snakes on other lists. Challenge them in their claims of real identity. For example, N.Szabo claimed in RISKS that he knew about others trying to help me learn of their true identities. When I challenged him on Who, he got upset and stormed off the Internet. He posted a message here stating that I was `stalking' people with `true names'. Hee, hee! This is typical behavior of a tentacle. Unfortunately, I haven't yet been able to track the Medusa behind this tentacle, but these things take time. The Szabo tentacle really pisses me off because he got into a prestigious journal that should be free of this kind of treacherous poison. But I have to give you some incentive, don't I? Well, what about fame and glory? Can't you just imagine that great NYT and Wired headline, INGENIOUS HACKERS EXPOSE FRAUDULENT CYPHERPUNKS, with your picture in glossy color? talking all about the amazing history of the investigation, all the amazing contortions by top cypherpunks, etc.? The situation is that even the Leaders need an incentive to Come Clean. Well, I am prepared to offer a very valuable prize for this. I am personally aware of one of the most masterful and dramatic stories of intrigue and pseudospoofing that exists in the Real World. It involves a radio team and Nazi Germany in WWII. I guarantee you, this is PRIME material that head cypherpunks can drool over. Your `True Name' SF by whats-his-name will not even come close to this kind of sheer spectacular nailbiting epic saga. So, Mr. May, Mr. Hughes, Mr. Gilmore, I promise to personally type in by hand this very long story from a very obscure niche, serialized over many or maybe a week, but that will have you salivating at the masterful deceptions. I am talking about the #1 Master Pseudospoofed Hoax that beats War of the Worlds and the Cypherpunks List as a sheer masterpiece of sensitive and strategic deception. I mean, supposedly the timing of D Day was affected by this espionage. Wow, you can't wait to read this. But you have to help me out! I can't do anything without some kind of Positive Signal on your part. Please, don't deprive yourselves and your followers from seizing this fantastic opportunity! Time is running out! Act now! This is a Limited Time Offer! This is my Honey Offer. I've tried the Honey before with top cypherpunks in email, but it just doesn't work. I mean, there's only so much you can do with psychopunk flies. I have plenty of Vinegar left. Lord knows, there are still plenty of Snakes. From ferguson at icm1.icp.net Sat Nov 27 20:34:19 1993 From: ferguson at icm1.icp.net (Paul Ferguson x2044) Date: Sat, 27 Nov 93 20:34:19 PST Subject: Mykotoxin, er, Mykotronx, er ... In-Reply-To: <9311280406.AA03857@ah.com> Message-ID: <9311280433.AA21109@icm1.icp.net> Eric (ah) Hughes writes - >>1: Given that Cylink was one of the two original companies to manufacture >>Clipper hardware > > ??? > > The two companies were VLSI Technology, who did the manufacturing, and > Mycotronx, who did the design. Oh, and don't forget that infamous, bandwagon-jumping announcement by another major telecommunications giant on April 16, 1993 ... Cheers. ,-) From hughes at ah.com Sat Nov 27 20:34:45 1993 From: hughes at ah.com (Eric Hughes) Date: Sat, 27 Nov 93 20:34:45 PST Subject: On generating all primes less than 2^x In-Reply-To: <9311262038.AA27804@anon.penet.fi> Message-ID: <9311280426.AA03899@ah.com> re: generating all primes less than 2^x >Granted this would >take a while, but the NSA has the time, the computers, and the other resources >necessary to do this. The basic fact of number theory here is the prime number theorem, which says that (for the purposes of this problem) the number of primes less than N approaches N/ln N. For N=2^192 (say, for cracking 384 bit PGP keys), that number is 2^192/133, which is about 2^185. The number of bits necessary to store all of these primes is even larger. A gigabyte is only 2^38 bits. In plainer language, there's just too many to store. This same calculation also explains why there will never be a shortage of primes. Eric From marc at MIT.EDU Sat Nov 27 20:39:19 1993 From: marc at MIT.EDU (Marc Horowitz) Date: Sat, 27 Nov 93 20:39:19 PST Subject: New toy for those of you with real cash flow. Message-ID: <9311280438.AA13296@steve-dallas.MIT.EDU> ------- Forwarded Message JOURNAL OF RECREATIONAL MATHEMATICS Volume 25, Number 1 -- 1993 Book Reviews, edited by Charles Ashbacher Note: The following is neither a book nor a software review. It is a review of a piece of hardware--but it should be of prime interest to readers of this journal. The Dubner PC Cruncher-A Microcomputer Coprocessor Card for Doing Integer Arithmetic, H & R Dubner, 449 Beverly Road, Ridgewood, New Jersey 07450, Telephone 1-201-652-1825. $2,500. Need more processor speed for arithmetic operations? Try the Dubner "Cruncher." This is an add-in board for IBM PC Compatibles (ISA bus) which is designed to quickly add, subtract, multiply, and divide large numbers. For example, to check a number of 1000 digits for probable-primality using Fermat's theorem (a^p = a(mod p) whenever p is prime) takes about two minutes on a typical 486DX machine, but less than five seconds if this same machine has a Cruncher installed. The improvement in speed depends on the size of the numbers. Numbers with 100 digits are multiplied about six times as fast, numbers with 1000 digits about forty times as fast, and those with 10,000 digits are multiplied about ninety-eight times as fast. The Cruncher is currently limited to integer arithmetic. Its speed comes from the use of a chip designed for real time digital signal processing (LSI Logic's L64240 MFIR) which can perform 1.28 billion multiply/add operations per second. Access is provided to this power on two levels: through a menu interface and through a set of ANSI compatible C language routines. The menu-based interface is primitive but workable. It allows you to enter numbers from the keyboard and then perform all the various Cruncher operations, including the basics operations, using any of several factorization methods, access to a primality proving algorithm, and even the ability to screen for primes of certain forms, such as abc + 1 where either a or c is incremented during the search. Also included are the necessary tools for a programmer to access the Cruncher's power from within their own C programs. This includes a set of instructions similar to those in an assembly language, for example, hmult(a,b,c) multiplies the numbers pointed to by b and c and places the result in the location that a points to. The procedure hpowerm(a,b,c) raises a to the b-th power modulo c and places the result in a. Functions are included to do the basic arithmetic operations as well as such things as calculating n!, ab(mod c), and the integer part of the n-th root of a number. These instructions are easily used in any C program and make it unnecessary for the user to know how the hardware actually works. I learned C just to use the Cruncher in my own research and the speed was well worth the effort! The near super-computer speed provided by the Cruncher is very impressive! For example, I recently used the Cruncher on my 386 machine to search for the next prime of the form n!-1 . After about five days I found it: 3507!-1 (with 10,912 digits.) This search would have taken about a year using a very fast 486! Though it is not necessary, I usually use the Cruncher from within the Microsoft Windows environment - that way it can crunch away twenty-four hours a day in the background and I can still do my word processing and programming in the foreground. However, Windows does slow the Cruncher down a few percent. The Cruncher's price, $2,500, is not cheap, but is definitely the least expensive way to make your machine multiply and divide fifty times faster. In short: 1) the speed is unbelievable; 2) the menu interface is workable, but if your interests diverge too much from the Dubners', you will need to be able to program in C; and 3) if you program in C, the tools for accessing Cruncher's power are excellent. Chris Caldwell Mathematics and Computer Science University of Tennessee at Martin Martin, Tennessee 38238 The Dubner PC Cruncher We can give you the computational power you've only dreamed of. Dollar for dollar, we believe that we have built the most powerful hardware available for doing multiple-precision integer arithmetic. Here is a list of execution times for Fermat testing of numbers with 1,000 decimal digits: Vaxstation 3100/38 770 sec Sun 4/330 377 sec Decstation 3100 287 sec IBM RS 6000/320 128 sec 486/33 128 sec IBM 3090 19 sec 486/33 with Dubner PC Cruncher 4.4 sec Fujitsu VP 2200/10 2.1 sec You'll note that the Fujitsu VP 2200/10 can test a 1,000-digit number faster than the Cruncher. But the Fujitsu is a multi- million dollar supercomputer comparable to a four-processor Cray XMP. The PC Cruncher is an add-in board that plugs into your IBM-compatible PC/AT. Its cost: $2,500. Furthermore, the Cruncher becomes more efficient as the numbers grow larger. At 3,000 digits, the Cruncher is slightly faster than the Fujitsu. By 10,000 digits, the Cruncher is 1.5 times faster. The chances are that you already have a PC which you probably turn off at night. Install the Cruncher, run it during those nighttime hours, and you can get the same amount of computing done as if you had access to ten or more hours of supercomputer time. How can we do this? We are Harvey Dubner and Bob Dubner. Harvey is an electrical engineer and computer systems designer with a long-term interest in mathematical theory, particularly in number theory (with over twenty published papers.) Bob is an electronic design engineer with a lot of experience in high-speed digital systems. The PC Cruncher comes from that combination of talent: Harvey has an insatiable need for processing power, and Bob likes to design powerful processors. Over the last ten years we have built and programmed a succession of high-speed, number-crunching circuits that augment the ability of personal computers to do multiple- precision arithmetic. With the previous version of the hardware, we discovered over half of all the known prime numbers of more than 2,000 digits. With 632 numbers, we were by far the biggest contributor to that list. The PC Cruncher is roughly ten times faster than the previous version, and we are very excited about the contributions to theory that will be made when many investigators have this kind of computational power available. Description of the board: The hardware consists of a full-sized circuit board that requires a 16-bit slot in an IBM-compatible PC/AT. At the heart of the design is a 64-tap Finite-Impulse- Response filtering chip made by the LSI Logic Corporation. It is this chip's ability to perform 1.28 billion multiply/add operations per second that gives the PC Cruncher its remarkable performance. (And it is the chip's $1,100 purchase price that makes the PC Cruncher as expensive as it is.) The board dissipates about three or four Watts, and has no special space, power, or cooling requirements. The PC Cruncher has 256K of on-board memory for storing operands, and another 64K of high-speed memory for accumulating intermediate results. All communication between the host and the Cruncher is done with I/O ports -- the Cruncher doesn't use up any valuable memory space. The software for driving the Cruncher will run fastest on a 386 or 486 executing in protected mode. We use Symantec's Zortech C compiler, because it easily and conveniently generates 32-bit protected-mode code. All of the code has been written in strictly ANSI-compatible C, with some MASM 5.1 assembly language. When you buy the Cruncher, you will receive the board, complete schematics, complete documentation for the programmable logic on the board, complete source-level C and MASM code for driving the board, and documentation for that code. Please contact us for additional information. Order from: ( USmail, Email, Fax, or telephone ) Dubner International, Inc. 13 Westervelt Place Westwood, NJ 07675 Tel: 201-664-6434 Fax: 201-358-9377 Tel: Harvey Dubner 201-652-1825 Robert Dubner 201-664-6434 E-mail: Harvey Dubner 70372.1170 at compuserve.com Robert Dubner 73247.2334 at compuserve.com PC Cruncher Performance Benchmarking: Assessing just how fast the PC Cruncher can calculate depends on many things. The major factor is the size of the operands that are being operated on. Consider multiplication. The PC Cruncher multiplies using the schoolboy algorithm -- it does long multiplication just like you do, except that instead of multiplying and accumulating 2-digit products, the Cruncher multiplies and accumulates 308-digit products. And it only takes the hardware about 6.4 microseconds to multiply-and-accumulate a 308-digit product. Unfortunately, it can take dozens of microseconds of fiddling with the PC's sluggish ISA buss to set up the hardware to create that 308- digit product. The efficiency at that point is relatively low. Even at 1,000 digits, the software is spending about half its time frantically trying to get the hardware going. At about 4,000 digits, the effects of overhead are reduced, but they continue to be significant until about 10,000 digits. To give you some idea of what this means, let's look at the time needed to square an N-digit number. Here is a comparison of a 486/33 with a PC Cruncher, compared with a 486/33 running a highly-optimized multiple- precision multiply routine: Number of digits Time without Cruncher Time with Cruncher Factor 100 .000220 secs .000037 secs 6 500 .004000 .000165 24 1,000 .015000 .000357 42 5,000 .375000 .004400 85 10,000 1.500000 .015283 98 Division performance is even more complicated. The basic inner loop of division is more complicated than that of multiplying, with even more overhead. Dividing a 200-digit number by a 100-digit number is about 6 times slower than squaring a 100-digit number; at 2,000 by 1,000 digits division is 3 times slower than the corresponding multiply, and at 20,000 by 10,000 digits division is 1.7 times slower. Added to all this is a 600-microsecond pre-division calculation time that must be added to all randomly-started divisions. Happily, this calculation need only be done once whenever repeated divisions by the same number are executed, as in the heavily-used 'A**B MOD C' function. In summary: In the 50 to 200 digit range, a 486/33 PC equipped with a PC Cruncher board will be 3 to 10 times faster than the same machine without the Cruncher. The actual speed will depend on the size of the numbers and the function mix. As you go up to 1,000 digits, performance will be 20 to 40 times faster. Past 4,000 or so digits performance will be 50 to 100 times faster, which will put you in supercomputer territory. If you start with a slower PC, the relative performance gains are even more spectacular, since the Cruncher's performance is hindered only a little by the slower processor once you get past a few hundred digits. At 100 digits, a Cruncher-equipped 386/20 will be about 10 to 30 times faster than the same machine without the board, and at 4,000 digits and up will be 150 to 300 times faster. Dubner PC Cruncher -- Other Possibilities RSA Encrypting/Decrypting A 486/33 equipped with a Dubner PC Cruncher board can perform 1,024-bit A**B MOD C calculations in about 0.473 seconds. You could therefore decrypt an entire message at the rate of about 270 bytes per second -- ght times faster than an unaided 486/33. re prepended to a DES-encrypted messages, can get going in about one-half second instead body out there have a network that needs a key Need more speed? Let usere is enough interest, we can build this same basic hardware onto an EISA slave board, instead of an ISA board. We have yet to do a complete analysis, but our feeling is we'd get about a three-fold performance increase in the 1,024-bit range. This added speed would come from a reduction in overhead when manipulating these smallish 308-digit numbers. Need even more speed? Talk to us. It just costs money. The PC Cruncher design would scale up nicely with two or four of the big FIR chips. For somewhere between $6,000 and $10,000 you could blow the maintenance panels off of anything. But we'd need a sponsor. Used to working with workstations? Well, you could spend about $2,000 on a 486/33, add in the $2,500 PC Cruncher, write some software and stick it on the network as a number crunching server, and hardly notice the difference. Or talk to us -- with sufficient interest we could build a Cruncher with its own on-board RISC processor, and stick a SCSI port on it so it'll plug right into a workstation. Not a bad idea -- we could get rid of a lot of overhead that way, and get real improvements in the 100- digit and up range. But again, we'd need a sponsor. ------- End of Forwarded Message From hughes at ah.com Sat Nov 27 21:04:19 1993 From: hughes at ah.com (Eric Hughes) Date: Sat, 27 Nov 93 21:04:19 PST Subject: Banning any subscriber In-Reply-To: <199311272018.MAA26674@mail.netcom.com> Message-ID: <9311280456.AA04042@ah.com> >I personally disagree with censorship. It would be impossible to enforce >anyway. A move of this type would simply drive Detweiler to use the >Cypherpunk remailers which would be harder to detect. Then what do we do? >Stop accepting mail from our own remailers? Basically, yes, except for signed letters from previously authenticated pseudonyms. This is a simple form of a positive reputation system. A kill fill is a negative reputation--'not that person'. A positive reputation rejects all but a particular set of identities. Much of the debate on cypherpunks magically incants 'reputation systems' to solve all sorts of sticky problems, but none have ever been implemented in software, except for killfiles, which are not effective against disruption in an anonymous environment. Necessity is the mother of invention. A motivated individual trying to disrupt a communications forum and who has to avoid a kill file will be necessary to create the need for a positive reputation system. Once the need is there, the software will follow. LD could become the most valuable participant in the endeavor of creating a positive reputation system, namely, the irritant at the center of the pearl. Let us encapsulate him well. Eric From hughes at ah.com Sat Nov 27 21:14:20 1993 From: hughes at ah.com (Eric Hughes) Date: Sat, 27 Nov 93 21:14:20 PST Subject: On derivative information products Message-ID: <9311280504.AA04077@ah.com> I've never really made clear what is OK to do with cypherpunks list material and what is not. The answer is easy: Do whatever you want with it. Hal Finney runs an encrypted cypherpunks list which sends you an encrypted version of the main list. Great. If someone wants to create edited or digested versions, fine by me. If someone wants to create an LD-free list, it's OK by me. In fact, those who for whatever reason still pay by the message may want a ranter-free list just to cut down their charges. If you think you don't have the resources to do stuff like this yourself, that's incorrect. The cypherpunks remailer can be hacked to run all sorts of email services out of a user account. If you want some special feature in the mailing list, do it yourself or convince someone to do it for you. If you want some feature and will not be doing the implementation, feel free to ask on the main list for someone to do it. Eric From analyst at netcom.com Sat Nov 27 21:24:45 1993 From: analyst at netcom.com (Benjamin McLemore) Date: Sat, 27 Nov 93 21:24:45 PST Subject: 900 Mhz phones Message-ID: <199311280524.VAA25839@mail.netcom.com> Sorry about the mistake in my question. I had quickly read an article the other day that left the idea in my mind that Cylink was one of the two producers of the Clipper chip, actually quite the opposite is true: >Cylink unveiled a civilian agency alternative >to the Clinton Administration-advocated Clipper Chip and SKIPJACK >algorithm for data communications security, saying it has begun >shipping a product implementation of the Data Encryption Standard >(DES) with an IC it claims will do instantaneous triple DES >encryption. Coupled with the article in the Economist about them also making the chip for at least one digital cordless phone, my latent (but growing) paranoia about the intentions of this government with respect to our privacy jumped to the false (??) conlusions I implied in my question. Any more info from anyone about which of these phones might be more or less secure? What kind of algorithms would we really like to see implemented for wireless communications? Who's doing it? (I think there is a story about Qualcomm wanting stronger security for their CDMA digital cellular standard but being forced to weaken or eliminate it due to government(?) pressure--but that may be my paranoia again...) ------------------------------------------------------------------------------ Benjamin McLemore analyst at netcom.com -- From ferguson at icm1.icp.net Sat Nov 27 21:29:19 1993 From: ferguson at icm1.icp.net (Paul Ferguson x2044) Date: Sat, 27 Nov 93 21:29:19 PST Subject: Subscriber encapsulation In-Reply-To: <9311280456.AA04042@ah.com> Message-ID: <9311280526.AA22451@icm1.icp.net> Eric Hughes writes - > Much of the debate on cypherpunks magically incants 'reputation > systems' to solve all sorts of sticky problems, but none have ever > been implemented in software, except for killfiles, which are not > effective against disruption in an anonymous environment. This is an interesting point within itself. Anon messages from remailers such as continually have the same banner/header information, regardless of user (which in my ideal anonymous environment is a GOO THING (tm)). Anon mail from penet is account -ized and assigned -- not an ideal anonymous environment from my viewpoint. The Net is still in its infancy, as far as I can assess. We will all be much the historians, if the soothsayers are to be believed. - Paul From ferguson at icm1.icp.net Sat Nov 27 21:34:20 1993 From: ferguson at icm1.icp.net (Paul Ferguson x2044) Date: Sat, 27 Nov 93 21:34:20 PST Subject: Subscriber encapsulation In-Reply-To: <9311280521.AA04160@ah.com> Message-ID: <9311280533.AA22656@icm1.icp.net> > >> systems' to solve all sorts of sticky problems, but none have ever > > >ideal anonymous environment is a GOO THING (tm)). Anon mail from > > Is a GOO THING the solution to a sticky problem? Absolutely. Remeber "Vinegar and Honey..." Remember "Medusa, The Executioner and (now) The Pervert?" Lions and tigers and bears (oh my).... - Paul From an53310 at anon.penet.fi Sat Nov 27 21:39:19 1993 From: an53310 at anon.penet.fi (Evariste Galois) Date: Sat, 27 Nov 93 21:39:19 PST Subject: Mon Dieu! Message-ID: <9311280537.AA07160@anon.penet.fi> In re: L. Detweiler What manner of puling, wretched clericalist is this, this Perverted Excutioner, driving us bold revolutionaries to distraction? Verily, I urge you to screen his vileness from yourselves rather than give him treat; a cur such as he should be cut off, not entertained by our work of words. Nor should he or his minions be given entrance to our forum; were this a public square, (tho I dearly love to ride him forth on a rail) he could rant as he pleases, but he is fouling our parlor and drives forth newcomers who have not learned to ignore this stinking, drooling idiot in the corner covered in suppurating sores, screaming about conspiracies and evildoings imagined in madness or opium dreams. Aye, I would call him out, I would, had I not learned better in years gone by... ++ ++ Evariste Galois ++ L'Ecole Polytechnique ++ ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From ferguson at icm1.icp.net Sat Nov 27 21:44:19 1993 From: ferguson at icm1.icp.net (Paul Ferguson x2044) Date: Sat, 27 Nov 93 21:44:19 PST Subject: 900 Mhz phones In-Reply-To: <199311280524.VAA25839@mail.netcom.com> Message-ID: <9311280542.AA22805@icm1.icp.net> > Any more info from anyone about which of these phones might be more or > less secure? What kind of algorithms would we really like to see > implemented for wireless communications? Who's doing it? (I think there > is a story about Qualcomm wanting stronger security for their CDMA digital > cellular standard but being forced to weaken or eliminate it due to > government(?) pressure--but that may be my paranoia again...) No, its not your imagination, nor a case of over-active paranoia. It's a fact that the FBI (among other three letter entities) have previously asked cellular encryption developers to "scale back" their implementations for ease of access to communications for law enforcement purposes. In a word (or two), it bites. The Digital Telephony proposal espoused mnay desired options which the gummint couldn't previously weasel in earlier attempts to backdoor communications. - Paul From ferguson at icm1.icp.net Sat Nov 27 21:55:38 1993 From: ferguson at icm1.icp.net (Paul Ferguson x2044) Date: Sat, 27 Nov 93 21:55:38 PST Subject: CHAOS gopher maintenance Message-ID: <9311280555.AA23154@icm1.icp.net> Who's in charge of the chaos.bsu.edu gopher? I was just browsing the contents and it is not very up-to-date with cypherpunk information... - Paul From ld231782 at longs.lance.colostate.edu Sat Nov 27 23:00:39 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sat, 27 Nov 93 23:00:39 PST Subject: Long Litanies of Lies Message-ID: <9311280659.AA23613@longs.lance.colostate.edu> Hello again. I just wanted to talk about the idea of pseudospoofing `crossings'. It seems to me that people who are rampant pseudospoofers have built up a life of fear and paranoia. They are always posing the question, What if I say this? Will it reveal my identity? There is so much information that we have flitting through our brains, and it is impossible to track where it originated from. It invariably blurs! I mean, if I talk to someone with my tentacle, and he says that he is proud that his wife is going to have a baby, and then I meet him in person and say `Congratulations' out of good wishes, he says, `how did you know I was going to have a baby?' and the pseudospoofer has to work himself out of another uncomfortable rock-and-hard place. Imagine having to hesitate like a liar to say *anything* or answer *any* question you are ever asked. What pernicious, sweaty, hellish torture! I have information from G.Broiles (a tentacle? hee, hee) and others that top cypherpunks, E.Hughes in particular, have developed pseudospoofing and style analysis software. If so, I think this is somewhat pathetic. I mean, think of all the time they are wasting trying to keep track of who said what, and what who knows about what, and what they can and can't say at a given time. Good lord! If everyone had to do this all the time, we would collapse in a nervous breakdown. It's really pathetic that anyone would call so much extra overhead baggage `Liberating'. Why would anyone go through so much trouble to promote a lie? The answer is that they are not honest! `Power over their victims' I mean, is this really Communication? Respect for one's peers and colleages? Seems more like AntiCommunication to me. It's interesting that the idea `community' and `communication' have the same root. No coincidence there! If you don't have one, you don't have the other! But many psychopunks recognize this already, and this is why they continually searingly rant against any kind of Community, like a Government or a Democracy or a Meeting. Pseudospoofing reminds me of the way that criminals justify their crimes in the face of every clue and signal that is screaming at them at the top of its lungs to stop betraying themselves and their friends and cease with their depravity. A heroin junkie could have an arm full of collapsed veins, lost his home, his family, his honesty, his money, his dignity, his sanity, his life. And to the end he will say I Must Have My Heroin. But pseudospoofers are masters at their kind of systematic manipulation. They enjoy it, they thrive on it, it is their vicarious sexual thrill. It is like a chess game involving different pieces and scenarios and positions and attacks and countermeasures and feints and .... What does my opponent know about this tentacle? Does he really trust it? I think every pseudospoofer is something of a pathological liar at heart. He enjoys weaving complex scenarios and keeping track of what he said to who, and how to make sure that no one walks into each other or any of his long litany lies collide with each other in a `crossing'. But My Gosh, Cyberspace is inherently unconducive to concealing the truth where people want to find it. There are just too many myriads of possibilities for arbitrary crossings between independent identities and opportunities for honest people to discover the truth in the face of lies. Who is Inside? Who is Outside? A conspiracy will always collapse under its own weight. The only question is, who will be crushed beneath it? (That reminds me of that story about the Zen of Cyberspace, where a corrupt king dies and a platform carried by his sycophants crushes them. I have it somewhere in my extensive archives if anyone is interested.) It is like the RSA key spoofing trick -- you might be able to send someone a fake key, but then they go to communicate with their party over a random line anywhere in cyberspace (the IP protocol means that different packets may take different paths at different times, the beauty of robust fault-tolerant routing) and suddenly the recipient realizes from the gibberish that he has been pseudospoofed. You might be able to keep up a deception at first, but suddenly some independent channel is touched by your target that you have no control over, and the whole illusion collapses. The biggest problem with pseudospoofing, deception, and lies in Cyberspace is when a climate arises wherein people are not skeptical by nature, even though they claim they are. For example, many people have told me that they are sure they have never signed a fake key, or used one, of a person that does not exist. But my own experience with others and the key server design would seem to contradict this. Top developers seem to defend, even delight and revel in the `toxic waste' in the PGP Web of Trust. Today's key servers are quite corrupted with fake keys, many of them from the Cypherpunk pseudospoofer cultists. So people think that this `web of trust' is actually trustworthy when it is just a `web of lies'. The problem is that they do nothing *actively* to seek out fake identities and corruptions in the Web, even when encouraged to do so. If everyone passively accepts a Lie, and someone actively continues to orchestrate it, the Lie Stands. Once again, a great new technology exposes the human weakness that lay largely obscured before its invention, in this case the inherent laziness and gullibility of people. This Cypherpunks list is a classic case where people can continue to believe in a lie despite many signs that there is a deception going on. It involves the magnetic, powerful effect of peer pressure. If all your friends do drugs, you believe it is a Liberating Experience unequivocally. Faith replaces Knowledge. If your eminent leaders say that pseudospoofing is a Liberating Experience, you believe it. After all, they were profiled in NYT and Wired! Who are we to question their authority? In an environment (the Internet) where the default expectation should be that *everyone* is a tentacle, because nothing prevents it, everyone to the contrary believes that everyone is real! This illusion of reality in cyberspace is very hard to dispell, even though people claim they cannot ever be fooled! The problem is that lies can sometimes pick up their own destructive momentum, like a snowball rolling down a hill. People can begin to believe in fantasies, like a meme-virus propagating like a toppled line of dominos, like a crowd that turns riotous with a few circulating shouts. However, sometimes the Truth erupts amidst the lies in the same way! By the way, I still haven't heard anything from J.Gilmore, E.Hughes, or T.C.May on their personal knowledge of pseudospoofing on the Cypherpunks list. E.Hughes wrote something in RISKS but it seems evasive to me (more on this later). I would appreciate if you guys or someone else could send me your public statement on pseudoanonymity in email. Many people have been talking about all the anarchy, dischord and disunity on the list lately, and maybe a public statement by a cypherpunk `official' would help stop all the rampant speculation and fingerpointing. That is usually the respectable approach among any professional organization! (That reminds me of P.Metzger complaining that `Cypherpunks' was just too darn subversive sounding as a name! ROFL) I have to wonder what you guys are really trying to accomplish without public announcements, and why one has been so long unforthcoming! Kind of reminds me of a big conspiracy or hoax! If you flinch and cower every time your leadership and `movement' are subject to scrutiny people will think you're nothing but a batch of liars, or pseudospoofers (the difference is not great). In fact, maybe a ban against pseudospoofing might rescue the list from the hellish ulterior grouchiness and atmosphere of noise and frustration that it has always had in the past and scared away a lot of respectable people (for example, Markoff). But that's an awful lot to hope for. On the other hand, the CryptoAnarchists have always come out in favor of Anarchy, of course, and maybe the recent violent seizures on the list, the continual tick-tick-ticking torture of the time bomb, are what they have in mind. From rjc at gnu.ai.mit.edu Sat Nov 27 23:44:19 1993 From: rjc at gnu.ai.mit.edu (rjc at gnu.ai.mit.edu) Date: Sat, 27 Nov 93 23:44:19 PST Subject: Cryptosplit 2.0 Message-ID: <9311280740.AA15833@kropotkin.gnu.ai.mit.edu> On Colin Plumb's suggestion, I rewrote my first Shamir secret sharing program to work over GF(2^8). I didn't do this the first time because I thought writing all the low level GF math routines would be a pain -- so I opted out by using G++'s Integer class to work over Z_p. Imagine my surprise when it turned out the math code over GF is easier. The hard part was actually generating the tables for x=g^n and n=lg x (g=primitive element), but I got maple to do it for me after I read the docs. Multiplication is simply the macro A*B=g^(lg A + lg B) (3 table lookups) and addition is, of course, XOR. And x^-1 is just two table lookups unlike the euclidean algorithm I needed to work over Z_p. (p being huge) Since I'm working over GF(2^8), I adapted my program to work on arbitrary length binary files instead of integers. Now you can take any file and split it up into m pieces, k being needed for reconstruction. The program is much more usable now. It's also written in C now, not G++. As before, if you want it, e-mail me. -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From tcmay at netcom.com Sat Nov 27 23:49:19 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 27 Nov 93 23:49:19 PST Subject: Banning any subscriber In-Reply-To: <9311280456.AA04042@ah.com> Message-ID: <199311280747.XAA15002@mail.netcom.com> One of my mischievous tentacles developed a mind of its own and misbehaved. "Eric Hughes" said: > Much of the debate on cypherpunks magically incants 'reputation > systems' to solve all sorts of sticky problems, but none have ever > been implemented in software, except for killfiles, which are not > effective against disruption in an anonymous environment. Actually, I disagree. The Extropians list has an "::include" command that can be used to specifically include only certain thread or certain users (or any combination). I know for a fact that Dean Tribble and Paul Baclace are doing an "::exclude all" and then a selective "::include foo" to include certain threads and/or authors. I would call this a classic example of a positive reputation system. > Necessity is the mother of invention. A motivated individual trying > to disrupt a communications forum and who has to avoid a kill file > will be necessary to create the need for a positive reputation system. > Once the need is there, the software will follow. LD could become the > most valuable participant in the endeavor of creating a positive > reputation system, namely, the irritant at the center of the pearl. > > Let us encapsulate him well. I agree. And I suggest the Extropians software is suitable for this. It even used the Cypherpunks "::" syntax as its model, albeit with the command on the same line as the "::'. My understanding is that this software is available for our use--I will cc: Ray Cromwell on this message to make sure he sees it (Harry Shapiro is still on this list, I believe). My main concern would be that the CPU demands on toad are too much. Ray C. and Harry S. can tell us how many CPU seconds are needed to process the Perl commands needed to filter; on a list with 500+ subscribers, some pressing needs to filter out a couple of addresses, and an old machine (toad), I worry. --Tim May, who generally finds it faster to hit "D" than to filter (and, ironically, I keep all of the Detweiler/Pervert/S. Boxx/etc. posts, both for archival value and because it's stuff I'll want to reread in future years and perhaps use in a book I may write). -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From greg at ideath.goldenbear.com Sun Nov 28 00:29:19 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sun, 28 Nov 93 00:29:19 PST Subject: Software filtering agents Message-ID: My knowledge of neural net software is limited to a cartoonish understanding of the theory behind them, but as I understand it they might be a useful tool for identifying the author of a given text stream. Comments? Anyone on the list familiar with neural net implementation, or in need of some sort of academic project? :) -- Greg Broiles greg at goldenbear.com Baked, not fried. From tcmay at netcom.com Sun Nov 28 00:35:40 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 28 Nov 93 00:35:40 PST Subject: "Pretty Good Paranoia" and "Dining Detweilers Net" Message-ID: <199311280835.AAA20462@mail.netcom.com> Pseudospoofer Wannabees, Are you unable to pseudospoof the way The Pervert can? Do you find yourself using your True Name instead of a wonderful nym like The Executioner or Psychopunk? Well, now there's hope. After buying our product, "Pretty Good Paranoia," you too will be able to indulge in florid flights of fracturous fantasy, constructing long, rambling missive like this: "My tortured and WRACKED soul is becoming INCREASINGLY MADDENED AND DISGUSTED by the unspeakable actions of the leading SickoPunks in beaming RADIO SIGNALS into my cranial cavities while I dream of slaying Miss Medusa and her TENTACLES of depravity and cyberspatial indifference." Yes, you can _own_ the computer program that generated this stupendous piece of prose. Fool your friends, amaze your enemies. Send 620 digital marks to "Paranoids 'R Us," Box 666, Boulder, CO, 12070. Offer not good in Sector R. As a special bonus you'll all receive instructions on how to implement your own "DD-Net." Based loosely on David Chaum's DC-Net, in the "Dining Detweiler Net" each player flips a coin. Heads, he barfs on his neighbor to the right, tails, he just sits there and drools. A great time will be had by all. Not. --Klaus! von Future Prime (My nom de humor on the Extropians list.) From an12070 at anon.penet.fi Sun Nov 28 00:44:19 1993 From: an12070 at anon.penet.fi (Enlightened Sage) Date: Sun, 28 Nov 93 00:44:19 PST Subject: On Hypocrisy, Stoning, and Forgiveness Message-ID: <9311280843.AA23271@anon.penet.fi> There is a saying, `let he who is without sin cast the first stone.' Some people have perverted this saying to their own ends, as many people have done with the teachings of the enlightened saint and god-among-men Jesus Christ. Some people believe that this means that one should never attempt to uncover other's faults, and prod them into reforming their behavior. Nothing could be a greater lie. The context of the quote was that a riotous crowd was about to kill a man for his sins, by public stoning. `Let he who is without sin cast the first stone.' But notice that the public was not asking the man to reform himself or repent. They had already made up their mind. There would be no forgiveness. They had judged him, and his sentence was Execution. What about in the context where a crowd has *not* decided upon their Judgement for a crime? They know that someone is guilty of it, but they have not yet committed to stoning them, forgiving them, or even being upset, or whatever. What is the meaning of the saying there? The saying is meaningless in this context. It is like division by zero. Undefined. So, it is either, in punishment `let he who is without sin cast the first stone.' In forgiveness, it is `let he who is with sin cast the first confession.' Another concept At Stake is that of Reputation in accusation. If a criminal is correctly called a criminal by a hypocrite, who is the criminal? who is the hypocrite? The answer is that the criminal is accountable for his criminality and the hypocrite is accountable for his hypocrisy. But it is not the case that the hypocrite's hypocrisy nullifies the criminal's criminality, of course. Also, if a criminal calls an honest person a hypocrite in an attempt to discredit him, it is just another Lie and another black mark on the criminal. That's the situation with criminals, is they like to dig holes and drag down and bury as many other people they can in the process. Finally, regarding hypocrisy, a great many people are attempting to discredit one or the other of L.Detweiler or S.Boxx by flimsy, incorrect `proofs' that L.Detweiler == S.Boxx. Uh, who gives a damn? Please redirect your analytical energies into resolving far more interesting and nontrivial theorems like E.Hughes == P.Ferguson or T.C.May == H.Finney. We now return to our regularly scheduled program. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From hblau at cs.cuhk.hk Sun Nov 28 07:10:48 1993 From: hblau at cs.cuhk.hk (Lau Hing Bun) Date: Sun, 28 Nov 93 07:10:48 PST Subject: please remove me from the list Message-ID: <9311281510.AA26413@cucs18.cs.cuhk.hk> Dear System Admin, Please remove me from the mailing list. The group are helpful and rich!! Thank you! H.B. Lau From ravage at wixer.bga.com Sun Nov 28 07:14:31 1993 From: ravage at wixer.bga.com (Jim choate) Date: Sun, 28 Nov 93 07:14:31 PST Subject: Software filtering agents In-Reply-To: Message-ID: <9311281505.AA10130@wixer> > > > My knowledge of neural net software is limited to a cartoonish understanding > of the theory behind them, but as I understand it they might be a useful > tool for identifying the author of a given text stream. Comments? Anyone on > the list familiar with neural net implementation, or in need of some sort of > academic project? :) > > > -- > Greg Broiles > greg at goldenbear.com Baked, not fried. > Actually there is no need to use neural networks. There is quite a lot of software running around that does a statistical anaysis of two authors works and then calculates the similarity. You should be able to find copies in either linguistic or mathematical archives. From ravage at wixer.bga.com Sun Nov 28 09:09:34 1993 From: ravage at wixer.bga.com (Jim choate) Date: Sun, 28 Nov 93 09:09:34 PST Subject: newsgroup v news-list In-Reply-To: Message-ID: <9311281511.AA10617@wixer> > > You're a little new to the list for all the text you're generating. If you'd > wait about a month, you'd see all of your questions answered, examples of > situations that would match or disprove most of your assumptions, and many > many examples of the sort of thing that Detweiler is lobbing into the list. > > Everyone has different ideas of what the list is about and for. When the fol ks > who've been on it for more than a year can't agree on what it's about, it's > irritating to have a new person spout off their opinion on the matter. > > I imagine some folks have given you some indication of Detweiler's history, b ut > in case they haven't given you the complete flavor, let me add my two cents: > imagine a true paranoic with the DTs from alcohol withdrawal locked into a > room with a terminal... Every stray impulse that crosses his mind causes a > flurry of keystrokes to make the pink spiders go away... > > The guy is far enough gone that we're not really talking about censorship -- > any more than dealing with a crank phone caller is censorship. He's > dripping vitriol, not opinion. > > -Bill > Why should how long I have been on the list have anything to do with what I can contribute? Why should I wait a month to figure it out experimentaly when I can ask a couple of questions now, race up the learning curve, and move on to othe more important agendas. We are talking about limiting access to the list (for whatever reason), THAT is cencorship. I personaly find the idea that a person has to 'earn' the right to make a statement on a mail-list or newsgroup as counter-free speech. I oppose your view. How long have you been playing w/ computers? Maby you haven't been doing it long enough to make posts either.... From lmb at tenet.edu Sun Nov 28 10:29:36 1993 From: lmb at tenet.edu (Barbara L Marco) Date: Sun, 28 Nov 93 10:29:36 PST Subject: wassup? Message-ID: Hey, can ya'll send me some info on ya'lls organization? Thanks. From wex at media.mit.edu Sun Nov 28 11:44:38 1993 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Sun, 28 Nov 93 11:44:38 PST Subject: Mon Dieu! In-Reply-To: <9311280537.AA07160@anon.penet.fi> Message-ID: <9311281941.AA00311@media.mit.edu> Would people who want to discuss Detweiler please put that name in the subject line? I haven't yet figured out how to get procmail to kill any msgs with that name in the body, but if you put it in the Subject, it's really easy. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request "To pleasure!" "To passion!" "To paradise!" "To pain!" "Tonight!" From beker at netcom.com Sun Nov 28 12:00:54 1993 From: beker at netcom.com (Brian Beker) Date: Sun, 28 Nov 93 12:00:54 PST Subject: Instant Background Check Message-ID: -----BEGIN PGP SIGNED MESSAGE----- From: clarinews at clarinet.com (E. MICHAEL MYERS) Subject: Brady bill overcomes filibusters and flip tongue An interesting note buried at the end of a UPI story follows: [deleted details of bantering between Dole, Mitchell and Biden] Without Biden, Mitchell arranged a face-saving compromise that got the bill behind him and Dole: The Senate would pass separate legislation early next year calling for a computerized, instant-background check on gun buyers within 24 months so it could possibly negate the waiting period. There is no assurance the House will pass that measure. Without the compromise, ``we would have put it off until January,'' or later, Dole said. As for Biden? ``We both know politics.'' What a bunch of cards those boys are. Brian -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLPkCrSJejrfgN5yJAQH6rQP+NatITzDC/jI5FmNO5T6dfQBs9notR5nK FAPmrkKzV3mhLYRQFCrBb6ZVKdRAX2wY2dbUvb9kUbutEgF8BRPge6ApKSLY7cmO ue5TL+ou9DmTyYzMgyqXAJHOsxyxV6qKEo1T20E5e6MGvlw3glOcAUf2TWxTz6Ic S5RtAGWpNho= =jPGS -----END PGP SIGNATURE----- From analyst at netcom.com Sun Nov 28 16:09:40 1993 From: analyst at netcom.com (Benjamin McLemore) Date: Sun, 28 Nov 93 16:09:40 PST Subject: Anonymous mail servers? Message-ID: <199311290006.QAA01350@mail.netcom.com> Are there any anonymous mail<-->ftp servers around? I am thinking specifically about people getting pgp and other (soon to be contraband?) cypherpunks tools. It would be nice if there were a server for at least these items. I suppose you would send an appropriately composed message with a body consisting of the request and an anonymous return address preceded by the anonymous address of the server. Has this already been done? Blacknet, if it exists, works like this doesn't it? Where are the BlackNet access instructions? ------------------------------------------------------------------------------ Benjamin McLemore analyst at netcom.com -- From nowhere at bsu-cs.bsu.edu Sun Nov 28 16:54:39 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sun, 28 Nov 93 16:54:39 PST Subject: RISKS DIGEST 15.27 (fwd) Message-ID: <9311290054.AA15691@bsu-cs.bsu.edu> Let's review: Newsgroups: comp.risks Subject: RISKS DIGEST 15.27 Date: 16 Nov 93 17:19:19 GMT Reply-To: risks at csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 17 November 1993 Volume 15 : Issue 27 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Re: The Snakes of Medusa and Cyberspace (mathew, Alex Glockner, Perry E. Metzger, Jamie Dinkelacker, Arthur Abraham, Peter Leppik, Brad Hicks, Neil McKellar, Leonard Mignerey, L. Detweiler) The RISKS Forum is a moderated digest discussing risks; comp.risks is its USENET counterpart. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to risks at csl.sri.com, with appropriate, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. PLEASE SEND REQUESTS FOR SUBSCRIPTIONS, archive problems, and other information to risks-request at csl.sri.com (not automated). BITNET users may subscribe via your favorite LISTSERV: "SUBSCRIBE RISKS". Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 15, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. There are also alternative repositories, such as bitftp at pucc.Princeton.EDU . If you are interested in receiving RISKS via fax, please send E-mail to risks-fax at vortex.com, phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for information regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; instead, as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request at CSL.SRI.COM . ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: 11 Nov 1993 12:13:34 -0000 From: mathew at mantis.co.uk (mathew) Subject: Re: The Snakes of Medusa and Cyberspace (RISKS-15.25) "L. Detweiler" writes at length about the evils of what he calls "pseudoanonymous posting". I shall try to keep this reply brief. I am interested not only in the issue of pseudonymity, but in the structure of Detweiler's allegations. His posting appears to me to be an artfully crafted conspiracy theory. He begins by defining "pseudoanonymously": >`Pseudoanonymously' -- the message identification is of a `fake' identity, a >person that does not exist despite the implicit indications of the message >(such as a signature with a realistic name, including a phone number, etc.) He notes that pseudoanonymous postings are active deception, rather than passive concealment of identity, and points out that he could set up a pseudonymous account for the purpose of fooling people into thinking that the pseudonym was a different person. Pardon me, but what on earth does this have to do with RISKS? The practice of publishing under a pseudonym has been common for centuries; ironically, Detweiler himself quotes "Shakespeare", believed by many to be a pseudonym. He does on to hypothesize that people might be less wary of pseudonymous identities they don't recognize than they are of anonymous ones; he talks of megalomaniacs stalking the net. Well, if I see someone post to the net under a name I don't recognize -- like (say) L. Detweiler -- then I assign that person (whom I don't know) exactly the same probability of being a megalomaniac as I assign an anonymous user I don't know. Perhaps even a higher probability, as what megalomaniac would wish to remain *anonymous*? Detweiler then points out that a user could post messages under a pseudonym, complimenting himself. Again, this is nothing new. Authors have been known to review their own books, written under pseudonyms; or to write letters to newspapers criticizing themselves. Detweiler claims that public use of pseudonyms is often "dishonest, immoral, and unethical"; he demands that "others should be informed if it is occurring". Well, I hereby inform everyone that it is occurring, and has occurred for centuries, and will carry on occurring. It is not a new risk brought in by technology. Perhaps the problem is that people have got used to the Internet being restricted to institutionalized settings, where user accounts are numbered, and verified to be unique by some central authority. As the Internet spreads into the real world, so the real-world practice of pseudonymity will inevitably spread into the Internet. When everyone has a computer, everyone can have a pseudonym; just as anyone with a pen and paper can develop a real-world pseudonym. Detweiler next moves on to consider the use of pseudonyms in private communication. This, again, is nothing new. Look at the "Henry Root" letters (or "The Lazlo Letters"), Victor Lewis-Smith's crank phone calls, or any of thousands of similar examples. He complains that digital signatures do not solve the problem; unfortunately, he seems to be under the mistaken impression that written signatures are better. In fact, it is quite possible for a person to have multiple handwritten signatures. Then, he moves on to what he calls the "dangerous, insideous [sic], and treacherous" uses of pseudonyms. He gives an example of an anarchist organization using pseudonyms to aid the destabilization of governments, democracy, law enforcement, and so on. Every good conspiracy must have a secret enemy trying to destroy the world. He speaks of carefully-guarded mailing lists and secret societies, and explains that the anarchists could send spoof communications to public addresses, magazines, and the like. I hate to sound repetitive, but again, this threat is nothing new. Look at the spoof "LSD tattoo" announcements purporting to come from police officers, or the pranks played against government departments. Consider campaigners who write multiple letters under pseudonyms to send to politicians. Detweiler then goes even further, talking about "pseudospoofers" as using "brainwashing and an illusion of peer pressure to manipulate unknowing subscribers", with campaigns of "mental assault" to attack doubters. Of course, sinister mind-control techniques are a classic part of any conspiracy theory. Next comes the masterstroke. He explains that the secret pseudospoofer cabal would attack people like him by "disparaging, discouraging and discrediting them publicly and privately as 'paranoid ranters' and 'conspiracy theorists'". So now anyone who criticizes his position is instantly One Of Them, a venomous snake who cannot be trusted, and further evidence of the Great Conspiracy. He suggests that they "might even be able to make a real-world pariah from simulated ire and criticism directed at a single strong opponent, say, L. Detweiler, from many simulated identities in cyberspace". Thus, he hopes, everyone who replies to RISKS criticizing his bizarre fears will become another piece of evidence in his favour. He finishes off by suggesting that the evil pseudospoofers might already be infiltrating public mailing lists, discussion lists concerning email and security software, network administrators' mailing lists, CERT, the DNS databases, and so on. He likens pseudospoofing to a virus infecting the Internet. Again, like most conspiracy theories, the picture painted is one of an insidious threat which has already subverted our most cherished institutions! I'm sorry if this seems impolite, but the entire article seems to me to be 10% misconceptions and 90% pure conspiracy theory. (Oh no! Mathew is One Of Them!) I find such things amusing, but I for one would appreciate it if this sort of nonsense was kept out of RISKS in future. mathew ------------------------------ Date: Thu, 11 Nov 93 14:37:22 EST From: Alex Glockner Subject: Re: Pseudospoofing (RISKS-15.25) While I should be grateful to L. Detweiler for reminding us of the possibility of pseudospoofing on the Internet (sidenote: his anonymity FAQ makes for great reading...), we should also remember that this is `just another' case of network problems that have always existed `out there in the real world'. The RTC (the US-sponsored agency that is responsible for selling off assets of failed Savings and Loan institutions) recently sold a beachfront property to the Audubon Society, a large US environmental group, which in cooperation with a developer would create a preserve from the property. Whoops. Turns out it wasn't the environmental group -- officially, the National Audubon Society incorporated in New York State -- but a group, allegedly associated with the original failed developer, that chose to register in another state with the name "Audubon Society". If the allegation is correct, the developer saved a lot of money from the original purchase price this way... (My apologies for the lack of a citation; this appeared in the Washington Post in October 1993) |> ... These are related to the potential of waging a systematic campaign of |> propaganda, disinformation, or brainwashing unleashed on an unsuspecting |> public by a subversive organization. In American politics, we call this `lobbying'. Any number of groups are misleadingly named and directed to achieve an agenda (*which* groups, of course, depend on your own beliefs, so I won't try to name any). The fact is that most (all?) states have rules that you can choose any name (or more to the point, *names*) that you want as long as 1) the state cannot prove that it is in the public interest to deny your name change or 2) you are not intending to defraud anyone or escape legal obligations. Stage names and pen names are also long-established instances of this, also. Pseudospoofing isn't anything new; it's just a new guise of something thousands of years old...what's the first C program everybody writes? "hello, world"? :-) Alexander Glockner, Asst. Professor, Dept. of Computer Science, Bowie State University Bowie MD 20715 (301) 464-6609 glockner at cosc.bsu.umd.edu ------------------------------ Date: Thu, 11 Nov 93 20:36:23 EST From: pmetzger at lehman.com (Perry E. Metzger) Subject: The Perils of Pseudospoofing (Detweiler, RISKS-15.25) I was amused to see that the article contained an elaborate, and amusingly paranoid, scenario, that describes, thinly veiled, the way that Mr. Detweiler apparently thinks that the "Cypherpunks" mailing list operates. "Cypherpunks" is an informal group of privacy and cryptography advocates -- the lists members include such varied individuals as Phil Zimmerman (the author of PGP), Mike Godwin of EFF, John Gilmore, Phil Karn, a gentleman from CPSR who's name I forget, and other fairly illustrious crusaders for privacy and personal data security in the digital age. Some members of the list are radical libertarians such as myself, who often point out (with some glee) that cryptographic techniques, which are essentially unstoppable because even high school students can now implement extremely secure cipher systems, will likely ultimately eliminate the capacity of the government and others to nose in where they do not belong. With this introduction, I will explain what has happened: Mr. Detweiler has apparently decided that many members of the group are in fact the same person (posting under multiple identities) and that the entire mailing list is a monstrous plot to undermine Truth, Justice, and The American Way. The allegation that most of the mailing lists members are identical is bizarre -- anyone is free to check for themselves that people like Tim May, Eric Hughes, and others are real people. However, Mr. Detweiler became convinced that because so many people disliked his rantings on the list that they all had to, in fact, be the same person. I suppose the notion that more than one person might disagree with him did not cross his mind. I am not a qualified psychiatrist and do not pretend to be one, but I do know paranoid delusions when I see them. As an example: >The CryptoAnarchists might even be able to make a real-world pariah from >simulated ire and criticism directed at a single strong opponent, ... I suppose it never occurred to Mr. Detweiler that he could simply look up folks like Eric Hughes (whom I believe lives in Berkeley), Tim May (whom I believe lives in Aptos, CA), and others, and verify that they exist and have differing voices and the like. However, people who are suffering from insane fantasies rarely bother to listen if people tell them that they have insane fantasies. The following paragraph speaks for itself: >In fact, the CryptoAnarchists might even infiltrate sensitive internal mailing >lists like those maintained by CERT (Computer Emergency Response Team). ... Perry Metzger ------------------------------ Date: Thu, 11 Nov 1993 01:45:05 -0800 From: jamie at netcom.com (Jamie Dinkelacker) Subject: Personal Singularity In a recent Cypherpunk post, the venerated individual E.Hughes suggested individuals make themselves known, and mention L.Detweiler's amorphous post to .risks. First, I'm honored to be mentioned along with May, Szabo, Finney, Hughes, ... indeed, fine company these electrons keep! Jamie Dinkelacker is in fact and in blood an independent individual, living in Silicon Valley, who is finding profit from all the attention he's getting. He goes so far as to post his phone number for people who would care to call and offer consulting contracts for marketing management in the Bay Area. More to the point: Jamie Dinkelacker is the only name I've used posting on the net. Does Detweiler truly exist as an individual? Can anyone attest to his existence as separate from S.Boxx, Jim Riverman, David Sternlight? Who'll take a stand on his behalf? Jamie Dinkelacker Palo Alto CA Jamie at netcom.com 415.941.4782 ------------------------------ Date: Thu, 11 Nov 93 15:14:39 -0800 From: a2 at ah.com (Arthur Abraham) Subject: "L. Detweiler"'s single personality problem I would like to attest from personal knowledge that the following personalities each emanate from a separate flesh and blood person: G.Broiles, A.Chandler, J.Dinkelacker, H.Finney, E.Hughes, M.Landry, T.C.May, N.Szabo I myself emanate from yet another flesh and blood person. I have communicated with "L. Detweiler" in the past, and have frequently been amazed by his postings. His/her decline in the past month or two has been somewhat disturbing. It seems to illustrate how it is occasionally possible for strongly held positions, that seem to rely on an slightly unbalanced view of the world, to actually originate in unbalanced minds. ------------------------------ Date: 15 Nov 1993 20:27:55 GMT From: leppik at uxa.cso.uiuc.edu (leppik peter) Subject: Re: pseudospoofing (RISKS-15.25) IMHO, I fail to see the real "risk" in pseudospoofing. Keep in mind that such famous people as Mark Twain and Marilyn Monroe never actually existed (they were "pseudospoofed," as it were, by Samuel Clemens, and Norma Jean, respectively). The only possible risk that exists is if people lose their perspective, and forget the distinction between the network and the real world. Beyond that, the use of realistic-sounding nom-de-plumes for various reasons is a long and time-honored tradition. I see no reason why it should stop merely because the medium has become modulated electric fields, rather than ink and paper. (Did William Shakespeare really exist? Some people with nothing better to do still argue about this question....) Peter Leppik-- p-leppi at uiuc.edu If people have a hard time understanding General Relativity, what makes us think computers will do any better? ------------------------------ Date: 15 Nov 93 21:11:08 GMT From: mc/G=Brad/S=Hicks/OU1=0205925 at mhs.attmail.com Subject: Re: Snakes of Medusa and Cyberspace (RISKS-15.25) "If your best friend jumped off of a cliff, would you? Did your mother ask you this? Every four years, lemmings jump off of cliffs. There are no five-year-old lemmings ... unless they've learned to think for themselves." - recent TV ad for radio KPNT 105.7 FM, St. Genevieve/St. Louis, MO OK, by now everybody knows that the lemmings story is a fake, but it's still a potent metaphor, and a relevant one to any discussion of what Mr. L. Deitweiler has termed "pseudospoofing." (Does Mr. Deitweiler exist? In my experience, most real people have first names.) For those of you who've just subscribed, "pseudospoofing" is the use of "spoofed" SMTP mail connections, multiple anonymous mail servers, or other techniques to enable one person to send e-mail messages appearing to be from multiple people. And if you missed Mr. Deitweiler's previous jeremiads, you might not know that this idea scares the water out of him. For example, consider this paragraph from the introduction to his latest lengthy posting on the subject, this one on RISKS Forum Digest, volume 15 issue 25, 10 Nov 1993: > ... These are related to the potential of waging a systematic campaign > of propaganda, disinformation, or brainwashing unleashed on an > unsuspecting public by a subversive organization. Propaganda? I'll answer to that charge myself; I write propaganda for a small not-for-profit educational organization ... if you'll allow me to define propaganda as anything intended to influence people's opinions. (When I do it, it's a forceful essay. When you do it, it's called spin doctoring. When somebody we both think is "evil" does it, it's called propaganda.) But the warnings of disinformation and brainwashing are something else altogether. Not for nothing did David Brin in his novel _Earth_ refer to a UseNet-like system as "the Net of a million lies." All manner of lies have appeared on the Net, from the US government's facile attempt to persuade us that Clipper is a harmless alternative to existing systems and won't be mandatory, to a recent (wonderfully funny) hoax having to do with modem taxes, that fooled even net veterans like Pat Townson of Telecom Digest. But does pseudospoofing make it easier to lie successfully via the Net? If I post a message here that says that I've met J. R. "Bob" Dobbs, and he really exists, will you believe me? Of course not; you know that I don't live in Dallas. (weak grin) You also know, by now, that J. R. "Bob" Dobbs is a myth built around a piece of 1950s clip art, and exists only in the same mystical realm as Santa Claus, Lazarus Long, the Easter Bunny, the World-Wide Satanic Conspiracy, John Galt, the Risen Lord Jesus Christ, the Tooth Fairy, and Wise and Benevolent Government. And you're not going to change your mind on the existence or non-existence of any of these things just because I, or anybody on the Net, told you otherwise. Would you change your mind if ten people on the Net told you so? A hundred? A thousand? Mr. Deitweiler has written that if I were to create (let us say) a hundred and twenty three alternate (fake) net.identities, and each of them sent him mail telling him that black was really white, that he would be in imminent danger of dying at the next zebra crossing. He calls this process "brainwashing." To compare pseudospoofed argumentation to brainwashing is to show that you are far, far too susceptible to peer pressure, and also to irresponsibly diminish the seriousness of brainwashing. As Wilson documented in Leary's _Neuropolitics_, there is a technology for breaking down a person's resistance to ideas and lifestyles that are foreign to them, and "re-imprinting" them with the ideas and values of a new group. But among other things, it requires control of a person's physical environment, food, movement, social environment, and all punishments and rewards. Not for nothing do cult leaders take their converts to remote retreats, "deprogrammers" tie their captives to chairs in remote hotel rooms, fundamentalist preachers preach "separation from the world," and the military isolate recruits from all outside contact, control their every waking moment, and bully them mercilessly during the early weeks of boot camp. But you cannot exert that kind of control over anyone's life or body or mind via the Net. All you can do is create fake peer pressure. And if you're that susceptible to peer pressure, Gods' pity on you. You need to learn to judge arguments by their quality, not by the number of people who say that they agree with them. Does pseudospoofing have dire implications for democracy? Well, no, because in the political context, pseudospoofing isn't that different from what interest groups do now. Do you really think that, for example, everybody who joins the AARP to get the club discounts agrees with everything that organization's lobbyists tell Congress? I doubt it, and any Congressman with any sense doubts it, too. What's more, with the rise of 800-number generated automatic telegrams, clipped coupons, and so forth, a new term has entered American political discourse, the term "astroturf campaign" -- that is, a fake grass roots campaign. Sure, pseudospoofing provides another way to create a fake grass roots campaign. But will anybody be fooled? No. Congressional staff already look for close similarities between supporting messages and inform their bosses of them. Somebody with enough determination could hand-write a thousand letters to Congress trying to influence a piece of legislation, carefully varying each one so that they look like they came from separate constituents. Without pseudospoofing, they would put them in separate envelopes and drop them in mailboxes all over the city over a course of days. With pseudospoofing, they could write a program to batch them out to anon mail servers or spoof them into SMTP mailers over the course of many days. But either way, the =real= work would not be in the mailing process, but in the laborious task of hand-writing a thousand entries while keeping them all different. Who is capable of such an effort? Now, after thinking about the arguments above, if you are still terrified of the possibilities of pseudospoofing, take this challenge: try to design a system that allows anonymous email and anonymous transactions that =doesn't= permit pseudospoofing. Such a system, it seems to me, will have to have =some= entity that knows which aliases go with which real.people, and such a system is by definition not anonymous. After a hundred-plus lines, I am not going to go into the arguments about whether or not anonymity is itself a good or a bad thing. Suffice it to say that there are people, not involved in plotting the overthrow of society or any of Mr. Deitweiler's other paranoid fancies, who believe that anonymity is valuable. All that I hope that I hope to accomplish with this message is to persuade you of is that there is little basis for fear that "the treacherous and toxic effects of pseudospoofing" will lead to "brainwashing" or "general destabilization of governments, democracy, laws, and law enforcement." J. Brad Hicks Internet: mc!Brad_Hicks at mhs.attmail.com X.400: c=US admd=ATTMail prmd=MasterCard sn=Hicks gn=Brad ------------------------------ Date: Mon, 15 Nov 1993 15:22:51 -0700 From: Neil McKellar Subject: Conspiracy 101? (Detweiler, RISKS-15.27) In his article, " The Snakes of Medusa and Cyberspace: Internet identity subversion", L. Detweiler outlines a variety of methods by which 'pseudospoofing' can be used to influence public opinion and research (at least on the Internet). Having read a fair share of spy fiction in my time, none of these methods comes as a surprise to me. :-) And all these methods can be used AGAINST the conspirators in his scenario. Perhaps it's time to pull out my copy of "Schroedinger's Cat" by Robert Anton Wilson, and bone up on conspiracy theory. :-) Neil McKellar (mckellar at cs.ualberta.ca) "Just because you aren't paranoid, doesn't mean they aren't out to get you." ------------------------------ Date: Thu, 11 Nov 1993 14:39:20 -0500 (EST) From: Leonard Mignerey Subject: Re: Snakes of Medusa and Cyberspace... I fail to see the difference between electronic pseudospoofing and print media pen names. It to me that all of Mr. Detweilers arguments hold for that scenario as well. The problem is not in pseudospoofing as much as in an individual relying on a single medium as a source of information. Certainly in the "War of the Worlds" incident, Orsen Wells pseudospoofed a number of people into believing that the Martians and actually landed. This unhappy group of individuals relied solely on their radios (and a single channel at that) for their information. If we are to dive so deeply into cyberspace that it becomes the total extent of our research on important issues, then I think the problem is not in the pseudospoofers but in the pseudospoofed. Leonard J. Mignerey, The Catholic University of America, Washington, DC 20064 Director, Management Information Systems INTERNET: mignerey at cua.edu ------------------------------ Date: Sun, 14 Nov 93 19:57:16 -0700 From: "L. Detweiler" Subject: Pseudospoofing (ld, RISKS-15.25) Many people have emailed me to say that they are skeptical of my scenario about the Internet CryptoAnarchist pseudospoofing conspiracy published in RISKS-15.25. The scenario was built painstakingly from hundreds of messages I have reviewed on the subject over many weeks. I would like to present some of the more interesting pieces of `evidence' (but withhold the more substantial pieces) that there is at least, in one quarter of the Internet, a very strong, systematic, and dedicated attempt to pseudospoof, and a very concerted effort, possibly, to cover it up and viciously attack those who seek to expose it. My informal poll of pseudospoofing posted to the cypherpunks mailing list and talk.politics.crypto was unanswered by top Cypherpunk leadership, and many poll responses were very evasive, and several in the form `yeah, I have done it' with little additional information. The Cypherpunk mailing list and my private mail were my greatest source of inspirations for `Medusa's Snakes in Cyberspace'. For example, three prominent cypherpunks have suggested to me that there is a secret mailing list for `project development' free of `paranoid ranters'. I asked a cyperpunk leader about the existence of the list, and he said that `your question does not allow anything other than an incriminating answer.' * * * Here is a paragraph from a posting on the Cypherpunks list on Oct. 18 1993: ``In my limited experience creating Internet pseudonyms, I've been quite distracted by the continual need to avoid leaving pointers to my True Name lying around -- excess mail to/from my True Name, shared files, common peculiarities (e.g. misspellings in written text), traceable logins, etc. The penet.fi site explicitly maintains a list of pointers to the original address. All kinds of security controls -- crypto, access, information, inference -- have to be continually on my mind when using pseudonymous accounts. The hazards are everywhere. With our current tools it's practically impossible to maintain an active pseudonym for a long period of time against a sufficiently determined opponent, and quite a hassle to maintain even a modicum of decent security. Pointers to info and/or tools to enable the establishment and maintenance of a net.nym, beyond the standard cypherpunks PGP/remailer fare with which I'm now familiar, greatly appreciated. Especially nice would be a list of commercial net providers that allow pseudonymous accounts''. This paragraph contains an astounding amount of data on the possibility of a highly refined, intense, extended, insidious, global, and systematic pseudospoofing effort. Some of the details it suggests, in particular: 1) Based on the context that surrounded this excerpt and the message, the author is intentionally conflating `pseudonymity' (identification of the message implicitly indicates, `this is a pseudonym', such as origination from anon.penet.fi) with `pseudoanonymity' (the deception that `I am a real person'). This is a classic cypherpunk tactic. I have hundreds of subtle variations of this obfuscation in my collection. 2) The author starts with `in my limited experience in creating'... but clearly the author has *extensive* experience with meticulous practice and knowledge that rivals that of the most literate RISKS postings on the subject (for example, the anon.penet.fi site, the possibility of style analysis for identification, etc.) 3) The author clearly has an obsession to completely dissociating all traceability to his actual identity and a virtually fanatical aversion to `pointers to my True Name lying around'. This includes extensive considerations for deleting mail, detecting shared files on a filesystem, and `common peculiarities' like consistent misspellings. 4) The author refers to his efforts at deception as `security controls' and categorizes them in general categories of `crypto, access, information, inference' -- clearly he has dedicated an extreme amount of systematic thinking and effort to the `project' of pseudospoofing. He laments, sounding somewhat like an NSA administrator, that it's `quite a hassle to maintain even a modicum of decent security'. 5) There is an identifiable tone of paranoia in the message that most rational humans would not associate with casual anonymity. `The hazards are everywhere'. The author laments, `It's practically impossible to maintain an active pseudonym for a long period of time against a sufficiently determined opponent'. 6) The objective characterization of a `sufficiently determined opponent' indicates the author considers attempts to trace the pseudoanonymity by what I have been calling `demon exorcists' is an inevitable inconvenience that must be addressed. The author clearly considers it a routine hazard and has encountered and evaded it before. He considers his routine deceptions something like a game strategy. 7) Despite already obviously being an unsurpassed expert, the author requests `pointers to info and/or tools to enable the establishment and maintenance of a [`pseudoanonym'], beyond the standard cypherpunks PGP/remailer far with which I'm now familiar, greatly appreciated.' This may also disguise an attempt to appear to be unsophisticated or determine what extent other `octopuses' are existent in Cyberspace. 8) The author asks for a `list of commercial net providers that allow [pseudoanonymous] accounts' without regard to *geography* whatsoever, suggesting that it is no constraint. That is, the author may have no problem with accounts spread very wide geographically. This is in stark contrast to the standard request, `does anyone know a site in [x] area?' to avoid long distance charges. Clearly, the author has an *obsession* with maintaining *multiple* `pseudoanonyms', possibly over a very *widespread* geographical area, has a paranoia over exposure of one of his `tentacles' but also has conceived and probably practiced countermeasures, and spends a great deal of time polishing his techniques and arsenal. The author is not interested in casual anonymity as a hobby. He is interested in systematic pseudospoofing, virtually as a *profession*. He may even be spreading *disinformation* about his own practices and the extent of his own knowledge. The author continues: ``Another big problem I see with [pseudoanonymous] reputations is entry. If most people are blocking posts from new pseudonyms, how does one get a new reputation established? I've had several years to establish a net.reputation for [...], and it might take a long time for any of my [pseudoanonyms] to catch up. Altruistic sponsorship requires trusted friends knowing the True Name, but that public sponsorship itself provides important clues to that Name.'' This paragraph further promotes pseudospoofing, now suggesting its use in reputable forums: 1) Again, the author alludes to his arsenal of multiple pseudoanonyms, and expresses regret that it will take *a long time* of concerted pseudospoofing for before his other pseudoanonyms may `catch up'. 2) The author appears to be attempting to subvert mechanisms that bar pseudoanonymous identities, trampling on their right to do so in his obsessive promotion of the `reputation' associated with his various name tags. 3) From the context of the message, and the references to `sponsorship by a true name', the author appears to actually be alluding to *identity databases* and ways of infiltrating them with pseudoanonyms. He laments that this `public sponsorship itself provides important clues pointing to that name.' This could be interpreted as a deliberate attempt at deception and corruption of a `True Name' database by conspiracy, and the `clues' that would `point' to a perpetrator of the crime. Actually, because of the blurring of identities and misinformation this author promotes, I think that this paragraph may potentially be another disinformation stab -- the apparent owner of the message may be *itself* a pseudoanonymous identity, *itself* built up over `several years'! (The author posts from the site netcom.com, a site that is notorious for requiring essentially no proof of identity to receive an Internet account.) The author continues with classic cypherpunk dogma that blurs pseudonymous and anonymous identities with pseudoanonymity (`pure anonymity'), and vilifies those who feel `threatened' by the latter: ``I hope that we stick to experimenting with pure anonymity in many venues. I suggest we'll find out that purely anonymous vposts are not so bad, overall. [...] Pure anonymity is a strange, threatening, fascinating beast in our panoptic social-welfare world. Even those of us at the forefront of harnessing this monster shrink back in fear when it whinnies. [...]'' Now, superimpose the `Medusa's Snake's and Cyberspace' essay in your mind as you read the following: ``Pure anonymity provides a voice for a wide variety of new kinds of expression that up until now have been suppressed. [...] I hope we continue experimenting with pure anonymity for a while longer [...]. Some of what comes out might look very strange, something like tapping into previously concealed areas of our social psyche. I suspect the result will be a more honest dialog, a more productive conversation freed from posturing and, ironically, from the concealment of threatening truth. I hope we will observe with Zen patience and allow this quite interesting experiment to continue.'' * * * Since the above posting was to a public list, I will reveal the author of the message I have been dissecting. He is the same person who took my short comment at the end of the `Medusa's Snakes & Cyberspace' essay as an *accusation* that some pseudanonyms may be listed. He writes in RISKS-15.26: >I'd like to assure the readers of RISKS that I am in fact a unique person, >distinct from the other names L. Detweiler listed. Of the people on his list >I know from personal contact, all are distinct people in Real Life(tm). Well >before his post to RISKS, L. Detweiler was provided means of personally >verifying that many of the names he listed are distinct True Names (eg phone >numbers he can call), but it doesn't seem to help. Let's dissect these statements with an eye to rigor. `I am in fact a unique person [...]' means nothing in the question of pseudanonymity -- Medusa may have one of her Snakes claim that `I am a unique person' without lying. Next, `Of the people on his list I know from personal contact, all are distinct people in Real Life(tm)'. But this can be taken to mean only that more than one person is represented by a list of pseudoanonyms. Note the author is careful not to mention *which* people he knows from personal contact. That, after all, might reveal `important clues pointing to that Name'! Also, there is a problem that members of a `cult of pseudospoofers', who subscribe to the `pseudoreligion of pseudoanonymity', as this person apparently does, may twist language to the point of actually maintaining that different pseudoanonymous identities *are* different `people', even when typed in at a keyboard by the same individual! This would not be unlike a fanatic religious sect maintaining that acts of `terrorism' are actually `holy liberation' when commited in the name of God! The author says he is `distinct from the other names L. Detweiler listed.' But again, this is not a guarantee of uniqueness of flesh! The use of the word `name' instead of `people' is quite suspicious in our context! The whole *issue* is that beyond the uniqueness of mere ASCII `names'! The person goes on to state that `Well before his post to RISKS, L. Detweiler was provided means of personally verifying that many of the names he listed are distinct True Names (eg phone numbers he can call) but it doesn't seem to help.' The people I listed are separated by vast geography in their posting sites, with a concentration in California. Furthermore, I have been in private correspondence with all of them over many weeks, and I am unsure of what specifically Mr. Szabo is referring to as my opportunity to verify that `many of the names' are `distinct True Names'. I have never before posted a list of this set of names before! The lack of specific information is highly suspicious in our context! Furthermore, in our context, the issue would not be whether `some' real people are represented in the list, but whether *all* names listed correspond to the legal identities of *unique* human beings! (A complex and widespread pseudospoofing effort actively being orchestrated by some, which very possibly spans many states, may not even be thwarted by the necessity of establishing interstate telephone numbers!) * * * Finally, I have very strong tangential cues that the `Medusa's Snakes in Cyberspace' essay is far more true than hypothetical. Over many weeks I have encountered strong stonewalling, evasion, and counterattacks from some of the most prominent cypherpunks in response to my specific allegations in email. This included a mailbombing, a mailbombing threat, four letters to my site postmaster, two from cypherpunk leaders, one referring to `your latest paranoid descent into fantasy in RISKS', my `violent threats', without quoting any of my statements in particular (I find the thought of a physical threat abhorrent), and suggested `I have a strong feeling you are going to have a very hard time getting a job in the computer industry' in part from the essay. Another called my efforts against pseudospoofing a `a nonsensical, paranoid, one-man jihad against cypherpunks'. Apparently because the lamentations and supplications to my postmaster have largely been ignored, one cypherpunk suggested that `I intend to go beyond your postmaster on the next try, to various former classmates and old friends of mine who are computation center employees, faculty, and administration members at CSU now.' Incidentally, there is a strong overlap between the people perpetrating the above activities and those I credited at the end of my essay. Elsewhere, one cypherpunk suggested that `I better start looking over my shoulder'. Another, in what might be termed `psychopunk humor,' wrote `I'm going to come kill your family with a rusty razor blade' (the latter broadcast on the entire mailing list) and suggested it demonstrated my personal problems in being upset by such a message. These tactics are all quite shocking to me, and I am not sure how to respond to these letters except to perceive them as outrageous and desperate attempts to intimidate and censor me indirectly where other approaches have failed. I warn others of the searing hostility they may encounter on the cypherpunks list -- with philosophies promoted there that are increasingly blurred with raw criminality -- and against any attempts to find an antidote to poisonous pseudospoofing. L. Detweiler ------------------------------ End of RISKS-FORUM Digest 15.27 ************************ From wisej at acf4.NYU.EDU Sun Nov 28 17:24:40 1993 From: wisej at acf4.NYU.EDU (wisej) Date: Sun, 28 Nov 93 17:24:40 PST Subject: Secure Phone? Message-ID: The following add copy appeared in TIME the other week, in a special gift advertising section: GIVE THE GIFT OF PRIVACY All it takes to eavesdrop on most cordless calls is another cordless phone, scanner, or even a baby monitor. That's why every Motorola Cordless Phone features Secure Clear.sup.TM tech- nology. Secure Clear.sup.TM scrambles voices, so all an eavesdrop- per hears is garbled noise. (M) MOTOROLA Motorola and Secure Clear are trademarks of Motorola, Inc. (c) 1993 Motorola, Inc. Comments? Jim Wise wisej at acf4.nyu.edu jaw7254 at acfcluster.nyu.edu From 72114.1712 at CompuServe.COM Sun Nov 28 18:54:39 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Sun, 28 Nov 93 18:54:39 PST Subject: STRATEGIC INVESTMENT POINTER Message-ID: <931129024902_72114.1712_FHF67-1@CompuServe.COM> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort at attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Punksters, For those of you who asked, here is the contact information for "Strategic Investment": Strategic Investment Agora, Inc. 824 E. Baltimore St. Baltimore, MD 21202-4799 (410) 234-0691 S a n d y >>>>>> Please send e-mail to: ssandfort at attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From klbarrus at owlnet.rice.edu Sun Nov 28 19:34:40 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Sun, 28 Nov 93 19:34:40 PST Subject: CHAOS gopher maintenance In-Reply-To: <9311280555.AA23154@icm1.icp.net> Message-ID: <9311290331.AA13436@flammulated.owlnet.rice.edu> >Who's in charge of the chaos.bsu.edu gopher? I was just browsing the >contents and it is not very up-to-date with cypherpunk information... The Welcome file at the top level directory should identify myself and Chael as running the gopher site... I have several posts from the last month or so, but haven't gotten around to editing headers and making them available. I've been buried by coursework and by looking for summer internships, etc. But I'll get around to it real soon! -- Karl L. Barrus: klbarrus at owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories From hfinney at shell.portal.com Sun Nov 28 20:04:40 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Sun, 28 Nov 93 20:04:40 PST Subject: Cryptosplit 2.0 Message-ID: <9311290404.AA27229@jobe.shell.portal.com> Norm Hardy posted some code for Shamir secret sharing here about a month ago, a nice short routine. At around the same time, I created a program to do the same thing and uploaded it to soda. It is still in /pub/cypherpunks/incoming as secsplit.zip. It contains a DOS executable and source for building under Unix or DOS. I did the polynomial calculations a little differently from Norm and Ray; their approaches may be more efficient. But I did go to some effort with the random-number generation on which the security of the scheme depends. My code uses the IDEA.C module from PGP for the pseudo-random generator, seeding it with the time of day and an MD5 hash of the file being split. So I think this should be pretty secure in terms of the randomness involved. The purpose of this program, as with Ray's and Norm's, is to split a file into n pieces (all as big as the original file) such that any k of them are sufficient to recover the original file, but k-1 pieces give you NO information about the contents of the original file (other than its size). One possible application is to split up your PGP secret key file this way and distribute the pieces to trusted friends such that several of them have to cooperate to recover your key. Then if you accidentally lose your key you can get the pieces back from your friends. Hal From trestrab at GVSU.EDU Sun Nov 28 20:05:56 1993 From: trestrab at GVSU.EDU (BETH TRESTRAIL) Date: Sun, 28 Nov 93 20:05:56 PST Subject: "Reason" mag. article on public key crypto Message-ID: <9310287545.AA754556702@GVSU.EDU> About a month ago, I posted a small extract from an article entitled "Hide and Peek" by Lee Dembart. I came across the complete text of the article while looking for something else at gopher.internet.com. If you're interested in this piece, e-mail me and I'll send you a copy. (a note for Extropian list members - I nosent the piece to the list, and have provided a pointer to the message number so you can retrieve it.) Jeff trestrab at gvsu.edu trestrail at delphi.com From MIKEINGLE at delphi.com Sun Nov 28 20:06:11 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Sun, 28 Nov 93 20:06:11 PST Subject: Public-key secret sharing Message-ID: <01H5V6R8O8QA939IQA@delphi.com> Has anyone combined polynomial secret sharing with public-key cryptography to create a public-key secret sharing system? For example, encrypt a file with a session key, SK. Use secret sharing to split SK into n parts, with m required for decryption. Encrypt each of the n parts with a different person's public key. Publish the encrypted file and public-key encrypted pieces of the key. To decrypt, m of the trustees use their secret keys to recover their shares of SK, combine them, and retrieve SK to decrypt the file. This has the advantage of requiring only one copy of the file, and requiring no pre-arrangement with the trustees. Is there a better way to do this (especially so the size of the file does not grow linearly with the number of trustees)? When is PGP 3.0 with the toolkit coming out? This should make it easy to implement these things, along with digicash and other projects. The MPI library and conventional crypto is fairly accessible, but the code which creates PGP-format packets is not easy to call from another program. --- MikeIngle at delphi.com From hfinney at shell.portal.com Sun Nov 28 20:14:41 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Sun, 28 Nov 93 20:14:41 PST Subject: Traffic analysis and file size Message-ID: <9311290413.AA27849@jobe.shell.portal.com> Scott Morham asks about how well file sizes are preserved by encrypted remailers. Generally speaking, in creating a nested encrypted remailing request, at each stage PGP will attempt to compress the input, then encrypt it, which preserves its size but adds a block to the beginning of about the size of the public key (typically 100-150 bytes), then makes it ASCII, which increases the size by 1/3, then adds a small header block of 50 to 150 bytes or so. Since the compression is ASCII-encoded encrypted text, the best it can do is to "undo" the ASCII encoding or compress by about 1/4, but I don't know if it actually does that well. Probably it compresses by somewhat less. So generally each chain will add a few hundred bytes and scale the size of the message up by probably 10 or 20 percent. I think that this will probably allow pretty reliable matching of incoming and outgoing messages on the basis of size alone, at least, more reliable than I would be willing to count on to prevent attacks by this means. Scott also suggests using .zip compression at some point, but this isn't likely to help much since encrypted files look random and are basically not compressible. What we have talked about here is adding random padding to change the file size. Because encrypted files do look random, you can generally pad them with random bytes pretty easily and undetectably. This depends somewhat on the file format but it is basically easy. I wrote some perl scripts to pad .pgp public-key-encrypted files undetectably. The extra bytes are ignored when the file is decrypted. The scripts aren't really production- quality since they just use perl's built-in random numbers. Good random numbers should be used. Hal hfinney at shell.portal.com From hfinney at shell.portal.com Sun Nov 28 20:19:40 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Sun, 28 Nov 93 20:19:40 PST Subject: Remailers: Turnaround Times? Message-ID: <9311290418.AA28129@jobe.shell.portal.com> Coerr asks about turnaround times for the remailers. Karl Barrus posts a list of remailers approximately every month. On that list he shows which remailers have high-speed, continuous connections to the internet and which have intermittent connections which introduce larger than normal delays. In my experience, the direct-connected remailers generally respond within a minute or two. The other ones introduce delays ranging from an hour or so up to overnight. A good test is to send a "ping" (remail to self) message to each remailer and see how quickly responses arrive. In my experience, the extropia remailer tends to take a few hours, while the rebma remailer is usually a day or sometimes longer. I don't have recent values for the others. Hal Finney hfinney at shell.portal.com From XXCLARK at indst.indstate.edu Sun Nov 28 20:29:40 1993 From: XXCLARK at indst.indstate.edu (XXCLARK at indst.indstate.edu) Date: Sun, 28 Nov 93 20:29:40 PST Subject: Secure Clear Message-ID: <9311290428.AA13770@toad.com> wisej asked: > (M) MOTOROLA > Motorola and Secure Clear are trademarks of Motorola, Inc. (c) 1993 > Motorola, Inc. >Comments? Don't have one, but know two who do. Scramble, as I understand the meaning of the word, they don't. Last I knew, "Secure Clear" is simple frequency inversion, and can be defeated by: a $15 kit added to a scanner, or; tuning the freq on a single sideband receiver. I've even heard of individuals who had trained themselves, or been trained, to understand the freq inverted signal. Check out Cincinnati Microwave's spread spectrum frequency phones. I don't know if they use frequency hopping or direct sequence, but they may be secure against all but military and LEA types... and the really determined and accomplished hardware hacker. From jschultz at bigcat.missouri.edu Sun Nov 28 21:29:41 1993 From: jschultz at bigcat.missouri.edu (John Schultz) Date: Sun, 28 Nov 93 21:29:41 PST Subject: newsgroup v news-list In-Reply-To: <9311281511.AA10617@wixer> Message-ID: On Sun, 28 Nov 1993, Jim choate wrote: > Why should how long I have been on the list have anything to do with what I > can contribute? > > Why should I wait a month to figure it out experimentaly when I can ask a > couple of questions now, race up the learning curve, and move on to othe > more important agendas. > I personaly find the idea that a person has to 'earn' the right to make a > statement on a mail-list or newsgroup as counter-free speech. I oppose your > view. It's general netiquette to hang around for a couple weeks on a list to see how it operates, what topics are covered, etc. before jumping in with both feet. John Schultz jschultz at bigcat.missouri.edu From an12070 at anon.penet.fi Sun Nov 28 21:59:40 1993 From: an12070 at anon.penet.fi (S.Boxx) Date: Sun, 28 Nov 93 21:59:40 PST Subject: Real People Message-ID: <9311290559.AA13919@anon.penet.fi> Hey, there was an interesting series of articles in RISKS 15.25, 15.27, and 15.28x that covered the `Cryptoanarchist' movement. Many cypherpunks may be interested in this analysis. Has it shown up here? I missed it if it did. Boy, the tentacles are *really* pissed off from that E.Hughes == P.Ferguson insinuation in my recent messages. Joe Thomas told me that `you're getting on my nerves' and accuses me of `damaging the list discussion' here. I'm very hurt and upset by this claim. Why don't you lay off a little? I'm just trying to do my job. Some people are born demons, and some people are born exorcists! He says he met P.Ferguson at the D.C. cypherpunks meeting `this spring' (last spring?). What was the date on that, anyway? Who else was there? He said he didn't get to talk to P.Ferguson for very long, but he did see his Virginia driver's license. So, according to J.Thomas anyway, P.Ferguson exists! Thanks for this valuable entry in the Real People Trust Web. Would anyone like to vouch for Joe Thomas, ? BTW, I heard that access.digex.net had lax authentication standards like netcom.com. Could anyone send me mail clarifying what is actually required for authentication at these sites? BTW, many thanks to L.Detweiler for his lone help in helping me break a corrupt conspiracy and massive cyberspatial hoax. It's really tough going lately, and we're really being bombarded with some of the most vicious material the tentacles can muster. But we can stand the heat, and we're going to stay in the kitchen, and continue to fight the raging arson flames to make cyberspace safe for honest people. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From unicorn at access.digex.net Sun Nov 28 22:30:09 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 28 Nov 93 22:30:09 PST Subject: Dead mans stick Message-ID: <199311290629.AA06511@access.digex.net> -----BEGIN PGP SIGNED MESSAGE----- - -> From: "Alan (Miburi-san) Wexelblat" To: cypherpunks at toad.com Subject: Give me your password- OR ELSE! It seems like it would be relatively simple to program in a sort of dead-man switch at the time of creation of the secret key. [...] As you can imagine, there are increasing levels of personal security you might employ. For example, using the duress phrase might be set up to change the pass-phrase to something *you* don't know but which is known by a trusted other party (wife, mother, agent/lawyer, etc.). Knowing this phrase doesn't help them since that phrase can't access your secret until *after* you've given the duress phrase and the software has disabled your normal access phrase. <- The problem with the duress phrase seems to be this: One would use such a phrase when physical site security had been compromised no? Let's assume government types (which seems to be the hint I get when you suggest the alternate pass phrase being held by your lawyer. It's fairly easy to duplicate the key and stick it somewhere on a floppy and try the passwords extracted from you via rubber hose method on the copy rather than the original. In fact, if people being to use duress codes, it seems that this would become standard practice, if it's not already. In as far as the idea behind a duress code is to keep you from being beaten repeatedly by making it impossible for you to decode the information alone, copying the encrypted key defeats this method. :( - -> - --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request "To pleasure!" "To passion!" "To paradise!" "To pain!" "Tonight!" <- -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLPmWBhibHbaiMfO5AQEQuQQApDtaIxVjjZvdUYD9Jl6FZGdq62SpPM+y KMqsIvSOhPOK2kOsoAyLuIN4+bXVUyTHiAkYX/ye2q2gqj9yrOLvkGyH6yak5YFi xoOCYx6qGScHeoqwpJKoRTTwUjAo79ZmXupA+ylX527eQDILwZJa+W+wSln/rXhG zajsBTeG/mw= =B4y+ -----END PGP SIGNATURE----- From jbhicks at aol.com Sun Nov 28 22:34:42 1993 From: jbhicks at aol.com (jbhicks at aol.com) Date: Sun, 28 Nov 93 22:34:42 PST Subject: Motorola Ad Message-ID: <9311290132.tn62416@aol.com> In the November 29, 1993 issue of Time Magazine, opposite p. 67, there is an interesting ad: > Give the Gift of Privacy > > All it takes to eavesdrop on most cordless calls is another > cordless phone, scanner or even a baby monitor. That's why > every Motorola Cordless Phone features Secure Clear (TM) > technology. Secure Clear (TM) scrambles voices, so all an > eavesdropper hears is garbled noise. > > Motorola > > Motorola and Secure Clear are trademarks of Motorola, Inc. > (C) 1993 Motorola, Inc. - James - From unicorn at access.digex.net Sun Nov 28 22:35:08 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 28 Nov 93 22:35:08 PST Subject: taxes (net) Message-ID: <199311290631.AA06604@access.digex.net> -> --------------------- Tax Havens on the Net --------------------- compiled by James R. Hart Leichtenstein net access: ---f- languages: German, Alemanni currency controls: none bank secrecy: excellent preferred legal entities: allows any type found anywhere in the world (!) establishment (limited liability, unlimited duration) company limited by shares foundations and trusts taxes: none for income outside Leichtenstein. Net worth tax of 0.01% on capital and reserves (min. 1,000 Swiss francs), local resident taxes tax treaties: not party directly or indirectly to any exchange-of-information agreements double-tax treaty exists only with Austria n.b.: bankers won't assist law enforcement officials with drug, fraud, theft, or tax investigations. They might assist in money laundering and insider trading investigations, informing the customer first. Yes but, Liechtenstein, Not LEIchtenstein. :) You'll find it difficult to invest less than 1.5 million in Liechtenstein secretly. -uni- (Dark) From an12070 at anon.penet.fi Sun Nov 28 22:39:41 1993 From: an12070 at anon.penet.fi (S.Boxx) Date: Sun, 28 Nov 93 22:39:41 PST Subject: HFinney == TCMay Message-ID: <9311290637.AA19379@anon.penet.fi> Some person an41925 at anon.penet.fi has been sending me particularly vicious and harrassing mail lately. It's a good thing that he did it anonymously--I might be upset if a real person made the kind of accusations that he did. He was upset by my tcmay == hfinney implication I made in some earlier message. I was really fascinated by this response: >No one will prove that >May is Finney because May is not Finney. I see no similarity in the >style or content of their posts, they don't appear to support or >butress each others arguments any more than any random pair of >people on the list, I see nothing to indicate they are the same. I >wish you would come up with some evidence if you continue to make >these wild accusations. Actually, I see some interesting similarities. May is interested in digital pornography, and I just saw H.Finney post on the subject the other day. (Actually, a whole lot of cryptoanarchists posted on the subject, but that's another story). May is really upset by accusations that he doesn't handhold newcomers like H.Finney does. Could it be that the former is upset that people aren't recognizing his actual work because of his pseudospoofing, attributing it to the latter? That would be most ironic! Just another one of the pathetic freakshows that cypherpunks are proud of. Also, H.Finney posts from soda.berkeley.edu, same site as E.Hughes and the Cypherpunk archives. He is very clearly a Top Cypherpunk, given many apologist statements on the subject. And given that Top Cypherpunks have always been interested in `pseudopooling', or surrreptiously and conspirationally posting from each other's accounts, it is not unlikely IMHO that H.Finney is either a pseudopooler, pseudospoofer, or a tentacle. H.Finney was also involved in the defense of `known tentacles' like J.Dinkelacker. Also, the point that this an41925 at anon.penet.fi makes that H.Finney and T.C.May are different people -- note that he gives absolutely no verifiable real world evidence whatsoever. It makes me think he is just another psychopunk who lives in his cyberspatial hallucinations. He makes reference to `similarity in style or content of posts, no appearance of supporting or butressing each other's arguments any more than any random pair of people on the list.' But notice that these are all things that a master pseudospoofer would endeavor to avoid! The whole *point*of pseudospoofing is to deceive others in an undetected way. Obviously, none of this proves that H.Finney == T.C.May. It only says that this person's arguments are essentially completely empty of solid evidential facts that prove anything conclusive. `I see nothing to indicate they are the same' he whines. IMHO, `I see nothing to indicate they are different.' > I >wish you would come up with some evidence if you continue to make >these wild accusations. This is another interesting psychopunk argument, placing the burden of proof on someone who makes an accusation about nonexistence, when obviously the burden of proof in cyberspace should be on those who wish to prove they exist, because every aspect of the Internet encourages the opposite conclusion -- that `they' are a tentacle. There are no humans in cyberspace! Only email addresses! To equate the two is the most dangerous deception imaginable! Are we to rely on human nature and honesty? Remember, we are dealing with pathological liars and psychopaths here. Unless the accused denies the claim, there is not really any need for proof. We simply assume that everyone is a tentacle until evidence arises to the contrary, and get a proof by contradiction. Psychopunks prefer Proof by Lies. >The point I'm trying to make is that you >just look foolish, accusing people of pseudospoofing who do not >appear to be doing so to neutral observers That's the key -- fooling neutral observers into believing that no one is pseudospoofing. This is the central weapon of the pseudospoofer. Telling his opponents that they are insane paranoiacs for believing that there is no guarantee whatseover that a unique nametag corresponds to a unique person! Until people wake up and smell the excrement, the pseudospoofer gets away with his treachery unhindered. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From ld231782 at longs.lance.colostate.edu Sun Nov 28 22:44:41 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 28 Nov 93 22:44:41 PST Subject: the GWELST Game Message-ID: <9311290642.AA11110@longs.lance.colostate.edu> Hey, I have a neat new game that cypherpunks would be interested in. Unfortunately, I don't have a lot of material for anything but one or two rounds. Maybe some other people can join in as the dealer after this round. GWELST stands for Guess Which Eminent Leader Said This. One eminent cypherpunk leader is the author of a quote I include here. Your mission, if you choose to accept it, is to determine the originator. The quote is: ``There is no movement. Get this delusion out of your head. There is only software.'' A few hints for you all. I was quite depressed and disoriented by this quote at first. I thought, of course there is a movement! That's why I'm here! That's what makes me interested in the Cypherpunks! Isn't a NYT and Wired article an indication of a Movement? Aren't all the people who post here indications of a Movement? Aren't the leaders interested in promoting the Movement? Actually, the answers to all these questions are quite contrary to what you might think. It seems that the real cypherpunk agenda is to *pretend* that there is a movement, and play it out like a movie in a theatre for the audience, and fool them into thinking it is real. Many still do! But this is like being convinced by one of those fake Hollywood building facades, with empty nothingness behind it. The leaders are interested in deceiving reporters like Markoff and Kelly, NYT and Wired respectively, into thinking that the movie is real, that real people are getting real things done. Many of the people who post here are *not* real. Some of the most `respected' ones are tentacles. And the audience is so dazzled by the show that they continue to believe in the Movie despite that it has ended and an usher is telling them to Leave! Many tentacles are dangled before us by the Master Puppeteers themselves. The tentacles assault us on the list and in our mail, sandwiched between real people. How can one tell the difference? Most can't. So the fraud, the mockery, the sham, the farce plays on. So, even the leaders have some honesty in some moments. On rare occasions of unguarded, uncharacteristically candid moments, they hint that there the idea that there is a Movement is actually an elaborate hoax. `There is no movement. Get this delusion out of your head. There is only software.' That last sentence is a reference to the elaborate movie-generating software that they run, that helps them project the characters onto the screen with an amazing degree of realism and verasimilitude. But the characters are not real people. Only after attempting to interact with them like real people, can other real people discover that they are fake. It is like an Eliza-Turing test. Which email addresses are intelligent? Which are tentacles? Hint: The tentacles are like robots that explode when asked a question they cannot answer. Interestingly, the individual A.Abraham, himself involved in the Cypherpunk leadership, who posts as a2 at ah.com (the infamous Abraham-Hughes site), recently sent me mail along the same lines, saying that `There is only software.' This is a fat clue for you in this round of the GWELSTing Game! Answer will appear shortly! From an12070 at anon.penet.fi Sun Nov 28 23:10:09 1993 From: an12070 at anon.penet.fi (S.Boxx) Date: Sun, 28 Nov 93 23:10:09 PST Subject: CRYPTOANARCHIST INFILTRATION ALERT Message-ID: <9311290709.AA24358@anon.penet.fi> ATTENTION ALL INTERNET PERSONNEL THE INTERNET OUTLET szabo at netcom.com HAS BEEN IDENTIFIED AS A CRYPTOANARCHIST CYBERSPACE INFILTRATION SITE TO A 93.67% DEGREE CERTAINTY VIA PSEUDOSPOOFING DETECTION SOFTWARE. MAIL, POSTS, AND OTHER EMANATIONS FROM THIS OUTLET ARE CONSIDERED LIKELY TO BE HIGHLY SUBVERSIVE AND DANGEROUS CRYPTOANARCHIST DISINFORMATION AND PROPAGANDA FROM ONE OR MORE CRYPTOANARCHIST CO-CONSPIRATORS. MULTIPLE SENSITIVE INTERNET MAILING LISTS, FAQS, AND FORUMS HAVE BEEN CONTAMINATED. INFORMATION ORIGINATING FROM THIS OUTLET IN THE FOLLOWING AREAS IS PARTICULARLY SUSPECT: - PROMOTION OF PSEUDOANONYMITY AND THE COLLECTION OF MULTIPLE FAKE CYBERSPACE IDENTITIES (MISTATED AS `PURE ANONYMITY') - PROMOTION OF UNTRACEABLE `BLACK' CASH AND RELATED CRYPTOGRAPHIC TECHNIQUES (PARTICULARLY CHAUMIAN) - FALSE REFERENCES AND DISINFORMATION ON THE ACTUAL `CRYPTOANARCHIST' AGENDA - PROMOTION OF THE `COLLAPSE OF GOVERNMENTS' - SUBTLE ANTI-DEMOCRACY GOALS AND ANTI-DEMOCRATIC SENTIMENTS - PROMOTION OF DISINFORMATION, PROPAGANDA, AND DECEPTION E.G. IN THE MEDIA - PROMOTION OF TAX EVASION - PROMOTION OF CRIMINAL EVASION OF IDENTITIFICATION MEASURES FOR E.G. BLACK MARKETEERING - ELEVATING AND PERPETUATING SUBVERSIONS OF IDENTITY E.G. PSEUDOSPOOFING AND PSEUDOPOOLS AS `LIBERATING FLUIDITY OF IDENTITY' ON THE INTERNET - PROMOTION OF ABUSE OF INFORMATION THROUGH E.G. LEAKS, BURGLARY, OR ESPIONAGE - FALSE DETAILS ON PERSONAL IDENTITY AND CORROBORATION OF THE EXISTENCE OF OTHER IDENTITIES - INFILTRATION, PROVOCATION, AND SABOTAGE OF MAILING LIST DISCUSSIONS OUTSIDE OF CHARTERS INTO THE `CRYPTOANARCHIST' AGENDA - PROMOTION OF OTHER FAKE IDENTITIES - PUBLIC AND PRIVATE ATTACKS ON REAL IDENTITIES EMPLOYING COUNTERMEASURES AGAINST THE CRYPTOANARCHIST MOVEMENT - MANIPULATION AND TERRORISM IN PRIVATE MAIL - COLLECTION OF SENSITIVE PRIVATE INFORMATION AND MAIL FROM COMMUNICATING `OUTSIDE' INDIVIDUALS INTERNET INDIVIDUALS AND ORGANIZATIONS ARE ADVISED TO EXAMINE AND PURGE ARCHIVES AND RECORDS OF ALL INFORMATION ORIGINATING FROM THIS OUTLET AS CRYPTOANARCHIST DISINFORMATION. ITEMS RECOVERED FROM THIS OUTLET SHOULD BE REPOSTED FOR PUBLIC EXPOSURE. QUESTIONS REGARDING THIS ADVISORY ALERT CAN BE ADDRESSED TO cypherpunks at toad.com BACKGROUND INFORMATION ON THE CRYPTOANARCHIST MOVEMENT IS AVAILABLE IN RISKS 15.25, 15.27, AND 15.28X, FTP CRVAX.SRI.COM DIRECTORY /RISKS: ADDITIONAL BULLETINS WILL BE ISSUED AS EVENTS WARRANT. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From hawkwind at dink.foretune.co.jp Sun Nov 28 23:14:42 1993 From: hawkwind at dink.foretune.co.jp (hawkwind at dink.foretune.co.jp) Date: Sun, 28 Nov 93 23:14:42 PST Subject: Disruptive members Message-ID: <199311290712.QAA06834@dink.foretune.co.jp> I would like to mention that it seems in the past two years (I have been a netrunner since 1978) that I am finding myself fleeing quite often from lists, forums, discussion groups, etc. that have disruptive people on them jamming up my mailbox and polluting the creativity of each group with incredible vile negativism. Besides being a personal problem for me, it is also a professional problem as I am currently in Japan trying to launch a 10,000 player cyberspace RPG community. I liken people such to a situation where a group of friends are sitting talking around a fireplace deep in creative discussion and a Felini style circus band starts marching through the room playing at full volume. If this was in your home, you would throw them out; if at a ski lodge, the management would throw them out; if in a public place, the police would disperse them for "disturbing the peace" (have you ever wondered WHY all civilizations have such laws?!?). Yet in cyberspace, people toss out phrases like "freedoms", and "rights" to excuse such behavior apparently without much consideration to the "responsibilities" inherent in those phrases. At a conference recently, I spent over two hours talking to the fellow who runs a large Moo about exactly this problem. He is also faced with such people (although thankfully not quite so extreme), and his "society" is having a VERY difficult time trying to develop procedures for dealing with such people. He told me about a particularly nasty situation where some girl in his Moo was "virtually raped" by another member. The Moo was horrified, but could not figure out how to deal with the culprit. Right now, I think that perhaps much of the nets is still made up of people who are experienced in netrunning, but the sheer quantity of new inexperienced people joining is getting astronomical. If their initial contact is with a group containing a disrupter type, then they may run shuddering from the nets forever. If enough of them complain (to school administrators, postmasters, political figures), then very heavy handed laws will be slammed down in top of the nets in retaliation. It is a well known historical/political fact that any activity that is not successful at self-control WILL BE controlled from without, or smashed apart for "the good of the people". >From reading recent postings, I gather that many feel as I once did, that disruptive people will just flame out and go away. And once that was so, but no longer. I have seen over 15 groups laid waste in the past two years by such people. They did not go away, but rather gloated over the deceased corpse of the group. Many of the members of those groups I have not seen again on the nets. I now firmly believe that such chaotic people have to be dealt with and promptly. I am still unclear how to deal with them, but I do know that time is of the essence. The longer they are allowed to pollute your group, the deeper the cancer runs affecting everyone's perspective. I look forward to any constructive comments. From ferguson at icm1.icp.net Mon Nov 29 04:56:58 1993 From: ferguson at icm1.icp.net (Paul Ferguson x2044) Date: Mon, 29 Nov 93 04:56:58 PST Subject: Real People In-Reply-To: <9311290559.AA13919@anon.penet.fi> Message-ID: <9311291253.AA00342@icm1.icp.net> S.Boxx writes - > He says he met P.Ferguson at the D.C. cypherpunks meeting `this spring' > (last spring?). What was the date on that, anyway? Who else was there? > He said he didn't get to talk to P.Ferguson for very long, but he did > see his Virginia driver's license. So, according to J.Thomas > anyway, P.Ferguson exists! Thanks for this > valuable entry in the Real People Trust Web. Would anyone like to vouch > for Joe Thomas, ? Not that it makes any difference, but: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiuk0/8AAAEEALqlLc+x9lmgiJCRSpu/aPhQdi0hMjwiGlN2B/GJQqgZPhTb pR+u5/blGogqT+WwcXZ2XfEdIV19FrJY4BXGGn4+4TjdVN3XuuCHuueoygBAmOQD IloU6SJuDqJa0kFA5X/i/1ELn86I5+8A4Hx88FiYJIVUBR6SApRLcZSdHMBNAAUR tB9QYXVsIEZlcmd1c29uIDxmZXJncEBzeXRleC5jb20+iQCVAgUQLEK6M79uJ7op DB4/AQFMfAQAvomsfh0tg0mbk/L9MnpWLqq17kAjYLm249Ax8NO4lYv1SVrDqs8n qSRya0cbhPrVq/Yl/w4V88YI+7NJf2V69+XZWMLfMLs4EsqZ6IznxZwG5mtIwO0T oUKH8THb6RcMoU8qRvM1fjryoifmNiQhc1/hHqvznzQVl6/vXruEuTyJAJUCBRAr 2DwdjjCur77UuzkBAfBUA/90Kw5XV1cGtAyPTBq9nKbMN0QJeW/xq4M1xKnEBQWA t3Bebk64ThCc48evI3RQyrlE3au8LZAl3EhbuA95c3VErayj1oZcm1KKKndBLRs3 YkIfWw9xghc2ZFDdnsn/OqmkbshiVxp9SmPRX4awvqWovMHwm0EZARH0MBhqm9BF HbQlUGF1bCBGZXJndXNvbiA8ZmVyZ3Vzb25AaWNtMS5pY3AubmV0Pg== =+PeW -----END PGP PUBLIC KEY BLOCK----- Cheers. From lstanton at lehman.com Mon Nov 29 05:51:56 1993 From: lstanton at lehman.com (Linn Stanton) Date: Mon, 29 Nov 93 05:51:56 PST Subject: THE DETWEILER PLEDGE In-Reply-To: <931127014946_72114.1712_FHF59-2@CompuServe.COM> Message-ID: <9311291347.AA15337@cfdevsol.lehman.com> I so pledge Linn H. Stanton The above opinions are exclusively my own. If anyone else wants them, they can buy them from me. Easy terms can be arranged. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQBNAitK8+EAAAECALzK83DH79m7DLKBmZA2h9U33fBE80EwT4xRY05K7WRfxpO3 BmhPVBmes9h97odVZ0RxAFvinOl4wZGOb8pDclMABRG0IUxpbm4gSC4gU3RhbnRv biA8c3RhbnRvbkBhY20ub3JnPrQnTGlubiBILiBTdGFudG9uIDxsc3RhbnRvbkBz aGVhcnNvbi5jb20+ =oCru -----END PGP PUBLIC KEY BLOCK----- From kovar at nda.com Mon Nov 29 06:01:57 1993 From: kovar at nda.com (David Kovar) Date: Mon, 29 Nov 93 06:01:57 PST Subject: Disruptive members In-Reply-To: <199311290712.QAA06834@dink.foretune.co.jp> Message-ID: <199311291357.IAA09915@nda.nda.com> This list is allowing itself to be disrupted. More effort is being expended by its members complaining and commenting about LD than he is expending. Ignore the guy and get on with life. -David From m5 at vail.tivoli.com Mon Nov 29 06:17:24 1993 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 29 Nov 93 06:17:24 PST Subject: Big Brother/Bank Accounts Message-ID: <9311291413.AA20144@vail.tivoli.com> Given the material in the WiReD 1.6 article, how likely is it that a true anonymous digital cash system would be allowed? I know, I know; there's "no way to prevent it"; however, I think that concept is based on the premise that the Government proceeds rationally. If somebody with an axe to grind gets hold of the "kidnapped baby" scenario described in _Applied_Cryptography_, plenty of public outrage and indignation could be generated. Imagine a made-for-TV docu-drama that shows teams of strange greasy little hackers hunched over their glowing workstations, wailing kidnapped babies piled in a corner. Go on, reassure me that "all is well". -- Mike McNally From m5 at vail.tivoli.com Mon Nov 29 06:27:03 1993 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 29 Nov 93 06:27:03 PST Subject: Cryptosplit 2.0 In-Reply-To: <9311290404.AA27229@jobe.shell.portal.com> Message-ID: <9311291426.AA20155@vail.tivoli.com> Hal Finney writes: > But I did go to some > effort with the random-number generation on which the security of the > scheme depends. My code uses the IDEA.C module from PGP for the > pseudo-random generator, seeding it with the time of day and an MD5 > hash of the file being split. So I think this should be pretty secure > in terms of the randomness involved. On UNIX systems, where keystroke timing can be problematic, couldn't a collection of various system metrics be used to provide a bunch of reasonable pseudo-random bits? Things like: * Disk space in / * Network activity (in/out packet counts) * load average * swap space available * time of day (duhh) Of course, one would want to ensure that no monitoring or logging software (like the stuff I work on :-) keeps coherent snapshots around anywhere... -- Mike McNally From dheck at odo.cc.uakron.edu Mon Nov 29 06:47:00 1993 From: dheck at odo.cc.uakron.edu (dheck at odo.cc.uakron.edu) Date: Mon, 29 Nov 93 06:47:00 PST Subject: CRYPTOANARCHIST INFILTRATION ALERT Message-ID: who appointed this guy Netcop status? If I wanted to receive info appropriate to alt.whistleblowing, I'd read Usenet...These self-appointed, self-important, self-inflated egos really get under my skin...take me off this list...the signal-to-noise ratio is getting a little out of hand. (By the way, my real name is Heck...) David From cman at caffeine.io.com Mon Nov 29 07:42:04 1993 From: cman at caffeine.io.com (Douglas Barnes) Date: Mon, 29 Nov 93 07:42:04 PST Subject: Disruptive members In-Reply-To: <199311290712.QAA06834@dink.foretune.co.jp> Message-ID: <199311291527.JAA29434@caffeine.caffeine.io.com> > Right now, I think that perhaps much of the nets is still made up of people > who are experienced in netrunning, but the sheer quantity of new > inexperienced people joining is getting astronomical. If their initial > contact is with a group containing a disrupter type, then they may run > shuddering from the nets forever. If enough of them complain (to school > administrators, postmasters, political figures), then very heavy handed > laws will be slammed down in top of the nets in retaliation. It is a well > known historical/political fact that any activity that is not successful at > self-control WILL BE controlled from without, or smashed apart for "the > good of the people". > I agree with you strongly; however, the notion of a list as a space, and the list members having their collective image tarnished by the presence of disruptive members clearly hasn't sunk in. Instead we get a lot of silly "freedom of speech" rhetoric. I guess they haven't realized that every forum doesn't have to be a noisy street corner or an all-comers keg party. (where, respectively, free speech works to the point of tolerating loud crazies and vomiting) The whole argument that people can use kill files is utterly bogus if outreach is even a minor goal for the group. Note that the extropians not only provide list-administered kill files, but also threaten disruptive members with expulsion, and as a result have excellent signal to noise. Good parallel to the similar problem of disruptive and violent individuals on MOOs, btw. Doug -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 447-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From mnemonic at eff.org Mon Nov 29 08:07:07 1993 From: mnemonic at eff.org (Mike Godwin) Date: Mon, 29 Nov 93 08:07:07 PST Subject: Let's Talk About Solutions In-Reply-To: <199311291357.IAA09915@nda.nda.com> Message-ID: <199311291601.LAA15061@eff.org> David Kovar writes: > This list is allowing itself to be disrupted. More effort is being > expended by its members complaining and commenting about LD than he > is expending. Ignore the guy and get on with life. It's worth noting that the perceived problem with Lance Detweiler is a problem that sooner or later surfaces in all forums, whether they're mailing lists or newsgroups--namely, the problem of a certain person or subject matter driving people away from the forum. Fleeing the problem doesn't fix it. It recurs wherever you go. Solving the problem in a top-down way (e.g., by banning a person from a forum) doesn't fix it, and that kind of centralized-censorship solution runs counter to the dynamic of the Net, which is not structured to support centralized censorship. (Theoretically, mailing lists are structured that way, but in practice anything but the most light-handed moderation tends to kill the spontaneity of discussions.) The best solutions are bottom-up solutions: solutions in which individuals can make choices about what they wish to see, but can't impose those choices on others. These solutions take many forms. The least sophisticated, and the least effective, is to unsubscribe from a "noisy" list--as I noted before, the problem recurs on all forums. A better solution is to ignore the noisy postings--this is the Detweiler Pledge Solution. Still better is the artful use of mail filters. (A nonartful use of filters may prevent some people from reading this message, since it includes the string "detweiler.") It strikes me as relatively on-topic for cypherpunks to discuss technical solutions, such as mail filters, for solving the "noisy forum problem." For some, adequate solutions may already be in place. But I note that for "mere users" (as distinct from sophisticated users and programmers), current filtering tools are difficult to use. What can make this better? --Mike Mike Godwin, (202) 347-5400 |"And walk among long dappled grass, mnemonic at eff.org | And pluck till time and times are done Electronic Frontier | The silver apples of the moon, Foundation | The golden apples of the sun." From cman at caffeine.io.com Mon Nov 29 08:17:12 1993 From: cman at caffeine.io.com (Douglas Barnes) Date: Mon, 29 Nov 93 08:17:12 PST Subject: Cryptosplit 2.0 In-Reply-To: <9311291426.AA20155@vail.tivoli.com> Message-ID: <199311291602.KAA29523@caffeine.caffeine.io.com> > > On UNIX systems, where keystroke timing can be problematic, couldn't a > collection of various system metrics be used to provide a bunch of > reasonable pseudo-random bits? Things like: > > * Disk space in / > * Network activity (in/out packet counts) > * load average > * swap space available > * time of day (duhh) > > Of course, one would want to ensure that no monitoring or logging > software (like the stuff I work on :-) keeps coherent snapshots around > anywhere... > Jim McCoy and I have been talking about this; the underylying question is "how many bits of entropy are in a ps"? Time of day, for instance, is very low entropy. The results of 'ps' vary wildly in their entropy depending on the system and whether your opponent has access to it or could make reasonable guesses about parts of it. ps is better than load average, because it always has an affect on the system when run; load average is an *average* and is rather slow to change. Still, we have argued over many a cup of coffee whether there's 128 bits of entropy in ps. I think the answer is yes, or real close, for a system with lot of users, but not if things are slow or you don't have many users. Of course, the more rapidly the opponent takes snapshots, the more she perturbs the ps... My point in all this, is that if your opponent knows the components you're doing an MD5 of to get your random bits, and these components are low entropy with respect to that attacker (she is on the same system and can monitor roughly the same statistics that you can) then this opponent could search through the space of reasonable pertubations in the 'ps' listing between snapshots, could extrapolate between snapshots of the load average, etc. And feed them to MD5 herself. If you are running a stock single user configuration, it wouldn't even be necessary for the opponent to be on the same system. If there is something or somethings on any Unix system with sufficient entropy that can be reliably polled and fed to MD5 I'd love to know it. (This strikes me also as something that is not going to be real portable... I have visions of #ifdefs dancing in my head) Some people think this is a little paranoid on my part. Ok, maybe, but I want a lockable /dev/rand. -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 447-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From hfinney at shell.portal.com Mon Nov 29 08:52:02 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Mon, 29 Nov 93 08:52:02 PST Subject: Cryptosplit 2.0 Message-ID: <9311291648.AA25233@jobe.shell.portal.com> From: m5 at vail.tivoli.com (Mike McNally) > On UNIX systems, where keystroke timing can be problematic, couldn't a > collection of various system metrics be used to provide a bunch of > reasonable pseudo-random bits? Things like: > > * Disk space in / > * Network activity (in/out packet counts) > * load average > * swap space available > * time of day (duhh) These can play a role in seeding a RNG, but there is probably not as much randomness there as you might expect. Knowledge of the approximate time of day the program was run, plus some general information about the characteristics of your system in terms of usage, can probably pin most of those values down to within a factor of 5 or so. I think multiple MD5 hashes of the total contents of /tmp (or, better, /swap, if you can access that) would have more bits of randomness. In any case, Shamir sharing requires a LOT of random bits ("k" times the size of the file) so at best these sources of randomness could seed a RNG, which would then "amplify" the randomness (in a cryptographic sense) to produce the random bits needed for the sharing algorithm. I believe the RIPEM public key package by Mark Riordan has a fairly wide repertoire of techniques for searching for randomness, including some of the above ideas. This code might be worth adapting to a general-purpose entropy-seeking algorithm. The problem is that these kinds of things are highly system dependent. If you have an audio port, for example, listening to an unconnected microphone can produce a steady stream of noise. Or if you have a high-speed timer it can be used to get perhaps a couple dozen bits of randomness at program-startup time, or to get many bits per keystroke. So you have to have customization for each target system to be useful. I do think the RIPEM code would be a good starting point, though. I once proposed a DOS TSR (a "background" program) which would monitor your keystrokes all day long and condense the timing data into a file full of random bits. Then you'd use up the bits when you needed to do cryptography. I haven't learned enough about DOS to write such a thing, though. Hal Finney hfinney at shell.portal.com From pat at tstc.edu Mon Nov 29 09:02:05 1993 From: pat at tstc.edu (Patrick E. Hykkonen) Date: Mon, 29 Nov 93 09:02:05 PST Subject: HUMOR: Timothy C. May is the CONSPIRACY! Message-ID: <9311291700.AA15215@tstc.edu> In the grand style of the infamous L. Detweiler, here is proof that Timothy C. May is the real culprit behind all this. From: tcmay at netcom.com (Timothy C. May) Message-Id: <199311280747.XAA15002 at mail.netcom.com> Subject: Re: Banning any subscriber Date: Sat, 27 Nov 93 23:47:54 PST --Tim May, who generally finds it faster to hit "D" than to filter (and, ironically, I keep all of the Detweiler/Pervert/S. Boxx/etc. posts, both for archival value and because it's stuff I'll want to reread in future years and perhaps use in a book I may write). From: bart at netcom.com (Harry Bartholomew) Message-Id: <199311271042.CAA28624 at mail.netcom.com> Subject: The other side of LD Date: Sat, 27 Nov 93 2:42:08 PST I never thought I be caught dead forward an LD post, but here it is since I may be the only 'punk on the NEW-LIST announcements. Here we see the other side. I am beginning to get a funny feeling about all this. Consider: 1. The book published for profit by editing the submissions to rec.humor.funny. 2. The recent "compilation copyright" filed by Keith Peterson on the material contained in the Simtel archive. 3. The default apparent public domain into which all our postings seem to fall. Is LD, the prolific author that he obviously is, merely baiting the creative minds of the cypherpunks to gather material for his forthcoming novel(s)? Bart Tim's penchant for creating boiling cauldrons has "caught" him in this case. He states that he keeps all the messages for archival purposes to create a book at a later time. Notice that another Cypherpunk subscriber from the same site points out that LD is merely baiting the Cypherpunks and the world into situations for book material. Tim obviously urged Harry into sending the second message above. From: tcmay at netcom.com (Timothy C. May) Message-Id: <199311280835.AAA20462 at mail.netcom.com> Subject: "Pretty Good Paranoia" and "Dining Detweilers Net" Date: Sun, 28 Nov 93 0:35:44 PST "My tortured and WRACKED soul is becoming INCREASINGLY MADDENED AND DISGUSTED by the unspeakable actions of the leading SickoPunks in beaming RADIO SIGNALS into my cranial cavities while I dream of slaying Miss Medusa and her TENTACLES of depravity and cyberspatial indifference." --Klaus! von Future Prime (My nom de humor on the Extropians list.) This is the final proof. I do not believe that Tim actually creates the text that apparently comes from LD. It is Tim's cat! This is why the link between LD and Tim has not come to light sooner. Tim has conspired with his cat to create this "uproar" for material for his upcoming book. Since Tim and his cat are two seperate entities their message text does not correlate, however the inclusion of a piece of "Detweiler Text" inside of one of Tim's messages proves beyond a shadow of a doubt that Tim must somehow be responsible for LD's posts. I submit to you that it is Timothy C. May is actually L. Detweiler and he has fooled us all! I just hope it makes a good book! -- Pat Hykkonen ** N5NPL ** pat at tstc.edu ** CNSA -- (817) 867-4831 Disclaimer: This product may cause irritability in some users. In cases of allergic reaction, delete and consult a physician immediately. All of life is a comedy, don't let it upset you. - P. Hykkonen From arthurc at crl.com Mon Nov 29 09:27:21 1993 From: arthurc at crl.com (Arthur Chandler) Date: Mon, 29 Nov 93 09:27:21 PST Subject: NEW: Cypherwonks (fwd) Message-ID: Has anyone else seen this? I got it from another newsgroup, and thought that folks here might be interested in seeing this morph of one branch of the cypherpunk movement. I'm assuming, of course, that it's not a spoof. Comments? ---------- Forwarded message ---------- Date: Mon, 29 Nov 1993 15:09:26 CET-1DST From: GoeRAN DAMBERG To: Multiple recipients of list FUTUREC Subject: NEW: Cypherwonks I got this in my mailbox today and thought that some of you might be interested. ------- Forwarded Message Follows ------- cypherwonks at lists.eunet.fi The brand new cypherwonks list on Majordomo at Lists.EUnet.fi is for ambitious, energetic, can-do, hands-on individuals interested in general cutting-edge `cyberspatial development' projects such as in cryptography, digital cash, and `electronic democracy'. (A `wonk' is slang for a `meticulous detail person'.) The list is both an informal gathering place for the technically adept and also a focal point for branching off into serious project coordination. We place a premium on membership by technical professionals and try to hone our posts to accommodate the busy (who, according to the adage, are those who get all the serious work done). We are inspired by the Internet but don't see it as ideal yet and are particularly interested in cooperation, building prototypes, forging standards, and `long-term incremental evolution' in our designs and goals. We're also intensely interested in following and influencing the technological and political developments of the emerging `national cyberspatial infrastructure.' The list is *not* for political diatribes in the `radical libertarian' agenda, e.g. rants against all forms of government as oppressive, corrupt, or evil, or promoting the use of cryptographic technologies for subversive activities like tax evasion, black marketeering, or evading law enforcement. The list is *not* for discussions of how to manipulate the honest through the use of software technologies. The list is *not* for unconstructive negativism against other's proposals. Above all, we are interested in forging a `civilized cyberspace' out of the current `Internet wilderness'. Historical note: the list was formed as a less ornery, more moderate splinter group from the Cypherpunks by J.Helsingius (creator of the popular anon.penet.fi anonymizing service) and L.Detweiler (author of many FAQs including `Privacy & Anonymity on the Internet). To subscribe, send a message with the body subscribe cypherwonks to Majordomo at Lists.EUnet.fi. A more comprehensive charter is available with the command `info cypherwonks' in the message body. To post, send a message to cypherwonks at lists.eunet.fi. From pdn at dwroll.dw.att.com Mon Nov 29 09:32:01 1993 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Mon, 29 Nov 93 09:32:01 PST Subject: Let's Talk About Solutions In-Reply-To: <199311291601.LAA15061@eff.org> Message-ID: <9311291730.AA09037@toad.com> Mike Godwin writes : > > It strikes me as relatively on-topic for cypherpunks to discuss technical > solutions, such as mail filters, for solving the "noisy forum problem." > For some, adequate solutions may already be in place. But I note that for > "mere users" (as distinct from sophisticated users and programmers), > current filtering tools are difficult to use. What can make this better? > I subscribed to the Extropians list for a while and was quite impressed with the list management software they were running. Commands could be sent to the list processor like 'exclude ', 'exclude ', etc via regular e-mail messages; with this capability, anyone who can use e-mail can personally manage the stream of postings headed for their mailbox. In my opinion, this approach strikes a comfortable balance between outright censorship and mass confusion. ........................................................................ Philippe D. Nave, Jr. | The person who does not use message encryption pdn at dwroll.dw.att.com | will soon be at the mercy of those who DO... Denver, Colorado USA | PGP public key: by arrangement. From lefty at apple.com Mon Nov 29 09:32:10 1993 From: lefty at apple.com (Lefty) Date: Mon, 29 Nov 93 09:32:10 PST Subject: newsgroup v news-list Message-ID: <9311291731.AA20087@internal.apple.com> >We are talking about limiting access to the list (for whatever reason), THAT >is cencorship. Nonsense. Spend a little time with Mr. Dictionary, and you should be able to adduce the meaning of the word "censorship". It isn't what you seem to think it is. On the other hand, if you truly feel the way you do, please let me have a copy of your house key and warn your Significant Other that I'll be dropping by for an extended snuggle. I'll also help myself to your stereo and VCR while I'm there. What? You don't _like_ that idea? You wouldn't want to _censor_ me, would you? >I personaly find the idea that a person has to 'earn' the right to make a >statement on a mail-list or newsgroup as counter-free speech. I oppose your >view. Read the First Amendment. Learn something about free speech. It would assist you in weaning yourself away from sounding like an uninformed fool. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From mnemonic at eff.org Mon Nov 29 09:47:11 1993 From: mnemonic at eff.org (Mike Godwin) Date: Mon, 29 Nov 93 09:47:11 PST Subject: Let's Talk About Solutions In-Reply-To: <199311291730.MAA16169@eff.org> Message-ID: <199311291744.MAA16701@eff.org> Philippe writes: > I subscribed to the Extropians list for a while and was quite impressed > with the list management software they were running. Commands could be > sent to the list processor like 'exclude ', 'exclude ', etc > via regular e-mail messages; with this capability, anyone who can use > e-mail can personally manage the stream of postings headed for their > mailbox. In my opinion, this approach strikes a comfortable balance between > outright censorship and mass confusion. Any chance we can get such a thing implemented on the cypherpunks list? --Mike From freeman at MasPar.COM Mon Nov 29 09:52:01 1993 From: freeman at MasPar.COM (Jay R. Freeman) Date: Mon, 29 Nov 93 09:52:01 PST Subject: HUMOR: Timothy C. May is the CONSPIRACY! Message-ID: <9311291752.AA00421@cleo.MasPar.Com> > [...] It is Tim's cat! [...] I hate to add to the horror of it all, but ... Tim has <*gasp*> TWO cats! We're doomed ... -- Jay Freeman From pmetzger at lehman.com Mon Nov 29 10:02:01 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Mon, 29 Nov 93 10:02:01 PST Subject: Let's Talk About Solutions In-Reply-To: <199311291601.LAA15061@eff.org> Message-ID: <9311291759.AA00573@snark.lehman.com> Mike Godwin says: > It's worth noting that the perceived problem with Lance Detweiler is a > problem that sooner or later surfaces in all forums, whether they're > mailing lists or newsgroups--namely, the problem of a certain person or > subject matter driving people away from the forum. > > Fleeing the problem doesn't fix it. It recurs wherever you go. > > Solving the problem in a top-down way (e.g., by banning a person from a > forum) doesn't fix it, and that kind of centralized-censorship solution > runs counter to the dynamic of the Net, It works in places like the Extropians mailing list -- the S/N periodically has crises, but they are short and the troublemakers get booted for good. It isn't counter to the dynamic of the net, either. A mailing list is like someone's living room. If your houseguests start pissing on the sofas, it isn't unreasonable to kick them out. "Banned" persons are free to start their own mailing lists, post to newsgroups, etc. They've just been denied access to the computing resources of the list maintainer for purposes of spreading their inane rants. It doesn't even stop the persons in question from communicating individually to all the people who were on the mailing list. Too many people think "Freedom of Speech" means "freedom to speak in anyone's living room if they feel like it", which it does NOT mean. As a practice, removing people is simple, cheap, and astonishingly effective. Perry From lubetkin at mgh.com Mon Nov 29 10:27:12 1993 From: lubetkin at mgh.com (Steve Lubetkin) Date: Mon, 29 Nov 93 10:27:12 PST Subject: Info on list Message-ID: <9311291821.AA13171@mgh_cs1.mgh.com> Send info on subscribing to the list, please. From ssteele at eff.org Mon Nov 29 10:37:11 1993 From: ssteele at eff.org (Shari Steele) Date: Mon, 29 Nov 93 10:37:11 PST Subject: A study of National Cryptography Policy Message-ID: <199311291832.NAA17576@eff.org> >Date: Mon, 29 Nov 93 12:23:02 EST >From: "Herb Lin" >Encoding: 5789 Text >To: farber at cis.upenn.edu, editors at eff.org, alert at washofc.cpsr.org >Subject: A study of National Cryptography Policy > > >Please forward this message to any individual or mailing list >that you believe should receive it. Many thanks.. >********************* >As part of the Defense Authorization Bill for FY 1994, the U.S. Congress >has asked the Computer Science and Telecommunications Board >(CSTB) of the National Research Council (NRC) to undertake a study of >national policy with respect to the use and regulation of cryptography. >The report of the study committee is due two years after all necessary >security clearances have been processed, probably sometime summer >1996, and is subject to NRC review procedures. The legislation >states that 120 days after the day on which the report is submitted to >the Secretary of Defense, the Secretary shall submit the report to the >Committees on Armed Services, Intelligence, Commerce, and the >Judiciary of the Senate and House of Representatives in unclassified >form, with classified annexes as necessary. As of this date (November 29, >1993), the House and the Senate have agreed to this study, but the >President has not yet signed the bill. > >Assuming the legislation is signed by the President, this study is >expected to address the appropriate balance in cryptography policy >among various national interests (e.g., U.S. economic competitiveness >(especially with respect to export controls), national security, law >enforcement, and the protection of the privacy rights of individuals), >and the strength of various cryptographic technologies known today >and anticipated in the future that are relevant for commercial >purposes. The federal process through which national cryptography >policy has been formulated is also expected to be a topic of >consideration, and, if appropriate, the project will address >recommendations for improving the formulation of national >cryptographic policy in the future. > >This project, like other NRC projects, will depend heavily on input >from industry, academia, and other communities in the concerned >public. Apart from the study committee (described below), briefings >and consultations from interested parties will be arranged and others >will be involved as anonymous peer reviewers. > >It is expected that the study committee will be a high-level group that >will command credibility and respect across the range of government, >academic, commercial, and private interests. The committee will >include members with expertise in areas such as: > > - relevant computer and communications technology; > - cryptographic technologies and cryptanalysis; > - foreign, national security, and intelligence affairs; > - law enforcement; > - commercial interests; and > - privacy and consumer interests. > >All committee members (and associated staff) will have to be cleared >at the "SI/TK" level; provisions have been made to expedite the >processing of security clearances for those who do not currently have >them. Committee members will be chosen for their stature, expertise, >and seniority in their fields; their willingness to listen and consider >fairly other points of view; and their ability to contribute to the >formulation of consensus positions. The committee as a whole will >be chosen to reflect the range of judgment and opinion on the subject >under consideration. > >The detailed composition of the committee has not yet been decided; >suggestions for committee members are sought from the community at >large. Note that NRC rules regarding conflict of interest forbid the >selection as committee members of individuals that have substantial >personal financial interests that might be significantly affected by the >outcome of the study. Please forward suggestions for people to >participate in this project to CSTB at NAS.EDU by DECEMBER 17, >1993; please include their institutional affiliations, their field(s) of >expertise, a note describing how the criteria described above apply to >them, and a way to contact them. For our administrative >convenience, please put in the "SUBJECT:" field of your message the >words "crypto person". > >Finally, some people have expressed concern about the fact that the >project will involve consideration of classified material. Arguments >can and have been made on both sides of this point, but in any event >this particular ground rule was established by the U.S. Congress, not >by the CSTB. Whether one agrees or disagrees with the asserted >need for classification, the task at hand is to do the best possible job >given this constraint. > >On the National Research Council > >The National Research Council (NRC) is the operating arm of the >Academy complex, which includes the National Academy of Sciences, >the National Academy of Engineering, and the Institute of Medicine. >The NRC is a source of impartial and independent advice to the >federal government and other policy makers that is able to bring to >bear the best scientific and technical talent in the nation to answer >questions of national significance. In addition, it often acts as a >neutral party in convening meetings among multiple stakeholders on >any given issue, thereby facilitating the generation of consensus on >controversial issues. > >The Computer Science and Telecommunications Board (CSTB) of the >NRC considers technical and policy issues pertaining to computer >science, telecommunications, and associated technologies. CSTB >monitors the health of the computer science, computing technology, >and telecommunications fields, including attention as appropriate to >the issues of human resources and information infrastructure and >initiates studies involving computer science, computing technology, >and telecommunications as critical resources and sources of national >economic strength. A list of CSTB publications is available on >request. > > From lefty at apple.com Mon Nov 29 10:47:12 1993 From: lefty at apple.com (Lefty) Date: Mon, 29 Nov 93 10:47:12 PST Subject: A Clarification on My Loyalty and Allegiance Message-ID: <9311291843.AA21395@internal.apple.com> This is the last comment I plan to make re l'Affaire Detweiler. On the one hand, "The Executioner" , writes: > >I thought that the infamous L. Detweiler had stopped his posting, but it >appears that he is back, and more neurotic than ever. I thought that >it was the time for me to make another post relating to him, the list >in general, and LD's obsession with pseudospoofing. > >OK, first, LD is pissing me off, as, I am sure, he is doing to many others >out there in net.land. On the other hand, "S. Boxx" _also_ writes: > >BTW, many thanks to L.Detweiler for his lone help in helping me break a >corrupt conspiracy and massive cyberspatial hoax. Lance, for the sake of what remains of your rapidly ebbing mental health, look up the term "cognotive dissonance" and see if you can apply it to your current situation. Other people, by the way, are not quite as inert above the neck as _you_ seem to be. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From tcmay at netcom.com Mon Nov 29 10:57:14 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 29 Nov 93 10:57:14 PST Subject: Crypto Anarchy, the Government, and the National Information Infrastructure In-Reply-To: <9311291413.AA20144@vail.tivoli.com> Message-ID: <199311291854.KAA13023@mail.netcom.com> In this essay, quickly written, I'll address some points raised about the government and its "willingness" to let strong crypto and crypto anarchy develop, and how the Data Superhighway will require all data packets to have "license plates" on them (my biggest speculative leap). We're in an arms race, us versus them, and I think the government as we know it will ultimately lose. Mike McNally writes: > Given the material in the WiReD 1.6 article, how likely is it that a > true anonymous digital cash system would be allowed? I know, I know; > there's "no way to prevent it"; however, I think that concept is based > on the premise that the Government proceeds rationally. You mean, how likely is that the government will allow a system that makes taxation almost impossible, that enables black markets, that facillitates the transfer of illegal information, and that basically nukes the present arrangement? I don't think they'll "allow" it. But this doesn't mean it won't happen. > If somebody with an axe to grind gets hold of the "kidnapped baby" > scenario described in _Applied_Cryptography_, plenty of public outrage > and indignation could be generated. Imagine a made-for-TV docu-drama > that shows teams of strange greasy little hackers hunched over their > glowing workstations, wailing kidnapped babies piled in a corner. > > Go on, reassure me that "all is well". I can write more after I shut these babies up...maybe it's time to just sell a few or recycle my stock. My new babytender, a nice young girl named Polly Klaas I picked up a while back, is working out well, though. (This was politically incorrect humor, outlawed on the Data Highway in 1997. As President Hilary put it: "That's not funny!") The "crypto crackdown" Mike is alluding to is one that has be predicted for a long time. We are indeed in an "arms race": both sides are racing to cut the other off. Strong crytography means government can no longer do its thing, at least not has it's accustomed to. Strong crypto means untraceable payments, secure phone lines, information markets in what are now military and corporate secrets, liquid markets in illegal services, and of course a nearly total collapse in taxation abilities. On taxation, it is certainly clear that many folks will still be "visible" and will be taxed as heavily as other--I don't want to imply that the guy who works for Lockheed or behind the counter at Safeway is somehow going to be liberated from paying taxes by the onset of crypto anarchy. No, the effect will be more of an erosion of _support_ for taxation, as word spreads that many consultants, writers, information sellers, and the like are sheltering much of their income via use of networks and strong crypto. The tax system is already shaky--$5 trillion national debt, growing every year--and it may not take much of a push to trigger a "phase change," a tax revolt. This "crypto phase change" (a term I prefer to the term "Singularity," so beloved by the nanotechnology folks) is what I see coming. Whether the government can crack down first is the fly in the ointment. Note that the way strong crypto works means a successful crackdown could only come as the result of strong police state policies. That is, outlawing of unapproved encryption, on demand inspection of all data packets, strict regulation of across-the-border telecommunications, an end to the Internet as we know it today, and strict penalties merely for "conspiring" to use strong crypto. Eric Hughes' "Use a random number, go to jail" line is not so far from the truth. I oppose the government's plan for a "data superhighway" for two main reasons. First, there's no need and the free market is already giving us a multiplicity of lines, channels, satellites, etc. Anarchic development can produce a more robust system, actually. Second, I fear the involvement of government. Already the NII proposal is talking about the nice things it needs to ensure fair access, a nondiscriminatory system, and so on. These "nice" things also imply government restrictions on content. But I'll save this for another thread. Imagine this: to get on the Data Superhighway, which will likely be the only major lines if the government succeeds in making it the mandatory standard, every data packet must have a "license plate." Don't laugh! The idea of a license plate on data packets is coming. It would provide the kind of traceability that control freaks like Detweiler claim to want (I say "claim" because our pal LD is the largest user of pseudonyms we have.) It would provide for taxation of packets, much like road fees and truck charges, and it would generally make the Net an environment hostile to crypto anarchy. The forces of NIST/NSA and the National Information Infrastructure are moving in this direction. I'm moving in another direction, toward the overthrow of the present system. Over the past several years I've thought about these issues at length. I don't think they can crack down. Can they stop "dial-a-prayer" computer confessionals? (priest-confessor privilege, recognized at a deep level) Can they stop attorney-client computer communications? (To wiretap these would break open the entire legal system.) Can they place police monitors in every role-playing game or deep-immersion VR system? (Make no mistake about it, systems like "Habitat" and LambdaMOO, and many more are coming or already exist, will be full-fledged agoric marketplaces, with goods and services being traded. Read "Snow Crash" or "True Names" to remind yourself of this (I'm not endorsing the specific views of Stephenson or Vinge, who got some things "wrong"--no big deal, as their general vision was what was so important.) Can they tell people they can't compress their files? (compressed files look outwardly like encrypted files) Can they ban the use of steganography--if they can find it being used at all? No, too many bits are flowing already. Too many degrees of freedom. A Soviet-style crackdown is not in the cards. But we stil have to fight. Things like the Clipper still need to be fought, by ridicule ("Big Brother Inside" stickers), by lawsuits (not my specialty), by denouncement (as when industry groups denounce it), and especially by developing and promoting alternatives. The market is truly ripe for a Soundblaster-type voice encryption system---when will one of you budding entrepreneurs get one out? Having read the three main "position papers" on NII (the White House paper, the CPSR analysis, and the EFF "Open Platform" piece), I'm as convinced as ever that the Data Highway is largely about regaining control of the currently anarchic network system. It just isn't about giving ghetto residents access to Crays, nor is it about the government being benificent in expanding our cable choices from 50 channels of shit to 5000 channels. No, it is about taxing the commerce that is moving increasingly into cyberspace. It is about continuing to regulate and control. It is about the survival of Big Brother. The arms race is on. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From beker at netcom.com Mon Nov 29 11:07:12 1993 From: beker at netcom.com (Brian Beker) Date: Mon, 29 Nov 93 11:07:12 PST Subject: Disruptive members In-Reply-To: <199311291357.IAA09915@nda.nda.com> Message-ID: On Mon, 29 Nov 1993, David Kovar wrote: > This list is allowing itself to be disrupted. More effort is being > expended by its members complaining and commenting about LD than he > is expending. Ignore the guy and get on with life. From tcmay at netcom.com Mon Nov 29 11:17:14 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 29 Nov 93 11:17:14 PST Subject: HUMOR: Timothy C. May is the CONSPIRACY! In-Reply-To: <9311291752.AA00421@cleo.MasPar.Com> Message-ID: <199311291912.LAA14829@mail.netcom.com> > > [...] It is Tim's cat! [...] > > I hate to add to the horror of it all, but ... Tim has <*gasp*> TWO cats! > > We're doomed ... > > -- Jay Freeman Well, our cover is blown. What more can I say? (Meow.) My Siamese cat of course is the "S" in S. Boxx, the boxx meaning litter boxx, of course, and my Havana Brown generally writes as "Black Unicorn." They have few problems typing on the keyboard, but working the trackball has been a chore. For some reason they keep urging me to go back to a "mouse." --Foodbringer (as I am no doubt known to my cats as) -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From mnemonic at eff.org Mon Nov 29 11:32:02 1993 From: mnemonic at eff.org (Mike Godwin) Date: Mon, 29 Nov 93 11:32:02 PST Subject: Crypto Anarchy, the Government, and the National Information Infrastructure In-Reply-To: <199311291854.KAA13023@mail.netcom.com> Message-ID: <199311291927.OAA18499@eff.org> Tim May writes: > Having read the three main "position papers" on NII (the White House > paper, the CPSR analysis, and the EFF "Open Platform" piece), I'm as > convinced as ever that the Data Highway is largely about regaining > control of the currently anarchic network system. It just isn't about > giving ghetto residents access to Crays, nor is it about the > government being benificent in expanding our cable choices from 50 > channels of shit to 5000 channels. > > No, it is about taxing the commerce that is moving increasingly into > cyberspace. It is about continuing to regulate and control. It is > about the survival of Big Brother. For what it's worth, I don't think this interpretation can be read into EFF's Open Platform paper. EFF doesn't care about making money off the Data Highway, nor does it think the debate should be about the number of channels cable offers. Instead, EFF wants an infrastructure in which Tim May's anarchic vision can flourish along with the visions of anarchophobes. On an Open Platform, a hundred flowers can and will bloom, and a thousand schools of thought will contend. Anarchists like Jack Kerouac and Neal Cassidy could find individualistic redemption on the (government-built) road. EFF thinks private-enterprise roads are better, but we also think its promise is unfulfilled if it doesn't allow net.kerouacs and net.cassidys to create there. --Mike From mg5n+ at andrew.cmu.edu Mon Nov 29 11:47:18 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Mon, 29 Nov 93 11:47:18 PST Subject: Telnet specs. In-Reply-To: Message-ID: Jeremy Smith asked: > I know this might not be the most appropriate list to post this > to, but I need to know what ports Telnet uses for standard use. > Mainly, I implemented the Telnet bouncer program that was posted > here a while back, and when trying to connect to hosts that don't > require a port number it still asks me for one. > > i.e., when I try to connect to archie.sura.net through the > bouncer, it asks me for a port number. When I use my standard > Telnet program it will connect with just archie.sura.net as the > address. Does anybody know a site where I can find this info? > Thanx in advance and my apologies for any waste of bandwidth! The standard telnet port should be 23. From beker at netcom.com Mon Nov 29 11:52:04 1993 From: beker at netcom.com (Brian Beker) Date: Mon, 29 Nov 93 11:52:04 PST Subject: Disruptive members In-Reply-To: Message-ID: On Mon, 29 Nov 1993, Brian Beker wrote: > On Mon, 29 Nov 1993, David Kovar wrote: > > > This list is allowing itself to be disrupted. More effort is being > > expended by its members complaining and commenting about LD than he > > is expending. Ignore the guy and get on with life. Sorry about the previous incomplete. AM screenstroke hangover. I just wanted to say, let's drop it. It's getting to be too much. David's advice to ignore him is the best I've heard so far. From ferguson at icm1.icp.net Mon Nov 29 12:17:14 1993 From: ferguson at icm1.icp.net (Paul Ferguson x2044) Date: Mon, 29 Nov 93 12:17:14 PST Subject: Crypto Anarchy, the Government, and the National Information Infrastructure In-Reply-To: <199311291927.OAA18499@eff.org> Message-ID: <9311292014.AA08033@icm1.icp.net> Mike Godwin writes - > For what it's worth, I don't think this interpretation can be read into > EFF's Open Platform paper. EFF doesn't care about making money off the > Data Highway, nor does it think the debate should be about the number of > channels cable offers. > > Instead, EFF wants an infrastructure in which Tim May's anarchic vision > can flourish along with the visions of anarchophobes. On an Open Platform, > a hundred flowers can and will bloom, and a thousand schools of > thought will contend. In a _truly_ Open telecommunications architecture, yes; a thousand schools of thought can flourish. I am not, however, convinced that the NII vision equates to something that is benefitial for one and all. EFF's vision, on the other hand, is an admirable one nonetheless. My sentiment remains steadfast: the government should stay out of networking altogether. - Paul From plaz at netcom.com Mon Nov 29 12:27:14 1993 From: plaz at netcom.com (Geoff Dale) Date: Mon, 29 Nov 93 12:27:14 PST Subject: Web of Trust: A Proposal Message-ID: <199311292023.MAA15843@mail.netcom.com> Well this may be quixotic, but I sent this message off to Detweiler today: (As a note to folx I am vouching for, I promise not release any information above and beyond simple verification of existance.) >To:"L. Detweiler" >From:plaz at netcom.com (Geoff Dale) >Subject:Re: Web of Trust: A Proposal > >Well, the accusations of pseudo-spoofing have upset me. > >I'm not personally overly concerned about fictitious identities, but the >accusations of non-existance that have hit people that I know personally have >been worrisome. Using fake identities for fraudelent purposes is, btw, against >my personal code of ethics. > >Since you don't know me from Adam, I offer a credential: A friend of mine says >he went to college with you, Steve Klingsporn . He can >vouch >for me as a true name. He also knows Nick Szabo. > >I can personally vouch for E.Hughes, Tim May, Nick Szabo, Arthur Abraham, and >have briefly met Jamie Dinkelacker. These are all TRUE NAMES. I met ALL of >these people outside of the CA cypunks meetings (I have attended a few of >those >as well), in places it would be ridiculous to assume they were perpetrating >any >kind of fraud. > >I don't expect this to change your view on these people's politics or opinions >but maybe we can put the pseudo-spoofing thing to rest. > >I hope this helps. > >If there other CA cypherpunks you are unsure of their existance: Make a list, >and I'll happily vouch for those I've met. > _______________________________________________________________________ Geoff Dale -- insert standard disclaimers here -- plaz at netcom.com "Life is a sexually transmitted terminal disease." - Peter McWilliams From plaz at netcom.com Mon Nov 29 12:27:25 1993 From: plaz at netcom.com (Geoff Dale) Date: Mon, 29 Nov 93 12:27:25 PST Subject: Banning any subscriber Message-ID: <199311292022.MAA15806@mail.netcom.com> I said: >>I personally disagree with censorship. It would be impossible to enforce >>anyway. A move of this type would simply drive Detweiler to use the >>Cypherpunk remailers which would be harder to detect. Then what do we do? >>Stop accepting mail from our own remailers? Eric replied: >Basically, yes, except for signed letters from previously >authenticated pseudonyms. This is a simple form of a positive >reputation system. A kill fill is a negative reputation--'not that >person'. A positive reputation rejects all but a particular set of >identities. I'm sorry, I didn't realize that you wanted to erect a barrier against anonymous newbies, such as "wonderer" and "Dark Unicorn" were recently. You know, Detweiler might get a new account under a new name, better seal the list to only postings from "previously authenticated" accounts too. Then we'd be all happy and safe from the dreaded Detweiler. Don't let this guy screw up the positive aspects of the list. His irritant is the by-product of the free world that we are trying to create. You can't stop his communication without comprimising our own goals. (You can delete it without reading it or kill file him or once we are on extropians list software, ::exclude him.) >Much of the debate on cypherpunks magically incants 'reputation >systems' to solve all sorts of sticky problems, but none have ever >been implemented in software, except for killfiles, which are not >effective against disruption in an anonymous environment. > >Necessity is the mother of invention. A motivated individual trying >to disrupt a communications forum and who has to avoid a kill file >will be necessary to create the need for a positive reputation system. >Once the need is there, the software will follow. LD could become the >most valuable participant in the endeavor of creating a positive >reputation system, namely, the irritant at the center of the pearl. > >Let us encapsulate him well. > >Eric I'm not entirely against positive reputation systems, but they really need to be implimented on the user end, or at least be user settings, as on the extropians list. But the main problem with positive reputation systems is dealing with the zero reputation newbies. I don't want to see these guys shut out. Think well, before you act on this impulse. _______________________________________________________________________ Geoff Dale -- insert standard disclaimers here -- plaz at netcom.com "Life is a sexually transmitted terminal disease." - Peter McWilliams From mech at eff.org Mon Nov 29 12:37:15 1993 From: mech at eff.org (Stanton McCandlish) Date: Mon, 29 Nov 93 12:37:15 PST Subject: Britain-Right of Silence (AP) (fwd) Message-ID: <199311292032.PAA19624@eff.org> Abolition of Right of Silence Delights Police, Appalls Critics By MAUREEN JOHNSON Associated Press Writer LONDON (AP) _ As the police see it, the government's plan to abolish the right of silence is a break they deserve. ``We're not asking anyone to confess,'' said Dick Coyles, head of Britain's 130,000-member Police Federation. ``We're just asking them to tell us, for example, `The reason my house is full of stolen goods is that this man asked me to look after them.' ``We want people to put forward their defenses at the time ... instead of when they've had time to concoct one.'' To lawyers and civil rights groups, the bill due to come before Parliament soon violates a basic tenet of British justice: A suspect is innocent until proven guilty. The principle dates to the 17th century, when Parliament abolished the infamous Court of the Star Chamber. The Conservative government's Criminal Justice Bill does not force anyone to talk. But judges and juries could conclude that a suspect who refused to answer police questions has something to hide. In some cases, silence would become part of the prosecution evidence pointing toward guilt. Civil libertarians are campaigning to save what they see as a historic right _ the model for the U.S. Constitution's Fifth Amendment which protects Americans from self-incrimination. The legislation is part of Conservative government efforts to stem rising crime. It has pitted Prime Minister John Major's administration against some judges, though others support him. Major has only a 17-seat majority in the 651-member Commons, and the bill's fate is uncertain. But the issue will mean another bruising battle for a government already in trouble over squeezes in welfare spending. Major is going against the advice of a Royal Commission he appointed two years ago to study the criminal justice system. It concluded that the right of silence was a valuable safeguard against miscarriages of justice. Critics argue that removing it will increase the risk of bullying and oppressive police interrogations and tempt police to rely too heavily on confessions instead of getting independent evidence. The government sounds determined, however, and the move is widely supported by the party's rank and file. To prolonged applause, Home Secretary Michael Howard announced the policy at the party's annual conference this fall, saying terrorists were exploiting the right of silence. The change would apply to all suspects _ from careless drivers to murderers. Opponents say hardened criminals and terror suspects know the ropes and usually are convicted despite their silence. Those likely to be harassed into false confessions are confused and frightened suspects, often of low intelligence, says the civil rights group Liberty. Roger Ede, secretary of the Law Society, says the average IQ of suspects at police stations is 82, well below average. ``It is a basic principle of English law that suspects don't have to prove their innocence by having to explain their actions,'' Ede said. ``Why does the government end up doing the opposite of what they were advised to do? Because they perceive for political reasons it is what is required of them.'' Liberty began a leaflet campaign to get voters to lobby members of Parliament. Rising crime _ a 120 percent rise in reported offenses since the Conservatives won power in 1979 _ is a particular embarrassment for a party that gave the police big pay raises, built new prisons and made law and order a centerpiece of its election platforms. The right of silence developed in protest against the oppressive operation by the Star Chamber Court under the Tudor and early Stuart kings. In a landmark case in 1637, John Lilburn, accused of printing seditious books, refused to answer questions. Parliament later compensated him and the Star Chamber was abolished in 1641. The right of silence became part of English law in 1848. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From nowhere at bsu-cs.bsu.edu Mon Nov 29 12:42:03 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Mon, 29 Nov 93 12:42:03 PST Subject: Encryption and the NII (fwd) Message-ID: <9311292042.AA26726@bsu-cs.bsu.edu> Newsgroups: talk.politics.crypto,comp.org.eff.talk From: kadie at cs.uiuc.edu (Carl M Kadie) Subject: [NWU] "Encryption and the NII" Organization: University of Illinois, Dept. of Comp. Sci., Urbana, IL Date: Mon, 29 Nov 1993 18:38:50 GMT [This is an excerpt from the Newsletter of The Political Issues Committee of the National Writers Union (UAW Local 1981) Address Correspondence to: Bob Chatelle, 296 Western Avenue, Cambridge MA 02139 (617/497-7193). The full newsletter was posted to alt.censorship. (c) 1993 National Writers Union. Posted with permission from the November 1993 issue of the PIC Newsletter, the journal of the Political Issues Committee. All rights reserved to the authors. Reproduction without permission is expressly prohibited, but requests to repost articles on electronic systems serving writers are encouraged. Send permission requests to Bob Chatelle, kip at world.std.com -cmk] Encryption and the NII, by Jenevra Georgini As stated in President Clinton's message of November 5, gov- ernment policy regarding the national information infras- tructure (NII) shares two significant objectives with the Writers Union goals. The Clinton administration seeks to ensure broad access by adapting the concept of fair use to the NII, while simultaneously strengthening domestic copy- right laws and international treaties to protect the integrity of intellectual property. Because the network will span the globe, standards must be coherent and uni- formly applied in a way that permits industry growth. A standard-based regulatory approach posits legal solutions. Yet standards remain toothless unless implemented by tech- nology promoting the dual goal of access and integrity. Encryption technology is one suggested means of embedding electronic signatures to authenticate digital works. Encryption was originally developed by the government for wartime uses. Now the technology has become available to private citizens through programs such as RIPEM (public domain software based on a program developed with federal funding at MIT) and Philip Zimmermann's PGP (Pretty Good Privacy, whose underlying algorithm is pirated from the patented MIT program). Zimmermann describes his product as "the *de facto* worldwide standard for encryption and email." It can be used to keep message transmissions (such as downloading works from a net) private while simulta- neously authenticating the work. Each use has a public key and a private key. Correspondents use the public key to encrypt a message to that key's owner. The key owner gives out or publishes the key as one would give out an address. Although the public key can unlock the code that the private key makes and vice versa, knowing the public key doesn't enable anyone to deduce the private key. Those who know the public key can only encrypt messages for sending; they can- not decrypt the recipient's messages. The recipient uses her own private key to decrypt messages sent. At the same time, an author making works available online could encrypt that work with her own private key. This would provide a digital "signature" (or perhaps "fingerprint" would be a better term; signatures can be forged but private keys are given to only one person). Anyone wishing to access the work could use the sender's public key to verify the origin. The public key could be included on the work's title screen to facilitate access. The user could decrypt the private code by means of the public code enough to ascertain that the work had been tampered with but not enough to reveal the private code (analogous to being able to fit a key into a lock without the door opening.) The development of micro-sized encryption chips has made this technology accessible to a broad range of consumers-- including drug dealers, tax evades, and traders in national secrets. Of course, the larger and more powerful government machines can crack any private citizens 140-digit code in a day. However, this represents a substantial outlay of gov- ernment time and resources for very little reward. As the number of messages posted on the net increases, forced decrypting offers ever-diminishing returns. (Note! This is know as the "logic of the net," a digital variation on "the more the merrier." It is also referred to by some commenta- tors as "the fax effect:" owning the only fax in the world won't do your business much good, but your fax's value increases every time someone else buys one because you can now exchange more information.) Instead of trying to con- tain the encryption explosion, the government should harness its energy to protect citizens' privacy and encourage dis- tribution of works on the net. Building on encryption to prevent piracy on the net is the logical next step in beat- ing defense budget swords into information plowshares. Leg- islation should be enacted limiting state and federal decrypting requirements to the reasonable search and seizures contemplated by the Fourth Amendment. No one should be forced to decrypt their data without due process of law, including probable cause shown in the form of a court-ordered search warrant. The practice of seizing not only hackers' computers but all electronic equipment in their possession is a blatant violation of civil rights. Perhaps, as suggested by leading scholar Laurence tribe, a new amendment to the Constitution should be enacted to safe- guard our traditional-rights in the new frontier environ- ment. Encryption technology has been responsible for startling (some might say threatening) advances in digital tape infor- mation retrieval. Digital Audio Tape (DAT) records music in sixteen binary digits. The human ear does not register sounds down to the sixteenth bit. Thus, encrypted informa- tion such as books or programs can be recorded on each six- teenth bit. One could play the tape and hear only music without interference from the other recorded information because it takes us such a small space. The encrypted data would also be invisible to one examining it on a computer screen. The only way to tell that there is anything other than music on the tape is to compare it bit to bit on a com- puter with a virgin cassette. Even with the computer's help, the encrypted data could look exactly like the noise that typically appears during recording. In the words of Tim May, retired Intel physicist, "Anyone carrying a single music cassette bought in a store could carry the entire com- puterized files of the Stealth bomber, and it would be com- pletely and totally imperceptible." May further related that information can also be encoded in images: he could download a photo, insert an encrypted message in the least significant portion of each pixel (to minimize distortion) and repost the image without any recognizable difference. In addition to its possibilities for authenticating works online, encryption responds to the problem of royalty track- ing traditionally solved by licensing. A microchip invented by entrepreneur Peter Sprague is programmed to decrypt only as much of its encrypted database as the user pays for. After browsing a topic menu, the reader selects what infor- mation she wants. The program decrypts that information and counts how many times it has decrypted (or how many bytes in a per-byte fee structure). The user is billed accordingly, to a debit card or even to an electronic account where e- money takes the place of cash. Although encryption, like any other software, is not completely hackproof, methods can be developed to make piracy much more trouble than it is worth. --Jenevra Georgini, NWU Intern -- Carl Kadie -- I do not represent any organization; this is just me. = kadie at cs.uiuc.edu = From tcmay at netcom.com Mon Nov 29 12:42:24 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 29 Nov 93 12:42:24 PST Subject: Crypto Anarchy, the Government, and the National InformationInfrastructure Message-ID: <199311292042.MAA18526@mail.netcom.com> Well, Mike Godwin and I have argued about NII/Data Highway before, and we see things differently. When I read the main position papers, and look to the "big picture," the future being envisioned, I get a differenct sense of it than Mike gets. The NII papers (ftp.ntia.doc.gov, in /pub as "agenda.asc") and the CPSR docs (distributed on this list) are clearly not leading to an anarchic net. For example, what will be the NII management's response to a "No blacks allowed" area? To a "women need not apply" on-line consulting situation? To a cyberspatial version of the "old boy's network" that Gloria Allred and her feminista compadres are constantly filing lawsuits against? (I go to a health club/gym that has a "women only" facility. There are no longer any "men only" gyms anywhere in California, but "women only" facilities are flourishing.) Please understand that I'm not proposing a "no blacks allowed" service, only arguing that freedom of association is a basic principle I support, and one on which free societies are based. Yes, I support the right of a store owner to hang a sign out that says "No straights allowed," or "No ragheads allowed." Of course, the general population would probably find this fairly offensive and the store owner would reconsider or go out of business. Sounds fair to me. (Sorry for a digresssion into Libertarianism 101.) Somehow I think the "fair access" and "nondiscriminatory environment" language used in many of these proposals is a clue about what's coming. >For what it's worth, I don't think this interpretation can be read into >EFF's Open Platform paper. EFF doesn't care about making money off the >Data Highway, nor does it think the debate should be about the number of >channels cable offers. > >Instead, EFF wants an infrastructure in which Tim May's anarchic vision >can flourish along with the visions of anarchophobes. On an Open Platform, >a hundred flowers can and will bloom, and a thousand schools of >thought will contend. EFF indeed has a more libertarian view than does, say, the CPSR (I almost typed CPUSA). Mitch Kapor, Mike Godwin, Stanton McClandish, and others certainly understand the dangers of a surveillance state. I've heard it argued by some of them (sorry for forgetting exactly who said what) that some form of data superhighway will be built regardless of our objections, so we might as well get involved and be helpful. The better to ensure our vision. Well, I take the more radical view that to get involved with them is to run the risk of getting co-opted by them, to be manouvered into accepting their views. I support the Open Platform ideas about ending the current local monopoly on cable and phone provision, but that's as far as I go. >Anarchists like Jack Kerouac and Neal Cassidy could find >individualistic redemption on the (government-built) road. >EFF thinks private-enterprise roads are better, but we also think >its promise is unfulfilled if it doesn't allow net.kerouacs and >net.cassidys to create there. Oh, to be sure, _literary anarchists_ like Cassidy and Kerouac will be tolerated. They're no threat, they're covered by artistic license standards (notwithstanding Mapplethorpe and his censors), and they're even a very useful social pressure releaf valve. I'm more concerned about the regulation of business transactions on the Net of the future, on the ease with which access to the Data Highway can be denied to anyone who fails to have the proper business license, the properly approved encryption algorithms, the "tax stamp" on data packets, and the wrong views about taxation and black markets. As commerce moves onto the Nets in an even large way, there is every reason to believe government and special interest groups will seek to use the state monopoly or regulation to control the types of transactions. Wonder how long the newsgroups on child porn will last when the Net is "the data interstate" instead of a loose anarchic collection? How about the White Aryan Resistance Net, featuring the latest in anonymous communication systems? We don't need no steenking data superhighway! --Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: by arrangement Note: I put time and money into writing this posting. I hope you enjoy it. From hughes at ah.com Mon Nov 29 13:07:15 1993 From: hughes at ah.com (Eric Hughes) Date: Mon, 29 Nov 93 13:07:15 PST Subject: Banning any subscriber In-Reply-To: <199311292022.MAA15806@mail.netcom.com> Message-ID: <9311292057.AA07111@ah.com> >>>Stop accepting mail from our own remailers? >>Basically, yes, except for signed letters from previously >>authenticated pseudonyms. >I'm sorry, I didn't realize that you wanted to erect a barrier against >anonymous newbies, such as "wonderer" and "Dark Unicorn" were recently. The point is not to erect insurmountable barriers against anonymous newbies. In an environment where 'free speech noise' is a problem, some barrier to entry should be expected. The cypherpunks list already uses one barrier to entry, namely, we use a mailing list rather than a newsgroup. Pseudonyms don't come free, neither in time, effort, nor money. Authentication, in this context, can take many forms. It could be as simple as sending a key to the mailing list server. It could be developed to require someone to vouch for the pseudonym. It could require a sponsor who would read and repost until a separate reputation develops. The point is to put a bound on the noise from disrupters both inadvertent and intentional, not to completely prevent noise. Eric From owen at autodesk.com Mon Nov 29 13:07:25 1993 From: owen at autodesk.com (D. Owen Rowley) Date: Mon, 29 Nov 93 13:07:25 PST Subject: Crypto Anarchy, the Government, and the National Information Infrastructure Message-ID: <9311292100.AA25840@lux.YP.acad> > From: tcmay at netcom.netcom.com (Timothy C. May) > In this essay, quickly written, I'll address some points raised about > the government and its "willingness" to let strong crypto and crypto > anarchy develop, and how the Data Superhighway will require all data > packets to have "license plates" on them (my biggest speculative > leap). By definition, government is the enemy of any anarchic movement. > We're in an arms race, us versus them, and I think the government as > we know it will ultimately lose. WE have met the enemy and they are us. What I hear you saying is that crypto-anarchists will win, and thus replace the governmement as we know it. ( or perhaps transform the govenrment as we know it) > Mike McNally writes: > > > Given the material in the WiReD 1.6 article, how likely is it that a > > true anonymous digital cash system would be allowed? I know, I know; > > there's "no way to prevent it"; however, I think that concept is based > > on the premise that the Government proceeds rationally. > > You mean, how likely is that the government will allow a system that > makes taxation almost impossible, that enables black markets, that > facillitates the transfer of illegal information, and that basically > nukes the present arrangement? > > I don't think they'll "allow" it. But this doesn't mean it won't happen. when crypto is outlawed, only outlaws will have crypto. > The "crypto crackdown" Mike is alluding to is one that has be > predicted for a long time. We are indeed in an "arms race": both sides > are racing to cut the other off. "Get Up Get up, Lord Donald Cried Get up and fight for your life. Oh , I won't get up, I won't get up. I can't get up and fight. For you have two long beaten swords, And I but a pocket knife." from Matty Groves (trad) > Strong crytography means government can no longer do its thing, at > least not has it's accustomed to. Strong crypto means untraceable > payments, secure phone lines, information markets in what are now > military and corporate secrets, liquid markets in illegal services, > and of course a nearly total collapse in taxation abilities. Strong crypto in the hands of the individual leads to this scenario. Thats why strong crypto will be reserved for the privileged, and kept from those not connected to the power-system. > On taxation, it is certainly clear that many folks will still be > "visible" and will be taxed as heavily as other--I don't want to imply > that the guy who works for Lockheed or behind the counter at Safeway > is somehow going to be liberated from paying taxes by the onset of > crypto anarchy. > > No, the effect will be more of an erosion of _support_ for taxation, > as word spreads that many consultants, writers, information sellers, > and the like are sheltering much of their income via use of networks > and strong crypto. The privileged members of the unseen-unknown oligarchy have long enjoyed the privilege of sheltering their wealth. I suppose it is the natural progression of things that the individual slowly gains ground once held by the powerfull and privileged, but usualy not unless giving that ground makes the privileged more powerful than before. The margin rarely diminishes, it is an ever widening gulf IMNSHO. > This "crypto phase change" (a term I prefer to the term "Singularity," > so beloved by the nanotechnology folks) is what I see coming. Whether > the government can crack down first is the fly in the ointment. Is there a question regarding whether they *can*? Of course they *can*, they have more weapons, and a history of using them. Don't you really want to ask other things like what happens when/if they do? > Note that the way strong crypto works means a successful crackdown > could only come as the result of strong police state policies. That > is, outlawing of unapproved encryption, on demand inspection of all > data packets, strict regulation of across-the-border > telecommunications, an end to the Internet as we know it today, and > strict penalties merely for "conspiring" to use strong crypto. Eric > Hughes' "Use a random number, go to jail" line is not so far from the > truth. whats their option, to just hand over the keys, go have a beer at the local pub, and contemplate getting honest jobs instead of fighting to keep you from destroying their current way of life? "Darn those hackers, they've got checkmate in three moves. Oh well, I wonder if Burger Sri is hiring?" > I oppose the government's plan for a "data superhighway" for two main > reasons. First, there's no need and the free market is already giving > us a multiplicity of lines, channels, satellites, etc. Anarchic > development can produce a more robust system, actually. You are preaching to the choir. bettre to just keep plugging at implementing those *channels* and methods of accessing them. > Imagine this: to get on the Data Superhighway, which will likely be > the only major lines if the government succeeds in making it the > mandatory standard, every data packet must have a "license plate." > Don't laugh! The idea of a license plate on data packets is coming. It > would provide the kind of traceability that control freaks like > Detweiler claim to want (I say "claim" because our pal LD is the > largest user of pseudonyms we have.) It would provide for taxation of > packets, much like road fees and truck charges, and it would generally > make the Net an environment hostile to crypto anarchy. Our nation is criss crossed with super-highways, but there are plenty of folks who prefer to stay on the back roads. Its awfully hard to build competing highways where folks can drive their un-registered vehicles, because the real-estate involved is finite. May I point out that cyberspace has un-real estate, and that there is all you want. > The forces of NIST/NSA and the National Information Infrastructure are > moving in this direction. > > I'm moving in another direction, toward the overthrow of the present system. > Remind me when I get too close to you, I don't want to get caught in the crossfire. > Over the past several years I've thought about these issues at length. > I don't think they can crack down. Can they stop "dial-a-prayer" > computer confessionals? (priest-confessor privilege, recognized at a > deep level) Can they stop attorney-client computer communications? (To > wiretap these would break open the entire legal system.) Whats that old saying about Death and taxes. Given the choice between these two necesary evils , which one would you choose. *Give me liberty or give me death* is the cry of the revolutionary who is already marked as an enemy of the state. Go shout it in a crowd and march on the halls of government. see how many line up behind you to join in the fun. > Can they place police monitors in every role-playing game or > deep-immersion VR system? (Make no mistake about it, systems like > "Habitat" and LambdaMOO, and many more are coming or already exist, > will be full-fledged agoric marketplaces, with goods and services > being traded. Read "Snow Crash" or "True Names" to remind yourself of > this (I'm not endorsing the specific views of Stephenson or Vinge, who > got some things "wrong"--no big deal, as their general vision was what > was so important.) > > Can they tell people they can't compress their files? (compressed > files look outwardly like encrypted files) Can they ban the use of > steganography--if they can find it being used at all? > > No, too many bits are flowing already. Too many degrees of freedom. A > Soviet-style crackdown is not in the cards. I think it is unwise to use linear thinking to try and deduce what the ultimate outcome of this complex equation may look like. When you evoke a Demon into the triangle, you can utter the command that the unholy creature appear in a comely form, but nothing guarantees that it will be so. > But we stil have to fight. Yup.. And I'm right behind you brother.. uh.. no need to look around and check.. I'm right here at your shoulder.. We'll get those bastards.. thats right - charge in there and give 'em hell. say.. where's the bathroom. > Things like the Clipper still need to be fought, by ridicule ("Big > Brother Inside" stickers), by lawsuits (not my specialty), by > denouncement (as when industry groups denounce it), and especially by > developing and promoting alternatives. The market is truly ripe for a > Soundblaster-type voice encryption system---when will one of you > budding entrepreneurs get one out? The problem with secrets is that if you share them with too many people they aren't secrets anymore. > Having read the three main "position papers" on NII (the White House > paper, the CPSR analysis, and the EFF "Open Platform" piece), I'm as > convinced as ever that the Data Highway is largely about regaining > control of the currently anarchic network system. It just isn't about > giving ghetto residents access to Crays, nor is it about the > government being benificent in expanding our cable choices from 50 > channels of shit to 5000 channels. "We're from the governmemt and we're here to help you" is listed just above "the check is in the mail", and " I won't come in your mouth" > No, it is about taxing the commerce that is moving increasingly into > cyberspace. It is about continuing to regulate and control. It is > about the survival of Big Brother. > The arms race is on. WE are primates, we live in primate societys. survival of primate-alpha hierarchy is the first order of business. Fight it and you will die or be driven out. LUX ./. owen From gnu Mon Nov 29 13:12:04 1993 From: gnu (John Gilmore) Date: Mon, 29 Nov 93 13:12:04 PST Subject: FOIA: Released Records Message-ID: <9311292110.AA14162@toad.com> November 22, 1993 Chief, Office of Policy National Security Agency/Central Security Service Fort George Meade, MD 20755-6000 Reference: RELEASED RECORDS Dear Sir or Madam: This is a request under the Freedom of Information Act [5 U.S.C. � 552(a)] on behalf of my client, Mr. John Gilmore. I write to request a copy of all agency records or portions thereof, in electronic or other form, which NSA has declassified during the months of September and October 1993. This request specifically excludes any information already provided to Mr. Gilmore in any other request. We also remind you that the long-standing rule that the FOIA "makes no distinction between records maintained in manual and computer storage systems," Yeager v. D.E.A., 678 F.2d 315, 321 (D.C.Cir. 1982), has recently been amplified in Armstrong v. E.O.P., No 93-5002 (D.C. Cir., Aug. 13, 1993). Any paper print- outs of electronic records, such as e-mail, must include all information in the electronic record. Assuming that there would be no loss of releasable information, such as written comments made on paper print-outs, we therefore ask you to release all responsive electronic records in electronic, i.e., machine-readable, form. Mr. Gilmore would also like a list of all records responsive to this request if such a list can be provided in advance of the records themselves. As you know, the FOIA provides that an agency must make an initial determination of whether to comply with a FOIA request within ten working days of receiving the request. Your own regulations provide that �[t]he Chief, Office of Policy, shall notify the requester of his determination within 10 working days of his receipt of the request.� [32 C.F.R. � 299.4(b)]. Please do not delay processing because of uncertainty about the request. I have reasonably described the records sought. If you have any questions regarding this request, please telephone me at the above number, and we can discuss your questions. I also request that fees be waived because Mr. Gilmore is deemed a media requester by your agency for FOIA purposes. Should there be any problem in this regard, Mr. Gilmore promises to pay up to $1000 in fees, and you should therefore begin processing of this request without fee-related delays. As provided under the FOIA, I will expect a reply within ten (10) working days. Sincerely, Lee Tien Attorney at Law On behalf of Mr. John Gilmore From gnu Mon Nov 29 13:12:13 1993 From: gnu (John Gilmore) Date: Mon, 29 Nov 93 13:12:13 PST Subject: FOIA: Cellular Encryption Message-ID: <9311292110.AA14169@toad.com> November 23, 1993 Chief, Office of Policy National Security Agency/Central Security Service Fort George Meade, MD 20755-6000 ATTN: FOIA request Reference: CELLULAR ENCRYPTION Dear Sir or Madam: This is a request under the Freedom of Information Act [5 U.S.C. � 552(a)] on behalf of my client, Mr. John Gilmore. I write to request a copy of all agency records or portions thereof, in electronic or other form, which pertain, relate, or refer to encryption for cellular telephone communications. This request includes, but is not limited to records about: a standard known as the Cellular Message Encryption Algorithm ("CMEA"); NSA's involvement in the development of CMEA; NSA's assessment of the strengths, weaknesses, and technical features of CMEA; standards or technologies other than CMEA considered for cellular telephone communications encryption contacts, conversations, meetings or communications of any sort involving NSA employees and persons not employed by NSA regarding cellular telephone communications encryption. Mr. Gilmore is informed and believes that NSA employees have been involved in meetings with persons not employed by NSA, including persons outside of the U.S. government, about the CMEA standard, and he specifically asks that you disclose all agency records of any or all such meetings. As you know, the FOIA provides that an agency must make an initial determination of whether to comply with a FOIA request within ten working days of receiving the request. Your own regulations provide that �[t]he Chief, Office of Policy, shall notify the requester of his determination within 10 working days of his receipt of the request.� [32 C.F.R. � 299.4(b)]. If the records that you possess were originated or classified by another organization, I ask that your organization declassify them (if needed) and release them to me, as provided in the FOIA, within the statutory time limits. If there is a conflict between the statutory time limits and some regulation or policy that requires you refer the records, the statutory requirement takes precedence over any Executive-branch regulation, policy or practice. As you know, the FOIA provides that no more than an additional 10 working days be taken for such consultation. 5 U.S.C. � 552(a)(6)(B). If you do refer documents to any other agency, and they are not provided within the time limits, we intend to litigate on this point. We also remind you that the long-standing rule that the FOIA "makes no distinction between records maintained in manual and computer storage systems," Yeager v. D.E.A., 678 F.2d 315, 321 (D.C.Cir. 1982), has recently been amplified in Armstrong v. E.O.P., No 93-5002 (D.C. Cir., Aug. 13, 1993). Any paper print- outs of electronic records, such as e-mail, must include all information in the electronic record. Assuming that there would be no loss of releasable information, such as written comments made on paper print-outs, we therefore ask you to release all responsive electronic records in electronic, i.e., machine-readable, form. As you know, the FOIA provides that even if some requested material is properly exempted from mandatory disclosure, all segregable portions must be released. [5 U.S.C. � 552(b)] If any or all material covered by this request is withheld, please inform me of the specific exemptions that are being claimed, and mark all deletions to indicate the exemption(s) being claimed to authorize each individual withholding. If the (b)(3) exemption is claimed, please indicate the relevant withholding statute(s). In addition, I ask that your agency exercise its discretion to release information that may be technically exempt. As you know, the Attorney General on October 4, 1993, directed that agencies should administer the FOIA under a presumption of disclosure, and that information which need not be withheld should not be. Please do not delay processing because of uncertainty about the request. I have reasonably described the records sought. If you have any questions regarding this request, please telephone me at the above number, and we can discuss your questions. I also request that fees be waived because Mr. Gilmore is deemed a media requester by your agency for FOIA purposes. Should there be any problem in this regard, Mr. Gilmore promises to pay up to $1000 in fees, and you should therefore begin processing of this request without fee-related delays. As provided under the FOIA, I will expect a reply within ten (10) working days. Sincerely, Lee Tien Attorney at Law On behalf of Mr. John Gilmore From gnu Mon Nov 29 13:12:26 1993 From: gnu (John Gilmore) Date: Mon, 29 Nov 93 13:12:26 PST Subject: FOIA: Sensor fusion Message-ID: <9311292111.AA14187@toad.com> November 22, 1993 Chief, Office of Policy National Security Agency/Central Security Service Fort George Meade, MD 20755-6000 Reference: SENSOR FUSION Dear Sir or Madam: This is a request under the Freedom of Information Act [5 U.S.C. � 552(a)] on behalf of my client, Mr. John Gilmore. I write to request a copy of all agency records or portions thereof, in electronic or other form, which pertain, relate, or refer to sensor fusion. "Sensor fusion" is the activity or process of "fusing" or merging information from a variety of different sensors to produce a more informative product. For instance, merging radar data with intercepted radio transmissions and adding in satellite pictures may reveal a concentration of metal (from radar data) that coincides with a site that is transmitting communications. This request includes, but is not limited to: electronic records such as software for performing sensor fusion; all documentation for such software; documentation about equipment used for sensor fusion; and records about agency use of sensor fusion. If the requested records are not in the possession of your agency, or if other agencies may also possess such records, I ask that you forward this request to any agency that you believe may have records responsive to this request, and inform me of such action. Such agencies may include the NRO and the CIA. In the alternative, I ask that you inform me of other agencies that you believe possess and control such records. As you know, the FOIA provides that an agency must make an initial determination of whether to comply with a FOIA request within ten working days of receiving the request. Your own regulations provide that �[t]he Chief, Office of Policy, shall notify the requester of his determination within 10 working days of his receipt of the request.� [32 C.F.R. � 299.4(b)]. If the records that you possess were originated or classified by another organization, I ask that your organization declassify them (if needed) and release them to me, as provided in the FOIA, within the statutory time limits. If there is a conflict between the statutory time limits and some regulation or policy that requires you refer the records, the statutory requirement takes precedence over any Executive-branch regulation, policy or practice. As you know, the FOIA provides that no more than an additional 10 working days be taken for such consultation. 5 U.S.C. � 552(a)(6)(B). If you do refer documents to any other agency, and they are not provided within the time limits, we intend to litigate on this point. We also remind you that the long-standing rule that the FOIA "makes no distinction between records maintained in manual and computer storage systems," Yeager v. D.E.A., 678 F.2d 315, 321 (D.C.Cir. 1982), has recently been amplified in Armstrong v. E.O.P., No 93-5002 (D.C. Cir., Aug. 13, 1993). Any paper print- outs of electronic records, such as e-mail, must include all information in the electronic record. Assuming that there would be no loss of releasable information, such as written comments made on paper print-outs, we therefore ask you to release all responsive electronic records in electronic, i.e., machine-readable, form. As you know, the FOIA provides that even if some requested material is properly exempted from mandatory disclosure, all segregable portions must be released. [5 U.S.C. � 552(b)] If any or all material covered by this request is withheld, please inform me of the specific exemptions that are being claimed, and mark all deletions to indicate the exemption(s) being claimed to authorize each individual withholding. If the (b)(3) exemption is claimed, please indicate the relevant withholding statute(s). In addition, I ask that your agency exercise its discretion to release information that may be technically exempt. As you know, the Attorney General on October 4, 1993, directed that agencies should administer the FOIA under a presumption of disclosure, and that information which need not be withheld should not be. Please do not delay processing because of uncertainty about the request. I have reasonably described the records sought. If you have any questions regarding this request, please telephone me at the above number, and we can discuss your questions. I also request that fees be waived because Mr. Gilmore is deemed a media requester by your agency for FOIA purposes. Should there be any problem in this regard, Mr. Gilmore promises to pay up to $1000 in fees, and you should therefore begin processing of this request without fee-related delays. As provided under the FOIA, I will expect a reply within ten (10) working days. Sincerely, Lee Tien Attorney at Law On behalf of Mr. John Gilmore rom owner-cypherpunks Mon Nov 29 13:27:25 1993 Received: by toad.com id AA14244; Mon, 29 Nov 93 13:12:26 PST Received: by toad.com id AA14124; Mon, 29 Nov 93 13:09:31 PST From: gnu (John Gilmore) Return-Path: Received: from localhost by toad.com id AA14120; Mon, 29 Nov 93 13:09:28 PST Message-Id: <9311292109.AA14120 at toad.com> To: cypherpunks Subject: NSA FOIA: Public Domain Classified Records Date: Mon, 29 Nov 93 13:09:27 -0800 November 23, 1993 Chief, Office of Policy National Security Agency/Central Security Service Fort George Meade, MD 20755-6000 ATTN: FOIA request Reference: PUBLIC DOMAIN CLASSIFIED RECORDS Dear Sir or Madam: This is a request under the Freedom of Information Act [5 U.S.C. � 552(a)] on behalf of my client, Mr. John Gilmore. I write to request a copy of all agency records or portions thereof, in electronic or other form, which pertain, relate, or refer to documents which are formally designated as "classified" by the U.S. Government but which are known by NSA officials to be outside direct government control, in the possession of persons not presently employed by the U.S. government, available to the public in libraries, or otherwise in the public domain, whether within or outside the United States. This request also includes all agency records which were previously classified but are no longer classified or had their classification level downgraded if the fact that the records were outside direct government control, in the possession of persons not presently employed by the U.S. government, available to the public in libraries, or otherwise in the public domain, whether within or outside the United States, was a factor in declassification or downgrading. To help you understand the nature of this request, I refer you to Mr. Gilmore's earlier request for Military Cryptanalysis by William Friedman and Military Cryptanalytics by Friedman and Lambros Callimahos. As you know, your agency initially denied Mr. Gilmore's request for Parts III and IV of the Friedman treatise on the ground that they were classified, but later released these records after Mr. Gilmore proved that Parts III and IV were available to the general public. Mr. Michael Smith, Chief, Office of Policy, informed the court and Mr. Gilmore that NSA officials had known for many years that these records had entered the public domain, but that he himself was unaware of this fact, and thus chose not to disclose them at the time of Mr. Gilmore's request. This request is intended to reach any other such records (still classified) and any records for which downgrading or declassification was ordered if the presence of the records outside direct government control was relevant to the downgrading or declassification determination. Although Mr. Gilmore does not by this request seek the already-released portions of Military Cryptanalysis by William Friedman and Military Cryptanalytics by Friedman and Lambros Callimahos, he does by this request seek any records that pertain to whether the unreleased portions of Part III of Military Cryptanalytics by Friedman and Lambros Callimahos are known by NSA officials to be outside direct government control, in the possession of persons not presently employed by the U.S. government, available to the public in libraries, or otherwise in the public domain, whether within or outside the United States. This request is also intended to trigger declassification review of all records responsive to this request. Mr. Gilmore would also like a list of all records responsive to this request if such a list can be provided in advance of the records themselves. As you know, the FOIA provides that an agency must make an initial determination of whether to comply with a FOIA request within ten working days of receiving the request. Your own regulations provide that �[t]he Chief, Office of Policy, shall notify the requester of his determination within 10 working days of his receipt of the request.� [32 C.F.R. � 299.4(b)]. If the records that you possess were originated or classified by another organization, I ask that your organization declassify its. If there is a conflict between the statutory time limits and some regulation or policy that requires you refer the records, the statutory requirement takes precedence over any Executive-branch regulation, policy or practice. As you know, the FOIA provides that no more than an additional 10 working days be taken for such consultation. 5 U.S.C. � 552(a)(6)(B). If you do refer documents to any other agency, and they are not provided within the time limits, we intend to litigate on this point. We also remind you that the long-standing rule that the FOIA "makes no distinction between records maintained in manual and computer storage systems," Yeager v. D.E.A., 678 F.2d 315, 321 (D.C.Cir. 1982), has recently been amplified in Armstrong v. E.O.P., No 93-5002 (D.C. Cir., Aug. 13, 1993). Any paper print- outs of electronic records, such as e-mail, must include all information in the electronic record. Assuming that there would be no loss of releasable information, such as written comments made on paper print-outs, we therefore ask you to release all responsive electronic records in electronic, i.e., machine-readable, form. As you know, the FOIA provides that even if some requested material is properly exempted from mandatory disclosure, all segregable portions must be released. [5 U.S.C. � 552(b)] If any or all material covered by this request is withheld, please inform me of the specific exemptions that are being claimed, and mark all deletions to indicate the exemption(s) being claimed to authorize each individual withholding. If the (b)(3) exemption is claimed, please indicate the relevant withholding statute(s). In addition, I ask that your agency exercise its discretion to release information that may be technically exempt. As you know, the Attorney General on October 4, 1993, directed that agencies should administer the FOIA under a presumption of disclosure, and that information which need not be withheld should not be. Please do not delay processing because of uncertainty about the request. I have reasonably described the records sought. If you have any questions regarding this request, please telephone me at the above number, and we can discuss your questions. I also request that fees be waived because Mr. Gilmore is deemed a media requester by your agency for FOIA purposes. Should there be any problem in this regard, Mr. Gilmore promises to pay up to $1000 in fees, and you should therefore begin processing of this request without fee-related delays. As provided under the FOIA, I will expect a reply within ten (10) working days. Sincerely, Lee Tien Attorney at Law On behalf of Mr. John Gilmore From crunch at netcom.com Mon Nov 29 13:17:13 1993 From: crunch at netcom.com (John Draper) Date: Mon, 29 Nov 93 13:17:13 PST Subject: In Austin on 17th Dec - Want to meet Austin Cypherpunkers Message-ID: <199311292112.NAA23356@mail.netcom.com> Greetings all you Austin Cypherpunkers. I'll be making a trek into your area on the 17th of Dec to attend the HoHoCon. If anyone wants to exchange PGP keys, and has a Mac, then contact me as soon as possible and I can give you all the details. I'll be staying at the Austin North Hilton & Towers and Super 8 Motel, abd be arriving about 4 pm or so. Looking forward to meeting all you Austin Cypherpunkers. I am also looking to see if any rave is scheduled on the evening of the 18th, as I would like to get in some serious dancing while there. Cheers Cap'n Crunch From hughes at ah.com Mon Nov 29 13:37:17 1993 From: hughes at ah.com (Eric Hughes) Date: Mon, 29 Nov 93 13:37:17 PST Subject: Let's Talk About Solutions In-Reply-To: <199311291601.LAA15061@eff.org> Message-ID: <9311292127.AA07180@ah.com> >But I note that for >"mere users" (as distinct from sophisticated users and programmers), >current filtering tools are difficult to use. What can make this better? I'll second Mike's statement by repeating a maxim I periodically need to repeat here: Cypherpunks are not the Hacker Privacy League. It is certainly much easier to create privacy systems that are difficult to install and require much background knowledge about the computer system in question than it is to create systems that are simple to install and reliable to use. If we create systems that only we ourselves can use we have accomplished nothing particularly significant. Only widespread deployment counts in the long run, and that won't happen without easy installation. As much as I like what Mike Diehl has been working on, I don't consider it complete. The installation is far too tricky. I'm certainly glad he wrote it, and I'm glad he released it so that it can be evaluated on technical grounds, but it's early to say that it's ready for an average user. Eric From tcmay at netcom.com Mon Nov 29 13:37:25 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 29 Nov 93 13:37:25 PST Subject: Banning any subscriber Message-ID: <199311292133.NAA26755@mail.netcom.com> Geoff Dale wrote: >I'm not entirely against positive reputation systems, but they really need >to be implimented on the user end, or at least be user settings, as on the >extropians list. > >But the main problem with positive reputation systems is dealing with the >zero reputation newbies. I don't want to see these guys shut out. Positive reputations _must_ be implemented at the user level, to my way of thinking. Any system which centrally administers the reputations, as in approved reading lists or movies approved by the Catholics (does this still exist?) is not really what most of us want. Newbies are often desirable and often turn into valued contributors--sometimes from their very first posts. So I personally would not want to filter them out. The "Extropians" software, which many of us have mentioned here, allows this kind of flexibility. I hope Cypherpunks can get it soon. --Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: by arrangement Note: I put time and money into writing this posting. I hope you enjoy it. From talon57 at well.sf.ca.us Mon Nov 29 13:57:13 1993 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Mon, 29 Nov 93 13:57:13 PST Subject: MISC: good news,bad news Message-ID: <199311292156.NAA16835@well.sf.ca.us> Well as they say first the good news... INFORMATION SERVICES INDUSTRY WANTS RBOCs FREED The regional Bell companies should be free to compete in long distance services, cable television programming and equipment manufacturing, a new study of information services executives said. The study, released today by The Marx Group of Wellesley, Mass., also said the information industry will grow faster and better serve customers as a result of increasing merger activity. The survey was commissioned by The Marx Group, an information services industry consulting and law firm. "This survey proves that a clear majority of information services executives believe that our industry will benefit from Bell company entry into these lines of business," Marx Group chairman Peter Marx said. Marx praised Monday's Supreme Court action leaving in place the Bell companies' ability to offer information services as "good news" for the information services provider industry. This survey demonstrates that the information services business community looks forward to the capital and technology, partnership opportunities and mass marketing capabilities the Bell companies bring to the table." Information services companies rely heavily on long-distance services and are extremely concerned about long-distance rates, the study pointed out. Small businesses were especially emphatic in their desire for the competitive pricing they expect to accompany Bell entry into long distance service, the study said. The survey included telephone interviews with executives from more than 300 information services companies. Some of the results are: 1. 72 percent favored Bell company participation in information services in their own territories, 21 percent unfavorable, 7 percent neutral; 2. 66 percent favored Bell company entry into long distance, 21 percent unfavorable, 13 percent neutral; 3. 69 percent favored allowing Bell company entry into cable TV, 15 percent unfavorable, 16 percent neutral; 4. 67 percent favored Bell company participation in equipment manufacturing, 13 percent unfavorable, 20 percent without opinion. The Marx Group commissioned Arlen Communications, an industry research firm in Bethesda, Md., to conduct the survey. For more information, contact The Marx Group at (617) 576-5730 or Arlen Communications at (301) 656-7940. ### Now for the bad news....(bad idea!) SLATTERY INTRODUCES BILL TO LIFT MFJ MANUFACTURING BAN Rep. Jim Slattery (D-Kansas) Sunday introduced a bill (H.R. 3609) that would lift the Modified Final Judgment (MFJ) restriction for Regional Bell Operating Companies (RBOCs).Staffers in Slattery's office said today the bill is virtually identical to H.R. 1527, which Slattery introduced in the 102nd Congress, with additional provisions concerning consumers with disabilities and joint network planning.The "Telecommunications Equipment Research and Manufacturing Competition Act of 1993" says that permitting the RBOCs, through their affiliates, to manufacture telecommunications equipment and customer premises equipment (CPE), universal access to advanced telecommunications services, continued economic growth and international competitiveness will be advanced.The bill would all the design, development and fabrication of equipment, as well as research with respect to such equipment. The bill includes the following provisions: -- The RBOCs could engage in manufacturing through separate affiliates; -- The Federal Communications Commission (FCC) would prescribe regulations to ensure RBOC compliance; -- A manufacturing subsidiary would be required to maintain separate books, records and accounts; -- RBOCs could sell, advertise, install and maintain telecommunications equipment and CPE after acquiring the equipment from their affiliates; -- Manufacturing affiliates would be required to conduct manufacturing within the United States; -- Manufacturing affiliates would be required to use component parts manufactured in the United States, with the following exception. Affiliates could use components manufactured outside the U.S. if they first make "good faith" efforts" to obtain parts manufactured within the U.S. and if the foreign components do not exceed 40 percent of the sales revenue derived from the equipment; -- Manufacturing affiliates would be allowed to use intellectual property created outside the U.S.; -- Manufacturing affiliates would be required to make equipment available without discrimination to all regulated local telephone exchange carriers; -- An RBOC and its manufacturing affiliates would be allowed to engage in close collaboration with any manufacturer during design and development of hardware or software; -- The FCC would prescribe regulations necessary to ensure that network services advances are accessible and usable by individuals whose access might be impeded by a disability or functional limitation, unless the costs would result in an undue burden or adverse competitive impact; -- Each RBOC would be required to engage in joint network planning and design with other regulated local exchange carriers operating in the same area of interest, except no participant in such planning would be allowed to delay the introduction of new technology or the deployment of facilities to provide telecommunications services. ### I particularly like the anti-NAFTA "All American" clause...... Brian Williams Cypherpatriot Extropian "Free The RBOC'S" "Nuke The Whales" From cman at caffeine.io.com Mon Nov 29 14:02:02 1993 From: cman at caffeine.io.com (Douglas Barnes) Date: Mon, 29 Nov 93 14:02:02 PST Subject: In Austin on 17th Dec - Want to meet Austin Cypherpunkers In-Reply-To: <199311292112.NAA23356@mail.netcom.com> Message-ID: <199311292143.PAA00234@caffeine.caffeine.io.com> > > > Greetings all you Austin Cypherpunkers. I'll be making a trek > into your area on the 17th of Dec to attend the HoHoCon. If anyone > wants to exchange PGP keys, and has a Mac, then contact me as soon > as possible and I can give you all the details. I'll be staying at > the Austin North Hilton & Towers and Super 8 Motel, abd be arriving > about 4 pm or so. > What makes you think any of us really exist, anyhow? :-) (Those of us that do, will be at Ho-Ho Con) Doug -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 447-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From hughes at ah.com Mon Nov 29 14:22:02 1993 From: hughes at ah.com (Eric Hughes) Date: Mon, 29 Nov 93 14:22:02 PST Subject: Let's Talk About Solutions In-Reply-To: <199311291601.LAA15061@eff.org> Message-ID: <9311292214.AA07283@ah.com> re: on forum disruption >The best solutions are bottom-up solutions: solutions in which individuals >can make choices about what they wish to see, but can't impose those >choices on others. I agree with this, I really do. Nevertheless, I think this characterization incomplete in two ways. First, let us stipulate that for the near future the notion of the named group, whose members are all expected, more or less, to share in a common discourse, will remain useful and desirable. The sharing of discourse creates a group history, which in turn creates a group identity. The lack of completeness in Mike's characterization is to recognize that group participation is not completely individualistic, that to gain the benefits of a common discourse it is necessary to participate in that discourse by saying one thing and not saying another. Stricture creates structure. The bottom up solution is not merely the elimination of stricture but rather to increase the ability to choose structure. In a truly free society one has the ability to limit one's freedom for whatever purpose desired. Cypherpunks is like this. I have no theoretical problem with turning off list disrupters, although I do consider it a grave action. It is the practice of the list to broadcast anything requested to be broadcast, yet this does not make this forum a public forum. Each person on the list has transferred, _de facto_, some agency to the maintainer (that's me) about how the list will operate. The second incompleteness is remedied by explictly referring to transferability of preference. One thing the extropians list software does right is to allow filtering at the server; this is a transfer of preference and can be an economic optimization. Bottom-up solutions are incomplete to the extent that they require the solution to remain at the bottom. Eric From hfinney at shell.portal.com Mon Nov 29 14:27:14 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Mon, 29 Nov 93 14:27:14 PST Subject: Banning any subscriber Message-ID: <9311292226.AA11341@jobe.shell.portal.com> The problem with user-based filtering is that the noise may still drive people off the list. New subscribers won't have filters set up initially (they may not know how to set them up, or it may take a while to figure out who, what, and how to filter) and they'll be subject to a barrage of rants and raves. They're likely to unsubscribe in disgust before taking the time to uncover the jewels amid the slime. Also, Tim has noted problems with the user-based filtering on the extropians list. Different people have different filter settings, so there can be multiple redundant postings of outside information - magazine articles, other newsgroup or mailing list posts, etc. Nobody knows what material anyone else has seen. There is also something of a learning curve in using the extropians filtering, despite it being conceptually easy to use. A few weeks ago, it seemed that almost every day someone accidentally posted a filter command to the list. Tim noted at one point that he had surveyed local list members and found a great deal of ignorance about using the filters. I think it works better if the list community is seeing a common message stream, one which is of high quality, one which does not include messages of disruptive posters. Eric has given his blessing (at least implicitly) to an alternate list, one which is gatewayed bidirectionally to cypherpunks, but where such filtering is done. New subscribers to CP who were upset by the noise could be directed to this list when they unsubscribed. This would allow people to avoid receiving harrassing messages while still participating on the cypherpunks list. Hal Finney hfinney at shell.portal.com From pmetzger at lehman.com Mon Nov 29 14:47:14 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Mon, 29 Nov 93 14:47:14 PST Subject: A modest proposal In-Reply-To: <9311292226.AA11341@jobe.shell.portal.com> Message-ID: <9311292244.AA00791@snark.lehman.com> Hal Finney says: > The problem with user-based filtering is that the noise may still > drive people off the list. Indeed. Here is my modest proposal... 1) Create a second list, call it cypherrants. Initially it should have the same membership as cypherpunks. 2) Make the second list unrestricted. 3) Remove the capacity of the pure noise sources to post to cypherpunks. 4) Those who wish to be removed from cypherrants can be. That way, those of us who don't want to listen don't have to, and those people who want to listen can, and we can have the best of both worlds. Perry From beker at netcom.com Mon Nov 29 14:57:14 1993 From: beker at netcom.com (Brian Beker) Date: Mon, 29 Nov 93 14:57:14 PST Subject: Crypto Anarchy, the Government, and the National Information Infrastructure (fwd) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 29 Nov 1993, Timothy C. May wrote: > To a "women need not apply" on-line consulting situation? To > a cyberspatial version of the "old boy's network" that Gloria Allred and > her feminista compadres are constantly filing lawsuits against? ^^^^^^^^^ Shouldn't that be commadres? Brian -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLPpp9CJejrfgN5yJAQEx+AP/ZxOvT3O/POw6lrDZDt08HFxa7wD6UUR1 thz8FaP8opsPsg7EC/iv1ZEml26BhpxgzGSnzeG2NzH9qRMxFik7fJ4XzkMECS5l Af5jJxeeV+iJeqk6lSpYFGcA1YqgAqM7c4XNhA3YGYGUqJ9we2mkujJZ0THJyjMA bXBKqGqIz7E= =YFTM -----END PGP SIGNATURE----- From stig at netcom.com Mon Nov 29 15:32:02 1993 From: stig at netcom.com (Stig) Date: Mon, 29 Nov 93 15:32:02 PST Subject: Need a ride to hohocon? Message-ID: <199311292329.PAA22043@mail.netcom.com> I'm planning to drive from Portland to Austin for HoHo Con...via San Francisco...and I'm looking for people to split the gas. We can all sleep in my van for free, so that saves on expenses in Austin and I have a great stereo to make the miles go by... Takers? Stig ;; __________________________________________________________________________ ;; Stig at netcom.com netcom.com:/pub/stig/00-PGP-KEY ;; It's hard to be cutting-edge at your own pace... 32 DF B9 19 AE 28 D1 7A ;; Bullet-proof code cannot stand up to teflon bugs. A3 9D 0B 1A 33 13 4D 7F From ajw at Think.COM Mon Nov 29 15:47:15 1993 From: ajw at Think.COM (Andy Wilson) Date: Mon, 29 Nov 93 15:47:15 PST Subject: Disruptive members In-Reply-To: <199311290712.QAA06834@dink.foretune.co.jp> Message-ID: <9311292342.AA00834@custard.think.com> From: hawkwind at dink.foretune.co.jp Date: Mon, 29 Nov 1993 16:12:13 +0900 [...] I liken people such to a situation where a group of friends are sitting talking around a fireplace deep in creative discussion and a Felini style circus band starts marching through the room playing at full volume. If this was in your home, you would throw them out; if at a ski lodge, the management would throw them out; if in a public place, the police would disperse them for "disturbing the peace" (have you ever wondered WHY all civilizations have such laws?!?). Yet in cyberspace, people toss out phrases like "freedoms", and "rights" to excuse such behavior apparently without much consideration to the "responsibilities" inherent in those phrases. I have seen a man arrested ostensibly for "disturbing the peace", who was actually just giving a speech. The charges were thrown out. If you don't like free speech, don't log in. The U.S. Constitution and the Declaration of Independence state very clearly that our form of government is based on the recognition of human rights, not responsibilities. You might be able to find a system more to your liking in China or North Korea for a little while longer. At a conference recently, I spent over two hours talking to the fellow who runs a large Moo about exactly this problem. He is also faced with such people (although thankfully not quite so extreme), and his "society" is having a VERY difficult time trying to develop procedures for dealing with such people. He told me about a particularly nasty situation where some girl in his Moo was "virtually raped" by another member. The Moo was horrified, but could not figure out how to deal with the culprit. This is another example of the dilution of the word "rape" until it is utterly meaningless. You cannot rape someone via mail. You can harass them but that is NOT rape. You are demeaning victims of real rapes by using the word in an attempt to justify your authoritarian views. I'm sure that the victim of this harassment was upset and I'm sorry about that, but calling it rape is a load of crapola. [...] >From reading recent postings, I gather that many feel as I once did, that disruptive people will just flame out and go away. And once that was so, but no longer. I have seen over 15 groups laid waste in the past two years by such people. They did not go away, but rather gloated over the deceased corpse of the group. Many of the members of those groups I have not seen again on the nets. I now firmly believe that such chaotic people have to be dealt with and promptly. I am still unclear how to deal with them, but I do know that time is of the essence. The longer they are allowed to pollute your group, the deeper the cancer runs affecting everyone's perspective. All you have to do is ignore them. Put them in your kill file. It works. If people are just too stupid to use such an obvious tool, then they probably aren't capable of "creative discussion" anyway. Harumph. After all the speech criminals are rounded up, what next? Got any ethnic groups in mind? I look forward to any constructive comments. Andy From unicorn at access.digex.net Mon Nov 29 15:47:25 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 29 Nov 93 15:47:25 PST Subject: LD and reputation Message-ID: <199311292346.AA14927@access.digex.net> -----BEGIN PGP SIGNED MESSAGE----- - -> To: hughes at ah.com (Eric Hughes) From: plaz at netcom.com (Geoff Dale) Subject: Re: Banning any subscriber I said: >>I personally disagree with censorship. It would be impossible to enforce >>anyway. A move of this type would simply drive Detweiler to use the >>Cypherpunk remailers which would be harder to detect. Then what do we do? >>Stop accepting mail from our own remailers? Eric replied: >Basically, yes, except for signed letters from previously >authenticated pseudonyms. This is a simple form of a positive >reputation system. A kill fill is a negative reputation--'not that >person'. A positive reputation rejects all but a particular set of >identities. I'm sorry, I didn't realize that you wanted to erect a barrier against anonymous newbies, such as "wonderer" and "Dark Unicorn" were recently. You know, Detweiler might get a new account under a new name, better seal the list to only postings from "previously authenticated" accounts too. Then we'd be all happy and safe from the dreaded Detweiler. <- Why am I always an example? :( What needs to be addressed, is what this list is. Is it private in the sense that we exclude anyone? Are we in a position to regulate disruptive posters? Frankly, LD's posts simply take a lot of space and time. I could care less if LD is a reputable person. Just so long as he is not disruptive. Frankly, he could be a moron (yes yes, I know...) and I still wouldn't mind because correcting his mistakes is part of what this group is all about (to me anyhow). We were all newbies once, even if it was before this list was around. That says to me that if we want to promote cryptographically literate users with this group, we simply cannot exclude. Even a bloody twelve year old might be obnoxious at first, but who knows what we might spur into him/her? Could it not be that we might foster a loyal supporter of cryptography in this twelve year old? At the same time, we must deal with disruptive elements. LD isn't posting for any real constructive purpose. Even he knows it. Perhaps he is having fun, but it is at our expense. Fine. 1> Ignore it (this never works, as we are proving even now) 2> Address it (this just encourages him) 3> Remove it. (ethical questions abound). If the problem is to prevent disruption without excluding it seems to me that you have to use a negative reputation system. A system that gives everyone a chance, without disrupting unduly. Why not a probatory check? Every member of the list is given the chance to contribute constructively, newbie or not. If and when our example newbie user gets out of hand, his/her messages are to be moderated. This cuts down on the man power required to moderate the entire list and still gives newbie user the opportunity to reform. I'm not sure if we can find a willing moderator, but it seems to be a system that would cut down dramatically the LD type problems. Frankly, the traffic on this list is excessively high. (I'm as guilty as anyone I'm afraid.) I can deal with high and valuable traffic, not high and disruptive traffic. Eric -> Authentication, in this context, can take many forms. It could be as simple as sending a key to the mailing list server. It could be developed to require someone to vouch for the pseudonym. It could require a sponsor who would read and repost until a separate reputation develops. The point is to put a bound on the noise from disrupters both inadvertent and intentional, not to completely prevent noise. <- I agree, but prior authentication is a little excessive no? - -uni- (Dark) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLPqJcxibHbaiMfO5AQEyFQP9FEypBg25aPS/RPZTfaChsORrRrApgcKc L0DUoYkaySZFIemI6a/vtNbN6jnSlJ/0MY50Z9PnFNhnTX2MsvPK9eibSkpQdMrt hC53ZnTn9NbW9p6gMrfWEKFuTCPg92KEa3CXDOhZznI4LBBMoj7FCUkes+eT6cyp p//99+WPW1g= =1xby -----END PGP SIGNATURE----- From unicorn at access.digex.net Mon Nov 29 15:52:03 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 29 Nov 93 15:52:03 PST Subject: Dead Man's Stick Message-ID: <199311292347.AA15152@access.digex.net> -----BEGIN PGP SIGNED MESSAGE----- - -> From: "Alan (Miburi-san) Wexelblat" To: cypherpunks at toad.com Subject: Give me your password- OR ELSE! It seems like it would be relatively simple to program in a sort of dead-man switch at the time of creation of the secret key. [...] As you can imagine, there are increasing levels of personal security you might employ. For example, using the duress phrase might be set up to change the pass-phrase to something *you* don't know but which is known by a trusted other party (wife, mother, agent/lawyer, etc.). Knowing this phrase doesn't help them since that phrase can't access your secret until *after* you've given the duress phrase and the software has disabled your normal access phrase. <- The problem with the duress phrase seems to be this: One would use such a phrase when physical site security had been compromised no? Let's assume government types (which seems to be the hint I get when you suggest the alternate pass phrase being held by your lawyer. It's fairly easy to duplicate the key and stick it somewhere on a floppy and try the passwords extracted from you via rubber hose method on the copy rather than the original. In fact, if people being to use duress codes, it seems that this would become standard practice, if it's not already. In as far as the idea behind a duress code is to keep you from being beaten repeatedly by making it impossible for you to decode the information alone, copying the encrypted key defeats this method. :( - -> - --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request "To pleasure!" "To passion!" "To paradise!" "To pain!" "Tonight!" <- -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLPmWBhibHbaiMfO5AQEQuQQApDtaIxVjjZvdUYD9Jl6FZGdq62SpPM+y KMqsIvSOhPOK2kOsoAyLuIN4+bXVUyTHiAkYX/ye2q2gqj9yrOLvkGyH6yak5YFi xoOCYx6qGScHeoqwpJKoRTTwUjAo79ZmXupA+ylX527eQDILwZJa+W+wSln/rXhG zajsBTeG/mw= =B4y+ -----END PGP SIGNATURE----- From an4914 at anon.penet.fi Mon Nov 29 16:12:04 1993 From: an4914 at anon.penet.fi (Nitch) Date: Mon, 29 Nov 93 16:12:04 PST Subject: Book Info Needed Message-ID: <9311300010.AA06389@anon.penet.fi> Could anyone who has specific information (ISBN, Publisher, [US] Price) on either or both of these books *please* e-mail or post to cypherpunks? Applied Cryptography, Schneier(sp?) Virtual Light, Gibson Thanks in advance... ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From an32951 at anon.penet.fi Mon Nov 29 16:12:15 1993 From: an32951 at anon.penet.fi (Coerr) Date: Mon, 29 Nov 93 16:12:15 PST Subject: The Cure Message-ID: <9311300007.AA05940@anon.penet.fi> Amount of e-mail from the Cypherpunks list at 11am, Mon/29: 22 Number of pieces concerning one cretin: 14. The best filter would be a filter of no response. By feeding a puny little ego simple enough to need nothing more than acknowledgement to rejoice in its lost sense of self, its incentive is continually renewed. Remember, this is some wretch who has clearly been shunted aside by all the humans it has ever encountered, probably for the same reasons it haunts us here. All it wants is to be the center of attention, and having succeeded, it will not go away. And so, a suggestion: How about an undetermined period of time during which everyone simply agrees not to answer anything it says? Undetermined because it'll just show up again once it knows people will talk about it again. It craves fame. It resents what it perceives to be the fame of the better-known members of this list to be. It is jealous of that fame, and wants some for itself. It is sick and ugly, small and unintelligent, resentful of its underdeveloped brain and the fact that everyone he looks up to instantly recognizes his stupidity. And now it has found a way to get those very people to acknowledge it, discuss it, feel threatened by it. It is used to rejection, so the endless repeats of it mean nothing. And then even less in the face of the warm glow at the center of the Cypherpunks collective attention. It's techniques are working, and only because the members of this list are obliging it. This is the first and the last word I'll ever write about about it. If we all did that, it would go away. Coerr ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From pmetzger at lehman.com Mon Nov 29 16:12:26 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Mon, 29 Nov 93 16:12:26 PST Subject: Disruptive members In-Reply-To: <9311292342.AA00834@custard.think.com> Message-ID: <9311300008.AA00857@snark.lehman.com> Andy Wilson says: > If you don't > like free speech, don't log in. The U.S. Constitution and the Declaration > of Independence state very clearly that our form of government is based on > the recognition of human rights, not responsibilities. You might be able > to find a system more to your liking in China or North Korea for a little > while longer. Does free speech mean that I can stand up in the midst of a company meeting and start reciting Hamlet at the top of my voice? No, it does not. It means that THE GOVERNMENT shall not PUNISH people for speaking. It means that PUBLIC PROPERTY may not be sealed off from people with particular opinions. It does NOT mean that speech is permissable everywhere, nor does it obligate private individuals to give opportunities to people to speak. Just because you want to reach millions of people doesn't mean that the New York Times has to give you space to do it, for example. Toad.COM is NOT a public place. Mailing lists are NOT public places. This is the exact equivalent of someone hosting a block party in their yard and discovering that a local bum has decided to deficate in the fruit punch. Censorship is eliminating a person's capacity to speak. This is NOT censorship. The individual in question could send mail to all the list users if he wanted to. He could (and has) started his own mailing list, so thats obviously not prohibited to him. He could post to netnews -- and does. His outlets for speech have obviously not been hindered. Perry From romana at apple.com Mon Nov 29 16:37:15 1993 From: romana at apple.com (Romana Machado) Date: Mon, 29 Nov 93 16:37:15 PST Subject: Stego 1.0a2 and where to get it Message-ID: <9311300034.AA13936@apple.com> Announcing Stego 1.0a2 The First Steganography Tool For The Macintosh by Romana Machado of Paradigm Shift Research 11/28/93 What is steganography? Steganography is a method by which a message can be disguised by making it appear to be something else. It derives from two Greek roots. "Stego-" means "roof", or "cover". It is the same root used in "stegosaur", called a "roof lizard" because of the large bony plates that decorate its back. "-graphy" means writing. "Steganography" means covert writing. What is Stego? Stego is a tool that enables you to embed data in, and retrieve data from, Macintosh PICT format files, without changing the appearance or size of the PICT file. Though its effect is visually undetectable, do not expect cryptographic security from Stego. Be aware that anyone with a copy of Stego can retrieve your data from your PICT file. Stego can be used as an "envelope" to hide a _previously encrypted_ data file in a PICT file, making it much less likely to be detected. Stego is available _now_ via anonymous ftp from ghost.dsi.unimi.it, in the /pub/crypt directory. If for some reason you can't find it in this location, mail me $15.00 and your physical or email address. I will send it to you. Don't Forget! Stego is shareware. You can help to support further development by sending $15.00 or any stegosaur to: Romana Machado 19672 Stevens Creek Blvd. Box 127 Cupertino, CA 95014 Bugs? Questions? EMail: romana at apple.com From davet at wv.MENTORG.COM Mon Nov 29 17:02:04 1993 From: davet at wv.MENTORG.COM (Dave Taffs) Date: Mon, 29 Nov 93 17:02:04 PST Subject: META: Filter Detweiler Message-ID: <199311300055.AA21733@fpd.MENTORG.COM> Time to de-lurk... >sender: hfinney at shell.portal.com > >I would favor adding a filter preventing Detweiler's messages from >appearing on the list. I disagree. I think the correct response is to just completely ignore him. This apparently worked on rec.pets.cats, when people posted truly nasty stories about cats; they kept it up until the list learned to just completely ignore them, and then they went away. Detweiler will eventually(!) do likewise. I urge that the spirit exemplified by CPunks not be sullied by censorship, in spite of the threat posed by LD. It is indeed an ugly precedent, antithetical to what I believe the list believes in. It might help newbies if a discussion of the LD issue be mentioned in a FAQ list (is there one?), or otherwise maybe a message indicating the known hazard of LD should be sent to the list every two weeks saying that the consensus is to just ignore posts from either L. Detweiler or an12070 at anon.penet.fi. -- O_O 01234567 dave_taffs at mentorg.com "Carpe carp!" | . . ^ I don't necessarily share MGC's views. | (_:_) Indent-o-Meter Better living thru tab damage... | From lefty at apple.com Mon Nov 29 17:17:15 1993 From: lefty at apple.com (Lefty) Date: Mon, 29 Nov 93 17:17:15 PST Subject: Disruptive members Message-ID: <9311300111.AA29036@internal.apple.com> >I have seen a man arrested ostensibly for "disturbing the peace", who was >actually just giving a speech. The charges were thrown out. If you don't >like free speech, don't log in. The U.S. Constitution and the Declaration >of Independence state very clearly that our form of government is based on >the recognition of human rights, not responsibilities. You might be able >to find a system more to your liking in China or North Korea for a little >while longer. There is little I less enjoy seeing than the spectacle of someone who has never actually bothered to find out what the Bill of Rights says and what it means blathering about "free speech". Mr. Wilson: does my right to free speech entitle me to come into your living room and demand that you provide me with a podium and a megaphone in furtherance of my expressing my opinion? If you think it doesn't, then you have no cause for complaint. If, on the other hand, you think it _does_, then I've done you a grave misservice by mistaking you for nothing more than an uninformed chowderhead. You would constitute, at the very least, a full-blown loon. >After all the speech criminals are rounded up, what next? Got any ethnic >groups in mind? That's low. Or, to be more precise, on a par with the rest of your little screed. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From jim at bilbo.suite.com Mon Nov 29 17:22:05 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Mon, 29 Nov 93 17:22:05 PST Subject: really hiding encrypted data Message-ID: <9311300120.AA12755@bilbo.suite.com> Let's imaging that the government has made it illegal to encrypt data unless you use an "approved" crypto-system. In a world like this, a person who wanted to encrypt data would have to find a way to hide the encrypted data. Many people have suggested placing the encrypted data in the least significant bit of a binary picture file. However, I suspect it is easy to distinguish between the collection of least significant bits of a normal picture file and the collection of least significant bits of a picture file used to hold some encrypted data. In other words, your picture file envelope could trigger an alarm in some government traffic sniffer. This is probably a stupid question, but...is there anyway to take a chuck of encrypted data (presumably with a high degree of randomness) and securely munge it so it looks less random, while retaining the ability to reverse the munge and decrypt the data. Ideally, the munge process should not be based on obscurity. The munge process should be a keyed algorithm so the government filters can't systematically "unmunge" to check for highly random (and suspect) data. Unfortunately, I have a hard time imagining an algorithm that is secure AND produces an output that isn't highly random. Any ideas? How about something fractal? The "munge key" could be the initial state of the fractal engine. I really don't have a clue about the randomness of the output of a fractal engine. Jim_Miller at suite.com From smb at research.att.com Mon Nov 29 17:42:15 1993 From: smb at research.att.com (smb at research.att.com) Date: Mon, 29 Nov 93 17:42:15 PST Subject: really hiding encrypted data Message-ID: <9311300142.AA20588@toad.com> Well, the output of an additive knapsack encryption has a normal distribution. More precisely, if you encrypt many input values with the same public key, the resulting output values will follow a normal distribution. This is because you're adding up a set of large numbers with an apparent uniform-random distribution. Not quite you what you asked, I realize. --Steve Bellovin From hughes at ah.com Mon Nov 29 17:57:15 1993 From: hughes at ah.com (Eric Hughes) Date: Mon, 29 Nov 93 17:57:15 PST Subject: really hiding encrypted data In-Reply-To: <9311300120.AA12755@bilbo.suite.com> Message-ID: <9311300146.AA07743@ah.com> >However, I suspect it is easy to distinguish between the collection >of least significant bits of a normal picture file and the collection >of least significant bits of a picture file used to hold some >encrypted data. This may be. The connection is not obvious, but there may be correlations because of data conversions, mechanical scanner characteristics, etc. The first step in any such system which more closely hides data is to study carefully the statistics of base images. Until you understand them, any attempt at mimicking them is bound for failure. Seeking a good understanding of the statistical properties of messages of various sorts is generally missing in cypherpunks activity. The area gets quite technical, and we as a group need to develop some better understanding of it. Eric From ajw at Think.COM Mon Nov 29 18:02:08 1993 From: ajw at Think.COM (Andy Wilson) Date: Mon, 29 Nov 93 18:02:08 PST Subject: Disruptive members In-Reply-To: <9311300110.AA29019@internal.apple.com> Message-ID: <9311300159.AA01612@custard.think.com> Date: Mon, 29 Nov 93 17:10:48 PST From: lefty at apple.com (Lefty) >I have seen a man arrested ostensibly for "disturbing the peace", who was >actually just giving a speech. The charges were thrown out. If you don't >like free speech, don't log in. The U.S. Constitution and the Declaration >of Independence state very clearly that our form of government is based on >the recognition of human rights, not responsibilities. You might be able >to find a system more to your liking in China or North Korea for a little >while longer. There is little I less enjoy seeing than the spectacle of someone who has never actually bothered to find out what the Bill of Rights says and what it means blathering about "free speech". I am aware of what the Bill of Rights says, but I am not required by the political philosophy cops to make sure my own notion of free speech is isomorphic to it's, thank you just so much. Mr. Wilson: does my right to free speech entitle me to come into your living room and demand that you provide me with a podium and a megaphone in furtherance of my expressing my opinion? Nope. But you can send me unsolicited mail as long as it doesn't contain bombs, threats or frauds. That's all Detweiler is doing to me. I can turn him off just like I can turn off junk snail mail, if I take the appropriate steps. Not a big deal at all. Just like turnin' off a TV channel I find particularly asinine. Technically cypherpunks is private since it is administered from a private site, but it is freely accessible. I don't think excluding someone from the list should be illegal, I just think it's misguided, like trying to fix a leaky faucet with a revolver. If you think it doesn't, then you have no cause for complaint. If, on the other hand, you think it _does_, then I've done you a grave misservice by mistaking you for nothing more than an uninformed chowderhead. You would constitute, at the very least, a full-blown loon. >After all the speech criminals are rounded up, what next? Got any ethnic >groups in mind? That's low. Or, to be more precise, on a par with the rest of your little screed. Not any lower than the groteseque bastardization of the word "rape" I was responding to. I don't have much tolerance for that kind of P.C. doggerel. I was alarmed by the control-freak strategy of the poster I was responding to. Excluding "disruptive members" is a non-solution. They'll just come back with a different account if they really want to. What particularly incensed me was the crap about "rights without responsibilities". It's not anyone's responsiblity to make sure that their posts are entertaining to everyone. That's what kill files are for. As for ignoring people not being a solution because it interferes with "outreach", the members of this list, and the Extropians list, include some of the most atrocious examples of "outreach" I've encountered. Perhaps Mr. Detweiler wouldn't have gone off the deep end if he hadn't received death threats. But then again perhaps he's just a dadaist... or another one Tim May's pranks... Andy -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From huntting at glarp.com Mon Nov 29 18:57:16 1993 From: huntting at glarp.com (Brad Huntting) Date: Mon, 29 Nov 93 18:57:16 PST Subject: Cryptosplit 2.0 In-Reply-To: <9311291648.AA25233@jobe.shell.portal.com> Message-ID: <199311300256.AA05265@misc.glarp.com> From: m5 at vail.tivoli.com (Mike McNally) > On UNIX systems, where keystroke timing can be problematic, couldn't a > collection of various system metrics be used to provide a bunch of > reasonable pseudo-random bits? Things like: > I think multiple MD5 hashes of the total contents of /tmp (or, better, > /swap, if you can access that) would have more bits of randomness. In > any case, Shamir sharing requires a LOT of random bits ("k" times the > size of the file) so at best these sources of randomness could seed a > RNG, which would then "amplify" the randomness (in a cryptographic > sense) to produce the random bits needed for the sharing algorithm. If I remember coorectly it's KerberosV uses an MD5 hash of /dev/mem. This covers everything reported by "ps", "netstat", "iostat", "vmstat", "pstat", and a lot more kernel stuff that's very difficult to predict for any machine that's up and running on a busy network for more than a few hours. Still, probably not 128 bits worth of entropy. brad From MJMISKI at macc.wisc.edu Mon Nov 29 19:22:27 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Mon, 29 Nov 93 19:22:27 PST Subject: Factor Breakthru! Message-ID: <23112921205919@vms2.macc.wisc.edu> 'Punks, Just curious as to what would (or will eventually) happen when a shortcut to factoring large numbers is discovered? Do we revert to older less secure conventions or am I missing something? --Matt ______________________________________________________________________________ In defense of liberty, encrypt for all purposes, civil and professional. In defense of privacy, encrypt all correspondence, personal and professional. In defense of sanity, do not encrypt your dry cleaning invoice! ++++++++--------mjmiski at macc.wisc.edu (c)1993 From MJMISKI at macc.wisc.edu Mon Nov 29 19:37:16 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Mon, 29 Nov 93 19:37:16 PST Subject: Medical and Hospital Info Systems. Message-ID: <23112921323872@vms2.macc.wisc.edu> First off, thanks to all the people who replied to my first post. Which, as it turns out needs a bit of clarifying. I am looking for a secure information system for hospital administration. My mother is on the purchasing committee at her place o' employment (she is a Registered Nurse) and asked me some questions about their nascent search for a new information system. They are considering three operating systems all put on 3090's i believe. They are considering CICS, AIX and something merely labeled propietary (UNIX?). Well, I am visceraly familiar with the first two and know of several security problems with both systems. So, when I read on in her literature I found mention of security. All that it said was individual users have individual passwords! HELLO! I immideatly told her that there was or would be a problem. AIX out-of-box is horribly insecure as is any CICS implementation i have seen. I was/am concerned about the probability of a breach. So, my cryptoQuestion is based around *any* possible/existing medical info- rmation protocals in existance. I would prefer a cryptographic protocol, thus my appeal to the list. If none exist, then industrious punks can make a bundle by creating one (Oh yeah! We do write code when were not hissing at Medusa's Head!). Otherwise, I may simply piece together a package from that which already exists. Punks, I must say it is sad to see the state of information security with regard to Medical Information. --Matt ______________________________________________________________________________ In defense of liberty, encrypt for all purposes, civil and professional. In defense of privacy, encrypt all correspondence, personal and professional. In defense of sanity, do not encrypt your dry cleaning invoice! ++++++++--------mjmiski at macc.wisc.edu (c)1993 From fnerd at smds.com Mon Nov 29 19:47:17 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 29 Nov 93 19:47:17 PST Subject: Knights who say NII (was Crypto(A), govt & NII) Message-ID: <9311300339.AA01336@smds.com> Tim May writes (1): > Having read the three main "position papers" on NII (the White House > paper, the CPSR analysis, and the EFF "Open Platform" piece), I'm as > convinced as ever that the Data Highway is largely about regaining > control of the currently anarchic network system. Mike Godwin replies (2): > For what it's worth, I don't think this interpretation can be read into > EFF's Open Platform paper. A rotated view on each of these. 1) NII is not "about" anything in particular. You can look at what each person talking about it means in each instance, or you can look at what effect the ideas will have when they become incarnated in government organizations and rules, and take on lives of their own. Or you can look at the process that keeps the topic alive as a popular issue. I'm not sure what kind of "about" Tim was talking. 2) It doesn't matter so much what interpretations can be read into EFF's, or anyone's papers. What matters is the effect they'll have. Giving the government savvy advice, telling them they should do whatever will promote, say, competition or open forums...what effects will these have? They may provide justifications, expertise and targeting info for interventions, for instance. New ways to get involved... There's a dynamic to things like this involving momentum and snowballs and chaos theory; government; media; punks; the public; policy orgs, tanks and wonks; and regulated industries. I can't think of one positive thing (as opposed to the negative thing, disengagement) government can contribute to the goals of EFF. I wonder if the EFF folks are sure there are some. Mitch Kapor talks of "decentralists" who want to use government to promote decentralization-- thwart centralization effects that happen in capitalism, I suppose. (You may have missed Mitch's post as it was forwarded by Ell Dee.) The government can stop all the things it does that produce centralization (it produces centralized capitalists, for instance), but the most centralized organization in the world as the decentralist's tool or ally doesn't seem workable to me. The means clashes against the ends. Telling a bull that he should make whatever positive contributions he can to the china shop...is worse than just not mentioning that there are none. To the bull it suggests, well, a fact-finding tour at least... "But we didn't say that." Of course not. The good guys just tag along and advise against what's *specifically* happening, while gesturing in a forward direction. I'm sure anyone in CPSR or EFF who's even heard the word libertarian has weighed similar arguments. I've seen Mitch and Mike (for instance) talk. Both energetic yet eminently rational and calm. The perfect people to talk someone down from a contemplated harmful act. I hope that's what they end up spending their time doing, in this NII business, (although it's not a positive- or creative-sounding or pleasant thing to wish on someone). And sure, of course I hope sane heads prevail everywhere, that everything everyone says is taken in the right spirit by everyone involved and no terrible travesty of "Open Platform" comes to pass, unlike the rest of the history of such things. Times are changing... I just don't like the whole country waiting for the government to "do better this time, we promise," when it's not helpful for the government to do anything except put down the blunderbus and come out. -fnerd at smds.com quote me -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvtoxiQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2toust1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hanC0R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From jim at bilbo.suite.com Mon Nov 29 20:02:06 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Mon, 29 Nov 93 20:02:06 PST Subject: Cryptosplit 2.0 Message-ID: <9311300356.AA15067@bilbo.suite.com> >If I remember coorectly it's KerberosV uses an MD5 hash of /dev/mem. I'm pretty familiar with the most recent iteration of Kerberos V (pre-release beta 3). There is no mention of /dev/mem in any of the Kerberos V source code files. As best as I can tell, all DES keys and random numbers used by Kerberos are ultimately derived from pass-phrases. The random DES keys produced by the Kerberos administration utilities are derived from the KDC master key and some other info (not /dev/mem). The KDC master key is derived from a pass-phrase. All random numbers used inside the Kerberos runtime library are derived from the user's or server's secret DES key. A user's secret key is derived from the user's pass-phase. A server's secret key is derived from a pass-phrase or generated automagically by the Kerberos administration utilities mention above. (all this is assuming you are using the DES encryption option) Jim_Miller at suite.com From fnerd at smds.com Mon Nov 29 20:32:07 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 29 Nov 93 20:32:07 PST Subject: Crypto-dongle protocols? Message-ID: <9311300401.AA01443@smds.com> I know there was talk of making little crypto boxes that attach to the back of bigger computers. "Crypto-dongles," they were called. Did anyone go and build one? Did anyone think up a protocol for talking to one? It occurs to me that pocket computers like the Psion might make nice crypto-dongles, especially for people who use Unix for mail. The little computer could show you the text you were signing or that it had decrypted. All safe from Unix hacks--but is there a good protocol? Integration with PGP functions would be nice and might even ease the implementation. So, once again, Has anyone got a crypto-dongle protocol? -fnerd at smds.com quote me -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvtoxiQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2toust1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hanC0R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From mg5n+ at andrew.cmu.edu Mon Nov 29 20:37:17 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Mon, 29 Nov 93 20:37:17 PST Subject: really hiding encrypted data In-Reply-To: <9311300120.AA12755@bilbo.suite.com> Message-ID: > In a world like this, a person who wanted to encrypt data would have > to find a way to hide the encrypted data. Many people have suggested > placing the encrypted data in the least significant bit of a binary picture > file. However, I suspect it is easy to distinguish between the collection > of least significant bits of a normal picture file and the collection of > least significant bits of a picture file used to hold some encrypted data. > In other words, your picture file envelope could trigger an alarm in > some government traffic sniffer. > > This is probably a stupid question, but...is there anyway to take a > chuck of encrypted data (presumably with a high degree of randomness) > and securely munge it so it looks less random, while retaining the > ability to reverse the munge and decrypt the data. Not a stupid question at all. I would suspect that altho the least significant bits of a picture file are not very orderly, they are probably not quite a random distribution. I would suspect that in many pictures, they would form curved contour lines, outlining subtle differences in color across a picture image. Of course, some pictures are more random than others, so the best someone scanning data packets could do would be to pick out "suspicious" images to analyze further. > Any ideas? How about something fractal? the "f" word> The "munge key" could be the initial state of the > fractal engine. I really don't have a clue about the randomness > of the output of a fractal engine. Well, since you mentioned the f-word, I guess I'll entertain the possibility. A fractal would probably be one way to hide data while producing an orderly looking picture. Suppose you wrote a program to calculate the Mandelbrot set (fairly common example that most people should be familiar with; if not, ask and I will clarify the math) to 256 iterations, and plot the number of iterations required for the magnitude of the complex number pair to exceed 2.0 as the intensity of the pixel (or zero for points in the set). The result is a image that many people have seen before. Now, suppose that you modify your fractal generator program slightly. For points which required more than 32 iterations, you would not plot the exact value, but instead change it +/- 1. Because the points which require a high number of iterations are in the naturally most chaotic part of the fractal, it would probably defeat "scanning" attempts to look for steg-data. In fact, the only way to discover the message would be to actually plot the fractal and compare it to the file you had - a time consuming process, especially if the cracker didn't know the exact coordinate boundries of the image, and the number of significant figures used in your calculations. Or maybe instead of accepting divergance at 2.0, you choose 2.1, or even 2.01? Lots of possibilities... If defeating a gummint traffic sniffer is your objective, consider what kind of sniffer the gummint might use. If they were just checking for randomness, they might apply a data compression technique to look for patterns (since cryptodata can't be compressed). In such a case, you could design a compression program which would "uncompress" data - that is, run a data compression in reverse; adding random repitition that a data compression program would notice. Basically, what you need to do is to design a data (un)compression system such that every possible input file maps exactly to some "uncompressed" text. You then steg the uncompressed data, and then the recipient "compresses" the data to reveal the original ciphertext, and then decrypts. From ebrandt at jarthur.Claremont.EDU Mon Nov 29 21:07:18 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Mon, 29 Nov 93 21:07:18 PST Subject: really hiding encrypted data In-Reply-To: <9311300120.AA12755@bilbo.suite.com> Message-ID: <9311300502.AA24972@toad.com> > From: jim at bilbo.suite.com (Jim Miller) > I suspect it is easy to distinguish between the collection of least > significant bits of a normal picture file and the collection of > least significant bits of a picture file used to hold some > encrypted data. I wrote something about this just a mont or two ago. Rather than going through it all again, let me summarize and go off in a different direction. Yes, simple-minded LSB steganography should be detectible. Its statistical effect is to stomp hard on the lowest bit with white noise, while doing nothing to higher bits. This isn't a very plausible noise source. I've been hoping to find some time over winter break to brush up on my statistics and put together a steganography detector. This sort of analysis might not hold up in court, as it's always possible that somebody has a bogus ADC or something, but it's fine for traffic analysis. I think the trick will be avoiding false positives on images that have been dithered at some point during their life... > This is probably a stupid question, but...is there anyway to take a > chuck of encrypted data (presumably with a high degree of > randomness) and securely munge it so it looks less random, while > retaining the ability to reverse the munge and decrypt the data. You could hit only scattered bits, but this sort of noise isn't realistic either. What you want is to end up with plausible statistics. One possibility is to construct a model for the less-significant planes of the types of images (or other data) which you intend to use. If you leave a parameter or two free, or partially free, you should be able to fit some data in without being blatant about it. Low data rate, though. Constructing a decent data model for this purpose is beyond me. A simple approach: add plenty of Gaussian noise, and maybe introduce some moire crud to make it look lousy. Then replace every n'th LSB with a bit of your choice. This should be plausible enough to past most auto-scanners, who probably can't afford to get too many false positives. > Jim_Miller at suite.com Eli ebrandt at jarthur.claremont.edu PGP 2 key by finger or e-mail "They have written customized software for pseudospoofing and style analysis for cyberspatial warfare across the many lists." -- L. Detweiler From newsham at wiliki.eng.hawaii.edu Mon Nov 29 22:07:19 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Mon, 29 Nov 93 22:07:19 PST Subject: anti-cypherpunk propaganda Message-ID: <9311300605.AA26193@toad.com> strike another one up for L.D. and the NSA. Original readings of some of L.D.'s articles have lead me to believe that he was truely in a state of delusion but now I know better. His description of the great medusa was infact true, but the people he was describing where no the 'leadership of cypherpunks' but rather his own actions and tactics. It is amazing that this hasn't occured to me before, the cleverness of his rants draw attention away from him and make it seem implausible that he could be involved in such activity. His attacks are well coordinated, well thought out, obviously written with much care and taking up much of his time. He was reached out to many forums and undoubtadly affected the thinking of many people. It is going to take much information to reverse the damage he has done to the reputation of the list. Here is a recent article from CuD: ----------------------- Subject: File 3--A Psychopunk's Manifesto From: nagap at MINDVOX.PHANTOM.COM(Michael Roberts) Date: Wed, 17 Nov 93 22:20:11 EST A Psychopunk's Manifesto by T.C. Hughes Honesty is necessary for an open society in the electronic age. Pseudospoofing is dishonesty. A pseudonym is something one doesn't want the whole world to know, and anonymity is something one doesn't want anybody to know. Pseudoanonymity is the power to selectively reveal oneself to the world. If two thieves have some sort of dealings, then each has a memory of their interaction. Each criminal can confess about their own memory of this; how could anyone prevent it? One could criticize laws against it, but the freedom of collusion, even more than pseudospoofing, is fundamental to a criminal; we seek not to restrict any criminality at all. If many criminals speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The holes in the Internet have enabled such group collusions, and it will not go away merely because we might want it to. Since we desire black markets, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no secrecy. I cannot here selectively reveal myself; I must _always_ reveal myself. Therefore, pseudospoofing in an open society requires pseudoanonymous transaction systems. Until now, cash has been the primary such system. A pseudoanonymous transaction system is not an honest transaction system. A pseudoanonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of criminality. Honesty in an open society also requires identification. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To speak is to indicate the desire for privacy, and to speak on the Internet is to indicate not too much desire for privacy. Furthermore, to conceal one's identity with assurance when the default is True Names requires the Internet. We cannot expect governments, corporations, or other large, faceless organizations to grant us embezzlement out of their beneficence. It is to their advantage to repress us, and we should expect that they will try. To try to prevent their restrictions is to fight against the realities of cyberspace. Evil does not just want to be free, it longs to be free. Criminality expands to fill the available storage space. Criminality is Conspiracy's younger, stronger cousin; Criminality is fleeter of foot, has more eyes, knows more, and understands less than Conspiracy. We must defend our own conspiracy if we expect to have any. We must come together and create systems which allow pseudoanonymous transactions to take place. People have been defending their own conspiracies for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong conspiracies, but electronic technologies do. We the psychopunks are dedicated to building pseudoanonymous systems. We are defending our criminality with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money. Psychopunks write code. We know that someone has to write software to defend criminality, and since we can't get perverted unless we all do, we're going to write it. We publish our code so that our fellow psychopunks may practice and play with it. Our code is barred for all to use, worldwide. We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down. Criminals deplore regulations on criminality, for criminality is fundamentally a private act. The act of corruption, in fact, removes information from the public realm. Even laws against conspiracies reach only so far as a nation's border and the arm of its enforcement. Criminality will ineluctably spread over the whole globe, and with it the dishonest transactions systems that it makes possible. For a conspiracy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common evil. Secrecy only extends so far as the collusions of one's accomplices in private. We the psychopunks ignore your questions and your concerns and hope we may deceive you so that we do not get caught ourselves. We will not, however, be moved out of our course because some may disagree with our goals. The psychopunks are actively engaged in making the networks safer for criminality. Let us proceed together apace. Onward. T.C. Hughes 16 Nov 1993 ------------------------------ From sasha at cs.umb.edu Mon Nov 29 23:17:20 1993 From: sasha at cs.umb.edu (Alexander Chislenko) Date: Mon, 29 Nov 93 23:17:20 PST Subject: Censorship, privacy, copyright... Message-ID: <199311300715.AA28140@eris.cs.umb.edu> There seem to be repeating debates about what constitutes censorship, privacy, and various other rights and freedoms regarding distribution of information. I would start with separating the parties involved into a number of functional agencies (I don't believe in classification of entities - just functions). The list would include [possibly multiple instances of] : - author - reader - owner - distributor - owner of the media - party mentioned in the message -- legal guardians of each of the above. - the law (one person or group can play the role of any subset of the above agencies). These all fit into a simple graph, where we can mark areas where different terms would apply, and who may establish what. A number of things that cause repeated arguments, seem to be evident regardless of one's political affiliation, such as: - an author is the original owner, and can lose ownership only voluntarily. - nobody may be forced to read anything - the owner has a right to share - or not! - the information with a reader. the concept of censorship applies to control of the third party ('the law' in the above list) - not the owner! - the distributor and media owner have nothing to do with the contents of the message (i.e. in their pure functional form - of course, their impersonators may combine these functions with others). Other parts may be arguable, but at least the terminology should be clear. - copyright refers to the owner - privacy refers to the parties functionally involved with the *contents* of the message. And so on. I would expect that there should be lots of good books on the functional relationships of various parties around information, strict definitions of terminology and descriptions of different positions on what various agencies should have the freedom for, and what gives you rights of such an agency. Are there such books? A FAQ on the topic would probably be useful, too. [ Or maybe, there is nothing of that sort? There are examples of endless debates on undefined topics - such as 'human identity', where the seemingly fundamental concepts are language-specific and, even in English, extremely vaguely defined. ] -- sasha at cs.umb.edu From jkreznar at ininx.com Mon Nov 29 23:37:21 1993 From: jkreznar at ininx.com (John E. Kreznar) Date: Mon, 29 Nov 93 23:37:21 PST Subject: Should we oppose the Data Superhighway/NII? In-Reply-To: <199311231812.NAA02644@eff.org> Message-ID: <9311300734.AA07761@ininx> -----BEGIN PGP SIGNED MESSAGE----- > > The beauty of cypherpunk technology is that it provides means to _avoid_ > > the tyranny of government, rather than trying to redirect that tyranny > > on behalf of one's own ends. > This is a commendable goal, but one can't rely on a trickle to do the job > of a river. I'm all for cp tech, and I'm all for reducing the power of > the govt. as much as possible and as soon as possible. I'm _not_ all for > expecting to accomplish this immediately. Cypherpunk technology gives you a way to _forget about reducing their power_ and concentrate on increasing your own. > > Government gets its power from its hundred million clients. > Hmm I tend to think govt. gets its power from the adequately backed-up > threat that it can rob (fine), enslave (imprison) or kill (execute or > shoot while resisting arrest) you if you don't do what it says. Without the hundred million each clamoring to shape government as he would prefer, it would wither. Of course, if you alone stop clamoring, it won't have a noticeable effect, but at least you avoid the inconsistency and cognitive dissonance of contributing to the very problem you're attempting to solve. > If someone holds me hostage, I tend to think of them as a coercive > kidnapper, not a business that I am patronizing. You're patronizing them by entertaining their claim to control the means by which you will communicate, implicitly endorsing the proposition that there's some legitimacy to their involvement in the first place. > The time's just not right for a cypherpunk "War on Govt". Cypherpunks > will lose. I agree. This is one of the reasons for _avoiding_ government, rather than fighting them or joining them. > ...when anti-authoritarianism returns as the focus of the country's > political thought,... Are you willing to wait? > People aren't mad enough yet to get up off their commercial- > brainwashed, apathetic couch potato butts and DO much of anything yet, > but would rather go to the mall or play with their Game Boys. Why do you care about the couch potatoes? Are you suggesting that your privacy, or your use of strong cryptography, should be hostage to their approval? Asking the couch potato for his permission is exactly the act that makes him think that his permission is required. This is an instance of what I mean when I write that the power of government results from its hundred million clients. If you insist on asking government for permission to use your pencil sharpener they will gladly enlarge their power enough to deny you that permission. Leave the sleeping couch potato lie, and he'll be much less bother. > Have a look at the stuff EFF's doing - ... before tossing us on the > garbage heap as govt lubbers. :) I don't mean to do that. I'm just pointing out that playing in their tar-pit -er, sandbox legitimizes their claim to control. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLPr3YcDhz44ugybJAQEkkAP+PfDhCUpTaOKBggLs4KJuhamrmK+AbXC4 SPftdDe6EAzAnLSaIKv4X/tn+OpApZgG4x5HBXTt2F4qMXa3EcO4sYRbg/voz3F7 LvCXCNJ3HHeVTVna3JoAk6jJRgo8uFRwG5md6/Eir25/SzgR+WhCz+437Qyj8dQV dT2Q8+6lkuc= =bTVZ -----END PGP SIGNATURE----- From jdblair at nextsrv.cas.muohio.EDU Mon Nov 29 23:37:30 1993 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Mon, 29 Nov 93 23:37:30 PST Subject: time to acknowledge, move on Message-ID: <9311300756.AA01323@ nextsrv.cas.muohio.EDU > OK, so the reputation of the list has been screwed up. So what? It is all just information, and we're here to explore how the metaphores the information represents evolve in cyberspace. As cheesy as that word has become, if memory serves right, one possible definition for cyberspace is a "consensually agreed upon metaphore for certain aspects of reality." I'm sure I will get corrected for that, and that is good- that's why I said it: to test my hypothesis. I think the coffee house metaphore makes sense, but we have to deal with the fact that this coffee house isn't exactly like normal coffee houses. You can't spoof a person, in person, in reality, short of incredible acting ability and plastic surgery. Real James Bond stuff. I think most of us believe that cyberspace can serve as a useful addition to reality, and some of us probably see it as a possible replacement for reality. One simply needs to know one MOO addict to believe that (an acquaintence of mine once spent 18 hours straight on-line.) So we're working out the kinks in the metaphore, and learning where the metaphore breaks down. So sometimes we get burned. So what!! By the way, some of us have built a metaphorical workshop onto the back of this metaphorical coffee house. Discussion is going reallly slowly right now, I think because most of use are really more software people than hardware people. Myself definately included. I laid the foundation for the workshop because I thought there was still a lot of hard information I could learn from the Cypherpunks, like how following this list turned my understanding of cryptography from virtually zilch to getting into an argument with someone from the NSA that I led into the mountains in one of my real-world personalities, a summer backpacking guide. He was freaked out to find that this outdoorsy guy understood public key cryptography, and had an opinion about the clipper chip. There's the main purpose of the list, right? To educate. It educated me, and it threw a real-world NSA employee for a loop. So, we've all been educated about spoofing, and the dangers inherent in the privacy we advocate. If I wasn't ready to have my views challenged, I wouldn't follow the list, and I certainly wouldn't post. Of anybody, we should understand that a name on the net is just a label. We have a certain assumed level of trust that label = real person. We're the ones that have been emphasizing that a public key can only be trusted if you trust a real person somewhere in the web of trust you build to verify it. We all knew that its elementary to spoof someone (or pseudospoof, I mean). We just assumed that no one would break our trust, do more than just a few harmless pranks. Oh my god, I here people shout, label != person? We deserve it. So, y'all, chill out. I think L.D. taught us all a BIG lesson that we can all take through the rest of our cyperspace lives (or metaverse lives, depending on one's jargon persuasion). The net isn't the real world. Stop pretending it is, and treat it as the net. -john ------------------------------------------------------------------------------ Insert cool signature file that makes a trendy, yet bold and original statement about my cyberspace proficiency, then mentions that I'll send you my public key if you want it, and you trust that I'm me. From ld231782 at longs.lance.colostate.edu Tue Nov 30 00:07:21 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 30 Nov 93 00:07:21 PST Subject: Eric Hughes Message-ID: <9311300804.AA14043@longs.lance.colostate.edu> Hello, I've been thinking that the GWELST (Guess Which Eminent Leader Said This) may be in poor taste and violate the privacy of a co-conspirator, the latter the #1 psychopunk crime. So, regarding the `There is no movement. Get this delusion out of your head. There is only software' quote, I won't say which Eminent Leader is the originator of this. I just wanted to share this inspirational message with everyone, hopefully no harm done. I had some other ideas for the GWELSTing game. As I said, I didn't have a whole lot of material for this, mostly due to the amazing rock-hard wall the Eminent Leaders have erected around certain topics, such as their own involvement in pseudospoofing conspiracies or quasi-criminal activities. Again, I wouldn't want to violate the privacy of a criminal, so I will just list this new inspirational quote without attribution, and let everyone here speculate on its author. The background behind this was that I had been concerned by leaks or `crossings' by tentacles of very personal knowledge of my personal habits and financial transactions -- something that likely could only have come from stealing my credit card report transactions. I was also concerned about an Eminent Leader's ties to credit organizations and credit databases. So, I asked in a message entitled `dirty secrets' -- `Have you ever poked around in a credit database?' The background on the other question was that I had heard references to a Secret Mailing list by both identified Medusa's Snakes and Medusa Sisters. The mailing list was supposedly for `project development' free of `paranoid ranters'! Well, if there was any overlap in `paranoid ranters' an tentacles, I would certainly like to sign up! I have been trying to find a single place on the Internet dedicated to project development and free of Cryptoanarchists, psychopunks, Medusa's snakes and sisters for many weeks now! Actually, I always thought that *this* list was dedicated to serious project development, but boy do I know better! It's a testing ground for Cryptoanarchist brainwashing and refining tentacle software of course. Anyway, the second question was -- `is there a secret mailing list?' * * * The $64K answer from the Eminent leader was rather terse and cryptic (ha, ha!), as he usually is. ``Your questions do not allow other than an incriminating answer.'' I asked him what he meant by that, I think, but he didn't elaborate. It's strange how none of the Eminent Leaders answers specifically any of my questions on various subjects like Pseudospoofing, Conspiracies, and Deception. The same leader, in response to a long list of my queries on the subjects, said `I deny it all'. Oh well. Maybe the list moderator and Cypherpunk movement founder E.Hughes (hughes at ah.com) would be the person to ask about infiltrating credit databases, a secret mailing list, pseudospoofing, conspiracies, and deception. Again, though, I won't reveal the Eminent Cypherpunk Leader who I quote to Protect Privacy. Just consider me a patriotic Cypherpunk to the end! From cman at caffeine.io.com Tue Nov 30 00:27:21 1993 From: cman at caffeine.io.com (Douglas Barnes) Date: Tue, 30 Nov 93 00:27:21 PST Subject: The REAL Conspiracy Message-ID: <199311300811.CAA01529@caffeine.caffeine.io.com> We at Illuminati Online have finally gotten to the bottom of l'affaire Detweiler. It began with the simple statement, "This moron is *everywhere*, no one person could be churning out all this fantastic babble of..." And then it hit us. Of course! The REAL Medusa is L.Detweiler and S.Boxx and The Executioner and The Pervert, a pseudopool with STRINGENT stylistic REQUIREMENTS about how to disrupt, discourage and defame cypherpunks. We're onto you now... even now, agents are converging on your secret headquarters... -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 447-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From analyst at netcom.com Tue Nov 30 01:27:21 1993 From: analyst at netcom.com (Benjamin McLemore) Date: Tue, 30 Nov 93 01:27:21 PST Subject: NSA Insecure Remailers? Message-ID: <199311300924.BAA26900@mail.netcom.com> I was thinking about remailer traffic analysis this evening and realized that everybody who has come into contact (i.e. received or sent email to a remailer) with a remailer is probably on an NSA list. Given the low volume of information on the Internet backbone, only 45 Mbits/sec, it is not hard to imagine that they at least perform routine traffic analysis looking for things like packets going to and from remailers (unless I'm missing something--please correct me). Encryption doesn't help here because the header info isn't encrypted. Given that most remailers are not randomly changing the sizes and delay times of incoming and outgoing traffic, this probably also allows someone like the NSA to correlate incoming and outgoing traffic and follow messages end-to-end (until they leave the NSA surveyed portions of the network, anyway). Given the magnitude of the traffic analysis problem (I estimate about 24 gigabytes/day of addressing info saved: 45 Mbits/sec,86400 sec, 5% of data is addressing), probably only the NSA and some defense agency we haven't yet heard of are actually performing this analysis right now. But given the declining price of storgae media, even saving everything on magnetic media and paying $1000/gig, it only costs about US$8.7 million to keep a year's worth of traffic headers around (media cost). So what? Well if Blacknet exists, it either means they are using something trickier than the anonymous remailers that I know about or they are going to be quickly washed up--at least if they do anything to run afoul of the big guys (or maybe they're just a trot line for unsuspecting cypherpunks?). I also don't know how much information you can get out of just header analysis--for example, would this allow tracing anonymous posters into Usenet newsgroups? I suppose there are still things that you can do in the presence of such surveillance to avoid detection: multiple remailer chains off of the main backbones for example--which I may not currently know about. I hope I have made some obvious errors that list readers can correct, but my assessment of the security provided by using anonymous remailers just dropped an order of magnitude. It sounds like I need to learn about mixes and DC-nets about now, which I presume are part of the solution to this dilemma? I have the dining cryptographers paper, could someone point me towards more info? Thanks. --------------------------------------------------------------------------- --- Benjamin McLemore analyst at netcom.com From ld231782 at longs.lance.colostate.edu Tue Nov 30 01:27:29 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 30 Nov 93 01:27:29 PST Subject: Eric Hughes & the Cypherpunks Movement Message-ID: <9311300924.AA15020@longs.lance.colostate.edu> There was an interesting article in RISKS 15.28x on pseudoanonymity by E.Hughes. Comments on pseudospoofing and pseudoanonymity by leading Cypherpunks are *extremely* rare, and we have to prize every one! I have asked many times and in many variations for more of these precious gold nuggets, but results have been unrewarding over the past few weeks. There has been a lot of commotion on the list lately on the subject of pseudospoofing, and maybe if the Eminent Leaders came out with a public statement on their personal knowledge, opinion, and involvement in pseudospoofing many people would be less upset, and the noise would die down! Just a hypothetical speculation, of course! They must have excellent reasons for withholding one for this long, even in the face of tremendous public and private pressure! (If anyone knows what those reasons are, could you tell me?) Anyway, on to this letter. The most interesting aspect of it is its brevity. Many interesting implications were raised in RISKS 15.25 and 15.27 about the cryptoanarchist movement in black marketeering, tax evasion, and sabotage of governments, and whether Cypherpunks == Cryptoanarchists. There was also insinuations of a secret mailing list, manipulation of others, widespread deception of the media and a massive hoax and conspiracy, a rampant pseudospoofing effort by the leadership behind the scenes, even involving customized software, a Cult Religion of Pseudoanonymity, etc. (You all know the black, sordid story!) Unfortunately, much to my disappointment, the Eminent Leader did not comment on any of these issues. But nevertheless I would like to analyze what little was available. The major point to make about this person is that everything he writes is extremely carefully crafted to have a precise, intended effect. I imagine that he spent a very large amount of time on this short posting, making sure that it did not contain any incriminating statements. It is a masterpiece of a deceptive and evasive message that supposedly appears to `set the record straight' while actually being completely, utterly empty of any true reassurances or denials. >L. Detweiler's recent article on the RISKS of confusing an online >identity with a potentially knowable physical one are quite >interesting, if hypothetical. Interesting the phrasing of `if hypothetical'. There is no indication of any personal knowledge of the veracity of any of the hypothetical situations. But! At the same time there is cleverly no statement in the form, `I am not aware of any' or `I can assure you that they do not exist' despite that this person would be in a position to issue a statement of this sort, and that exactly such a statement is what is called for. >I would be interested in hearing of situations where this practice >has actually occurred. If any RISKS members know of any such >incidents from first-hand experience, please share them with the >readership. This is another extremely clever method of evading any personal association, accountability, or responsibility for the issues raised. This eminent leader is personally aware of a massive pseudospoofing framework, namely his own, yet makes it appear he has no knowledge of any by requesting information from others. Quite ingenious! This was very similar to N.Szabo asking others for `pseudospoofing tools' and `posting sites'. The entire problem with pseudospoofing, of course, is that in the well-conceived cases only the practitioner has the kind of `first hand experience' the eminent leader requests. >Unfortunately, I think he really believes that the cypherpunks mailing >list has been dominated by a small cabal who have been using multiple >identities who talk with each other on the list in order to enforce >concensus and to suppress disagreeing positions, namely his. This is a clever method of (1) attempting to discredit L.Detweiler as someone who believes that all people who disagree with him are co-conspirators, and (2) not specifically mentioning those positions, and (3) reformulating the many issues of RISKS 15.25 which are extremely wide-encompassing, into a simple question of `a small cabal on the list' who `disagrees with L.Detweiler'. These are all quite ingenious ways of `begging the question' so to speak. >It just ain't so. Despite the exchange of probably over a hundred messages in my cypherpunk lifetime with this eminent leader, and reading dozens of his public postings, I've never seen this eminent leader use a colloquialism like `ain't' and its appearance, especially in this context, is quite curious! Notice how he doesn't actually state *what* isn't so, like `there is no cabal' or `I have no personal knowledge of anyone posting under fake identities.' Overall this is another meaningless statement that does not actually imply anything whatsoever. >Therefore, to set the record straight I feel I ought to make the >following public statement: Note that this statement below does not `set the record straight' on many of the issues raised, in particular the eminent leader's personal knowledge of pseudospoofing. >I, Eric Hughes, have never posted or communicated in any name other >than my own. Frankly, I think this is a baldfaced lie. The eminent leader would be implying, if it were to be taken literally and exactly, that he has never used the anon.penet.fi server or any account other than one with his name. What precisely does he *mean* by this statement? How are we to be sure? We need a direct answer to the question, ``What accounts have you posted from, and how were they identified?'' I have many examples of a Medusa claiming `I, Medusa, have never posted or mailed under any other name than Medusa.' This is because under the fanatic religion of pseudospoofing, the cultists actually maintain that the different `personalities' under the assorted `nyms' of a person actually constitute *different* *people*! This, of course, is a blasphemous abomination of the English language, warped to their own ends of deceit, very much like the use of the term `true anonymity' by N.Szabo or `pseudonym' by J.Gilmore. >I can personally testify that I am not the same as any >of the other people listed at the end of L. Detweiler's post, and I >can testify from personal experience that Arthur Chandler, Hal Finney, >Tim C. May, and Nick Szabo are all different people. This is an interesting statement. Again, I think it is a baldfaced lie. Notice that the eminent leader writes previously that `I have never communicated under any name other than Eric Hughes.' All of these statements would be superflous under that statement, if it were true. But he finds it necessary to be more specific, for some curious reason. The question in cyberspace is not about `people', but computer accounts, as in, `Have you ever posted a message from any of these accounts'? For example, if E.Hughes sent me mail that ``I have never been the originator of a message from the G.Broiles site goldenbear.com'' I would take that as authoritative. But he has never answered any of my questions in any specific form. Even questions like `How many pseudoanonymous identities are you using' he (and T.C.May) refuses to answer. >I also decline to answer, point by point, the numerous defamatory >innuendos made by L. Detweiler against the members of the cypherpunks >mailing list. Hee, hee, `defamatory innuendos' is a clever term. He does not actually point to any specific `defamatory innuendo' as defamatory! They are only defamatory if you can state they are false! Also, many of the comments are not directed at `members of the cypherpunks list' but at the *leadership*. But we have another ingenious diversion. The eminent leader implies that a `point by point' statement would be tedious and unjustified. I assure you, I would prize it beyond anything in my ~3,500 message collection of cypherpunk archives. > Might I also observe that none of the statements are >specific enough to actually count as accusation, but merely as general >slander? Another rather silly statement. Eminent leader E. Hughes, after many weeks of my trouble, has never answered *either* my `defamatory innuendoes' or my `specific accusations'. Imagine the sheer artillery that would be for your hordes of cultists who continue to assault me, Mr. Hughes! ``Mr. Hughes answered all your charges. Go to hell.'' * * * Why do I persist at this? Because the Cypherpunks wish to pretend that they are a respectable organization on the level of EFF or CPSR, with leaders on par with say, Barlow, Sobel, or Kapor or Godwin. The simple fact is that they are an obnoxious, arrogant, pathetic, repulsive bunch of cyber-guerrilas, pseudospoofers, and quasi-criminals who have no unity other than a Internet mailing list, which itself is used as a testbed for pseudospoofing perversions on unsuspecting and unwilling participants and cryptoanarchist disinformation and brainwashing. Oh, how I have given you the benefit of the doubt, and gone to great lengths to respect you! But your leaders are either undoubtedly corrupt or accomplices, with more interest in secret conspiracies, pseudoanonymity perversions, trust embezzlement, manipulation, and predation, privacy invasion, pornography, ego assuagement, elitist clique parties, and aquiring and dazzling their personality worshippers than anything substantial, such as Internet project development, that involves things upon which you urinate, like cooperation and openness. You cling to your elaborate fantasies with gripping white knuckles. Cypherpunks are blind to the ashes of their arson. `The Tyrant is not that bad!' `Hell is not such a bad place!' `Look how much we have accomplished'! You have nothing but gimmicks, trinkets and playthings, not a `foundation' but deadly quicksand traps. The only observation is that everything substantial accomplished by others you have done a great deal to simultaneously take credit for and maliciously sabotage, and everything you have accomplished is not substantial, and never will be, as long as you wallow in your gutter. But you are not content to wallow alone! You must drag the Current Internet and Future Cyberspace into your filth. I think that real leaders such as Zimmermann, Chaum, Card, and Sterling should have the sense to not only distance themselves but to condemn your parties of freakshow perversions. The cypherpunks list is a magnet for criminal apologists, moral relativists, libertarian extremists, demogogues, poseurs, and hypocrites. Frankly, I'm quite upset that respectable journals, like Wired, NYT, and RISKS have been subtly twisted and corrupted with the depraved Cypherpunk fantasies and lies. These knotty deceptions take an extraordinary amount of energy to untangle, and there is enough here to keep historians busy for decades. I'm grotesquely ashamed to have ever been associated with this sham, this mockery, this farce, that masquerades as a `group' or a `movement'. I have even lended credibility to tentacles by quoting them in my FAQs and in RISKS, oh how that makes me want to vomit. `Anonymity on the Internet' -- more like Disinformation, Brainwashing, and Lies by Tentacles. The cypherpunks list does not deserve to be advertised *anywhere* except as a dark pit to be avoided at all costs, the cypherpunks Movement is no more meaningful than graffiti spraypainted on a wall. It was only an infinitesimal whit better when it was just spread by word of mouth among the conspiring CA slime. Please, go back to your dark holes where you came from, and take your odious `movement' with you. Oh, what insidious despicable poison. From jkreznar at ininx.com Tue Nov 30 01:57:21 1993 From: jkreznar at ininx.com (John E. Kreznar) Date: Tue, 30 Nov 93 01:57:21 PST Subject: Encryption and the NII (fwd) In-Reply-To: <9311292042.AA26726@bsu-cs.bsu.edu> Message-ID: <9311300954.AA07804@ininx> -----BEGIN PGP SIGNED MESSAGE----- > Newsgroups: talk.politics.crypto,comp.org.eff.talk > From: kadie at cs.uiuc.edu (Carl M Kadie) > Subject: [NWU] "Encryption and the NII" > Organization: University of Illinois, Dept. of Comp. Sci., Urbana, IL > Date: Mon, 29 Nov 1993 18:38:50 GMT > [This is an excerpt from the Newsletter of The Political Issues > Committee of the National Writers Union (UAW Local 1981) Address > Correspondence to: Bob Chatelle, 296 Western Avenue, Cambridge MA > 02139 (617/497-7193). The full newsletter was posted to > alt.censorship. > (c) 1993 National Writers Union. Posted with permission from the > November 1993 issue of the PIC Newsletter, the journal of the > Political Issues Committee. All rights reserved to the authors. > Reproduction without permission is expressly prohibited, but requests > to repost articles on electronic systems serving writers are > encouraged. Send permission requests to Bob Chatelle, > kip at world.std.com -cmk] > Encryption and the NII, by Jenevra Georgini > ... This would provide a > digital "signature" (or perhaps "fingerprint" would be a > better term; signatures can be forged but private keys are > given to only one person). NO! She is not ``given'' the key. That would imply that it is known to someone else! She makes the key herself using tools provided for that purpose. This is a serious misconception. Public key encryption does not depend on any ``authority'' for issuing keys. She is the only one anywhere who need know the key. Please correct this misconception in your mind and others with whom you discuss the subject. It can cause public key encryption to become identified in people's minds with hierarchical authority, which it emphatically is not. The author takes control of her own privacy and need not rely on anyone else to maintain it. > Of course, the larger and more powerful government > machines can crack any private citizens (sic) 140-digit code in a > day. Why then would a ``private citizen'' limit herself to 140 digits? The software is readily available for her to use a key large enough that cracking it is not feasible even by government. > -- > Carl Kadie -- I do not represent any organization; this is just me. > = kadie at cs.uiuc.edu = John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLPsXl8Dhz44ugybJAQHfuAQArB99cSIYkrOmzNEUKzJlCSrY9BJiZ/VC yIVaVrjwLDBrbgdgYRNaV86mNJ0WLs7XLcui5dO6IHrRRAF5bcsB8TZsHUfY8M0g 1uEG8eriMrVsM1RprSEG769aHHiWhTn1jFELwlOFbdKvGqhDuYmpk0XoevsSDQ9J Kki7N0jiaLM= =1d/v -----END PGP SIGNATURE----- From ld231782 at longs.lance.colostate.edu Tue Nov 30 02:17:26 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 30 Nov 93 02:17:26 PST Subject: a correction Message-ID: <9311301016.AA15651@longs.lance.colostate.edu> I wrote: > [The `Movement'] was only an infinitesimal whit better when it was just >spread by word of mouth among the conspiring CA slime. By `better' I meant -- `less evil' From m5 at vail.tivoli.com Tue Nov 30 05:47:28 1993 From: m5 at vail.tivoli.com (Mike McNally) Date: Tue, 30 Nov 93 05:47:28 PST Subject: Cryptosplit 2.0 In-Reply-To: <199311300256.AA05265@misc.glarp.com> Message-ID: <9311301342.AA25298@vail.tivoli.com> Brad Huntting writes: > If I remember coorectly it's KerberosV uses an MD5 hash of /dev/mem. > > Still, probably not 128 bits worth of entropy. Gee, that seems pretty amazing. On a typical workstation, there's a heck of a lot going on; in the megabytes of data in /dev/mem I'd think it quite unlikely that there's a practical way to predict or recreate a configuration. Then again, I could be wrong. I also wonder how, if the above is true, one can really get 128 bits of entropy from keyboard timing (especially from a small number of keypresses). -- Mike McNally : m5 at tivoli.com : Day Laborer : Tivoli Systems : Austin, TX ------------------------------------------------------------------------ Remember that all experimentation does not produce extrapolated results. - k. pisichko From koontzd at lrcs.loral.com Tue Nov 30 07:37:49 1993 From: koontzd at lrcs.loral.com (David Koontz ) Date: Tue, 30 Nov 93 07:37:49 PST Subject: Eric Hughes & the Cypherpunks Movement Message-ID: <9311301533.AA06498@io.lrcs.loral.com> >I'm grotesquely ashamed to have ever been associated with this sham, >this mockery, this farce, that masquerades as a `group' or a >`movement'. I have even lended credibility to tentacles by quoting them >in my FAQs and in RISKS, oh how that makes me want to vomit. `Anonymity >on the Internet' -- more like Disinformation, Brainwashing, and Lies by >Tentacles. The cypherpunks list does not deserve to be advertised >*anywhere* except as a dark pit to be avoided at all costs, the >cypherpunks Movement is no more meaningful than graffiti spraypainted >on a wall. It was only an infinitesimal whit better when it was just >spread by word of mouth among the conspiring CA slime. Please, go back >to your dark holes where you came from, and take your odious `movement' >with you. Oh, what insidious despicable poison. (In your best N.E. accent) "ahll righht, who faarted?!" From mnemonic at eff.org Tue Nov 30 08:47:45 1993 From: mnemonic at eff.org (Mike Godwin) Date: Tue, 30 Nov 93 08:47:45 PST Subject: Knights who say NII (was Crypto(A), govt & NII) In-Reply-To: <9311300339.AA01336@smds.com> Message-ID: <199311301642.LAA28431@eff.org> Steve Witham writes: > Giving the government savvy advice, telling them they should do whatever > will promote, say, competition or open forums...what effects will these > have? They may provide justifications, expertise and targeting info > for interventions, for instance. New ways to get involved... The government is already tempted to get involved, all the time. We can't make the government go away by resolving that it would be nice if they weren't around. Best to work from where we are, not where we'd like to be. > I can't think of one positive thing (as opposed to the negative thing, > disengagement) government can contribute to the goals of EFF. Government is not the only potential source of harm--private industry can be plenty harmful. > The government can stop all the things it does that produce > centralization (it produces centralized capitalists, for instance), > but the most centralized organization in the world as the > decentralist's tool or ally doesn't seem workable to me. The > means clashes against the ends. I don't see how. One actually can use a weapon to keep the peace, for example. > Telling a bull that he should make whatever > positive contributions he can to the china shop...is worse than just > not mentioning that there are none. I think you're reasoning from your conclusions here, not toward them. What's more, government ain't the only bull in this shop. --Mike From huntting at glarp.com Tue Nov 30 09:32:12 1993 From: huntting at glarp.com (Brad Huntting) Date: Tue, 30 Nov 93 09:32:12 PST Subject: Cryptosplit 2.0 In-Reply-To: <9311301342.AA25298@vail.tivoli.com> Message-ID: <199311301731.AA06857@misc.glarp.com> Brad Huntting writes: > If I remember coorectly it's KerberosV uses an MD5 hash of /dev/mem. > > Still, probably not 128 bits worth of entropy. Mike responds: > Gee, that seems pretty amazing. On a typical workstation, there's a > heck of a lot going on; in the megabytes of data in /dev/mem I'd think > it quite unlikely that there's a practical way to predict or recreate > a configuration. Well, Assuming I was just creating a key and not doing something else at the same time, it would be pretty easy to predict what processes were running. It has about 6000 pages of physical memory. >From knowing what processes are running, you could probably narrow down the pages they would have in memory to at most half again that number. This gives you mabey 9000 choose 6000 posiblilitys for what process memory looks like. That gives about exp(3000*ln(7000)) or 2^37k posiblilities... I suppose that is more than 128 bits. So if you cant predict which pages will land where in memory (which may be a false assumption), this is probably a good method for getting a random number on a unix box. brad From m5 at vail.tivoli.com Tue Nov 30 10:12:25 1993 From: m5 at vail.tivoli.com (Mike McNally) Date: Tue, 30 Nov 93 10:12:25 PST Subject: Cryptosplit 2.0 In-Reply-To: <199311301731.AA06857@misc.glarp.com> Message-ID: <9311301808.AA29578@vail.tivoli.com> Brad Huntting writes: > > Still, probably not 128 bits worth of entropy. > > Mike responds: > > Gee, that seems pretty amazing. > > Well, Assuming I was just creating a key and not doing something > else at the same time, it would be pretty easy to predict what > processes were running... I guess that's what I consider the amazing part. Right now, I'm sending mail via emacs. I'm doing a big "make" in another window (oh, it just finished). I've got a FrameMaker session up. I've got a bug tracking database up. I've got 4 local xterms and three rlogged in to other systems. I've got the Sun calendar tool running, and a Lucid emacs window from another host. I've got my own dynamic X root window toy running. I've got Tivoli's product up, I think, and some other people are doing unknown things through that as part of a test cycle. (Yes, this ELC is maxed out.) Given all that, it's hard for me to believe that some nefarious party could be tracking system state thoroughly enough to be able to reconstruct the contents of /dev/mem at any given time. Of course, I could be thinking non-rigorously. I suppose that, strictly speaking, the blizzard of activity on my workstation gives me no *real* protection. Seems odd, but I guess I really can't make that call. -- Mike McNally : m5 at tivoli.com : Day Laborer : Tivoli Systems : Austin, TX ------------------------------------------------------------------------ Remember that all experimentation does not produce extrapolated results. - k. pisichko From nowhere at bsu-cs.bsu.edu Tue Nov 30 10:31:30 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Tue, 30 Nov 93 10:31:30 PST Subject: Chaos Communications Congress 1993 (fwd) Message-ID: <9311301828.AA00219@bsu-cs.bsu.edu> From: bkr at drdhh.hanse.de (Bjoern Kriews) Newsgroups: comp.org.eff.talk,comp.security.misc Subject: Chaos Communication Congress 1993 Date: 26 Nov 1993 08:10:08 +0100 Organization: Digital Island Message-ID: NNTP-Posting-Host: drdhh.hanse.de [Sorry for crossposting this to so many groups - last year I received complaints that people didn't find the announcement] "Ten years after Orwell" 10th Chaos Communication Congress, Hamburg, Germany The Chaos Computer Club invites the global community to participate in the Chaos Communication Congress in Hamburg and celebrates the tenth anniversary of this convention. This hackers' meeting, taking place annually at the end of December, has become a traditional event which is characterized by a colorful mixture of absolute chaos, serious discussion and detailed presentation. Computer enthusiasts, scientists from well-known institutions, lawyers, politicians, artists and, of course, hackers as well as data-travellers and Internauts from many countries are going to meet at the 'Eidelstedter Buergerhaus' on December 27th-29th for an interdisciplinary exchange of data and other experience. Not only concentrating on technical topics, political and social issues will be focal points of discussion this year. After ten years of creative future concepts the time has come to look for achieved goals and new visions for the future. This year's list of topics: The so-called "great peep attack" (a proposed law reform allowing state authorities to listen in, even in private rooms, in order to fight organized crime) affects every german citizen and is considered one of the most important issues of the year. - What is technically possible? - What is planned and/or wanted politically? - How do the right of privacy and ban of encryption software fit together? Well-informed speakers talk about state-of-the-art technology and legal limits. Public discussion forums invite you to form your own opinion. Money always serves for interesting talk: - How can we improve Electronic Cash? - How to print your own money - How to wash it if it's dirty - How to open electronic cash machines without damaging them It's up to you to add to this list... Hardly noticed by the public, the female part of the hacker scene is growing. Female hackers' activities have become a regular part of the congress, the workshop on feminine computer handling is one of the key events. For the first time, there will be a Women Only room with lots of equipment to try out, opportunity to ask and learn as well as to discuss and create. Other highlights: Discussions and workshops on - citizen networks and electronic democracy - ISDN, MODACOM (german mobile radio data network) and Beepers - Bluebox versus Telekom - Electronic Warfare - Chip- and other cards - inventory differences - underground radio stations - Computer recycling - lockpicking - MIME and *ostscript viruses - copyright law and the GNU generation. Furthermore: the Hackcenter, the Chaos Cafe, the Chaos Archive, the movie theatre (among others: educational propaganda films by the former East German Ministry of State Security), a Zerberus BBS, the Internet-FreePort and lots of other things we forgot to mention. Feel free to contribute more interesting topics, workshops or presentations. Anyway, the hottest news for computer enthusiasts and hackers will be those you won't find in the press. What: 10th Chaos Communication Congress When: December 27th - 29th 1993 Cost: DM 42,- Three-day-ticket Where: Eidelstedter Buergerhaus Alte Elbgaustr. 12 D-22523 Hamburg +49-40-5710523 Contact: Chaos Computer Club Schwenckestr. 85 D-20255 Hamburg Germany Phone: +49-40-4903757 Fax: +49-40-4917689 E-Mail: ccc93 at t42.ccc.de Press contact: Phone: +49-161-2447146 (european afternoon, please) For reservations in an inexpensive hotel (approx. DM 30,-/night), mail to: sleep at drdhh.hanse.de #!/bin/thanks to P. Kane for the word 'InterNaut'. -- bkr at drdhh.hanse.de - Bjoern Kriews - Stormsweg 6 - D-22085 Hamburg [76] - FRG By definition, a properly functioning kernel doesn't allow user programs to make it crash unless they say "please". (Richard Stallman) From nowhere at bsu-cs.bsu.edu Tue Nov 30 10:32:11 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Tue, 30 Nov 93 10:32:11 PST Subject: EFF Op-Ed from the NY Times Message-ID: <9311301832.AA00396@bsu-cs.bsu.edu> From: mech at eff.org (Stanton McCandlish) Newsgroups: comp.org.eff.talk Subject: EFF Op-Ed from the NY Times Date: 30 Nov 1993 11:38:52 -0500 Organization: EFF mail-news gateway Message-ID: <199311301632.LAA28210 at eff.org> NNTP-Posting-Host: eff.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit >From the New York Times Op-Ed Page, Wednesday, November 24, 1993 A Superhighway Through the Wasteland? By Mitchell Kapor and Jerry Berman Mitchell Kapor is chairman of the Electronic Frontier Foundation, a nonprofit group that promotes civil liberties in digital media. He was a founder of the Lotus Development Corporation, from which he resigned in 1986. Jerry Berman is executive director of the foundation. (Washington) Telecommunications and cable TV executives, seeking to allay concerns over their proposed megamergers, insist that the coming electronic superhighway will be an educational and informational tool as well as a cornucopia of interactive entertainment. Allow the marriage between entertainment and communications giants, we are told, and they will connect students with learning resources, provide a forum for political discourse, increase economic competitiveness and speed us into the multimedia information age. Both broadcast and cable TV were introduced with similar fanfare. The results have been disappointing. Because of regulatory failure and the limits of the technology, they failed to be saviors of education or political life. We love the tube but recognize that it is largely a cultural wasteland. For the Government to break this cycle of promise and disappointment, communications mergers should be approved or barred based on detailed, enforceable commitments that the electronic superhighway will meet public goals. The amount of electronic material the superhighway can carry is dizzying compared to the relatively narrow range of broadcast TV and the limited number of cable channels. Properly constructed and regulated, it could be open to all who wish to speak, publish and communicate. None of the interactive services will be possible, however, if we have an eight-lane data superhighway rushing into every home and only a narrow footpath coming back out. Instead of settling for a multimedia version of the same entertainment that is increasingly dissatisfying on today's TV, we need a superhighway that encourages the production and distribution of a broader, more diverse range of programming. The superhighway should be required to provide so-called open platform services. In today's channel-based cable TV system, program producers must negotiate for channel space with cable companies around the country. In an open platform network, we would avoid that bottleneck. Every person would have access to the entire superhighway, so programmers could distribute information directly to consumers. Consumers would become producers: individuals and small organizations could create and distribute programs to anyone on the highway who wants them. Open platform services will spur diversity in the electronic media, just as low production and distribution costs make possible a wide variety of newspapers and magazines. To prevent abuses by media giants that because of recent Federal court decisions will control the pipeline into the home and much of the content delivered over it, we need new laws. Like today's phone companies, the companies controlling the superhighway must be required to carry other programmers' content, just as phone companies must provide service to anyone who is willing to pay for it. We must guarantee that anyone who, say, wants to start an alternative news network or a forum for political discussion is given an outlet to do so. Americans will come to depend on the superhighway even more than they need the telephone. The guarantee of universal telephone service must be expanded to include universal access to the superhighway. Although market forces will help keep the new technology affordable, we need laws to protect consumers when competition fails. And because several companies will operate the highway, each must be required to interconnect with the others. Likewise, the new computers that will give us access to the superhighway should be built according to commonly accepted standards. Also, even an open, competitive market will leave out organizations with limited resources such as schools and libraries. To compensate for market oversights, we must insure that money -- whether through Federal support or a tax on the companies that will control the superhighway -- is made available to these institutions. Finally, people won't use the new technology unless they feel that their privacy is protected. Technical means, such as recently developed encryption techniques, must be made available to all users. And clear legal guidelines for individual control over access to and reuse of personal information must be established. Companies that sell entertainment services will have a record of what their customers' interests are; these records must remain confidential. Bell Atlantic, T.C.I., Time-Warner, U.S. West and other companies involved in proposed mergers have promised to allow the public full access to the superhighway. But they are asking policy makers to trust that, profits aside, they will use their new positions for the public good. Rather than opposing mergers or blindly trusting competition to shape the data highways, Congress should make the mergers hinge on detailed commitments to provide affordable services to all Americans. Some legislators, led by Representative Ed Markey, Democrat of Massachusetts, are working to enact similar requirements; these efforts deserve support. The best approach would be to amend these requirements to the Communications Act of 1934. Still the central law on open access, an updated Communications Act would codify the terms of a new social contract between the the telecommunications industry and the American people. Copyright 1993 The New York Times Company From lcypher at cypher.com Tue Nov 30 10:37:42 1993 From: lcypher at cypher.com (Louis Cypher) Date: Tue, 30 Nov 93 10:37:42 PST Subject: Unsubscribe Message-ID: <9311301213.aa08550@zero.cypher.com> Please unsubscribe me. It was ok when I owned my own system, but now that I sold it, I cannot keep up with all the traffic. It was fun. From nowhere at bsu-cs.bsu.edu Tue Nov 30 10:37:43 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Tue, 30 Nov 93 10:37:43 PST Subject: WiReD has a gopher (and its name was...) Message-ID: <9311301835.AA00579@bsu-cs.bsu.edu> Newsgroups: comp.org.eff.talk,alt.wired From: kadie at cs.uiuc.edu (Carl M Kadie) Subject: Wired Magazine's gopher Message-ID: Organization: University of Illinois, Dept. of Comp. Sci., Urbana, IL Date: Tue, 30 Nov 1993 17:06:46 GMT Wired Magazine has a gopher. It includes many articles. Try gopher gopher.wired.edu I've also added it to the CAF whatsnew server. Try gopher gopher.eff.org 5070 - Carl ANNOTATED REFERENCES (All these documents are available on-line. Access information follows.) ================= admin/access ================= Information on how to access one computer medium via another: access anonymous ftp via email, access gopher via email, access gopher via telnet, read netnews via gopher, read netnews via telnet, write netnews via email, ftp via gopher. ================= admin/whatsnewd ================= * Code for and description of "whatsnewd" (v. 0.42) (Connect your Gopher to "gopher.eff.org", port "5070" to play with it.) It is a gopher-protocol server. What it does: When a user gives a date (e.g. "1 day ago") or enters a dated bookmark (generated by a previous query), he or she gets a gopher menu of the gopher items that are new or changed since that date. ================= ================= If you have gopher, you can browse the CAF archive with the command gopher gopher.eff.org These document(s) are also available by anonymous ftp (the preferred method) and by email. To get the file(s) via ftp, do an anonymous ftp to ftp.eff.org (192.77.172.4), and get file(s): pub/academic/admin/access pub/academic/admin/whatsnewd To get the file(s) by email, send email to archive-server at eff.org. Include the line(s) (be sure to include the space before the file name): send acad-freedom/admin access send acad-freedom/admin whatsnewd -- Carl Kadie -- I do not represent any organization; this is just me. = kadie at cs.uiuc.edu = From hughes at ah.com Tue Nov 30 10:47:42 1993 From: hughes at ah.com (Eric Hughes) Date: Tue, 30 Nov 93 10:47:42 PST Subject: Banning any subscriber In-Reply-To: <199311280747.XAA15002@mail.netcom.com> Message-ID: <9311301837.AA09077@ah.com> >> [...] none have ever >> been implemented in software, except for killfiles, which are not >> effective against disruption in an anonymous environment. >Actually, I disagree. The Extropians list has an "::include" command >that can be used to specifically include only certain thread or >certain users (or any combination). I know for a fact that Dean >Tribble and Paul Baclace are doing an "::exclude all" and then a >selective "::include foo" to include certain threads and/or authors. >I would call this a classic example of a positive reputation system. It's a positive reputation system (+RS), albeit primitive, but the reputation system (RS) as such is not in software but rather in the minds of those who must explicitly include what they want to see. What the extropians list sofware (ELS) is in this case, as software, is an information system that can support a +RS, but not that system itself. The distinction is fine, and not always easy to see. Now I was careful not to claim that RS's had never been implemented, but rather never implemented in software. The ELS is almost a +RS, but not completely so. A +RS must have a database of objects (people, threads, topics, lists, etc.) to be sure, and some sort of statement about preferences about these objects, but database is not per se the +RS. The key that distinguishes an information system from a RS are the rules of inference which connect the _preferences_ in the database to _actions_ on the objects of the data. The ELS does not contain preferences at all but rather directly stores the actions on the objects. The connections between the preferences and the actions are in the minds of the users of the ELS. One can argue that the actions themselves represent the preferences, but this is an argument to justify an existing design. Ontologically ("what it is") preferences about objects and actions on objects are different things; my attitude toward something is different than what action I take toward it, although these may have been less distinguishable when I was, say, fifteen. Eric From pmetzger at lehman.com Tue Nov 30 10:52:41 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 30 Nov 93 10:52:41 PST Subject: Cryptosplit 2.0 In-Reply-To: <199311301731.AA06857@misc.glarp.com> Message-ID: <9311301850.AA05810@snark.lehman.com> Brad Huntting says: > So if you cant predict which pages will land where in memory (which > may be a false assumption), this is probably a good method for > getting a random number on a unix box. It might be a decent way to get *A* random number, but if you start milking this source too frequently you will likely start getting more and more correlation. Myself, I'm still in search of a decent, inexpensive, high-quality source for random numbers, and only hardware will REALLY do. Perry From tcmay at netcom.com Tue Nov 30 11:17:42 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 30 Nov 93 11:17:42 PST Subject: Statistics of Low-Order Bits in Images Message-ID: <199311301914.LAA27327@mail.netcom.com> Several folks have recently mentioned the need to carefully look at the statistics/distributions of bit values in the low-order bits (least-significant bits, LSBs) of real-world images intended for steganographic use. I concur. This problem interests me. Material from Li and Vitanyi's "An Introduction to Kolmogorov Complexity and Its Applications," 1993, bears directly on the issues of "picture distance" and how much one can change an image before it's recognizably "different" or before filter programs can detect the presence (or absence) of characteristic structure in images. In this little article I'll be making some general points and reasoning informally about image statistics, picture distances, and the like. There's no doubt a more rigorous way to reason about these statistical properties, using sigmas and summations and Central Limit Theorems and the like, but I'm not that much of a real mathematician to be bothered with that. C'est la vie. Several points: 1. Probably not a pressing concern, yet. I expect few sites have LSB-analyzers, just as few folks are using LSB stegonagraphy. 2. Romana Machado's "Stego" program for the Mac is interesting, and may be useful, but it makes almost no effort to hide the _existence_ of the message bits, e.g., anyone with a copy of Stego can apply it to an image and recover the plaintext or ciphertext. (I mean in contrast to some of the schemes which require a copy of the original image, a kind of one-time pad approach, in which one XORs or subtracts the original image to see the "differences" in the LSBs--a cryptanalyst without the "reference" image is unable to extract any bits for further analysis.) (I suggest we keep these two models in mind. Proposal for jargon: "Type 1 Stego": No reference model needed: message bits are just the specified bits, e.g., LSB, or larger low-order bits. "Type 2 Stego": a reference model--an image or DAT or whatever--is needed to XOR with message to recover the plaintext or ciphertext (if more encryption was used originally).) 3. With fairly noisy 8-bit images, such as might be gotten by frame-grabbing a video image under poor lighting or focus conditions, my experiences at Intel (I ran an image processing lab, for electron microscope analyis of microprocessors) tells me that the lowest _several_ bits of each pixel are "noisy." Very noisy. The bottom bit is "almost purely noise" (also a dangerous term!). But I agree that more recent images need to be looked at and the statistics analyzed. Still, I suspect the bottom bit, the LSB, will be found to have Gaussian noise characteristics. Note also that images are often run through filters, as in PhotoShop, which can give Gaussian characteristics where before there were none. 4. Can "image analyzers" in the hands of border security/law enforcement be used to proseute holders of images that have such white noise characteristics in the LSBs? I doubt it. I interject this point here because an important long-term issue for stego is whether the "Crypto Authority" (resonance with Gibson's "Turing Authority") can make such images ipso facto illegal. I suspect this is hopeless, both because many images have these characteristics and because many people will massage their images to be this way, regardless of original camera-CCD characteristics. 5. All of these arguments apply to the LSBs in DATs. Ambient room noise, noise in microphones, thermal noise in the electronics, etc., all contributes to there being almost no "signal" in the LSB of a 16-bit CD or DAT sample of music. (There are anecdotal reports of people being able to hear effects here, and different noise-shaping filters may have audible effects at least some of the time. So, I do agree that these statistics ought to be looked at, eventually. Some of my audio magazines have articles on this, which I'll try to look at soon.) 6. Here's a strategy which may work OK even if the statistical patterns of the LSBs are not "completely random" (a dangerous term, of course). - take a plaintext or ciphertext and compress it with a good compressor (L-Z may not be enough to wring out all the structure and raise the entropy to the full 8 bits per character, for ASCII). A good encryption of the text should of course produce high entropy. - XOR the compressed (high entropy) text with the LSBs of the image. - the resulting LSBs should have _similar statistics_ as compared with the original image. "Noise" has been added, but no knew structure has been added. Consider a couple of examples to see this: Original image (in bits) : 1 0 1 0 1 1 0 1 1 0 1 0 1 0 1 1 1 1 0 1 Random 1s and Os: 1 1 0 0 1 0 1 0 1 0 0 0 1 1 1 0 1 0 1 0 Resultant Image (XOR): 0 1 1 0 0 1 1 1 0 0 1 0 0 1 0 1 0 1 1 1 (Another example: If one toggles all the bits in a binary image, the "Hamming distance" between the images is maximal, and yet the "picture distance" is very small, i.e., the images look nearly the same. The picture distance being small means the structure is the same, even though the Hamming distance is, by definition, the greatest it can be. This provides a powerful clue that there is a "lot of room" to manipulate images so as to pack bits into this "Hamming space" while still keeping the resulting pictures in a "tiny picture space volume.") Well, this is of coure not a proof, but gives a feel for why XORing with a high entropy image will not _add_ structure. However, it can certainly _remove_ structure! Which takes us back to the original issue of the statistics (structure) of the LSBs of images. If in fact there were "clumps" of 1s and 0s, "ridges" and "valleys" caused by camera/CCD characteristics, then XORing the LSB image with a "random" image will demolish this structure. This is nothing more than the role of the one-time pad....to remove structure but allow its immediate reconstruction on the other end. At least in this case one does not have to worry about the ciphertext _adding_ unwanted structure, only that it may _remove_ structure already present in the image (and perhaps "typical" of images not carrying stego bits). 7. A better approach may be to take two very similar images, perhaps successive frame grabs with the same camera/digitizer, and use the statistics of the LSBs directly as part of the "one-time pad" above (Type 2 Stego). This could be used to give the LSBs the same "structure" (ridges and valleys of pixel values, for example) as a "real image" but without leaking message bits. (More work needed here.) (I apologize for any vagueness here. Partly it is that I haven't worked this out completely. Partly it is the lack of a blackboard to draw pictures on--verbal descriptions get confusing after a while. And partly it is that this message is already too long and I want to wrap it up.) 8. None of this subtlety really matters too much, I suspect. An image or DAT contains _so much room_ for stego bits that the problem of finding a tiny fraction of message bits in megabytes or hundreds of megabytes (DATs) of noisy source material seems well beyond current crunch capabilties. Perhaps images being sent to some sensitive location could be given a quick analysis to see if the LSBs are "too regular," but even this I doubt. And at least the XOR method described above won't introduce new structure....at worst the images or DATs would appear to be "too random." Perhaps we need to paraphrase Eric's line: "Use a random image, go to jail." --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From wizard at Think.COM Tue Nov 30 11:27:59 1993 From: wizard at Think.COM (Paul Gilberti) Date: Tue, 30 Nov 93 11:27:59 PST Subject: Unsubscribe Message-ID: <9311301923.AA24726@quicksilver.think.com> Please unsubscribe me. I really thought that this list was for serious discussion of crypto technology/news. Instead, I'm just tired of weeding through my mail of immature postings of posters who are afraid to post under their own names (DL), and all the traffic regarding the censorship of the same. From baumbach at atmel.com Tue Nov 30 11:52:13 1993 From: baumbach at atmel.com (Peter Baumbach) Date: Tue, 30 Nov 93 11:52:13 PST Subject: democracy and L. Detweiler Message-ID: <9311301915.AA24188@eel.chp.atmel.com> L. Detweiler is a champion of democracy. He has argued strongly for it here on this forum. I am not a supporter of democracy. A crowd of people has no greater rights than one person. L. Detweiler disagrees with this. I shall confront this disagreement with an example that strikes to its core. I propose a vote. This vote will have no time limit. If at any point you wish to change your vote you are free do so. This vote is non-binding on those who do not support democracy. This vote will be conducted publicly on this list. ======================================================================= VOTE: Proposition desist L. Detweiler will cease posting to the cypherpunks mailing list. He will no longer concern himself with the activities of those on the cypherpunks mailing list here or on any other forum. [I support]/[I Do not support] ======================================================================= L. Detweiler will be the only judge of the results of this vote. If he believes a majority of unique individuals carry this proposal one way or another, then by his honor and support for democracy he is bound by it. If he recants his support for democracy, then he is not bound by it. ------------------ I shall cast my vote here: I support Proposition desist. Peter Baumbach baumbach at atmel.com From ravage at wixer.bga.com Tue Nov 30 12:07:43 1993 From: ravage at wixer.bga.com (Jim choate) Date: Tue, 30 Nov 93 12:07:43 PST Subject: Statistics of Low-Order Bits in Images In-Reply-To: <199311301914.LAA27327@mail.netcom.com> Message-ID: <9311301953.AA26009@wixer> Some other factors one needs to consider when analyzing images are: * The lsb is going to be random if the image comes from any kind of a/d process. This is because all convertors have a error of +/- 1 bit. * If an image is processed by software then the last significant bit will be on or off consistantly for a given color. * By the use of exlusive-or operators it is possible to mask the data in a suitable manner. This does require that both sender and reciever have a copy or method of calculating the correct key. The process as I understand it now to use a graphical concealment cypher is: 1. Both parties agree a priori on at least a way to generate suitable keys for masking. 2. You take your message and x-or it with a suitable bit stream. 3. The resultant x-or bit stream is placed in the image as the lsb. 4. Upon receipt, you strip out the x-or bit stream. 5. Generate the appropriate key and use exclusive-or to return the data stream. The real question is how do you generate keys? I see a method using the data bit stream itself as part of the answer. The algorithm would look at some parameter like character statistics or entropy of a text. It would look at the data stream and calculate its value. Then the hard part is to try various bit streams and measure their x-or value. The process is similar to Newtons Iterative Method for finding roots of polynomials. From mg5n+ at andrew.cmu.edu Tue Nov 30 12:32:23 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 30 Nov 93 12:32:23 PST Subject: Crypto-dongle protocols? In-Reply-To: <9311300401.AA01443@smds.com> Message-ID: > I know there was talk of making little crypto > boxes that attach to the back of bigger computers. > "Crypto-dongles," they were called. Did anyone > go and build one? Did anyone think up a protocol > for talking to one? > > It occurs to me that pocket computers like the > Psion might make nice crypto-dongles, especially > for people who use Unix for mail. The little > computer could show you the text you were > signing or that it had decrypted. > All safe from Unix hacks--but is there a good protocol? This is being discussed on the hardware list, you might want to forward this topic there instead. From tcmay at netcom.com Tue Nov 30 12:37:49 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 30 Nov 93 12:37:49 PST Subject: Statistics of Low-Order Bits in Images In-Reply-To: <9311301953.AA26009@wixer> Message-ID: <199311302036.MAA09515@mail.netcom.com> Jim Choate writes: > Some other factors one needs to consider when analyzing images are: > > * The lsb is going to be random if the image comes from any kind of a/d > process. This is because all convertors have a error of +/- 1 bit. Nope. Not true. Some ADCs digitize with _more_ than the final resolution and then do rounding or noise-shaping. And ADCs even at the LSB can still have structure caused by other things, such as the image itself (a binary image with thresholding will have the "LSB" certainly not random noise! Q.E.D., by induction.) This can give the LSBs in the final product (image, DAT, CD) nonrandom noise characteristics. This is what we're talking about. > * If an image is processed by software then the last significant bit will be > on or off consistantly for a given color. Huh? What if the "processing" is "do nothing"? Why will LSBs be changed consistently? I must be misunderstanding your statement. > * By the use of exlusive-or operators it is possible to mask the data in a > suitable manner. This does require that both sender and reciever have a > copy or method of calculating the correct key. Key generation and sharing (if necessary) is separate from the stego issues. > The real question is how do you generate keys? In various ways, depending on what you're doing. Separate from the main analysis of stego and image statistics/ --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From paul at poboy.b17c.ingr.com Tue Nov 30 12:42:21 1993 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Tue, 30 Nov 93 12:42:21 PST Subject: Statistics of Low-Order Bits in Images In-Reply-To: <9311301953.AA26009@wixer> Message-ID: <199311302040.AA03048@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- > The real question is how do you generate keys? You use a known source of material. For example, here's one way you could easily distribute messages to a wide audience using off-the-shelf tools. 1. Buy one of the many porno CD-ROMs. Pick one which is fairly widespread and to which your source will also have access (i.e. if you're in Denmark, don't choose a child porno CD to communicate with someone in the US.) Of course, audio or other types of data CDs will work here too. 2. Make _prearranged_ changes to your source file: convert JPEG->GIF, or apply a Gaussian blur- whatever suits your fancy. 3. XOR in your message text. 4. Post to Usenet, indicating the source of the materials (i.e. "This picture came from `Girls of The Rural South, vol 1'" or "Audio sampled from Michael Jackson's _Dangerous_") Step 1 insures that your recipient will have access to the same source material. Step 2 helps mask your message by introducing _other_ differences between the step 1 source and the transmitted message. Step 4 gives you an easy, safe, distributed transmission medium. Repeat as necessary. - -Paul - -- Paul Robichaux, KD4JZG | "Violence on TV? Why can't it be on CSPAN?" Intergraph Federal Systems | - Clayton Cramer, cramer at optilink.com Not speaking for Intergraph | Be a cryptography user. Ask me how. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLPuvliA78To+806NAQHinwQAjYCOz85KnpG49G5wat6bUew1TQHVhB9B YatgH2aBDhxADDNVB2f9V2ozs/t35grX3zkwKbB3yWcxAHjIoJg2vuKP8CrHrqZ9 Q7NJlbRUQczZLGoUi8S3jO35a6cyABDofTydmhsSj/Si6vgBRoit2reDA/Agkt3X Y1r4Qv7Dbzs= =8GwG -----END PGP SIGNATURE----- From an48848 at anon.penet.fi Tue Nov 30 13:57:48 1993 From: an48848 at anon.penet.fi (an48848 at anon.penet.fi) Date: Tue, 30 Nov 93 13:57:48 PST Subject: Who is this Detweiler guy anyway? Message-ID: <9311302154.AA23084@anon.penet.fi> As a fairly recent addition to this list, I'm unfamilliar with the history of cypherpunks. Can anyone enlighten me? Thanks. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From m5 at vail.tivoli.com Tue Nov 30 14:32:18 1993 From: m5 at vail.tivoli.com (Mike McNally) Date: Tue, 30 Nov 93 14:32:18 PST Subject: New anonymous list member (?) In-Reply-To: <9311302154.AA23084@anon.penet.fi> Message-ID: <9311302229.AA26242@vail.tivoli.com> an48848 at anon.penet.fi writes: > As a fairly recent addition to this list, I'm unfamilliar with the > history of cypherpunks. Can anyone enlighten me? Thanks. Is it an indication that LD's persistance has paid off that my first reaction to the above (probably innocent) query was to egrep through my archived cypherpunks stuff to see whether LD has ever misspelled "familiar"? (He hasn't, as far as I can tell...) Sigh. -- Mike McNally : m5 at tivoli.com : Day Laborer : Tivoli Systems : Austin, TX ------------------------------------------------------------------------ Remember that all experimentation does not produce extrapolated results. - k. pisichko From newsham at wiliki.eng.hawaii.edu Tue Nov 30 14:42:17 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Tue, 30 Nov 93 14:42:17 PST Subject: Statistics of Low-Order Bits in Images In-Reply-To: <199311302036.MAA09515@mail.netcom.com> Message-ID: <9311302239.AA12378@toad.com> > > Jim Choate writes: > > > Some other factors one needs to consider when analyzing images are: > > > > * The lsb is going to be random if the image comes from any kind of a/d > > process. This is because all convertors have a error of +/- 1 bit. > > Nope. Not true. Some ADCs digitize with _more_ than the final > resolution and then do rounding or noise-shaping. And ADCs even at the > LSB can still have structure caused by other things, such as the image > itself (a binary image with thresholding will have the "LSB" certainly > not random noise! Q.E.D., by induction.) > > This can give the LSBs in the final product (image, DAT, CD) nonrandom > noise characteristics. This is what we're talking about. Sounds like the simple solution is for people everywhere to replace the low order bits of all of their pictures with good random noise. Image quality shouldnt suffer drastically and if the random data is replaced with output from a good cryptosystem then it would be indistinguishable. So are any people here influential with the authors of any popular imaging software? From pdn at dwroll.dw.att.com Tue Nov 30 14:57:49 1993 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Tue, 30 Nov 93 14:57:49 PST Subject: Who is this Detweiler guy anyway? In-Reply-To: <9311302154.AA23084@anon.penet.fi> Message-ID: <9311302253.AA12625@toad.com> L. Detweiler is an individual concerned with issues of identity on the Internet and various ways people use multiple identities to influence others. He has coined a term, "pseudospoofing," that may be loosely defined as "Creating and using multiple fake identities for the purpose of misleading others, creating a false sense of 'consensus', and/or harassing one's enemies." Detweiler is quite passionate when espousing his theories, and has precipitated a major uproar on this list in recent weeks - what you're seeing on the list now is a lot of fallout from his latest postings. He is also the author of a FAQ on privacy and anonymity, a document held in high esteem by many. Several list members are convinced that Detweiler also posts through an anonymous remailer as 'an12070'. (Fair enough explanation, fellow cypherpunks?) ........................................................................ Philippe D. Nave, Jr. | The person who does not use message encryption pdn at dwroll.dw.att.com | will soon be at the mercy of those who DO... Denver, Colorado USA | PGP public key: by arrangement. From fnerd at smds.com Tue Nov 30 15:02:48 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Tue, 30 Nov 93 15:02:48 PST Subject: Knights who say NII (was Crypto(A), govt & NII) Message-ID: <9311302034.AA04630@smds.com> > Steve Witham writes: > > > Giving the government savvy advice, telling them they should do whatever > > will promote, say, competition or open forums...what effects will these > > have? They may provide justifications, expertise and targeting info > > for interventions, for instance. New ways to get involved... Mike Godwin replies: > The government is already tempted to get involved, all the time. We can't > make the government go away by resolving that it would be nice if they > weren't around. Best to work from where we are, not where we'd like to be. Sure, I agree. It's just, will the process-that-be have a tendency to be encouraged to intervention in general, by positive-sounding things in what you say. > > I can't think of one positive thing (as opposed to the negative thing, > > disengagement) government can contribute to the goals of EFF. On being true police, see below. > Government is not the only potential source of harm--private industry can > be plenty harmful. Private business can be nasty, slow and unhelpful, but short of physical sabotage and threats, they can't do nearly the kind of harm and prevention of alternatives that government does. > > ...the most centralized organization in the world as the > > decentralist's tool or ally doesn't seem workable to me. The > > means clashes against the ends. > > I don't see how. One actually can use a weapon to keep the peace, for > example. Yes, you're right. I wasn't thinking about that because I assumed there's a minimum of physical crime in the communications industry. But now that I think about it, there's one thing State governments could limit: local governments' interference (franchises) in communications. But other than real basic policing like that, the means clash with the ends. Government is okay at nabbing true bad guys, not at trying to steer people in good directions. > > Telling a bull that he should make whatever > > positive contributions he can to the china shop...is worse than just > > not mentioning that there are none. > > I think you're reasoning from your conclusions here, not toward them. Well, sure, I'm talking from my view of how things are. Mostly I'm just saying that the *need* for positive government involvement is dubious while the *danger* is obvious in the current state of things, and if you aren't always saying that, then your well-informed comments and laudible goal statements can be misconstrued more easily, because in certain circles, radical deregulation is not assumed. That's my not-so-humble-but-trying (IMNSHBTO?) point in a nutshell. Your participation without this particular sternness, may, as one side-effect, encourage and assist where we all won't be happy it did--and maybe it'll fail to push through the single most helpful idea. I know, it's not your particular hobbyhorse. It's just what I'm afraid will happen. > What's more, government ain't the only bull in this shop. Although the FCC is smaller than AT&T, there's nothing in private industry with the momentum, power and difficulty of correcting that our layers of government have. Business without the power of government behind it (which status-quo businesses do have right now) faces much more immediate corrective pressure than government. Even combinations of big nasty companies are less of a problem. Throw me in that briar patch, puh-*leeze*, it's better than this one. -fnerd at smds.com quote me -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvtoxiQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2toust1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hanC0R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From hughes at ah.com Tue Nov 30 15:32:51 1993 From: hughes at ah.com (Eric Hughes) Date: Tue, 30 Nov 93 15:32:51 PST Subject: Statistics of Low-Order Bits in Images In-Reply-To: <9311302239.AA12378@toad.com> Message-ID: <9311302326.AA09922@ah.com> >Sounds like the simple solution is for people everywhere to replace >the low order bits of all of their pictures with good random noise. An excellent idea. It's not the imaging software which need do this, but the steganography software. The only addition is a random number source and a way of using that instead of a file. Eric From agarcia at sugar.NeoSoft.COM Tue Nov 30 16:27:49 1993 From: agarcia at sugar.NeoSoft.COM (Anthony Garcia) Date: Tue, 30 Nov 93 16:27:49 PST Subject: What recipient-end mail filters are available? Message-ID: <199312010022.AA26886@sugar.NeoSoft.COM> I'm aware of two mail-filtering systems that operate at the recipient's end, procmail and Elm filter. Are there others? -Anthony Garcia agarcia at neosoft.com From jerry at terminus.dell.com Tue Nov 30 16:32:18 1993 From: jerry at terminus.dell.com (Jeremy Porter) Date: Tue, 30 Nov 93 16:32:18 PST Subject: Entropy, Randomness, etc. Message-ID: <9312010132.AA20601@terminus.us.dell.com> With all this talk about entropy, randomness, and gaussian distributions, I'm hoping we can clear up some of the confusion that I am having. My understanding of a random number is a number is generated from two or more unrelated events. In order for this number to be most useful cryptographically, it needs a even distribution. This distribution is such that any one number in the range of possible values is equally probable as any other number. Does this make this distribution a gaussian distribution? Maybe I just don't understand the theory behind the random numbers well enough, but with all of these terms floating around it is hard to keep track. The reason I want to get some of these things clarified, is because I am becoming more interested in some of the analysis people have been talking about being possible. Also how are these statistical measurements done? Is it as simple as a histogram? (useful for simple alphabet transliterations). Are we talking frequency analysis with FFTs and more advanced things? How do we measure the entropy of a random number, or a series of random numbers? Have people on the list done this, or is this still in the range of people that do math and number theory for a living? Give a particular set of data used to generate a random key, such as, a unix box's /dev/mem, how can one measure the number of bits of entropy? These topics are probably covered in some of the basic books in the field, but all of the reference's I've been able to locate don't go into specifics of how to measure the quality of random numbers. Unless some measurements are made, you can't really be sure that those /dev/mem MD5 hashes don't come up the same 10%, 30%, or more of the time. It seems that a lot of assumptions are being made about what is good and what isn't. I plan to build a hardware random number generator and I have a couple of different circuits to do it, but I've heard some comments about some types of noise not being "good" cryptographically. -- Jeremy Porter ------------- Systems Engineering -------- Dell Computer Corp. ------ jerry at terminus.us.dell.com ---- --- 70 4F BD AE 6D E9 D2 66 48 18 8B E7 64 7F 59 8F --- Support your Second Amendment rights to encryption technology. From ajw at Think.COM Tue Nov 30 17:02:16 1993 From: ajw at Think.COM (Andy Wilson) Date: Tue, 30 Nov 93 17:02:16 PST Subject: What recipient-end mail filters are available? In-Reply-To: <199312010022.AA26886@sugar.NeoSoft.COM> Message-ID: <9312010057.AA06913@custard.think.com> Date: Tue, 30 Nov 1993 18:22:15 -0600 From: Anthony Garcia I'm aware of two mail-filtering systems that operate at the recipient's end, procmail and Elm filter. Are there others? The autokill feature in GNU Emacs. Andy -Anthony Garcia agarcia at neosoft.com From nowhere at bsu-cs.bsu.edu Tue Nov 30 17:02:49 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Tue, 30 Nov 93 17:02:49 PST Subject: A change of pace Message-ID: <9312010101.AA25506@bsu-cs.bsu.edu> Newsgroups: comp.org.eff.talk From: strnlght at netcom.com (David Sternlight) Subject: Re: EFF Op-Ed from the NY Times Message-ID: Reply-To: david at sternlight.com (David Sternlight) Organization: DSI/USCRPAC References: <199311301632.LAA28210 at eff.org> Date: Tue, 30 Nov 1993 23:04:21 GMT In article <199311301632.LAA28210 at eff.org>, Stanton McCandlish wrote: >From the New York Times Op-Ed Page, Wednesday, November 24, 1993 > >A Superhighway Through the Wasteland? > By Mitchell Kapor and Jerry Berman [Proposal for new laws to regulate the information highway omitted] Like most elitists and autocrats, eff's leaders believe in government intervention for the things they like (this topic) but not for the things they don't (Clipper). They believe in the private sector unrestricted for things they like (cryptography) but not for the things they don't (the information highway). David -- David Sternlight When the mouse laughs at the cat, there is a hole nearby.--Nigerian Proverb From frissell at panix.com Tue Nov 30 17:32:18 1993 From: frissell at panix.com (Duncan Frissell) Date: Tue, 30 Nov 93 17:32:18 PST Subject: Big Brother/Bank Acco Message-ID: <199312010130.AA09550@panix.com> M >Given the material in the WiReD 1.6 article, how likely is it that a M >true anonymous digital cash system would be allowed? I know, I know; M >there's "no way to prevent it"; however, I think that concept is M >based on the premise that the Government proceeds rationally. The East German government did not "proceed rationally" and yet is no longer with us. M >If somebody with an axe to grind gets hold of the "kidnapped baby" M >scenario described in _Applied_Cryptography_, plenty of public M >outrage and indignation could be generated. To what end. We have had the Kiddie Porn Over the Nets story of the Day every day for the last six months in the US and the UK. Have the nets been shut down? With the clearance rate for *murders* in NYC falling down towards 30%, I doubt if we have much to worry about for our minor "crimes." M >Go on, reassure me that "all is well". All is as well as can be extected and much better than we used to fear. DCF "I never expected to live to see the Death of Communism" -- Friedrich Hayek a few months before his death (and a few months after the SU's death. --- WinQwk 2.0b#1165 From frissell at panix.com Tue Nov 30 17:32:49 1993 From: frissell at panix.com (Duncan Frissell) Date: Tue, 30 Nov 93 17:32:49 PST Subject: Crypto Anarchy, the Gover Message-ID: <199312010130.AA09560@panix.com> T >You mean, how likely is that the government will allow a system that T >makes taxation almost impossible, that enables black markets, that T >facilitates the transfer of illegal information, and that basically T >nukes the present arrangement? T > T >I don't think they'll "allow" it. But this doesn't mean it won't T >happen. For all of you who didn't hear my talk at ECFP '93 in London on the 20th (quite a few since there were fewer than 75 there) here is my conclusion which addresses this subject. **** "And what can we call this new form of social organization growing on the nets and in the modern fluid business environment? When two or more people can meet together and communicate freely and privately without interference by outsiders, they can trade -- they can form a market. If this trade on the nets is made free from even the possibility of external regulation, what we have is a free market and a free society." **** Remember kids God fights on the side with the heaviest artillery. Unless the government can come up with a way of blocking the above communication, it is SOOL. T >Imagine this: to get on the Data Superhighway, which will likely be T >the only major lines if the government succeeds in making it the T >mandatory standard, every data packet must have a "license plate." T >Don't laugh! The idea of a license plate on data packets is coming. It T >would provide the kind of traceability that control freaks like T >Detweiler claim to want So what if the car has a license plate if you can't tell what is in the car. No matter what happens telecoms will be cheap. Cheap means you can establish accounts and run a virtual network without disclosing the contents of the network messages or even that the network exists. You can hide your virtual network inside a much larger pseudo network which contains nothing interesting. DCF "The Trader swims in the sea of communications" -- Left out of Mao on Guerrilla Warfare because of editing error. --- WinQwk 2.0b#1165 From kqb at whscad1.att.com Tue Nov 30 18:07:51 1993 From: kqb at whscad1.att.com (kqb at whscad1.att.com) Date: Tue, 30 Nov 93 18:07:51 PST Subject: Statistics of Low-Order Bits in Images Message-ID: <9312010142.AA07963@cygnus.com> Several people are attempting to create an algorithm to mask the presence of a steganized encrypted message in the least significant bits of an image. Don't forget that no matter how fancy your algorithm or how closely you mask your steganography with a model of what the statistics of an ordinary image look like, you have to assume that your opponent also knows your steganization algorithm, including your masking technique. (Otherwise you are just relying on security through obscurity.) This leaves you with three problems: (1) your opponent may have a much better model of an ordinary image than you do, and still be able to discern the existence of masked steganography, (2) since your opponent knows your steganization algorithm, he/she can look for any "signature" that your steganography masking model leaves, and (3) your opponent can "desteganize" all your images and check their statistics for deviations from the statistics for "desteganized" ordinary images. Resolving problems (1) and (2) requires a lot of work constructing good models. Resolving problem (3) requires, I think, a modeling function for steganography that is invertible only with a secret key. (Otherwise, your opponent could desteganize your image and find a uniform random distribution, which indicates an encrypted message.) Since this type of function is, to my knowledge, not well-developed, don't expect it to be secure. Thus, if breaking it could compromise your secret key for desteganization, then don't use the same public/private key pair for both encryption and steganography. Kevin Q. Brown INTERNET kqb at whscad1.att.com or kevin_q_brown at att.com From lmb at tenet.edu Tue Nov 30 18:07:51 1993 From: lmb at tenet.edu (Barbara L Marco) Date: Tue, 30 Nov 93 18:07:51 PST Subject: Factor Breakthru! In-Reply-To: <23112921205919@vms2.macc.wisc.edu> Message-ID: On Mon, 29 Nov 1993, Matthew J Miszewski wrote: > 'Punks, > > Just curious as to what would (or will eventually) happen when a shortcut > to factoring large numbers is discovered? Do we revert to older less > secure conventions or am I missing something? You have been watching too much sneakers my friend :) No, If we were to do that, I'm sure different methods of encryption would come up, maybe using letters instead of numbers, etc. Dr. No - [lmb at tenet.edu] From collins at newton.apple.com Tue Nov 30 18:07:54 1993 From: collins at newton.apple.com (Scott Collins) Date: Tue, 30 Nov 93 18:07:54 PST Subject: Entropy, Randomness, etc. Message-ID: <9312010202.AA16542@newton.apple.com> Good questions. >My understanding of a random number is a number is generated from >two or more unrelated events. No. This may be one general category of ways to manufacture random numbers, but specifically a random number is just an arbitrary number typically drawn from a sequence of independent arbitrary numbers. The quality of 'randomness' is a measure of the independence of the elements in the stream. Therefor, there is no such thing as a random number except as an element of a sequence or other context from which to establish independence. >In order for this number to be most useful cryptographically, it needs >a even distribution. No. In order for this number to be cryptographically useful, it must cost more to guess the number (perhaps knowing the numbers that came before) than the reward for guessing it correctly. It happens that non-flat distribution of a sequence is a lever for cheaper guessing, thus flat distribution is natural characteristic of high-quality random sequences. >Does this make this distribution a gaussian distribution? No. Gaussian (a.k.a. 'normal') distribution is the bell curve (and clearly indicates a relation between samples). Math texts describing this distribution often use the phrase 'distribution of some random variable x', by which they in fact mean 'distribution of samples from a varying source'. >Also how are these statistical measurements done? See Knuth, "The Art of Computer Programming", Volume 2: Seminumerical Algorithms, Chapter 3: Random Numbers. >Is it as simple as a histogram? Yes. >Are we talking frequency analysis with FFTs and >more advanced things? Yes. >How do we measure the entropy of a random number, or a series of >random numbers? Ah. Now we're talking. Entropy is closely related but not equal to 'randomness'. Entropy is a measure of information often expressed as the fraction of information-size to data-size. Randomness is a measure of unpredictability. A sufficiently random sequence will be of very high entropy from the perspective of the 'guesser', though not necessarily from the that of the generator (e.g. a PRNG). The best way to measure entropy (if that is what you want to measure), is to build a sufficiently powerful Markov model, or the equivalent, to predict the sequence, and treat it like a compressor. The number of bits output is the entropy of the sequence with respect to that model. If you can't build a model as smart as your presumed attackers (as smart as them, not as smart as any model they might build), then you will have to use more tests to assure yourself of indepence of elements in the sequence (see Knuth, et al). In practice however, most of these methods represent very low bars over which any RNG _must_ jump, and which often poor ones can. Most RNGs are broken by understanding how they work, and exploiting weaknesses in their construction and context (e.g. poor 'seed' selection). >Have people on the list done this, or is this still in the range of >people that do math and number theory for a living? Yes, and Yes. >These topics are probably covered in some of the basic books in the field, >but all of the reference's I've been able to locate don't go into >specifics of how to measure the quality of random numbers. See Knuth. >Unless some measurements are made, you can't really be sure that those >/dev/mem MD5 hashes don't come up the same 10%, 30%, or more of the time. >It seems that a lot of assumptions are being made about what is good and >what isn't. You should be exactly as paranoid as it is cost effective to be. Hope this helps. Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2B Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024:669687 catalyst at netcom.com From corbet at stout.atd.ucar.EDU Tue Nov 30 18:52:18 1993 From: corbet at stout.atd.ucar.EDU (Jonathan Corbet) Date: Tue, 30 Nov 93 18:52:18 PST Subject: What recipient-end mail filters are available? In-Reply-To: <199312010022.AA26886@sugar.NeoSoft.COM> Message-ID: <9312010247.AA16619@stout.atd.ucar.EDU> > I'm aware of two mail-filtering systems that operate at the > recipient's end, procmail and Elm filter. Are there others? There is also the "slocal" filter that is part of the MH system. One of the many features of MH that help to keep me sane... Jonathan Corbet National Center for Atmospheric Research, Atmospheric Technology Division corbet at stout.atd.ucar.edu From jazz at hal.com Tue Nov 30 18:57:51 1993 From: jazz at hal.com (Jason Zions) Date: Tue, 30 Nov 93 18:57:51 PST Subject: Statistics of Low-Order Bits in Images Message-ID: <9312010256.AA02876@jazz.hal.com> >Sounds like the simple solution is for people everywhere to replace >the low order bits of all of their pictures with good random noise. You're kidding, right? Image processing software, and music processing equipment, are designed to get the maximum performance out of the storage medium. I find it pretty unlikely that any developer of image processing tools is going to deliberately drop one bit of precision off each n-bit unit; sheesh, image files are big enough without software deliberately wasting bits. As for introducing noise into the low-order bit of music CDs, definitely not; the trend is towards equipment that can extract the last dribble of information from well-recorded sources, and towards recording equipment that can meaningfully record every bit of every word. Why do you think there are 64x-oversampling players and the like? Eric's right; you'll have to build your own tools to make things noisy, as the trend elsewhere is to make things unnoisy. On the other hand, have you looked at the new mini-disc technology? That stuff already introduces audio compression, and the bits on a minidisc should be pretty high in entropy; of course, twiddling bits in a compressed audio recording may have dramatic effects on sound... Jason From jel at sutro.SFSU.EDU Tue Nov 30 19:07:55 1993 From: jel at sutro.SFSU.EDU (John E. Levine) Date: Tue, 30 Nov 93 19:07:55 PST Subject: dithering, repudiable steganography Message-ID: <9312010302.AA05375@russian.SFSU.EDU> REPUDIABLE STEGANOGRAPHY I have a book (unfortunately not with me now) describing the format of data on music CDs. It seems that there is a kind of objectionable, heard noise in digital recordings called granulation noise. This is peculiar to digital; analog recording doesn't have this problem. Granulation noise manifests itself at low amplitudes, when the signal being represented is just at the resolution of the digital sampling. For example, if the signal is a sinusoid with a peak-to-peak amplitude represented by just a little greater than one bit difference in each sample. The problem is, the sampled sinusoid sounds just like a square wave when it is played back. Input, the signal: +--------------------------------------------------------------------- 2 | | xxx xxx | xx xx xx xx | x x x x 1 | x x x x | x x x x | x x x x | x x x x 0 +x-----------------x-----------------x-----------------x-------------- | x x x | x x x | x x x -1 | x x x x | x x x x | xx xx xx xx | xxx xxx -2 | +--------------------------------------------------------------------- Output, the digitized, sampled signal: +--------------------------------------------------------------------- 2 | | | | xxxxxxxxxxx 1 | xxxxxxxxxxx | | | 0 +xxxx-----------xxxx-----------------xxxx-----------xxxx-------------- | | | -1 | xxxx xxxx xxxx | | | -2 | xxxxxxxxx xxxxxxxxx +--------------------------------------------------------------------- This introduces (would introduce) lots of strong harmonics, making a very quiet flute, say, sound very unflutelike. The people who make commercial CDs get around this problem with a technique called dithering. They add to each sample a number from {-2, -1, 0, 1 2}, picked randomly. I.e., they randomly scramble the low few bits of each sample. The interesting thing about this is that, while it obviously degrades the signal, the result sounds better to human ears! It solves the problem of granulation noise. (The noisy flute sounds better than the clear but mangled squarewave thing the flute sounds like through the granulation noise). Of course there is something like 93 db dynamic range on a CD, so the dither hardly makes a dent in the usual sound quality -- it's only there to solve the granulation noise problem, which is only a problem at very low signal strengths. The only requirement for the dither bits is that they be such that they sound random, like noise. But any random source of bits with this property would work just as well for dithering. In particular, let's suppose you have an encrypted file, represented as a sequence of symbols, each of which has exactly 5 values it can assume. Musically, this would sound exactly like noise :-) . So *this* file could be used to dither an audiofile, instead of the "real" random values currently used. I guess what I really mean to say is that this insures that the low bit in a dithered file is *really* random; hence could be replaced with a bit from your encrypted file. Moreover, such a dithered audio file has some nice steganographic properties. 1) Repudiability. Under the assumption that the encrypted file cannot be cracked without the possession of the key to the file (which the owner of the steganographically-injected audio file has but claims ignorance of), the dither *really does* look like genuine, random dither. She can claim that the file is in fact a recording of the minutes of the last cypherpunks meeting, or a 3 hour concert that she taped off the radio, and no TLA can prove otherwise. Usually, a steganographically hidden datum (a microdot, invisible ink, etc.) doesn't have this property. 2) Zero storage requirements. This follows from 1), really. If you hide data in the unused parts of the last blocks on disk in a disk file, or in a hidden partition, the secrecy of the data (the "steganographic integrity"?) depends on the enemy not knowing or suspecting the existence of the data. PROBLEMS: You wouldn't be able to hide anything in your private copy of Michael Jackson's Thriller; the enemy could simply compare your copy with the standard copy, making the differences (the hidden file) stand out. Unless you were Warner Brothers, in which case you could just steganographically-inject ALL copys of Thriller with the secret file. This would make storage of the hidden file trivial. You could get a copy from the nearest Wherehouse. [I don't know if W.B in fact publishes Thriller; it's just an example] I wonder if CD pulishers know that they could make some money on the side by hiding data for people in their thousands of CDs? Anyway, while I don't know the format for DAT, I suspect there is some point where the sound signal is dithered to mask the granulation noise, and at this point Alice with information to hide could inject her file. Do digital pictures employ dithering to prevent aliasing? I think so. --John. jel at sutro.sfsu.edu From newsham at wiliki.eng.hawaii.edu Tue Nov 30 19:32:51 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Tue, 30 Nov 93 19:32:51 PST Subject: Statistics of Low-Order Bits in Images In-Reply-To: <9312010256.AA02876@jazz.hal.com> Message-ID: <9312010332.AA17576@toad.com> > > >Sounds like the simple solution is for people everywhere to replace > >the low order bits of all of their pictures with good random noise. > > You're kidding, right? Image processing software, and music processing > equipment, are designed to get the maximum performance out of the storage > medium. I find it pretty unlikely that any developer of image processing > tools is going to deliberately drop one bit of precision off each n-bit > unit; sheesh, image files are big enough without software deliberately > wasting bits. data is most usually stored in a way that makes sense on the underlying hardware, ie 24 bit palette. Why 24? because it is 3 bytes per pixel, one byte for R,G and B. R G and B arent even weighted the same perceptually! Why should they have the same amount of bits? Because it makes sense on the machine! > As for introducing noise into the low-order bit of music CDs, definitely > not; the trend is towards equipment that can extract the last dribble of > information from well-recorded sources, and towards recording equipment that > can meaningfully record every bit of every word. Why do you think there are > 64x-oversampling players and the like? Not everyone is trying to squeeze every last "bit" of performance, take for example crystal clear fone lines over fiber optic connections with extra noise added in to sooth the listener. I'm not familiar with oversampling in CD players but where I am familiar with anti-aliasing is in cases where it is easier to do anti-aliasing filtering digitally than it is to do it with analog circuitry. Maybe you can tell me why there are 64 times oversampling playres. > Eric's right; you'll have to build your own tools to make things noisy, as > the trend elsewhere is to make things unnoisy. > > On the other hand, have you looked at the new mini-disc technology? That > stuff already introduces audio compression, and the bits on a minidisc > should be pretty high in entropy; of course, twiddling bits in a compressed > audio recording may have dramatic effects on sound... The compression in these mini-discs is more of a coding scheme than a compression I believe. It eliminates elements in the sound that are perceptually unimportant to the listener. > Jason From jel at sutro.SFSU.EDU Tue Nov 30 19:57:52 1993 From: jel at sutro.SFSU.EDU (John E. Levine) Date: Tue, 30 Nov 93 19:57:52 PST Subject: soundfile stego Message-ID: <9312010353.AA00175@russian.SFSU.EDU> You know, you don't have to think of somehow modifying a file pointwise in the time domain. How about this, to stego a sound file: Do an FFT of the *entire* file. Assuming the file is two hours = 7200 seconds, the frequency res of the transformed file will be about 140 microhertz. Pick a band that humans don't usually pay much conscious attention to when they hear music; say 18 KHz through 19.5 KHz. Replace the low bit in each of these frequency space samples (there are 1500 / 0.000140 ~= 1E7 such samples) with the stego data. Inverse transform the modified, frequency space representation of the file back into the time domain, and voila! I suspect you would not be able to tell the difference from the original with your naked ears. But this is not repudiable; I suspect the spectrum of the file would look artificial. xxxxxxxxxxxxxxxxxxxx Also, I am told that humans have a tough time identifying the phase of the frequency components of the sounds they identify. So one could hide date in the phase relationships among the frequency components of, say, recorded speech. From wcs at anchor.ho.att.com Tue Nov 30 19:57:52 1993 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 30 Nov 93 19:57:52 PST Subject: Signing Keys for Nyms and Digibank Users Message-ID: <9312010354.AA17944@anchor.ho.att.com> X-Note: This isn't a Detweiler-flame, it's a mostly technical discussion A While Back, L. Detweiler asked: > Suppose that a real person signed someone else's imaginary identity for > a key in a key server, or for their own. Can someone explain to me why > this is not dishonest? > > I guess the argument will be, the signor is only guaranteeing that some > key is associated with some email address. But that seems to me to > abuse the whole idea of trust in people. Has anyone asked PRZ what he > thinks of the practice of real people signing imaginary identities? There's a couple of issues here, some of which we haven't beaten to death: - what you're claiming to be the truth by signing the key - can you be sure you're signing a key for the *real* imaginary identity, or whether you're signing a key for somebody *impersonating* the imaginary entity? - if the pseudonym is one of yours, are you giving away its identity (and hence usefulness or safety) by signing it? The purpose of signing keys, in my opinion, is to verify that, if you're using a given key to talk to a given person or entity, does that key really belong to that entity, or is it a key the KGB/NSA/Mafia/Wiretaps-R-Us substituted for the real key. You're not necessarily claiming that the name on the key is the person's Government-Approved True Name, though government ID is one way you could help verify that the person you meet at a conference claiming to be "Tim May" is the real "Tim May" you've been sending email to all these years, and not some NSA guy or Eric Hughes in disguise. The government already supports government-approved fictional people with government-approved names - corporations. The quality of the introduction you're providing to other people may be affected by how well you verify that you're talking to the person you think you are, and by how well you know them, and ought to indicate this. If you're giving away PGP at, say, a trade show or conference or rave, you probably should create a separate public key for doing those signatures, e.g. (1993 Anarchist's Gathering PGP Demo ) so people know this isn't the usual high quality intro you normally provide. Verifying that you're talking to the right person for a pseudonym is tough. If you're having a conversation by email, it's really hard, unless you and the nym share some private knowledge that the Wiretaps-R-Us folks wouldn't have access to and that isn't on the Usenet CD-ROM collection, which is unlikely unless you know the pseudonym-user personally and are sure they've been using that name. I know a couple of people who use the names "Hobbit" and "Wookie", in real life as well as on the net (though that's probably not what their mothers call them :-), and I'd have no problems signing keys for them as long as the keys indicated *which* Hobbit and Wookie they are. Similarly, I've got a number of relatives who've changed their names (show biz, Anglicizing, personal weirdness, etc.), and I'd have no problems signing keys for them under either their government-approved names, birth names, work-use names, family-use names, or whatever. On the other hand, I'd have real trouble signing keys for Wonderer, Dark Unicorn, or strnlght at netcom.com because I haven't met them personally, and only have the consistency of their email addresses to verify who they are - and I haven't tried checking their articles to know what to look for to check whether an email request claiming to be from one of them looks unforged. If I remember right, none of these people puts a PGP Key ID or fingerprint in their posting signatures, so I don't have that clue available - that would increase my confidence a lot. But I still couldn't be sure. I once got a phone call from someone claiming to be Bob Morris (Sr.), about some computer security problems I was having, who pointed out that I couldn't really verify it was *him* I was talking to. (If I'd called him back, I'd at most know it was someone at his desk or someone hacking the phone system.) If I wanted to sign his key, I'd create a special "Unix Hacker who claimed to be Bob Morris" key to sign it with, if he told me the key words from that conversation, and you could decide how much to trust that introduction. ~~~ There are a couple of of my own nyms I've signed keys for (using other nyms), when I was demonstrating how the signature stuff worked to somebody who uses an anonymous remailer (and had already figured out that I was the person who used one of those nyms due to the anon.penet.fi remailer behavior; I knew his address because he'd included a signature in one of his anonymous postings.) On the other hand, if I really cared about preserving the anonymity of the nym-user, and it was somebody I knew in person, or myself, I probably wouldn't sign it with my real key - it may be relatively obvious that "Bill The Dragon-Basher" whose key was signed by "Bill Stewart" was me, but I'd rather not have to deal with a court subpoena or Mafia equivalent trying to find the users of the keys for "Crypto International, Ltd." or "Coalition Against the U.S. Invasion of Cuba" or "Some Unapproved Religion" or "Bear's Custom Chemicals" or an anonymous Panamanian bank account that's mine. But if the keys are only signed by other nyms, how trustable are they? If I ran a digibank, I'd be real hesitant about accepting changes of address or public-key unless I had some physical verification or other securely shared secret to avoid eavesdropper and interloper attacks, but one of the goals of digital banking is that you're not supposed to need physical transactions. I suppose an initial account set up by sending the bank a message with a Secret and a public key and a bunch of digibucks might do the job, with some cut&choose protocols to decrypt the digibucks if the account is approved? Bill The Dragon-Basher (oops! ^X^C:wq!/exit~.\b\b\b\b\b\b) # Bill Stewart Old address: wcs at anchor.ho.att.com AT&T Bell Labs, Holmdel, NJ # After 10/15, NCR, 6870 Koll Center Parkway, Pleasanton CA, 94566 # Voice/Beeper 510-224-7043, Phone 510-484-6204, email bill.stewart at pleasantonca.ncr.com From hawkwind at dink.foretune.co.jp Tue Nov 30 20:12:20 1993 From: hawkwind at dink.foretune.co.jp (hawkwind at dink.foretune.co.jp) Date: Tue, 30 Nov 93 20:12:20 PST Subject: The Cure Message-ID: <199312010410.NAA04246@dink.foretune.co.jp> >It craves fame. It resents what it perceives to be the fame of the >better-known members of this list to be. It is jealous of that fame, >and wants some for itself. It is sick and ugly, small and unintelligent, >resentful of its underdeveloped brain and the fact that everyone he looks >up to instantly recognizes his stupidity. And now it has found a way to get >those very people to acknowledge it, discuss it, feel threatened by it. >It is used to rejection, so the endless repeats of it mean nothing. And >then even less in the face of the warm glow at the center of the >Cypherpunks collective attention. > >This is the first and the last word I'll ever write about about it. >If we all did that, it would go away. > >Coerr > REALLY excellently stated! Great analysis of the nature of the problem. Thank you, do you mind if I quote this to others? Alas, though, I can not from long and bitter experience agree with you about the solution. In the real world physical verbal/facial expressions of disapproval and disdain might rapidly rid the group of the problem person, but in cyberspace, such traditional cultural prods are non-existent. The aberrant user KNOWS he faces no meaningful penalties or censure and thus has no inducement not to continue his chaotic ways. I do feel that in addition to the observations you made above, that such people often take sheer perverse delight in the mere poisoning of the creativity of the group being creatively atrophic themselves. From tcmay at netcom.com Tue Nov 30 20:37:53 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 30 Nov 93 20:37:53 PST Subject: Signing Keys for Nyms and Digibank Users In-Reply-To: <9312010354.AA17944@anchor.ho.att.com> Message-ID: <199312010437.UAA02673@mail.netcom.com> Bill Steward wrote: > The purpose of signing keys, in my opinion, is to verify that, > if you're using a given key to talk to a given person or entity, > does that key really belong to that entity, or is it a key the > KGB/NSA/Mafia/Wiretaps-R-Us substituted for the real key. > You're not necessarily claiming that the name on the key is the > person's Government-Approved True Name, though government ID > is one way you could help verify that the person you meet at a conference > claiming to be "Tim May" is the real "Tim May" you've been sending Yes, it's important people realize this. For example, I only recently met the "meat-entity Bill Stewart" when he moved to the Bay Area a month or two ago...I previously knew this entity as the "Net-entity Bill Stewart" and I didn't really care what his physical ID and meat personna was, only that every time I dealt with "him" I was in fact reaching the same entity. (We didn't user public keys, so far as I recall, but we _could_ have.) > The government already supports government-approved fictional people > with government-approved names - corporations. More than this, the government has over 30,000 people in the Witness Security Program (popularly known as the Witness Protection Program): turncoats, Mafia informants, and other criminals. The credit card companies and major credit reporting agencies (TRQ, Equifax, etc.) apparently have a working arrangement with the relevant agencies to not flag "data base ghosts" that clearly belong to these legend-equipped phony IDs. Interestingly, this probably explains a lot about the collusion between credit card companies and the government....and perhaps why "digital cash" VISA cards have not appeared, even though they are feasible. Also note the intriguing possibility that offshore/cyberspatial credit reporting agencies could identify these "data base ghosts" and reveal them publically. We could see several thousand of them be killed withing days by their vengeful ex-partners, while the others are frantically relocated. Crypto anarchy will shake so many things up! (I have a lot more info on WitSec, on FinCEN, and on other secretive government programs.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From newsham at wiliki.eng.hawaii.edu Tue Nov 30 22:32:18 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Tue, 30 Nov 93 22:32:18 PST Subject: soundfile stego In-Reply-To: <9312010353.AA00175@russian.SFSU.EDU> Message-ID: <9312010631.AA22105@toad.com> > > You know, you don't have to think of somehow modifying > a file pointwise in the time domain. How about this, > to stego a sound file: > > Do an FFT of the *entire* file. Assuming the file > is two hours = 7200 seconds, the frequency res of > the transformed file will be about 140 microhertz. > Pick a band that humans don't usually pay much > conscious attention to when they hear music; say 18 > KHz through 19.5 KHz. Replace the low bit in each > of these frequency space samples (there are 1500 / > 0.000140 ~= 1E7 such samples) with the stego data. > Inverse transform the modified, frequency space > representation of the file back into the time domain, > and voila! I suspect you would not be able to tell the > difference from the original with your naked ears. > But this is not repudiable; I suspect the spectrum > of the file would look artificial. The FFT and inverse FFT operationes are not lossless processes. When you transform a signal you are dealing with floating point numbers and you lose some information by rounding errors. You could put some signal in the high freq portion of the signal but it wont be as simple as XOR'ing values. > Also, I am told that humans have a tough time identifying > the phase of the frequency components of the sounds they > identify. So one could hide date in the phase relationships > among the frequency components of, say, recorded speech. This sounds interesting. How about detection, how will some random phase relationships stand out against normal phase of various frequencies? From jel at sutro.SFSU.EDU Tue Nov 30 22:47:55 1993 From: jel at sutro.SFSU.EDU (John E. Levine) Date: Tue, 30 Nov 93 22:47:55 PST Subject: soundfile stego In-Reply-To: <9312010628.AA07814@sutro.SFSU.EDU> Message-ID: <9312010643.AA07855@sutro.SFSU.EDU> >> Also, I am told that humans have a tough time identifying >> the phase of the frequency components of the sounds they >> identify. So one could hide date in the phase relationships >> among the frequency components of, say, recorded speech. > >This sounds interesting. How about detection, how will some >random phase relationships stand out against normal phase of >various frequencies? I suspect that the unusual phase relationships would stick out, to anyone looking at the speech with,say, an oscilliscope. Eg, a squarewave would look pretty mangled if you shifted its component frequencies by some random amount, even though a human being might not be able to detect the difference between a squarewave, and a component-frequency shifted squarewave. On the other hand, how often does speech over some electronic medeum actually get analyzed this deeply?