From tcmay at netcom.com Fri Apr 1 01:14:44 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 1 Apr 94 01:14:44 PST Subject: (fwd) Russians Break RSA? Message-ID: <199404010915.BAA07510@mail.netcom.com> Friends, I just grabbed this of the ClariNet news feed on Netcom...I'm not supposed to forward anything from this service (so don't tell Brad Templeton!), but this appeared to be too important not to pass on as quickly as possible. Apparently those rumors that the Russians, always topnotch mathematicians, had developed public key crypto in the 1950s or early 60s are true--my hero Kolmogorov developed this when he was technical director at Kryptogorodok, the secret city of Soviet cryptographers hidden in the Urals (and first visited by an outsider, Stephen Wolfram, only a couple of years ago). Here's the report on a news conference announcing the cracking of their Kolmogorov system, which is equivalent to our own RSA. I haven't had a chance to talk to John Markoff, who was at the press conference, to get his comments. --Tim > Xref: netcom.com clari.world.europe.eastern:2783 > clari.news.hot.ussr:3792 > clari. > news.trouble:3258 clari.science.crypto > Path: netcom.com!bass!clarinews > Approved: doug at clarinet.com > From: clarinews at clarinet.com (AP) > Newsgroups: > clari.world.europe.eastern,clari.news.hot.ussr,clari.news.trouble,clari.sc > ience.crypto > Distribution: clari.apo > Subject: Russian Mathematicians Announce Breakthrough > Keywords: Europe Cryptography RSA > Copyright: 1994 by The Associated Press, R > Message-ID: > Date: Fri, 1 Apr 94 10:40:19 PST > Expires: Mon, 18 Apr 94 12:40:19 PDT > ACategory: international > Slugword: Russia-Crypto > Priority: regular > ANPA: Wc: 116/0; Id: V0255; Src: ap; Sel: -----; Adate: 03-14-N/A > Codes: APO-1103 > > > MOSCOW (AP) -- At a press conference held minutes ago in a > crowded hall, Russian mathematicians announced that a breakthrough had > been made nearly a decade ago in the arcane branch of mathematics > known as "cryptography," the science of making messages that are > unreadable to others. > Leonid Vladwylski, Director of the prestigious Moscow Academy > of Sciences, called the press conference yesterday, after rumors began > circulating that noted Russian-American reporter John Markoff was in > Russia to interview academicians at the previously secret city of > Soviet cryptographers, Kryptogorodok. The existence of Kryptogorodok, > sister city to Akademogorodok, Magnetogorsk, and to the rocket cities > of Kazhakstan, had been shrouded in secrecy since its establishment in > 1954 by Chief of Secret Police L. Beria. Its first scientific > director, A. Kolmogorov, developed in 1960 what is called in the West > "public key cryptography." The existence of Kryptogorodok was unknown > to the West until 1991, when Stephen Wolfram disclosed its existence. > American cryptographers initially scoffed at the rumors that > the Russians had developed public-key cryptography as early as 1960, > some 15 years prior to the first American discovery. After interviews > last year at Kryptogorodok, noted American cryptographers Professor > D. Denning and D. Bowdark admitted that it did seem to be > confirmed. Professor Denning was quoted at the time saying that she > did not think this meant the Russians could actually break the > Kolmogorov system, known in the West as RSA, because she had spent > more than a full weekend trying to do this and had not > succeeded. "Believe me, RSA is still unbreakable," she said in her > evaluation report. > Russia's top mathematicians set out to break Kolmogorov's new > coding system. This required them to determine that "P = NP" (see > accompanying article). Details are to be published next month in the > journal "Doklady.Krypto," but a few details are emerging. > The Kolmogorov system is broken by computing the prime numbers > which form what is called the modulus. This is done by randomly > guessing the constituent primes and then detonating all of the > stockpiled nuclear weapons in the former Soviet Union for each "wrong > guess." In the Many Worlds Interpretation of quantum mechanics, > invented in 1949 by Lev Landau (and later, independently by Everett > and Wheeler in the U.S.), all possible outcomes of a quantum > experiment are realized. > As Academician Leonid Vladwylski explained, "In all the > universes in which we guessed the wrong factors, we were destroyed > completely. But since we are obviously here, talking to you at this > press conference, in this universe we have an unbroken record of > successfully factoring even the largest of imaginable numbers. Since > we are so optimistic about this method, we say the computation runs in > "Nondeterministic Pollyanna Time." Allow me to demonstrate..." > > [Press Conference will be continued if the experiment is a success.] > > MOSCOW (AP), ITAR-Tass, 1 April 1994 > > > -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From phred at well.sf.ca.us Fri Apr 1 01:21:44 1994 From: phred at well.sf.ca.us (Fred Heutte) Date: Fri, 1 Apr 94 01:21:44 PST Subject: (fwd) Russians Break RSA? In-Reply-To: <199404010915.BAA07510@mail.netcom.com> Message-ID: <9404010121.ZM29462@well.sf.ca.us> Touche. :) From pfarrell at netcom.com Fri Apr 1 05:21:49 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Fri, 1 Apr 94 05:21:49 PST Subject: anon-mail article in LA Times Message-ID: <29974.pfarrell@netcom.com> Eli Brandt writes: > Today's L.A. Times had an article, > [stuff elided] > Pretty good article, > with less than the usual amount of confusion. Today's Washington Post's Business section (page F2) has the same article by Michael Schrage. He is acknowledged as a LA Times columnist. Pat Pat Farrell Grad Student pfarrell at gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From dmandl at panix.com Fri Apr 1 05:56:29 1994 From: dmandl at panix.com (David Mandl) Date: Fri, 1 Apr 94 05:56:29 PST Subject: Cryptography banned in the Netherlands.... Message-ID: <199404011354.AA14408@panix.com> >> I have always thought that the Netherlands was a very liberal country. >> But now the government is proposing a law that totally outlaws the use >> of encryption methods. > >Actually, these are quite consistent. Much of the ``liberal'' agenda >relies on government, whether to impose taxes to support welfare, or to >enforce political correctness, or whatever. But the continued >effectiveness of government (and other large institutions) is threatened >by strong cryptography. > > John E. Kreznar | Relations among people to be by > jkreznar at ininx.com | mutual consent, or not at all. Right, as opposed to conservatives, who are happy to have people "threaten the effectiveness of government and other large institutions." So, among "liberals" we can include Reagan, J. Edgar Hoover, Joe McCarthy, and Nixon, all of whom took some pretty extreme steps to silence critics of "government and other large institutions," up to and including political assassinations. Tell CISPES (Committee in Solidarity with the People of El Salvador) that the hundreds of break-ins and phone taps by the FBI in the mid-80's were intended to make sure that the former didn't increase the effectiveness of the U.S. government too much. Refresh my memory: which country has been destroying lives and seizing millions of dollars' worth of private property for over a decade in a fascistic "War on Drugs"? In which country can people buy, sell, and smoke pot openly without police harrassment of any kind? Which "politically correct" president forbade a Canadian filmmaker who made a film critical of the U.S. government to show that film here unless it had the label "Propaganda" attached to it? I'm no lover of "liberals" (though for very different reasons from you, to be sure), but this is utter nonsense. Do people really believe this stuff? -- Dave Mandl dmandl at panix.com From GRABOW_GEOFFREY at tandem.com Fri Apr 1 06:26:13 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Fri, 1 Apr 94 06:26:13 PST Subject: Anonymous phone calls. Message-ID: <199404010626.AA6457@comm.Tandem.COM> I know how to suppress the transmission of your phone number (caller id) with *67, but I've heard that there is a way to force the routing of call through multiple long distance companies. Since the LDCs don't talk to one another, this should increase the difficulty of tracing and/or tapping a call. Does anybody know how to do this? G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | |----------------------------------------------------------------------| | PGP fingerprint = C9 95 0F C4 E9 DD 8E 73 DD 99 4E F5 EB 7A B6 1D | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From klbarrus at owlnet.rice.edu Fri Apr 1 06:52:18 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Fri, 1 Apr 94 06:52:18 PST Subject: MAIL: remailer list Message-ID: <9404011451.AA05215@flammulated.owlnet.rice.edu> The only change to the list is a new section briefly describing three other services: Miron Cuperman's, Matt Ghio's, and Jay Prime Positive's. -----BEGIN PGP SIGNED MESSAGE----- Cypherpunk anonymous remailers, 4/1/94 Q1: What are the anonymous remailers? 1: remailer at chaos.bsu.edu 2: nowhere at bsu-cs.bsu.edu 3: hh at soda.berkeley.edu 4: rperkins at nyx.cs.du.edu 5: hal at alumni.caltech.edu 6: ebrandt at jarthur.claremont.edu 7: catalyst at netcom.com 8: remailer at rebma.mn.org 9: hfinney at shell.portal.com 10: remailer at utter.dis.org 11: remail at extropia.wimsey.com NOTES: 1-4 no encryption of remailing requests 5-11 support encrypted remailing requests 11 special - header and message must be encrypted together 8,10,11 introduce larger than average delay (not direct connect) 1,2,8,10,11 running on privately owned machines 3 features USENET posting 11 features anonymous pools ====================================================================== Q2: What help is available? Look in ftp://soda.berkeley.edu/pub/cypherpunks/remailer (soda.berkeley.edu = 128.32.149.19) chain.zip - program that helps with using remailers dosbat.zip - MSDOS batch files that help with using remailers hal's.instructions.gz - in depth instruction on how to use hal's.remailer.gz - remailer code pubkeys.tar.gz - public keys of remailers which support encryption pubkeys.zip - MSDOS zip file of public keys scripts.tar.gz - scripts that help with using remailers Or try to gopher to chaos.bsu.edu and look in "Anonymous Mail"/Remailer Instructions" ====================================================================== Q3. Other Services: 1. Miron Cuperman's anonymous pool. To subscribe, send mail to pool0-request at extropia.wimsey.com. Mail sent to pool0 at extropia.wimsey.com will be sent to all subscribers of the anonymous pool. 2. Matt Ghio's pseudo-account remailer. Send mail to mg5n+getid at andrew.cmu.edu You will receive an encrypted mail address of the form mg5n+eaxxxxx at andrew.cmu.edu Mail sent to this address will be forwarded to you. 3. Jay Prime Positive's mail pool Send mail to jpp=0x123456 at markv.com, and the mail will be encrypted with the key matching 0x123456, and sent to alt.test with a subject line of "Ignore 0x123456" To add a key, send to jpp=poolnew at markv.com. The body of the message should contain the public key in pgp format. If there is a key clash, a message with the subject "Ignore jpp=poolnew key already in use" ====================================================================== Q4. Email-to-Usenet gateways? 1: group-name at cs.utexas.edu 2: group.name.usenet at decwrl.dec.com 3: group.name at news.demon.co.uk 4: group.name at news.cs.indiana.edu 5: group-name at pws.bull.com 6: group-name at ucbvax.berkeley.edu NOTES: * This does not include ones that work for single groups, like twwells.com. * Remember to include a Subject: with your post, may cause failures if missing #6 blocks from non-berkeley sites (so use the berkeley remailers :-) ====================================================================== This is the remailer.data file I use with pingmail, a script for pinging anonymous remailers: 01:n:remailer at chaos.bsu.edu 02:n:nowhere at bsu-cs.bsu.edu 03:n:hh at soda.berkeley.edu 04:n:rperkins at nyx.cs.du.edu 05:y:hal at alumni.caltech.edu 06:y:ebrandt at jarthur.claremont.edu 07:y:catalyst at netcom.com 08:y:remailer at rebma.mn.org 09:y:hfinney at shell.portal.com 10:y:remailer at utter.dis.org 11:s:remail at extropia.wimsey.com -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZwz4YOA7OpLWtYzAQGGeQQAuyFqwdZOzFxndIfsCxkU2UMLUCpaRTY6 AVt3KB7uk3YcEYrghxyZhlMcSJp6TywZGfaQbE9edCc4HEMJeUXicVHYgtbazXXm a9gIbSNXb+PTsJMjlqb6fk2uzOq+u2C3RscN8Gh3EVvOg2UVx2PaFcmeGGRRRVQa TrthaeDGjhI= =Loon -----END PGP SIGNATURE----- From ravage at bga.com Fri Apr 1 07:00:09 1994 From: ravage at bga.com (Jim choate) Date: Fri, 1 Apr 94 07:00:09 PST Subject: Bekenstein Bound (was: Crypto and new computing strategies) In-Reply-To: <199403311657.IAA29961@mail.netcom.com> Message-ID: <199404011459.AA12713@zoom.bga.com> > > > Jim Choate writes: > >> > >> The Deutsch paper I quoted before was where I first heard of the Bekenstein > >> Bound which Eric Hughes mentioned. According to Deutsch: > >> > >> "If the theory of the thermodynamics of black holes is trustworthy, no > >> system enclosed by a surface with an appropriately defined area A can have > >> more than a finite number ... > > > The problem I see with this is that there is no connection between a > > black holes mass and surface area (it doesn't have one). In > > reference to the 'A' in the above, is it the event horizon? A funny > > thing about black holes is that as the mass increases the event > > horizon gets larger not smaller (ie gravitational contraction). > > If I read the quote correctly, the surface area of the black hole > itself is not under discussion. Rather, whether it can be contained > in a surface with some area, which it can be. > > Peter > Of course a singularity can be contained in a volume (not shure what you mean by surface), it is in the universe after all. I fail to see how this solves anything. From ravage at bga.com Fri Apr 1 07:22:54 1994 From: ravage at bga.com (Jim choate) Date: Fri, 1 Apr 94 07:22:54 PST Subject: Bekenstein Bound In-Reply-To: <199403311608.IAA05406@jobe.shell.portal.com> Message-ID: <199404011522.AA13324@zoom.bga.com> First off, Black holes are singularities or points and have no volumes. Second, the 'surface' of the event horizon is a fractal and is therefore better represented by a volume. Third, Black holes are not de-coupled from the rest of the universe, they emit 'Hawkings Radiation' which eventually leads to the evaporatio of every black hole, the bigger the faster. State shifts, such as a electron or the collapse of a Hamiltonian in a 2 slip experiment take zero time. The issue of time is irrelevant. Fifth, volume is not an issue because several accepted theories imply a 'many worlds' type of reality. Some of these theories even allow a certain amount of information to leak between them. This occurs because when the Hamiltonian is constructed some states prevent or exclude other states and the state space turns out to be smaller than at first apparent. Sixth, everyone (incl. me initialy) was discussing QED in exclusion. This is completely incorrect. You must include QCD and it is a complete unknown at this point. When QED succeded because of Feynmann the tools were applied to the Quantuam Chromodynamics of Quarks and it has not solved any problems. I did a little scrounging around last nite in my library and came up with w books which discuss aspects of this without burying it in math. Mind Children by Hans Moravec (has a discussion on this exact topic) Quantum Physics: Illusion or Reality? by Alastair Rae Take care... From sandfort at crl.com Fri Apr 1 07:28:38 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 1 Apr 94 07:28:38 PST Subject: Cryptography banned in the Netherlands.... In-Reply-To: <199404011354.AA14408@panix.com> Message-ID: C'punks, Hey, remember, we're all on the same side. On Fri, 1 Apr 1994, David Mandl wrote after quoting John Kreznar's rant about "liberals": > Right, as opposed to conservatives, who are happy to have people "threaten > the effectiveness of government and other large institutions." [and so on in this vein for several more paragraphs.] Whoe, lighten up fellows. You both agree! *Neither* liberals nor conservatives are automatically our friends. People who are PRO CRYPTO are our friends regardless of what political camp they put themselves in. Please, lets not bring extraneous political, posturing onto this list. Liberals or conservatives who want to ban or regulate crypto are our enemies. Liberals or conservatives who support strong crypto are our friends. It's as simple as that. S a n d y From wex at media.mit.edu Fri Apr 1 07:40:47 1994 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Fri, 1 Apr 94 07:40:47 PST Subject: Patent expiration Message-ID: <9404011540.AA28584@media.mit.edu> Someone has just pointed out to me that the basic PKP patents (D-H especially) expire relatively soon now (the D-H patent was issued in 1980). Seems to me this is a strong motivation for the gov to get Clipper in place now; three years from now all the places that won't use PGP because of legal tangles will be able to use it free and clear! --Alan From smb at research.att.com Fri Apr 1 08:24:56 1994 From: smb at research.att.com (smb at research.att.com) Date: Fri, 1 Apr 94 08:24:56 PST Subject: Patent expiration Message-ID: <9404011624.AA09937@toad.com> Someone has just pointed out to me that the basic PKP patents (D-H especially) expire relatively soon now (the D-H patent was issued in 1 980). Seems to me this is a strong motivation for the gov to get Clipper in place now; three years from now all the places that won't use PGP because of legal tangles will be able to use it free and clear! --Alan No. The basic patent on public key cryptography and the patent on Diffie-Hellman key exchange expire in 1997 (the former on April 28; the latter on August 18). PGP uses RSA, which is protected until September 19, 2000. From ph at netcom.com Fri Apr 1 08:47:41 1994 From: ph at netcom.com (Peter Hendrickson) Date: Fri, 1 Apr 94 08:47:41 PST Subject: Bekenstein Bound (was: Crypto and new computing strategies) In-Reply-To: <199404011459.AA12713@zoom.bga.com> Message-ID: <199404011647.IAA29956@mail.netcom.com> Jim Choate writes: >> Jim Choate writes: >>>> >>>> The Deutsch paper I quoted before was where I first heard of the Bekenstein >>>> Bound which Eric Hughes mentioned. According to Deutsch: >>>> >>>> "If the theory of the thermodynamics of black holes is trustworthy, no >>>> system enclosed by a surface with an appropriately defined area A can have >>>> more than a finite number ... >> >>> The problem I see with this is that there is no connection between a >>> black holes mass and surface area (it doesn't have one). In >>> reference to the 'A' in the above, is it the event horizon? A funny >>> thing about black holes is that as the mass increases the event >>> horizon gets larger not smaller (ie gravitational contraction). >> >> If I read the quote correctly, the surface area of the black hole >> itself is not under discussion. Rather, whether it can be contained >> in a surface with some area, which it can be. > Of course a singularity can be contained in a volume (not shure what you mean > by surface), it is in the universe after all. > I fail to see how this solves anything. When I read the quote being discussed, it seems to say that no system which can be contained in a surface with an appropriate area A can have more than a finite number of states. I don't think that volume is discussed at all, just a surface. If you are happy to contain the singularity in an imaginary cube with a million light years on each side, I'm happy to call the surface the sides of that cube. This may seem pointless, because, as you point out, everything in the universe can be contained in a surface (or volume). It is not pointless if we can imagine systems which cannot be contained in a surface. I'm guessing that a very large system, say everything in the universe, might not be containable in a surface. If the quote is correct that would imply that the universe may not have a finite number states. The cryptography tie in: if the quote is correct, then any computer we build is going to have a finite number of states which implies that the number of computrons is theoretically limited. And this implies that there may be RSA keys of sufficient size that they cannot be broken with brute force, which doesn't seem that surprising. Peter From kkirksey at world.std.com Fri Apr 1 09:04:37 1994 From: kkirksey at world.std.com (Ken B Kirksey) Date: Fri, 1 Apr 94 09:04:37 PST Subject: How Many Games of Chess? Message-ID: <199404011703.AA26001@world.std.com> This is tangentially related to crypto. I've been reading A.K. Dewdney's _The New Turning Omnibus_ recently to refresh my memory of all that stuff I learned in undergrad that I'm going to see again on the Comp Sci GRE shortly. :-) Anyway, I was glancing through the chapters on complexity, computabilty, and minimax trees, and I got to wondering something: how many possible games of chess are there? I know that it has to be a finite number, but I'm not sure how to go about finding this number. Any pointers would be appreciated. Ken ============================================================================= Ken Kirksey kkirksey at world.std.com Mac Guru & Developer ----------------------------------------------------------------------------- When the going gets tough, the tough hide under the table. -Edmund Blackadder From m5 at vail.tivoli.com Fri Apr 1 09:19:24 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Fri, 1 Apr 94 09:19:24 PST Subject: How Many Games of Chess? In-Reply-To: <199404011703.AA26001@world.std.com> Message-ID: <9404011719.AA26417@vail.tivoli.com> Ken B Kirksey writes: > how many possible games of chess are there? A lot. I recall a somewhat compulsive friend calculating how long it would take to generate the complete game tree assuming the surface of Jupiter were covered with Cyber 7600's (it was a while ago), and it was a long time. It's probably tricky to figure the count because you can't just use a simple combinatorial system; you have to filter out illegal configurations, and of course the paths down the game tree don't all terminate in the same number of hops (and you have to find the ones that don't terminate at all!). Then again, I'm not a mathematician and I don't play chess, so the word "tricky" above needs to be re-evaluated subjectively. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From lefty at apple.com Fri Apr 1 09:33:09 1994 From: lefty at apple.com (Lefty) Date: Fri, 1 Apr 94 09:33:09 PST Subject: How Many Games of Chess? Message-ID: <9404011731.AA18102@internal.apple.com> >This is tangentially related to crypto. I've been reading A.K. Dewdney's >I was glancing through the chapters on complexity, >computabilty, and minimax trees, and I got to wondering something: how >many possible games of chess are there? I know that it has to be a finite >number, but I'm not sure how to go about finding this number. Any >pointers would be appreciated. It doesn't seem to me that this _can_ be readily calculated in any reasonable amount of time. It's not a simple (realtively) combinatorial problem: the configuration of the board at any given point limits the legal moves in an extremely nontrivial way. I believe I can get you as far as the second move, though: I make it to be twenty-one possible openings and twenty-one responses. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From dmandl at panix.com Fri Apr 1 09:38:25 1994 From: dmandl at panix.com (David Mandl) Date: Fri, 1 Apr 94 09:38:25 PST Subject: Cryptography banned in the Netherlands.... Message-ID: <199404011737.AA16441@panix.com> >C'punks, > >Hey, remember, we're all on the same side. > >On Fri, 1 Apr 1994, David Mandl wrote after quoting John Kreznar's rant >about "liberals": > >> Right, as opposed to conservatives, who are happy to have people "threaten >> the effectiveness of government and other large institutions." [and so >on in this vein for several more paragraphs.] > >Whoe, lighten up fellows. You both agree! *Neither* liberals nor >conservatives are automatically our friends. People who are PRO CRYPTO >are our friends regardless of what political camp they put themselves >in. Please, lets not bring extraneous political, posturing onto this >list. Liberals or conservatives who want to ban or regulate crypto are >our enemies. Liberals or conservatives who support strong crypto are our >friends. It's as simple as that. Yup, that was exactly my point. Knee-jerk generalizations like "all liberals are evil and want to take our freedom away" are simplistic and silly and betray a gross misunderstanding of the way things are. Personally, I prefer to stay away from "good cops" AND "bad cops." --Dave. -- Dave Mandl dmandl at panix.com From johnkc at well.sf.ca.us Fri Apr 1 10:04:49 1994 From: johnkc at well.sf.ca.us (John K Clark) Date: Fri, 1 Apr 94 10:04:49 PST Subject: Khufu Message-ID: <199404011804.KAA00520@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- In the April Dr. Dobb's ( page 20 ) it say's that Khufu is insecure because the key is only 64 bits long ; I was always under the impression that Khufu was 512 bits long ( 64 BYTES ). Have I been misinformed? John K Clark johnkc at well.sf.ca.us -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZxbgnwRpTAWSvwVAQEPsgQAyWHDGPJux9eJz4w0jOX7IHWZ1ogvMPKH y4nUOzJDTHtAmmgjmxt+5J4cVKOMtpRMkHMNys+bqn5Cv0cEPf/dH/XSJUBmryNA OHNjfAMSPPXxvUiejH3rXqMqeeIt2XL75BWDoUp2Gx7PJBBcvsGUGSSgo3UHROko R8UpUK278qA= =G7WF -----END PGP SIGNATURE----- From storm at access.digex.net Fri Apr 1 10:19:52 1994 From: storm at access.digex.net (Don Melvin) Date: Fri, 1 Apr 94 10:19:52 PST Subject: Collapse of the Wave Function Predicted, Timing Uncertain In-Reply-To: <199403312230.OAA04421@mail.netcom.com> Message-ID: <199404011819.AA28835@access3.digex.net> >> From: Setheni Davidson (CompuCom) >> >> Trust Congress? Not With This Unbelieveable Lair of Slop >> PC Computing, April 1994, page 88. >> By John C. Dvorak >> > >> The moniker -- Information Highway -- itself seems to be responsible for SB >> #040194. Introduced by Senator Patrick Leahy, it's designed to prohibit >> anyone from using a public computer network (Information Highway) while the >> computer user is intoxicated. I know how silly this sounds, but Congress > > ....rest of Dvorak's April column elided.. > Possibly giving them more credit than they deserve, look at the enforcement issue. The only way to positively determine intoxication requires physical presence of the LEO tester, this would be an excellent way to obtain "probable cause" for a personal visit... From mmarkley at microsoft.com Fri Apr 1 10:30:30 1994 From: mmarkley at microsoft.com (Mike Markley) Date: Fri, 1 Apr 94 10:30:30 PST Subject: How Many Games of Chess? Message-ID: <9404011831.AA05066@netmail2.microsoft.com> ---------- | From: Lefty | To: | Subject: Re: How Many Games of Chess? | Date: Friday, April 01, 1994 9:31AM | | Received: from relay2.UU.NET by netmail.microsoft.com with SMTP (5.65/25-eef) | id AA25823; Fri, 1 Apr 94 09:50:19 -0800 | Received: from toad.com by relay2.UU.NET with SMTP | (5.61/UUNET-internet-primary) id AAwjtu01006; Fri, 1 Apr 94 12:44:37 -0500 | Received: by toad.com id AA11484; Fri, 1 Apr 94 09:33:09 PST | Received: from colossus.apple.com by toad.com id AA11477; Fri, 1 Apr 94 09:33:01 PST | Received: from [90.1.0.18] by colossus.apple.com with SMTP (5.65/8-Oct-1993-eef) | id AA17501; Fri, 1 Apr 94 09:31:21 -0800 | Received: from lefty.apple.com by gallant.apple.com with SMTP (5.64/27-Sep-1991-eef) | id AA18102; Fri, 1 Apr 94 09:31:18 PST | for cypherpunks at toad.com | Message-Id: <9404011731.AA18102 at internal.apple.com> | Mime-Version: 1.0 | Content-Type: text/plain; charset="us-ascii" | Sender: netmail!owner-cypherpunks at toad.com | Precedence: bulk | | >This is tangentially related to crypto. I've been reading A.K. Dewdney's | >I was glancing through the chapters on complexity, | >computabilty, and minimax trees, and I got to wondering something: how | >many possible games of chess are there? I know that it has to be a finite | >number, but I'm not sure how to go about finding this number. Any | >pointers would be appreciated. | | It doesn't seem to me that this _can_ be readily calculated in any | reasonable amount of time. It's not a simple (realtively) combinatorial | problem: the configuration of the board at any given point limits the legal | moves in an extremely nontrivial way. | | I believe I can get you as far as the second move, though: I make it to be | twenty-one possible openings and twenty-one responses. | | -- | Lefty (lefty at apple.com) | C:.M:.C:., D:.O:.D:. | | | I seem to remember from way back in high school that the number of potential moves by the third set of moves is on the order of billions of legal moves. I am also pretty sure that it is not exponential but a factoral growth. I don't think that it is possible to determine every possible game. Mike -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Mike Markley || The opinions here do not represent the mmarkley at microsoft.com || opinions of my employer. Attempts to || associate the two are pointless. "I want to look at life, In the available light" - Neil Peart - From storm at access.digex.net Fri Apr 1 10:40:21 1994 From: storm at access.digex.net (Don Melvin) Date: Fri, 1 Apr 94 10:40:21 PST Subject: Our Tax dollars at work! (NOT a sick joke) In-Reply-To: <199403312315.AAA25668@an-teallach.com> Message-ID: <199404011840.AA01073@access3.digex.net> > > :> register your protests with your congressperson or Ms. Lirpa Sloof in > ||||||||||| > Gosh, we're slow today kids... > Yeah, but think of all the rampant paranoia from people to don't read all the way to the end! From gnu Fri Apr 1 10:48:20 1994 From: gnu (gnu) Date: Fri, 1 Apr 94 10:48:20 PST Subject: PHILIP ZIMMERMAN ARRESTED [NOT!] Message-ID: <9404011848.AA12597@toad.com> This is an April Fools' Day prank. I spoke personally to Phil and he is sitting comfortably in his own house (with the phone ringing off the hook). John ------- Forwarded Message From: Tommy the Tourist Newsgroups: alt.security.pgp Subject: PLEASE READ: PHILIP ZIMMERMAN ARRESTED Date: 1 Apr 1994 14:25:30 GMT Organization: Cypherpunks Message-ID: <2nhasq$ltb at agate.berkeley.edu> NNTP-Posting-Host: soda.berkeley.edu Originator: hh at soda.berkeley.edu Philip Zimmerman, writer of the popular encryption program PGP, has been arrested! He is being held on $1,000,000 bail. The charges against him are as follows: 1) Violating PKP's patent on RSA. 2) Allowing PGP to be distributed outside of the US. I have just heard about this, since I work for the FBI (which is why I am posting this anonymously), and will post more information when I can get it. You may wish to set up a fund to help pay Zimmerman's bail. ecodefence nitroglycerin uzi detonate - -------- For more information about this anonymous posting service, please send mail to hh at soda.berkeley.edu with Subject: remailer-info. Eric Hollander takes no responsibility for the contents of this post. Please, don't throw knives. ------- End of Forwarded Message From swalters at freenet3.scri.fsu.edu Fri Apr 1 10:54:31 1994 From: swalters at freenet3.scri.fsu.edu (Shadow) Date: Fri, 1 Apr 94 10:54:31 PST Subject: How Many Games of Chess? In-Reply-To: <9404011831.AA05066@netmail2.microsoft.com> Message-ID: but now the sun shines cold and all the sky is grey (the cure) the stars are dimmed by clouds and tears and all i wish is gone away -- all i wish is gone away On Fri, 1 Apr 1994, Mike Markley wrote: > ---------- > | From: Lefty > | To: > | Subject: Re: How Many Games of Chess? > | Date: Friday, April 01, 1994 9:31AM > | > | Received: from relay2.UU.NET by netmail.microsoft.com with SMTP (5.65/25-eef) > | id AA25823; Fri, 1 Apr 94 09:50:19 -0800 > | Received: from toad.com by relay2.UU.NET with SMTP > | (5.61/UUNET-internet-primary) id AAwjtu01006; Fri, 1 Apr 94 12:44:37 -0500 > | Received: by toad.com id AA11484; Fri, 1 Apr 94 09:33:09 PST > | Received: from colossus.apple.com by toad.com id AA11477; Fri, 1 Apr > 94 09:33:01 PST > | Received: from [90.1.0.18] by colossus.apple.com with SMTP > (5.65/8-Oct-1993-eef) > | id AA17501; Fri, 1 Apr 94 09:31:21 -0800 > | Received: from lefty.apple.com by gallant.apple.com with SMTP > (5.64/27-Sep-1991-eef) > | id AA18102; Fri, 1 Apr 94 09:31:18 PST > | for cypherpunks at toad.com > | Message-Id: <9404011731.AA18102 at internal.apple.com> > | Mime-Version: 1.0 > | Content-Type: text/plain; charset="us-ascii" > | Sender: netmail!owner-cypherpunks at toad.com > | Precedence: bulk > | > | >This is tangentially related to crypto. I've been reading A.K. Dewdney's > | >I was glancing through the chapters on complexity, > | >computabilty, and minimax trees, and I got to wondering something: how > | >many possible games of chess are there? I know that it has to be a finite > | >number, but I'm not sure how to go about finding this number. Any > | >pointers would be appreciated. > | > | It doesn't seem to me that this _can_ be readily calculated in any > | reasonable amount of time. It's not a simple (realtively) combinatorial > | problem: the configuration of the board at any given point limits the legal > | moves in an extremely nontrivial way. > | > | I believe I can get you as far as the second move, though: I make it to be > | twenty-one possible openings and twenty-one responses. > | > | -- > | Lefty (lefty at apple.com) > | C:.M:.C:., D:.O:.D:. > | > | > | > > I seem to remember from way back in high school that the number of > potential moves by the third set of moves is on the order of billions > of legal moves. I am also pretty sure that it is not exponential but a > factoral growth. I don't think that it is possible to determine every > possible game. > > Mike > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Mike Markley || The opinions here do not represent the > mmarkley at microsoft.com || opinions of my employer. Attempts to > || associate the two are pointless. > > "I want to look at life, In the available light" > - Neil Peart - > > Not to mention all of the repeating- non-ending games Shadow p.s. i wonder if there is a "irrational" game....one that goes on to infinity but never repeats itself.....I would imagine not as there are only a finite number of possibilities for peices to exist on the board it was an interesting thought whie it lasted.... From solovay at math.berkeley.edu Fri Apr 1 11:07:20 1994 From: solovay at math.berkeley.edu (Robert M. Solovay) Date: Fri, 1 Apr 94 11:07:20 PST Subject: How Many Games of Chess? In-Reply-To: <9404011831.AA05066@netmail2.microsoft.com> Message-ID: <199404011906.LAA28894@math.berkeley.edu> mmarkley at microsoft.com writes: I seem to remember from way back in high school that the number of potential moves by the third set of moves is on the order of billions of legal moves. The number of moves in a given chess position is less than 64 (number of starting squares) times 64 (number of destination squares) x 4 [number of ways a pawn can promote]. Thus we get the bound 16, 384 [which can be easily improved] which is way less than "billions of possible moves". The same computation shows that the number of possible games of length n grows at worst expoentially pace mr markley. The right way to think about this is to get sharp upper bounds rather than attempt a precise calculation. A crude upper bound would be longerst possible game is about 6000 moves [using the 50 move rule]. At most 2**16 mves per position so at most 10**[192 * 10**6] games. I'm sure that sharper estimates are readily available. From tcmay at netcom.com Fri Apr 1 11:13:45 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 1 Apr 94 11:13:45 PST Subject: Our Tax dollars at work! (NOT a sick joke) In-Reply-To: <199404011840.AA01073@access3.digex.net> Message-ID: <199404011914.LAA16484@mail.netcom.com> Don Melvin wrote: > > > > :> register your protests with your congressperson or Ms. Lirpa Sloof in > > ||||||||||| > > Gosh, we're slow today kids... > > > Yeah, but think of all the rampant paranoia from people to don't read all > the way to the end! > Lefty's original point ("Gosh, we're slow today kids...") also ignored the point that all of us who "got it" mostly had the good sense not to comment, thus skewing the sampling process. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From lefty at apple.com Fri Apr 1 11:18:17 1994 From: lefty at apple.com (Lefty) Date: Fri, 1 Apr 94 11:18:17 PST Subject: How Many Games of Chess? Message-ID: <9404011917.AA20715@internal.apple.com> >p.s. i wonder if there is a "irrational" game....one that goes on to >infinity but never repeats itself.....I would imagine not as there are >only a finite number of possibilities for peices to exist on the board >it was an interesting thought whie it lasted.... I can easily think of a trivial one. Get to a point where the only pieces left on the board are the two kings. Roll an eight-sided die to determine the next move for each king. If the move would place the king in check, roll again. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From tcmay at netcom.com Fri Apr 1 11:30:47 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 1 Apr 94 11:30:47 PST Subject: Number of Legal Chess Games Message-ID: <199404011931.LAA18398@mail.netcom.com> On the question someone asked about the number of chess games... My recollection is that a fairly careful calculation of the number of legal games between good players (see Note below) is about 10^140. The number of legal Go games is vastly larger, around 10^700. (Each board position has far more branch positions, the Go board being 19 x 19.) I have a bunch of Go books, and some computer chess books (Levy), but I can't find the calculation referenced. It's not a "plug in" calculation, either, as a lot of empirical cruft (good moves, winning configurations, etc.) gets taken into account. But I think the basic estimate of around 10^140 is well-accepted. It might be as "low" as 10^120 or as "high" as 10^160, for example, but that's the right ballpark, from what I've seen. As a reminder, it is estimated that there are about 10^72 particles in the entire universe. Thus, about 10^60 games of chess for each and every particle in the universe. The situation with Go is even more extreme. Welcome to the strange and exciting world of combinatorial explosion. (Note: If two infinitely powerful agents played, the number would presumably drop, as each would see the implications--chess not being a game of chance--of who made the first move and one side would resign. Lesser agents would have more games, presumably. Even lesser agents, novices, might eventually have _fewer_ games, as the games stumbled into wins earlier on. A novice against a grandmaster should also have far fewer games. as the grandmaster wins quickly. At what point of expertise the "maiximum" number of games exists is an interesting question.) For further info, I'd recommend the many good books on computer chess....I'm sure that some of them sketch out how these calculations are done. I've recently seen several new books on computer Go and computer chess, which technical bookstores and libraries should have. Also, asking on rec.games.chess and rec.games.go might produce better results than here on Cypherpunks. The question might well even be in a FAQ for rec.games.chess...now I'm curious about this and will go check. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jim at rand.org Fri Apr 1 11:31:28 1994 From: jim at rand.org (Jim Gillogly) Date: Fri, 1 Apr 94 11:31:28 PST Subject: How Many Games of Chess? In-Reply-To: <199404011906.LAA28894@math.berkeley.edu> Message-ID: <9404011931.AA21860@mycroft.rand.org> I was hoping this thread would die quickly, since it's wildly off-topic. However... the tightest bound on the number of different positions (more interesting to us (former) chess programmers than different games) that I've seen is about 2.3 * 10^49, due to Tim W. Smith in 1991. Previously we were seeing numbers like 10^120. Smith used Huffman-like position codes to demonstrate the bound. I strongly suggest the discussion move off to rec.games.chess, where the question comes up frequently. Jim Gillogly 10 Astron S.R. 1994, 19:30 From mmarkley at microsoft.com Fri Apr 1 11:33:13 1994 From: mmarkley at microsoft.com (Mike Markley) Date: Fri, 1 Apr 94 11:33:13 PST Subject: How Many Games of Chess? Message-ID: <9404011934.AA07422@netmail2.microsoft.com> ---------- | From: Robert M. Solovay | To: Mike Markley | Cc: | Subject: How Many Games of Chess? | Date: Friday, April 01, 1994 11:06AM | | Received: from math.Berkeley.EDU by netmail.microsoft.com with SMTP (5.65/25-eef) | id AA02131; Fri, 1 Apr 94 11:04:58 -0800 | Received: by math.berkeley.edu (8.6.8/1.33(math)Ow) | id LAA28894; Fri, 1 Apr 1994 11:06:45 -0800 | Message-Id: <199404011906.LAA28894 at math.berkeley.edu> | In-Reply-To: Mike Markley's message of Fri, 1 Apr 94 10:20:55 | TZ <9404011831.AA05066 at netmail2.microsoft.com> | | | mmarkley at microsoft.com writes: | | I seem to remember from way back in high school that the number of | potential moves by the third set of moves is on the order of billions | of legal moves. | | The number of moves in a given chess position is less than 64 | (number of starting squares) times 64 (number of destination squares) | x 4 [number of ways a pawn can promote]. Thus we get the bound 16, 384 | [which can be easily improved] which is way less than "billions of | possible moves". The same computation shows that the number of | possible games of length n grows at worst expoentially pace mr | markley. | | The right way to think about this is to get sharp upper bounds rather | than attempt a precise calculation. A crude upper bound would be | longerst possible game is about 6000 moves [using the 50 move rule]. | At most 2**16 mves per position so at most 10**[192 * 10**6] games. | I'm sure that sharper estimates are readily available. | | I should have said billions of potential states for the board after each move. If you think of the number of initial moves for the starting player its only 16 potential positions for the pawns and 4 for the knights. If the first player takes one of these positions then the second player moves he has the same 20 potential moves giving an potential state of 400 different positions after the first move. After the second move there is on the order of greater than 160,000 potential states for the board. After 3 moves it is greater than 2.56 * 10^10 potential states. I was thinking in terms of states rather than valid moves. Mike. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Mike Markley || The opinions here do not represent the mmarkley at microsoft.com || opinions of my employer. Attempts to || associate the two are pointless. "I want to look at life, In the available light" - Neil Peart - From prz at columbine.cgd.ucar.EDU Fri Apr 1 11:46:17 1994 From: prz at columbine.cgd.ucar.EDU (Philip Zimmermann) Date: Fri, 1 Apr 94 11:46:17 PST Subject: PRZ is still at large Message-ID: <9404011947.AA29546@columbine.cgd.ucar.EDU> I have received several phone calls today from people who read some sort of April-fools posting on some newsgroup that I had been arrested for PGP-related stuff. Well, it isn't true. I'm still at large. I'm still unindicted. And still not sued. Someone had an idea that this would make a funny April fools joke. I hope this clears things up. Feel free to repost this message to all the relevant newsgroups, because I can't do it because the newsreader at my sight is having problems. I hope this cuts down on the phone calls. Philip Zimmermann prz at acm.org From jamiel at sybase.com Fri Apr 1 11:47:51 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Fri, 1 Apr 94 11:47:51 PST Subject: Anonymous phone calls. Message-ID: <9404011947.AA06516@ralph.sybgate.sybase.com> At 6:25 AM 04/01/94 -0800, GRABOW_GEOFFREY at tandem.com wrote: > I know how to suppress the transmission of your phone number (caller >id) with *67, but I've heard that there is a way to force the routing of One point here- you are not actually suppressing the transmission of your phone number. It is transmitted *between switches* in any case- you are simply suppressing the transmission from a switch to the destnation phone. This is important in relation to the phone company recieving data, as well as the distinct possibility that a clever person could still get this. I got the above info out of Phrack Magazine (_Caller ID Technical Details_ by Hyperborean Menace #45-06, still being issued as I write this). >call through multiple long distance companies. Since the LDCs don't talk >to one another, this should increase the difficulty of tracing and/or >tapping a call. Does anybody know how to do this? Don't know, but from what little I know about the phone company, I would assume using the demand-dial numbers (like 102880) for ATT) from another long distance phone would be a start. jamie From cme at sw.stratus.com Fri Apr 1 11:51:11 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Fri, 1 Apr 94 11:51:11 PST Subject: the rest of the key Message-ID: <199404011950.OAA06524@galt.sw.stratus.com> > >I understand the Skipjack review committee will be looking into the key >generation process at Mykotronx also. The procedures originally proposed >for burning in the keys has some annoying flaws that have been pointed out >frequently, like the existence of both halves in the same room at the same >time, which would be a tempting target for somebody siphoning them off to >a private single-site escrow. :) Various people have suggested that the >two halves of the key could be burned in at separate locations, so that the >only place they're put together is in the key itself; this was not part of >the proposal as we've seen it so far out here. > ..but what of at least the original description which had the key generated by a function within the sacrificial laptop (a PRNG driven by the two key pieces supplied by the escrow agents)? K_i = PRNG( E_1, E_2, i ) ; If PRNG is secret (a high power NSA algorithm), it might be a *truly* high quality one-way-function -- which happens to be independent of E_1 and E_2. No one would be the wiser -- and the NSA's job would be a lot easier, in the event that some chips get stolen or someone bombs the escrow center and its backup sites. - Carl From swalters at freenet3.scri.fsu.edu Fri Apr 1 12:07:11 1994 From: swalters at freenet3.scri.fsu.edu (Shadow) Date: Fri, 1 Apr 94 12:07:11 PST Subject: How Many Games of Chess? In-Reply-To: Message-ID: > > I seem to remember from way back in high school that the number of > > potential moves by the third set of moves is on the order of billions > > of legal moves. I am also pretty sure that it is not exponential but a > > factoral growth. I don't think that it is possible to determine every > > possible game. > > > > Mike > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > Mike Markley || The opinions here do not represent the > > mmarkley at microsoft.com || opinions of my employer. Attempts to > > || associate the two are pointless. > > > > "I want to look at life, In the available light" > > - Neil Peart - > > > > > Not to mention all of the repeating- non-ending games > Shadow > p.s. i wonder if there is a "irrational" game....one that goes on to > infinity but never repeats itself.....I would imagine not as there are > only a finite number of possibilities for peices to exist on the board > it was an interesting thought whie it lasted.... I have recieved a lot of personal mail stating that the game is a draw if such and such happens....i was ignoring this when i wrote the post....it takes all the fun out of thinking about the problem... Shadow p.s. I'm also referring to perfectly logical entities playing who aren't out to win the game...just play and play and play and aplay and play and aplay ...... From rarachel at photon.poly.edu Fri Apr 1 12:20:16 1994 From: rarachel at photon.poly.edu (Arsen Ray Arachelian) Date: Fri, 1 Apr 94 12:20:16 PST Subject: patent search service (fwd) Message-ID: <9404012020.AA05818@photon.poly.edu> Incase you need to sneak up on some patents, you have your chance next week... These guys are doing a >FREE< patent search for a week because they're testing their systems... I thought I'd pass this on to you incase you'd like to look up the finer points of crypto, the MicroSoft-Stacker patents wars, etc... Forwarded message: > From spo_patent at spo.eds.com Mon Mar 28 22:56:07 1994 > Date: Mon, 28 Mar 94 21:11:48 CST > From: spo_patent at spo.eds.com > To: uunet!photon.poly.edu!rarachel at uunet.UU.NET > Sender: spo_patent at spo.eds.com > Subject: Re: patent search service > Message-Id: <19940328_162456_spo14_5430> > Return-Receipt-To: spo_patent at spo.eds.com > > EDS-SPO ELECTRONIC MAIL PATENT SEARCH SERVICE > PHASE TWO FREE TESTING PERIOD > April 4-April 15, 1994 > > CONCEPT VERSUS BOOLEAN SEARCHES > > Key word searches are now obsolete. EDS' Shadow Patent Office (SPO) > has developed a computerized, concept search method that utilizes the > Internet Information Superhighway. This on-line, computerized method > analyzes input text and compares it against EDS-SPO's database of 1.7 > million US utility patents. > > THE TECHNOLOGY BEHIND CONCEPT SEARCHES > > The EDS-SPO concept search method utilizes massive databases with huge > memory (20 gigabytes), parallel hardware and software, and client > -server technology. The EDS-SPO computer's combination of advanced > hardware and software maximizes fast access to its main memory. > Consequently, EDS-SPO can offer customers a fast, accurate, and cost > effective patent search. EDS-SPO has offered patent searching since > 1992. > > PHASE II TESTING > > The Phase II testing period will occur April 4, 1994 through April 15, > 1994. During this time, each participant will be allowed 3 free patent > searches per day. After April 15, 1994, there will be fees associated > with the type of patent search requested. > > For the Phase II testing period, users may request Subject Search > reports by providing 50-1000 words of text and keywords in electronic > mail format. An Infringement Search report is also available. A user > requests this report by providing a patent id number and keywords in > electronic mail format. A report will be electronically mailed back to > the user requesting either type of report. Each report will contain the > following information for the 50 closest patents to the search criteria. > > o Patent ID > o Issue Date > o Class > o Title > o Inventor > o Assignee > o Abstract > > Any organization or individual researching and/or developing a non- > patented product or service will want on-line access to this powerful > search tool. Areas of potential research include, but are not limited > to: electronics, chemicals, pharmaceuticals, software, petroleum, and > mechanics. > > HOW TO REGISTER > > Prior to performing a patent search, you must be registered with EDS-SPO. > To register, fill out the form below and send it to the following > Internet address: spo_patent at spo.eds.com. > > PLEASE ANSWER THE FOLLOWING QUESTIONS > > 1) Company Name: ___________________________________________ > 2) Customer Name____________________________________________ > 3) Title: _________________________________________________ > 4) Address: (street)________________________________________ _________________________________________________________ > City: _____________ State: ____________ County:_______ > Zip: ______________ Country: __________ > 5) E-Mail address: ________________________________________ > 6) Telephone Number:________________________________________ > 7) Fax Number: _____________________________________________ > > When the above information is provided, EDS-SPO will send you > a tutorial via the Internet. > > > CONTACTS > > Contact EDS-SPO by sending an e-mail message to spo_patent at spo.eds.com. > > > CONFIDENTIALITY AGREEMENT BETWEEN CUSTOMER AND EDS-SPO > > The EDS-SPO network and system are separated from the rest of EDS. > EDS-SPO agrees to keep all customer information confidential and will > allow only those staff members with a need to know to have access to > such information. Customer information shall include, but not limited > to, search disclosures, customer names, report requests, and any other > written, electronic, or oral correspondence between EDS-SPO and its > customer. > From hayden at krypton.mankato.msus.edu Fri Apr 1 13:14:36 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 1 Apr 94 13:14:36 PST Subject: PRZ is still at large In-Reply-To: <9404011947.AA29546@columbine.cgd.ucar.EDU> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 1 Apr 1994, Philip Zimmermann wrote: > I have received several phone calls today from people who read some > sort of April-fools posting on some newsgroup that I had been arrested > for PGP-related stuff. Well, it isn't true. I'm still at large. > I'm still unindicted. And still not sued. Someone had an idea that > this would make a funny April fools joke. > > I hope this clears things up. Feel free to repost this message to > all the relevant newsgroups, because I can't do it because the newsreader > at my sight is having problems. I hope this cuts down on the phone calls. > > > Philip Zimmermann > prz at acm.org How do we know that this is really you? You didn't sign your message? You could be the nasty mean ole feds trying to trick us :-) (BTW: I believe you, just being annoying) ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" - -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCUAgUBLZyP2J3BsrEqkf9NAQGKYQP4og7F1U+U48cbeu8Y7K+vwDh9SOWtmdgX mJTFb1/oErntLnzGpXHhJjvDlMiVbO6+3Odqp1iWwMp5SWEywvYidYGRcVw7xbl9 ekLF/QsAHKzEOAPOeqGqHQ17w3n+cH6mfXq1RtR7SsZjr7jHZNo53YWoddH+GP/C i/Xl5DJVnw== =FMxx -----END PGP SIGNATURE----- From storm at access.digex.net Fri Apr 1 13:16:18 1994 From: storm at access.digex.net (Don Melvin) Date: Fri, 1 Apr 94 13:16:18 PST Subject: RSA contact info needed Message-ID: <199404012116.AA09797@access3.digex.net> Hi! I seem to have lost some files. One of them had contact information for RSA and a comment that they are resonable in their licensing pratices. If someone could email that info to me, I'd be very appreciate. Thanks, Storm From collins at newton.apple.com Fri Apr 1 13:44:00 1994 From: collins at newton.apple.com (Scott Collins) Date: Fri, 1 Apr 94 13:44:00 PST Subject: How Many Games of Chess? Message-ID: <9404012052.AA04563@newton.apple.com> >This is tangentially related to crypto. I've been reading A.K. Dewdney's >_The New Turning Omnibus_ recently to refresh my memory of all that stuff >I learned in undergrad that I'm going to see again on the Comp Sci GRE >shortly. :-) Anyway, I was glancing through the chapters on complexity, >computabilty, and minimax trees, and I got to wondering something: how >many possible games of chess are there? I know that it has to be a finite >number, but I'm not sure how to go about finding this number. Any >pointers would be appreciated. First, I think there are a finite number of games only if all stale-mates are are required to terminate. Second, here's one way if `just walking the tree` is too boring for you: 0 - Start your computer on this while you hop in a starship and circle in local space at a significant fraction of C. 1 - Generate every legitimate board position (don't forget, pawns may be promoted to other pieces) without regard for playing games. A board position might be expressed as a 64 digit, base 13 number. More efficient representation is probable (and desirable). Plainly the number of board positions is something vastly smaller than 13^64 which is 1.96e71 or 196053476430761073330659 760423566015424403280004 115787589590963842248961 At this time, use two extra bits per state to note the mate condition. Additionally, the total number of games must be less than or equal to the total number of permutations of every possible board position. Thus the total number of possible chess games is something (again vastly) less than (13^64)! (i.e., factorial --- sorry, Mathematica found this a little too daunting to give me an estimate). 2 - Connect nodes with edges representing possible moves. For each position, there can be no more than 64 pieces that might move, and for each, no more than 63 possible results (including pawn promotion), so the maximum number of edges is (13^64)*64*63 or about 7.90e74. At this time, or slightly later, use the mate bits to indicate stale-mates. 3 - Remove all subgraphs unreachable from the distinguished node that represents the starting position. 4 - Count the number of distinct paths through the graph that end in a mate or a stale-mate. 5 - Land your spaceship, collect your answer and find out how much money accumulated in your hedge-fund while you were gone. Scott Collins | "That's not fair!" -- Sarah | "You say that so often. I wonder what your basis 408.862.0540 | for comparison is." -- Goblin King ................|.................................................... BUSINESS. fax:974.6094 R254(IL5-2N) collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2D Cupertino, CA 95014 ..................................................................... PERSONAL. 408.257.1746 1024:669687 catalyst at netcom.com From jkreznar at ininx.com Fri Apr 1 14:01:27 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Fri, 1 Apr 94 14:01:27 PST Subject: Cryptography banned in the Netherlands.... In-Reply-To: <199404011354.AA14408@panix.com> Message-ID: <9404012200.AA05481@ininx> -----BEGIN PGP SIGNED MESSAGE----- > I'm no lover of "liberals" (though for very different reasons from you, to > be sure), but this is utter nonsense. Do people really believe this stuff? Uhhm... Boy! Was I _that_ unclear about my meaning? It is a _virtue_ of strong cryptography that it reduces the effectiveness of governments. That's part of what cypherpunks is about. Or am I now misunderstanding you as badly as you apparently misunderstood me? No way did I intend to defend _any_ nation-state, _especially_ including any conducting wars on drugs or presuming to forbid the showing of a film or tapping the phones of dissidents. My point was that liberals are not automatically innocent of Statism and in fact have ample reason of their own to want an oppressive leviathan State. For this reason, strong cryptography threatens them as much as any other Statists. Freedom and cryptoanarchy are not on the liberal-conservative axis at all. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZyY6MDhz44ugybJAQFqWQP/XtDSGxb4LY3jnu6TnLgPCNzxQY7qIcuZ vLIIg7n0k9SCbCHATdhQnka6adYjc3wgpGq2T8cr9owjKI0bmdT/5eIB5s7jf+q4 UcIhsyuhte5hh/Ps3WE4Y1bjjzO/pXjU3kEts4gZKUqh7gEr/Lu9d3yzhwmk9jzL 7RMfxz0QeHY= =7dbi -----END PGP SIGNATURE----- From pcw at access.digex.net Fri Apr 1 14:19:55 1994 From: pcw at access.digex.net (Peter Wayner) Date: Fri, 1 Apr 94 14:19:55 PST Subject: How Many Games of Chess? Message-ID: <199404012219.AA18361@access1.digex.net> > >This is tangentially related to crypto. I've been reading A.K. Dewdney's > >_The New Turning Omnibus_ recently to refresh my memory of all that stuff > >I learned in undergrad that I'm going to see again on the Comp Sci GRE > >shortly. :-) Anyway, I was glancing through the chapters on complexity, > >computabilty, and minimax trees, and I got to wondering something: how > >many possible games of chess are there? I know that it has to be a finite > >number, but I'm not sure how to go about finding this number. Any > >pointers would be appreciated. > >First, I think there are a finite number of games only if all stale-mates >are are required to terminate. There is that curious rule that ends a game when the same board position occurs three times in the course of the game. I wonder if there were any real cool endgames where the underdog was able to manipulate the overdog into repeating the position three times? Peter Wayner * 4129 Roland Ave. #1B, Baltimore, MD 21211-2038 410-366-1452 From jim at bilbo.suite.com Fri Apr 1 15:37:45 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Fri, 1 Apr 94 15:37:45 PST Subject: The President's Analyst Message-ID: <9404012330.AA25866@bilbo.suite.com> I saw a movie last night called "The President's Analyst". The movie was made in the mid 60's. It's an action comedy that stars James Coburn as the President's psychiatrist who sneaks away from the job because he doesn't like it. Most of the movie consists of silly scenes of spies from the world's major countries chasing after Coburn under the assumption he knows all the President's secrets. At one point in the movie the Russian spy is talking to the US spy... Russian spy: You mean all the phones in the country are tapped? But this is America, not the Soviet Union!! It's a moderately funny movie that contains more truth now than when it was first shown. I recommend it as a cheap laugh and somewhat relevant to today's issues. Jim_Miller at suite.com From jef at ee.lbl.gov Fri Apr 1 16:30:34 1994 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Fri, 1 Apr 94 16:30:34 PST Subject: The President's Analyst Message-ID: <9404020030.AA09800@hot.ee.lbl.gov> Indeed, President's Analyst was an instant classic and ahead of its time. The tpc.org domain is a reference to it. See .sigquote below for another prescient James Coburn meme. --- Jef Jef Poskanzer jef at netcom.com jef at well.sf.ca.us "An *actor* as President??" -- In Like Flint, 1967 From blancw at microsoft.com Fri Apr 1 17:20:22 1994 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 1 Apr 94 17:20:22 PST Subject: InVisible Basic 1.0 Message-ID: <9404020121.AA03119@netmail2.microsoft.com> FYI. I am not making this up. I can only imagine how this will = impact society. ~ Blanc ------------------------------------------------- Microsoft Announces InVisible Basic 1.0 Using the slogan "Not Seeing Is Believing," Microsoft Corporation today = is announcing InVisible Basic 1.0, a completely new use of "stealth" = technology in an object-oriented development environment. "We're taking code transparency to new heights," enthused Product = Manager C. R. as she began an impressive product demo. After just five = minutes of moving a mouse around what appeared to be a blank screen, = selecting unseen menu items, placing indiscernible controls on = inevident forms, and typing in unapparent code, the alleged application = was able to access an undisclosed database, perform a series of = unspecified queries and display whatever data it supposedly encountered = in a completely undetectable format. The only evidence that the application existed at all was the use of = disk space and CPU cycles. "And we're working on that for version 2.0," = C. R. said. "The applications are obvious," said "Jim," a developer with "General = Enterprises," a defense-industry supplier that lists its address as a = P.O. Box somewhere near Bakersfield, Calif. "I mean, if you were = developing a sensitive application--not that we are currently engaged = in any such contracts--and you wanted to ensure complete security--not = that we currently have any clients who have any need for such = security--this would enable you to make an application that was = completely protected--not that I am implying that any of the clients = that I cannot confirm or deny we might have would need this level of = data security--from outside intrusion. It also really saves on screen = real estate." Developed under the code name "Provo," the product was due to ship = concurrently with Visual Basic 3.0, but was lost when the development = team moved to its new offices in the D Level of Building 25. "That = ended up being a thrilling beta test," said C.R. . "I mean, if the = development team can't find the product, then it's pretty darn = invisible, right?" InVisible Basic 1.0 is currently available at an undisclosed location = for an unspecified amount. For technical support, leave an ad in the = personals section of the Miami Herald reading, "Marjoe: all is = forgiven. Bunny." You will receive in the mail a postcard of the = Ballard Fish Locks. At midnight, exactly two days after receiving this = card, be waiting at the "G" concourse of Mile High Stadium in Denver. A = PSS representative will contact you there. The password is "blibbett." -------------------------------- | | | | | | -------------------------------- Clear as a bell, the InVisible Basic product development team shows off = its enthusiasm at a recent ship party. ---------------------------------------------------------------------- = ---------- Copied from MicroNews, Copyright =A9 1994 Microsoft Corporation "Never say a humorous thing to a man who does not possess humour. He = will always use it in evidence against you. -- Sir Herbert Beerhohm-Tree (1853-1917) English actor-manager From CCGARY at MIZZOU1.missouri.edu Fri Apr 1 18:48:53 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Fri, 1 Apr 94 18:48:53 PST Subject: Encryption banned in the Netherlands. Message-ID: <9404020248.AA20019@toad.com> conservative liberal fascist left-wing right-wing statist minarchist anarchist SOME DEFINITIONS In the U.S. it is almost impossible to talk sensibly about politics since no one knows the definitions of political orientations. For instance: what is a conservative? Someone who resists change; someone who wants the old order. Conservative is a relative term & does not make sense without reference to time & place. In the U.S. a conservative would be vaguely a right wing statist. In Russia a conservative would be a Stalinist. Also take liberal: In the old days in the U.S., liberal meant libertarian. In Europe now, liberal means roughly libertarian. In modern U.S., liberal means left wing statist. So what is left & right? The dictionary is useless for this question. But, I think I have figured it out. Left & right is based on EQUALITY OF OUTCOME AMONG PEOPLE BY RULES. A left winger insists on rules that will insure equality of outcome & resists rules that might yield inequality. A right winger opposes rules that coerce equality of outcome & may favor rules that coerce inequality of outcome. In the modern U.S., the political majority is made up of right wing statists (fascists/conservatives/republicans) & left wing statists (socialists/liberals/democrates). There does not seem to be any name for left wing minarchists /or anarchists or right wing minarchists /or anarchists. This list seems to have a lot of left & right wing minarchists & anarchists. I am a right wing anarchist. Strange that right wing & left wing are not bluntly defined. A taboo maybe or doesn't the ruling class want the political discussions to make any sense? Maybe if it were made explicit, then the left & right would think they could be left & right & yet, not support the state. PUSH EM BACK! PUSH EM BACK! WWAAAYYYY BBAAACCCKKKK! BEAT STATE!!!! yours truly, Gary Jeffers From tcmay at netcom.com Fri Apr 1 19:19:03 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 1 Apr 94 19:19:03 PST Subject: Left, Right, Up, Down--Libertarian Ideas In-Reply-To: <9404020248.AA20019@toad.com> Message-ID: <199404020319.TAA09931@mail.netcom.com> Gary Jeffers writes: > conservative liberal fascist left-wing right-wing statist > minarchist anarchist > > SOME DEFINITIONS > > In the U.S. it is almost impossible to talk sensibly about politics > since no one knows the definitions of political orientations. For > instance: what is a conservative? Someone who resists change; someone > There does not seem to be any name for left wing > minarchists /or anarchists or right wing minarchists /or anarchists. > This list seems to have a lot of left & right wing > minarchists & anarchists. I am a right wing anarchist. > > Strange that right wing & left wing are not bluntly defined. A taboo > maybe or doesn't the ruling class want the political discussions to > make any sense? Maybe if it were made explicit, then the left & right > would think they could be left & right & yet, not support the state. Check out the "Nolan Chart," which is a fairly common classification in _two_ dimensions. Libertarians often use it to recruit members, by showing that the views of people they ask ("Do you favor legalizing drugs?" etc.) are often more similar to the libertarian position than to others. I don't have an ASCII version handy, but maybe someone here does. In fairness to my left-leaning friends (Dave Mandl as a good example), the questions in the Nolan Chart test are designed to make almost anyone appear to be a libertarian. I could phrase the same points differently and make anyone appear to be a statist. For example: "Do you believe shops should be allowed to refuse service to blacks?" Now I happen to believe the answer is "yes." But then I understand the market effects, the basic rights, etc. (I also believe airlines can set weight limits, or any other limits, on its stewardesses, that gyms can be "men only" if they wish, that this list can kick off anyone they (the anonymous "they") wish, and so on.) My point is that the left-right classification has in fact been improved upon. Encouragingly, very few arguments on this list revolve around conventional left-right distinctions. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Fri Apr 1 19:26:22 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 1 Apr 94 19:26:22 PST Subject: (fwd) Re: RSA Broken by the Russians? Message-ID: <199404020327.TAA10687@mail.netcom.com> My April Fool's Day spoof was a success, by my own standards at least. Thanks for the personal notes sent to me. I decided last night to forward it to sci.crypt and sci.math, where it got at least one serious response (i.e., someone who didn't get the joke, at least not until the end) and a reasonably funny followup by David Sternlight himself. Sternlight (whom I mentioned as "Bowdark") showed himself not be utterly lacking in sense of humor. I sent this follow-up out tonight. Newsgroups: sci.crypt,sci.math Path: netcom.com!tcmay From: tcmay at netcom.com (Timothy C. May) Subject: Re: RSA Broken by the Russians? Message-ID: Followup-To: sci.crypt,sci.math Date: Sat, 2 Apr 1994 02:19:22 GMT Yes, it was an April Fool's Day spoof. Yes, I wrote it. (Some folks wrote to me, asking where I got it from.) I'm writing here to make a couple of points. First, it was Stephen Wolfram's actual suggestion, a couple of years ago, after the USSR imploded, that we try to recruit mathematicians and programmers from what he surmised must exist: a secret city of Soviet cryptographers. It probably exists. We did it at Los Alamos, they did it with their rocket scientists and others (Akademogorodok exists), so why not put their version of NSA a bit off the beaten track? Note that our own NSA is within a stone's throw of the Baltimore-Washington Parkway. I wouldn't be surprised to learn that their experts were ensconced somewhere in the Urals. I tried to acknowledge Steve with my comments. By the way, so far as I know, no word has come out on whether he was right in this speculation. (Maybe some of the Russians he does in fact have working at Wolfram are these folks? Naw...) Second, Kolmogorov did basic work on information theory, probability, and statistics. One has to assume he had ties to the Soviet cryptography effort (about which little has been written about, so far). If anyone in Russia could have seen public key methods coming, he is a candidate. No evidence that he or any other Russian did, though. Third, my references to Denning and Sternlight were perhaps not riotously funny (though I didn't aim for a rioutously funny tone). Especially in light of David Sternlight's excellent follow-up here....never let it be said that David lacks a sense of humor. The Denning reference was to her own comments about spending a weekend or so trying (and failing, not surprisingly) to crack the Skipjack algorithm. (Real ciphers often take years to break, as with the knapsack algorithm, recent crunching of DES, etc.). Fourth, the "Many Worlds" interpretation of quantum mechanics does exist, and leads to approaches such as I described. It's also a hypothetical way to ensure one's wealth: simply bet everything you own at 1000-to-1 odds and then commit suicide in all universes in which you lose. Not very convincing, I agree. Hans Moravec writes about this in his "Mind Children," 1987. Finally, I used the headers and format of a real article in the ClariNet system, then made modifications. Given that the Supreme Court has recently ruled in favor of "fair use" for satire, I hope my version of "2 Live Crew meets RSA" does not get my sued. (I could just kill myself in all realities in which Brad sues me....) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From dmandl at panix.com Fri Apr 1 21:03:29 1994 From: dmandl at panix.com (David Mandl) Date: Fri, 1 Apr 94 21:03:29 PST Subject: Left, Right, Up, Down--Libertarian Ideas Message-ID: <199404020502.AA17875@panix.com> Tim May writes: >Check out the "Nolan Chart," which is a fairly common classification >in _two_ dimensions. Libertarians often use it to recruit members, by >showing that the views of people they ask ("Do you favor legalizing >drugs?" etc.) are often more similar to the libertarian position than >to others. > >In fairness to my left-leaning friends (Dave Mandl as a good example), >the questions in the Nolan Chart test are designed to make almost >anyone appear to be a libertarian. Yeah, I agree. It always seemed like a tremendous kludge to me. But anyway...In case my point was misunderstood, I should clarify. I was not trying to enforce conservative/liberal distinctions, which (like most people on this list) I think are fairly meaningless. The world is much more complicated than that; though there are minor real differences, supposed distinctions between "conservatives" and "liberals" are for the most part an illusion--part of the "spectacle," to use Situationist jargon. I responded the way I did to John Kreznar's post precisely because it looked identical to standard Republican-style leftist-baiting, which I unfortunately see too much of every day on the net. John cleared this up in personal email. Apologies if I misunderstood or misconstrued what he was saying. --Dave. -- Dave Mandl dmandl at panix.com From wcs at anchor.ho.att.com Fri Apr 1 22:08:40 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Fri, 1 Apr 94 22:08:40 PST Subject: Left, Right, Up, Down--Libertarian Ideas Message-ID: <9404020607.AA21268@anchor.ho.att.com> > Tim May writes: > >In fairness to my left-leaning friends (Dave Mandl as a good example), > >the questions in the Nolan Chart test are designed to make almost > >anyone appear to be a libertarian. Only if you try hard to be inclusive and get people to answer "yes"; if your spin when asking/explaining the question are "no", you can often conclude that most people are statists and drive away all but the really hard-core libertarians... I have found, though, that it's biased toward getting a reasonable spread of answers from average-American types - it doesn't work very well for people who have a non-mainstream agenda (giving it at a Socialist Scholars' Conference was *very* interesting, and anarchists tend to either like or hate it or say "so what - you haven't asked any of the *interesting* questions!") It's a lot more useful for getting people who haven't thought much beyond the simplified left-right vote-like-(or against)-your-parents view that the media and mainstream politicians seems to use to think about what their political views imply, or whether the labels they and their politicians have been using really match. And if you don't like it, you can always chuck it and let the discussion go on from there. David Mandl writes: > I responded the way I did to John Kreznar's post precisely because it > looked identical to standard Republican-style leftist-baiting, which I > unfortunately see too much of every day on the net. John cleared this up :-) I was surprised to see you two arguing, since you're both anarchists or variants thereon. As Sandy points out, for the purposes of keeping crypto legal, people who support that can be our friends, and people who oppose it are opportunities for education or maybe targets for pressure. Bill Stewart From tmp at netcom.com Fri Apr 1 23:37:10 1994 From: tmp at netcom.com (tmp at netcom.com) Date: Fri, 1 Apr 94 23:37:10 PST Subject: CryptoAnarchy Message-ID: <199404020738.XAA05254@mail.netcom.com> hello. could someone tell me what is meant by the term `cryptoanarchy'? --tmp From nowhere at bsu-cs.bsu.edu Sat Apr 2 00:47:07 1994 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sat, 2 Apr 94 00:47:07 PST Subject: DEATH TO THE SPOOKS!!! Message-ID: <9404020847.AA28392@bsu-cs.bsu.edu> :: subject: DEATH TO THE SYSMONGERS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CRACKERS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CENSORS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CRACKPOTS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE LUDDITES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE NEWBIES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE WANNABES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: APRIL FOOLS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com -- ......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From remailer-admin at chaos.bsu.edu Sat Apr 2 00:47:10 1994 From: remailer-admin at chaos.bsu.edu (Anonymous) Date: Sat, 2 Apr 94 00:47:10 PST Subject: DEATH TO THE SPOOKS!!! Message-ID: <199404020951.DAA29862@chaos.bsu.edu> :: subject: DEATH TO THE SYSMONGERS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CRACKERS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CENSORS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CRACKPOTS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE LUDDITES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE NEWBIES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE WANNABES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: APRIL FOOLS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com -- ......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From nobody at shell.portal.com Sat Apr 2 00:47:38 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sat, 2 Apr 94 00:47:38 PST Subject: DEATH TO THE CRYPTOANARCHISTS!!! Message-ID: <199404020847.AAA14925@jobe.shell.portal.com> :: subject: DEATH TO THE SPOOKS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE SYSMONGERS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CRACKERS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CENSORS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CRACKPOTS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE LUDDITES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE NEWBIES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE WANNABES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: APRIL FOOLS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com -- ......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From nowhere at bsu-cs.bsu.edu Sat Apr 2 00:47:52 1994 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sat, 2 Apr 94 00:47:52 PST Subject: DEATH TO THE SYSMONGERS!!! Message-ID: <9404020847.AA28443@bsu-cs.bsu.edu> :: subject: DEATH TO THE CRACKERS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CENSORS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CRACKPOTS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE LUDDITES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE NEWBIES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE WANNABES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: APRIL FOOLS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com -- ......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From remailer-admin at chaos.bsu.edu Sat Apr 2 00:47:53 1994 From: remailer-admin at chaos.bsu.edu (Anonymous) Date: Sat, 2 Apr 94 00:47:53 PST Subject: DEATH TO THE SYSMONGERS!!! Message-ID: <199404020952.DAA29869@chaos.bsu.edu> :: subject: DEATH TO THE CRACKERS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CENSORS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CRACKPOTS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE LUDDITES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE NEWBIES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE WANNABES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: APRIL FOOLS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com -- ......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From nowhere at bsu-cs.bsu.edu Sat Apr 2 00:47:57 1994 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sat, 2 Apr 94 00:47:57 PST Subject: DEATH TO THE SYSMONGERS!!! Message-ID: <9404020847.AA28457@bsu-cs.bsu.edu> :: subject: DEATH TO THE CRACKERS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CENSORS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CRACKPOTS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE LUDDITES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE NEWBIES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE WANNABES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: APRIL FOOLS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com -- ......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From remailer-admin at chaos.bsu.edu Sat Apr 2 00:48:01 1994 From: remailer-admin at chaos.bsu.edu (Anonymous) Date: Sat, 2 Apr 94 00:48:01 PST Subject: DEATH TO THE SYSMONGERS!!! Message-ID: <199404020952.DAA29878@chaos.bsu.edu> :: subject: DEATH TO THE CRACKERS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CENSORS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE CRACKPOTS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE LUDDITES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE NEWBIES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: DEATH TO THE WANNABES!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com :: subject: APRIL FOOLS!!! request-remailing-to: remailer at chaos.bsu.edu,nowhere at bsu-cs.bsu.edu,hal at alumni.caltech.edu,hfinney at shell.portal.com,rants at wired.com,nightly at nbc.com,alt.politics.datahighway.usenet at decwrl.dec.com,news.admin.policy at news.demon.co.uk,cypherpunks at toad.com -- ......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From nobody at shell.portal.com Sat Apr 2 00:49:43 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sat, 2 Apr 94 00:49:43 PST Subject: CryptoAnarchy Message-ID: <199404020850.AAA15696@jobe.shell.portal.com> I don't know exactly what `cryptoanarchy' is, but anonymous remailing seems to be a big part of it. From tmp at netcom.com Sat Apr 2 01:03:35 1994 From: tmp at netcom.com (tmp at netcom.com) Date: Sat, 2 Apr 94 01:03:35 PST Subject: what the @#$%^&* is going on with the list?! Message-ID: <199404020904.BAA10396@mail.netcom.com> is there something wrong with the remailers? there seems to be some strange feedback loop going on between them and the list. is anyone else having this problem? From tcmay at netcom.com Sat Apr 2 01:26:54 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 2 Apr 94 01:26:54 PST Subject: Detweiler is Back Message-ID: <199404020927.BAA13325@mail.netcom.com> The recent flood of "DEATH TO THE XXXX" posting, with my sig block attached at the bottom (note that sig block NEQ signature), tells us that Detweiler is back. My strong suspicion is that he is using "tmp at netcom.com" as his new posting site, for reasons I will list below. If "tmp" is actually _not_ Detweiler, my aplogies. But I doubt I'll have to apologize. 1. The appearance of tmp's innocent-appearing question about "cryptoanarchy" just an hour or so before the "DEATH TO..." postings. And followups to this issue. 2. "tmp" was also the name Detweiler--or a close facsimile of Detweiler--was using a few weeks ago to post more of the same. That "tmp" was at a colorado site, which I don't recall the full name of. 3. However, the latest "tmp" is _also_ at a Colorado site, as "fin" on my Netcom system shows: {Netcom:19} fin tmp Login Name TTY Idle When Where tmp ??? < . . . . > tmp ??? < . . . . > tmp ??? < . . . . > tmp ??? < . . . . > tmp ??? < . . . . > tmp ??? < . . . . > tmp ??? qd Fri 22:49 NETCOM-den1.netc tmp ??? < . . . . > tmp ??? uc NETCOM-den1.netc tmp ??? < . . . . > tmp ??? < . . . . > tmp ??? < . . . . > "den1" is of course the Denver POP (point of presence) of Netcom. This suggests he is telnetting into Netcom from another machine---a useful strategy for him, as Netcom will almost certainly take no action against him. The few entries (2) suggest a relatively new account. A full "finger" shows little more. 4. He is also using the TeX-style `quote' symbols (instead of 'these'), previously found to be strongly correlated with Detweiler. 5. In a private message to him, after his first request for infromation on `cryptoanarchy,' in which I called him "Larry," (which he denied, but gave no more details), he ended by saying that cryptoanarchy could be useful for some nice pranks. And he closed with a "(hee hee)." Need I say more? I expect to be getting angry, puzzled, curious questions from some of the folks he mailbombed with this stuff....folks at NBC Nightly News, "Wired," various newsgroups, and, of course, you folks. As I mentioned to Eric Hughes and Hugh Daniel in an earlier message (which theen't even read yet), I'm partly tempted to just say nothing, gotta go...Netcom is being shut down in seconds... -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jkreznar at ininx.com Sat Apr 2 01:48:02 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Sat, 2 Apr 94 01:48:02 PST Subject: Left, Right, Up, Down--Libertarian Ideas In-Reply-To: <199404020502.AA17875@panix.com> Message-ID: <9404020947.AA05749@ininx> -----BEGIN PGP SIGNED MESSAGE----- > I responded the way I did to John Kreznar's post precisely because it > looked identical to standard Republican-style leftist-baiting, Actually, I _was_ deliberately baiting leftists, but I was doing so to challenge their conceit that a liberal State is more congenial to individual liberty than any other kind of State and therefore ought to be less hostile to cryptography. Remember Mike Schenk's original words: > I have always thought that the Netherlands was a very liberal country. > But now the government is proposing a law that totally outlaws the use > of encryption methods. Last I heard, the Netherlands is a State. (So he's apparently talking about ``liberal'' as a kind of Statism, not as a synonym for anarchism as I would prefer. Mike Schenk, are you there to clarify?) A State is a State. The purpose of a State is to supplant personal choice with the State's choice. (To the extent that the State is a democracy, this means supplanting personal choice with collective dictate.) ``Liberal'' or not, a State is threatened by strong cryptography because it helps to enable a person to choose for himself in spite of the State. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZ09xMDhz44ugybJAQHriwQA1U8Yo4unADyxFmWuAEhukJPQj6980tzb UqgHxeXg8Qv9d5+V7uBFIrYw47SCzC0gpwHglofJpQLCxZHipUNNr8MFClM1fOaB ko8B9gNxjP1386m1n6USBZEy2pEtmR2Szg2Q3wRvks6EDDsdjQD9GRU7dXAjgnmI MFEF/DXt1YY= =7bLt -----END PGP SIGNATURE----- From darklord+ at CMU.EDU Sat Apr 2 08:01:25 1994 From: darklord+ at CMU.EDU (Jeremiah A Blatz) Date: Sat, 2 Apr 94 08:01:25 PST Subject: CryptoAnarchy In-Reply-To: <199404020738.XAA05254@mail.netcom.com> Message-ID: Excerpts from internet.cypherpunks: 1-Apr-94 CryptoAnarchy by tmp at netcom.com > hello. could someone tell me what is meant by the term `cryptoanarchy'? Well, if "they" (those who are in power, usu. government) don't know what the hell you're doing, and are trapped by their own laws and fear of public unrest into permitting you to hide your actions from them, then they can't control you. That's the theory, at least. Given the propensity of humans to form power structures, particularly in times of unrest, it's probably not paooible given our current evolutionary state. Maybe in a bunch o'decades... Jer darklord at cmu.edu | "it's not a matter of rights / it's just a matter of war finger me for my | don't have a reason to fight / they never had one before" Geek Code and | -Ministry, "Hero" PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/ From huntting at glarp.com Sat Apr 2 08:07:20 1994 From: huntting at glarp.com (Brad Huntting) Date: Sat, 2 Apr 94 08:07:20 PST Subject: Cryptography banned in the Netherlands.... In-Reply-To: <199404011354.AA14408@panix.com> Message-ID: <199404021611.JAA06288@misc.glarp.com> > So, among "liberals" we can include Reagan, J. Edgar Hoover, Joe > McCarthy, and Nixon, all of whom took some pretty extreme steps to > silence critics of "government and other large institutions," up > to and including political assassinations. Get real. With very few exceptions, the entire American political spectrum is made up of liberals. That most certianly includes Reagan, MaCarthy, definitly Nixon, and mabey Hoover. brad From smb at research.att.com Sat Apr 2 11:00:24 1994 From: smb at research.att.com (smb at research.att.com) Date: Sat, 2 Apr 94 11:00:24 PST Subject: Cryptography banned in the Netherlands.... Message-ID: <9404021800.AAwjxo07543@relay1.UU.NET> > So, among "liberals" we can include Reagan, J. Edgar Hoover, Joe > McCarthy, and Nixon, all of whom took some pretty extreme steps to > silence critics of "government and other large institutions," up > to and including political assassinations. Get real. With very few exceptions, the entire American political spectrum is made up of liberals. That most certianly includes Reagan, MaCarthy, definitly Nixon, and mabey Hoover. brad ``When *I* use a word,'' Humpty Dumpy said, in rather a scornful tone, ``it means just what I choose it to mean---neither more nor less.'' Reagan, McCarthy, Nixon and Hoover wouldn't call themselves liberals. We liberals certainly don't number them in our ranks. To call them ``liberals'' is to deny all meaning to the word. (Not that it's definition is clear -- but they sure aren't included.) From darklord+ at CMU.EDU Sat Apr 2 13:07:28 1994 From: darklord+ at CMU.EDU (Jeremiah A Blatz) Date: Sat, 2 Apr 94 13:07:28 PST Subject: Politics do not belong here Message-ID: I may very well be completly wrong here, but IMO there is no place for politics on this list. Cryptography, by its very nature, is an anti-political thing. All politicians who try in increase the power of government are against the cypherpunk agenda of increasing the use of encryption, it doesn't matter what party they belong to. This discussion is simply a bunch of messages that bait people with different political alignments than the sender's, please take it elsewhere. Jer darklord at cmu.edu | "it's not a matter of rights / it's just a matter of war finger me for my | don't have a reason to fight / they never had one before" Geek Code and | -Ministry, "Hero" PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/ From beker at netcom.com Sat Apr 2 13:52:11 1994 From: beker at netcom.com (Brian Beker) Date: Sat, 2 Apr 94 13:52:11 PST Subject: tmp@netcom.com Message-ID: <199404022159.NAA27454@mail.netcom.com> Organization: Oasis Pictures In addition to Tim's equating tmp at netcom with LD, here's some header info from an LD post on sci.crypt: From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Newsgroups: sci.crypt,comp.society.privacy,alt.privacy,sci.answers,comp.answers,alt.answers,news.answers Subject: Privacy & Anonymity on the Internet FAQ (1 of 3) Date: 12 Mar 1994 14:02:13 GMT Organization: TMP Enterprises From jim at bilbo.suite.com Sat Apr 2 14:06:54 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Sat, 2 Apr 94 14:06:54 PST Subject: Collapse of the Wave Function Predicted, Timing Uncertain Message-ID: <9404022206.AA15636@bilbo.suite.com> >> The moniker -- Information Highway -- itself seems to be >> responsible for SB #040194. Introduced by Senator Patrick Leahy, >> it's designed to prohibit anyone from using a public computer >> network (Information Highway) while the computer user is >> intoxicated. I know how silly this sounds, but Congress > > ....rest of Dvorak's April column elided.. > > Further provisions: How about... ---------------- THE WAR ON DRUGS REACHES THE BEACHES OF CYBERSPACE WASHINGTON(AP) Prompted by the rising number of reports of online addiction, Congresswoman April Fhurst is preparing a bill that would designate network connections a controlled substance. Only government certified professionals would be allowed network connections, and only for a limited number of hours per day. The bill also mandates that all network venders, manufactures of network equipment, and network software developers must design in mechanisms to record the length of time each person spends accessing a networked resource and to automatically contact the DEA when a person exceeds safe limits. Use of unauthorized or noncompliant network devices, computers, or software will be a felony. Any equipment used in the act of felonious network access, and any files obtained via the network would be subject to forfeiture under the RICO laws. ---------------- Jim_Miller at suite.com From greg at ideath.goldenbear.com Sat Apr 2 14:58:15 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sat, 2 Apr 94 14:58:15 PST Subject: Politics do not belong here Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Jeremiah Blatz writes: > I may very well be completly wrong here, but IMO there is no place for > politics on this list. Cryptography, by its very nature, is an > anti-political thing. I disagree here - politics is what makes Cypherpunks different from a sci.crypt mailing list. As Eric Hughes points out, cryptography is economics - and politics is economics with the gloves off. Crypto is inherently political. ("political" doesn't have to mean liberals - v. - conservatives.) > All politicians who try in increase the power of > government are against the cypherpunk agenda of increasing the use of > encryption, it doesn't matter what party they belong to. Be careful the way you use the word "agenda", you're gonna get Detweiler all worked up again. I don't think there is one agenda shared by all list subscribers. As I see it, "cypherpunks" follows the Earth First! model of (dis/anti) organization - there are no leaders, there is no "policy", there is no voting, there is no platform. There are folks who do what they choose to do, and putting a name on it makes it easier to talk about. Myself, I'm not so wound up about getting everyone on the planet to use crypto as I am interested in making sure we all can if we want/need to; and that's mostly useful insofar as it more clearly delineates a boundary to the power/ability of the state. > This discussion > is simply a bunch of messages that bait people with different political > alignments than the sender's, please take it elsewhere. I do agree that baiting and flaming are useless. The list is interesting because it's where folks with different interests/talents/orientations intersect, not where we diverge. Our differences and disagreements are significant but they can also distract us from shared goals. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZ34an3YhjZY3fMNAQF9xQQAgAJp7WXDmZre7mKMQpNZUOGQsc/bMTlw BD7xtXO12cbpIh4bgCt2N9ekogCBwrC9+y8ll0rL/rJ9UyuCkpgurrTElSROot8R umN+l5ENRiZKG3VeAE+FbbYIzQfMV4FBN1VaOQsRldMBPwbA0pRgJ8BsjFvSC//R lWf2xtUtkCc= =DYQ+ -----END PGP SIGNATURE----- From huntting at glarp.com Sat Apr 2 15:12:53 1994 From: huntting at glarp.com (Brad Huntting) Date: Sat, 2 Apr 94 15:12:53 PST Subject: Politics do not belong here In-Reply-To: Message-ID: <199404022321.QAA07795@misc.glarp.com> > I may very well be completely wrong here, but IMO there is no place for > politics on this list. In so far as my comments did NOT involve privacy your quite correct. I apologize for bringing the list to the brink of flame war. brad From dwomack at runner.utsa.edu Sat Apr 2 15:19:47 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Sat, 2 Apr 94 15:19:47 PST Subject: Secure deletion Message-ID: <9404022328.AA05720@runner.utsa.edu> Gentlemen: Mr. Mike Watson, who writes an encryption program named "Enigma 2.2" based on DES also writes a really nice deletion program for the Macintosh. Burn 2.0 is FREEWARE, and will overwrite with 0's, with 1's, with random 1's and 0's...even with your own pattern. You can also erase all free space on the HD...and you can choose the number of passes. If you want a copy, I'll be glad to send you one...and, if you want me to upload a copy to a site, please pass on any suggestions. I don't know about ITAR restrictions, so I probably won't go outside the US and Canada; what the rest of you do is your biz... Regards, Dave From albright at scf.usc.edu Sat Apr 2 16:25:33 1994 From: albright at scf.usc.edu (Julietta) Date: Sat, 2 Apr 94 16:25:33 PST Subject: Politics do not belong here Message-ID: <199404030036.QAA21257@nunki.usc.edu> Jer- I'm sorry, but I feel so strongly about your message "Politics do not belong on this list" that I was compelled to reply... Where else should the poltical implications of encryption be discussed, if not amongst those who are most involved in its creation and proliferation? The political use and misuse of power is central to the issues regarding encryption, and these ramifications should be discussed as the technology is in its infancy. Encryption technology can be used as a tool to empower the individual, or it can be used as a means to lend a false security to the individual in his communications. If in fact the Clipper Chip with its easily obtainable (by government agencies) escrow keys is allowed to be implimented, we may in fact be assisting the government to effect a survelliance state of a maginitude never before seen in society. As American homes become host to "interactive" technologies, we need to realize the increased ability this brings for surveillance by both government and capitalistic enterprises. Encryption is one viable solution to re-instate the privacy equlibrium in the face of such a condition- this is where its power lies. Encryption, then, is not merely a mathematical tool, but also a sociological one; to discuss merely the technological and not the social and moral implications of this techology would be to not realize its full potential as a mediator to the coming state of "Big Brother is watching You". Politics, then, is not periferal but central to the discussion of encryption technology. Julie __________________________________________________________________________ Julie M. Albright Ph.D Student Department of Sociology University of Southern California albright at netcom.com From nowhere at bsu-cs.bsu.edu Sat Apr 2 16:42:12 1994 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Sat, 2 Apr 94 16:42:12 PST Subject: REMAIL: standardized remailer syntax In-Reply-To: Message-ID: <9404030053.AA25824@bsu-cs.bsu.edu> Sameer writes: > Here's my suggestion.. > > Header pasting: > The '::' header pasting syntax should be available-- i.e. when >a message comes into a remailer with a body starting with '::' the >lines following until a blank line are pasted into the header. > > The '##' header pasting syntax-- when a remailer is sending >out a message, if the body begins with a '##' line then the lines >following that are pasted into the header of the outgoing message. > > Header commands: > "Anon-To","Request-Remailing-To": strips headers and sends the >message to the specified recipient. Both of my remailers (nowhere at bsu-cs.bsu.edu and remailer at chaos.bsu.edu) support all of the above as of 4/2/94. > "Encrypted: PGP": The message has a pgp block encrypted with >the remailer's key. The remailer will decrypt the pgp block before >acting furthur upon the message. Neither of my remailers supports encryption. The bsu-cs one has too small of a quota and I haven't compiled PGP for the chaos one yet. I will write more later, but basically what you need to know is this: 1. The bsu remailers no longer paste ANYTHING from a "::" header into the header of the outbound message. 2. They both support the "##" header pasting syntax now. The "##" block must come after the "::" block if both are being used or else the "::" block will be considered part of the body of the message. 3. They also support multiple recipients. You can place as many "Request-Remailing-To:" lines in the headers as you wish and it will individually address and send each one. 4. Full debug logging has been turned on until I can verify that both remailers are acting as they should. This form of logging includes a mirror of the message as it is received and a one-line message listing each recipient. 5. The C source is available via anonymous FTP at: chaos.bsu.edu:/pub/cypherpunks/remailer/chaels-remailer.tar.gz It should compile as long as you have getopt(). There is no fancy signal processing in this version. Note that there is nil documentation. This is not a release. Apparently my other posting got eaten somewhere between here and toad... Oh, well! Chael -- Chael Hall nowhere at bsu-cs.bsu.edu 00CCHALL at BSUVC.BSU.EDU nowhere at chaos.bsu.edu chall at bsu.edu From hfinney at shell.portal.com Sat Apr 2 16:45:35 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 2 Apr 94 16:45:35 PST Subject: DEATH TO THE Message-ID: <199404030057.QAA08313@jobe.shell.portal.com> One thing worth noting about the burst of remailer messages is how much worse it could have been. Each message was sent to many remailers, with requests to send it on to many more. Potentially the message could be duplicated n-fold at each step, until horrendous numbers of messages were circulating through the remailer network and being sent to the other destinations. Luckily, this didn't happen, apparently because most remailer software does not support multiple recipients. But the lesson is that as people deploy new remailers and improve the software, "multiple recipients" should *not* be added as a feature, IMO. Doing that would make the network vulnerable to these kinds of geometric-growth attacks. It would be so easy to do it that people would probably be tempted to try just for kicks. So I think this feature should definately be left out of future remailer plans. Hal From hfinney at shell.portal.com Sat Apr 2 17:34:50 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 2 Apr 94 17:34:50 PST Subject: REMAIL: standardized remailer syntax Message-ID: <199404030148.RAA10520@jobe.shell.portal.com> From: nowhere at bsu-cs.bsu.edu (Chael Hall) > Sameer writes: > > > Here's my suggestion.. > > > > Header pasting: > > The '::' header pasting syntax should be available-- i.e. when > >a message comes into a remailer with a body starting with '::' the > >lines following until a blank line are pasted into the header. > > > > The '##' header pasting syntax-- when a remailer is sending > >out a message, if the body begins with a '##' line then the lines > >following that are pasted into the header of the outgoing message. I like Sameer's goal of standardized syntax, but I have to admit that I find the :: and ## bit confusing, and hard to explain. The way Eric Hughes' original remailer worked was that the "remailer commands" were in the message header, up with Subject and In-Reply-To and such. However, many mailers won't let people put custom material there, so the "::" pasting token was invented to take the following lines and put them into the header before the remailer processed them. The effect was that you could put remailer commands after "::" and they would work. But there were also some situations in which the user might want to control message headers as they *leave* the remailer. For example, they might want to put a Reply-To to some anon pool so that they could receive reply messages. So Eric created the "##" pasting token for those. The remailers based on his scripts first look for "::" and add in any headers following it; then they process the message, looking for command lines in the header; then as they remail it they look for "##" and stick any following lines in the outgoing message header. This all makes sense but it makes for a complicated system. I think people would find it easier to understand an approach in which they put remailer commands at the top of their message, marked in some way to separate them from the rest of the message. "::" on a line by itself could indicate the beginning of a block of remailer commands, terminated by a blank line. Or, as an alternate syntax, each remailer command line could start with "::" followed by the text of the command. Both approaches have been used by different software on the net and they could be considered two different ways of expressing the same thing. This would get away from the add-to-header/process-header/add-to-header approach of the current Perl remailer scripts and use a simple one-step "process remailer commands" approach which I think would be simpler. You could still have all the functionality of the current approach (perhaps a paste-outgoing-header command could be used for the "##" functionality) in a package which is conceptually simpler (to me, at least). Another advantage of this approach is that you could make use of the order of the commands in the remailer block so that you could have finer control over what you are asking the remailer to do. > > Header commands: > > "Anon-To","Request-Remailing-To": strips headers and sends the > >message to the specified recipient. I would suggest abandoning one of "Anon-To" or "Request-Remailing-To", as they are redundant. I know above I suggested two redundant ways of specifying remailer commands; maybe that should be reduced to one, as well. > 1. The bsu remailers no longer paste ANYTHING from a "::" header > into the header of the outbound message. Many of the remailers pass Subject lines. I don't think they should. Chael's approach makes sense to me. The best thing is to have a way to set the subject as the message leaves the last remailer in the chain. (My "chain" program does this automatically.) > 3. They also support multiple recipients. You can place as many > "Request-Remailing-To:" lines in the headers as you wish and > it will individually address and send each one. I sent mail a few minutes ago (before seeing Chael's message) suggesting the danger of this in making it easy to create huge numbers of messages. > 4. Full debug logging has been turned on until I can verify that > both remailers are acting as they should. This form of logging > includes a mirror of the message as it is received and a > one-line message listing each recipient. We have had a lot of talk about logging. My feeling is that one should get security in using the remailer network by going through a number of machines in widely different regions. It should not, as was suggested here some time ago, be a matter of trusting any given remailer operator. Privacy is not a gift being provided by remailer operators to their users. It is still some- thing that the users must provide for themselves. The remailers are just a tool to help achieve that. Thanks to Chael for re-kindling this discussion. Hal From cfrye at mason1.gmu.edu Sat Apr 2 18:25:02 1994 From: cfrye at mason1.gmu.edu (Curtis D Frye) Date: Sat, 2 Apr 94 18:25:02 PST Subject: tmp@netcom.com Message-ID: <9404030236.AA24697@mason1.gmu.edu> I'm not sure what the time-delay features for the "nowhere" anonymous remailer ler are, but the messages that arrived last night all came through within a few minutes. Interestingly, the messages were sent at around 3:00 am, corsimilar to LD's posting patterns from before. I deleted the most recent postings, but if someone could send them to me, I'd like to run them through a grammar checker and compare the results to the message base I developed before. Curt From darklord+ at CMU.EDU Sat Apr 2 23:28:03 1994 From: darklord+ at CMU.EDU (Jeremiah A Blatz) Date: Sat, 2 Apr 94 23:28:03 PST Subject: Politics do not belong here In-Reply-To: <199404030036.QAA21257@nunki.usc.edu> Message-ID: <8hbazSq00iV2I5HqI5@andrew.cmu.edu> Excerpts from internet.cypherpunks: 2-Apr-94 Re: Politics do not belong.. by Julietta at chaph.usc.edu > I'm sorry, but I feel so strongly about your message "Politics > do not belong on this list" that I was compelled to reply... [.. stuff that I agree with follows ..] Many apologies. Aparently I was not clear enough in defining what I meant by politics. I was refering to bickering about the correctness of liberals or conservatives, left or right, etc. Cryptography is political, a point which I alluded to in my original post, but unless you're in the Cryptoparty or the Big Brother party, which party line you subscribe to matters little. Politicly, cypherpunks is a one-issue list, and flaming about "my party is better than yours" serves only to clog peoples' mailboxes and create discord. I'm not quite sure I'm being clear here (it's kinda late), what I mean to say is that IMO, you should check your non-crypto-related idealogy at the login prompt when posting to this list. Excerpts from internet.cypherpunks: 2-Apr-94 Re: Politics do not belong .. by Greg Broiles at ideath.gold > I don't think there is one agenda shared by all > list subscribers. As I see it, "cypherpunks" follows the Earth First! > model of (dis/anti) organization - there are no leaders, there is no > "policy", there is no voting, there is no platform. Saying that Earth First! doesn't have an agenda is, as I see it, wrong. They exist to protect the environment. As in any organization, they are not homogeneous, but there is an underlying direction. The same with cypherpunks. The very name implies some sort of drive towards widespread strong encryption. Not everyone agrees on how to go about it, but one can definatly perceive an agenda (probably "thrust" is a better word). Greg Broiles continues... > Our differences and disagreements are > significant but they can also distract us from shared goals. I couldn't have said it better myself. Jer darklord at cmu.edu | "it's not a matter of rights / it's just a matter of war finger me for my | don't have a reason to fight / they never had one before" Geek Code and | -Ministry, "Hero" PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/ From prz at acm.org Sun Apr 3 00:09:53 1994 From: prz at acm.org (Philip Zimmermann) Date: Sun, 3 Apr 94 00:09:53 PST Subject: Positive uses for PGP Message-ID: <9404030811.AA03068@columbine.cgd.ucar.EDU> To all PGP users: We've all heard arguments raised by the law enforcement and intelligence communities that PGP and other encryption technology can be used by criminals to hide their activities. This line of reasoning is being used to justify Government key escrow systems like Clipper, and to clamp down on encryption technology like PGP. It would be helpful to come up with real-world examples of how PGP has been used for good constructive purposes. Journalists sometimes ask me for examples of positive uses for PGP. But most of my fan mail from PGP users do not tell me what they are using it for. If you have any stories about how PGP is used for good purposes, I'd like to see them. Not just disaffected paranoid libertarians embracing it for the theoretical benefits for a free society. We need to be able to cite examples of real people using PGP for good ends. Human rights activists using it are a great example. But it doesn't have to be in the Nobel-Prize winning catagory of human endeavor (although that would be nice). It could just be any positive upbeat application that normal people can relate to in a positive way, so I can tell reporters about it. I'd like to hear (actually, see some email) from real people who are actually using PGP for good things. It could be for helping others, like protecting HIV patient records, or keeping psychological counseling records. Or conducting good wholesome business that must remain confidential. Or lawyers using it to maintain confidential records and communications with their clients. Or, it could be for your own personal life, but for wholesome upbeat uses, like sending love letters (you don't have to supply any actual love letters), or keeping your diary. For those that don't know what PGP is: Pretty Good Privacy (PGP) is a free software program that encrypts email using public key cryptography, allowing you to communicate securely with people you've never met, without the prior exchange of keys over secure channels. PGP has become the worldwide de facto standard for email encryption. It's available on many Internet FTP sites and BBS systems. Please send me some email (to prz at acm.org), with the subject line "Positive uses for PGP", so that I can quickly sort it out from the rest of my email. If it's a really good story, I may want to use it, so let me know if I can and if I can give reporters the information. You might not get a reply-- it depends on how much mail I get or how busy I am when you send it. There is no prize for the best story, but for what it's worth, I'll sign the public key of the person who submits the best story by Monday, April 11th. But keep sending stories after that date if you've got them. This notice can be copied and reposted on any newsgroup or mailing list that is likely to be familiar with PGP. Philip Zimmermann prz at acm.org From sameer at soda.berkeley.edu Sun Apr 3 00:19:48 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Sun, 3 Apr 94 00:19:48 PST Subject: REMAIL: standardized remailer syntax In-Reply-To: <199404030148.RAA10520@jobe.shell.portal.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hal spake: > > > > Header commands: > > > "Anon-To","Request-Remailing-To": strips headers and sends the > > >message to the specified recipient. > > I would suggest abandoning one of "Anon-To" or "Request-Remailing-To", > as they are redundant. I know above I suggested two redundant ways of > specifying remailer commands; maybe that should be reduced to one, as well. Actually, I prefer the "Anon-Send-To:" and "Anon-Post-To:" that hh at soda's remailer uses. It makes the news/mail distinction very clear. Maybe that Anon-Send-To: and Anon-Post-To: should be the "standard" (as well as their non-Anon counterparts), with Anon-To: and Request-Remailing-To: retained for backwards compatibility. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZ58GXi7eNFdXppdAQFqkwP+JoFYCDTZeYVlf8j+WVmYaluCUw2gIVR0 P85y9wsrX72GgkZV8WQkaoxihSzyJgik/uxSSoxHkB7WhLJZe7nCn/5nW2GkddmB h0Z+M0usoN8vbk2G8MEzz13DwWGP0i6arL+qbbhUVv/nsJCqPEuYP3HR9ZZUa3+o XOLKptArwRk= =JdSn -----END PGP SIGNATURE----- From jason.kwong at canrem.com Sun Apr 3 03:16:24 1994 From: jason.kwong at canrem.com (Jason Kwong) Date: Sun, 3 Apr 94 03:16:24 PDT Subject: REMAIL: standardized remailer syntax In-Reply-To: <199404030148.RAA10520@jobe.shell.portal.com> Message-ID: <60.5631.6525.0C19940D@canrem.com> Hello... uhhh... what is this all about ? May I be included ? If it has anything to do with a mailing list... I'd like to join in. Thanks. From rjc at gnu.ai.mit.edu Sun Apr 3 04:07:56 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Sun, 3 Apr 94 04:07:56 PDT Subject: DEATH TO THE Message-ID: <9404031107.AA14433@geech.gnu.ai.mit.edu> re: Hal's suggestion I don't think that banning multiple recipients solves the whole problem which is the spamming of the remailer network by cybervandals like Detweiler. What needs to be done is to create some system that "charges" remailer requests to the sender which then limits the size or frequency of their messages based on their ability to pay. For a play money system, the issue is, how do you distribute the play money accounts without letting spammers open up as many accounts as they like? (e.g. if Detweiler spends his one account dry with his cyberterrorism, how do we prevent him from opening up an unlimited number of accounts without trying to attach accounts to a user's e-mail address?) By making remailers charge users, and even other remailers on the network, we can also prevent rogue remailers from allowing Detweiler attacks through the network (since they'd have to pay for his traffic) Here's a nutty idea I had one night which would accomplish these goals and also encourage more people to run remailers: o each remailer upon being setup distributes a large but finite amount of digicash certificates. These certificates are one use only. The initial distribution and price system can be altered to tailor the usage of the remailer to the owner's wishes. o after the initial distribution, the remailer distributes a somewhat smaller amount of digicash each renewal period (probably once a week) This smaller amount is sufficient for casual use, but not abuse o if you want more than what a remailer is willing to give you, you must trade service for it. That is, you must set up your own remailer and issue some cash to the other remailer which can be redeemed for chaining service. Example: Bob was unsatisified with his $10 of Ann's remailer coupons, so he set up his own remailer and issued $100 worth of service to Ann, in return, she gave him $50 of service for her remailer. (obviously, her remailer is more popular and is more in demand so his is only worth 1/2 of hers. Ann could use bob's coupons to either chain requests through him, or she could sell them off to other remailer operators.) The hard part is making sure that Bob doesn't cheat, offer to run a remailer, issue $X worth of credit to Ann, and then just file her remail requests to /dev/null I'm hopeful that a "consumer reports" like organization will pop up which periodically tests remailers to make sure they aren't cheating. (besides, the remailer network itself should do such testing with fake traffic) Call it "the free market of remailers" Other issues: How to distribute coupons/stamps/dollars? First come first serve? Popularity/Reputation? Reputation market? We want to prevent people from collecting digicash certificates multiple times during distributions, but at the same time, we don't want to use their real e-mail address. So in a system where users can create as many identities as they wish, how can we achieve a fair distribution? The only thing I can think of is to distribute cash to users based on their reputation or trust level. If a Detweiler is found abusing remailers, operators simply stop giving him cash for their remailers. Remailers which sanction Detweilers end up paying for them in the long run. (either because he runs up the costs for the remailer to use other remailers on the network, or because the operator gets too many complaints from systems which it directly delivered Detweiler mail to) Anyway, limiting multiple recipients will stop geometric growth, but it won't prevent Detweiler from hacking up a script to send a hundred thousand remail requests posting to every newsgroup and mailing list out there. Remailers would also have to limit the amount of remailer requests allowed per day, but this would still allow Detweiler to spam up the system by preventing anyone else from using it (by running out the global quota) Some sort of authentication is needly, IMHO. -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From dichro at tartarus.uwa.edu.au Sun Apr 3 07:09:10 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Sun, 3 Apr 94 07:09:10 PDT Subject: PGP remailers Message-ID: <199404031408.WAA11260@lethe.uwa.edu.au> Are there any remailers which provide you with an anonymous account to which other people may send messages, which are then forwarded to you in a PGP-encrypted form? MJH * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "Life begins at '040." PGP Public key available by finger * "Spaghetti code means job security!" From m5 at vail.tivoli.com Sun Apr 3 07:39:24 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Sun, 3 Apr 94 07:39:24 PDT Subject: Positive uses for PGP In-Reply-To: <9404030811.AA03068@columbine.cgd.ucar.EDU> Message-ID: <9404031439.AA03546@vail.tivoli.com> > There is no prize for the best story, but for what it's worth, I'll > sign the public key of the person who submits the best story by > Monday, April 11th. I certainly don't mean to deny the service Mr. Zimmerman has done the on-line community, nor do I wish to imply that the above offer is attractive, but I'm a little confused. If Mr. Zimmerman's signature (or anyone else's for that matter) is available on such light pretenses, what is the value towards ensuring authenticity? I was under the impression that key signing was to be done between associates who can attest to the tangible reality of the entities behind the keys. (No, I'm not Detweilering; I speak of the ostensible use of the signature chain.) I guess I could be misinterpreting the whole thing. From garet.jax at nitelog.com Sun Apr 3 07:45:39 1994 From: garet.jax at nitelog.com (Garet Jax) Date: Sun, 3 Apr 94 07:45:39 PDT Subject: Code Obfuscation Message-ID: >�Timothy C. May adds: >Hal Finney writes: >> The other issue, which I know less about, is the possibility of cryptograph- >> ically strong obfuscated code. Mike Duvos first mentioned this. You could >> have an algorithm running on your own computer and have it be impossible to >> determine what it is doing, or (presumably) to effectively alter the >internals >> of the algorithm. >.....stuff detiled.. >> discussing here (self-decrypting code and such tricks), but rather some >> mathematically strong transformation has been done on the structure of the >> code to hide it in a cryptographically strong way. >> >Brad Cox, of Objective-C notoriety, and now at George Mason >University, has also been interested in this area of "complexifying" >code so that reverse engineering is difficult or impossible. Okay if you want to obfuscate your code on a much more secure level albeit with some execution penalty, build public key encryption into the CPU. One would simply compile the program and encrypt it using the public key of the chipset (680xx, 80x86, &c), then the CPU would decrypt and execute the code on the fly using its private key. From m5 at vail.tivoli.com Sun Apr 3 07:48:05 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Sun, 3 Apr 94 07:48:05 PDT Subject: Positive uses for PGP In-Reply-To: <9404031439.AA03546@vail.tivoli.com> Message-ID: <9404031447.AA03588@vail.tivoli.com> > ... nor do I wish to imply that the above offer is attractive... Oops. First e-mail of the day. Make that "isn't attractive". Which is not to say that it isn't attractive, because it is; "attractive" should be the target of the negating negatives "nor" and "isn't". From hughes at ah.com Sun Apr 3 08:31:52 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 3 Apr 94 08:31:52 PDT Subject: REMAIL: standardized remailer syntax In-Reply-To: <199404030148.RAA10520@jobe.shell.portal.com> Message-ID: <9404031518.AA06509@ah.com> >I like Sameer's goal of standardized syntax, but I have to admit that I >find the :: and ## bit confusing, and hard to explain. Hal sort of implies that :: came first. Well, no, ## came first, because I wasn't thinking clearly at the time about header commands with respect to encryption. A minor point, to be sure. >This all makes sense but it makes for a complicated system. No one should ever have to see :: and ## unless they want to, much less type them in. The pasting syntax and all the header commands are a back-end programming language, and really don't belong in the average user's face. User interface work is needed here badly. >I would suggest abandoning one of "Anon-To" or "Request-Remailing-To", >as they are redundant. I recommend the following four commands: Send-To: Anon-Send-To: Post-To: Anon-Post-To: There are uses for both anonymous and non-anonymous sending of email and posting to Usenet. I originally used Request-Remailing-To _because_ it was too long and not used. It certainly doesn't need to stay. >Many of the remailers pass Subject lines. I don't think they should. Hal is correct. This was a misfeature in the original code base. >The best thing is to have a way to >set the subject as the message leaves the last remailer in the chain. ## Subject: Your Subject Here It's already supported. In other lines of pursuit, it's time to do a MIME remailer. The proper MIME types would be much easier to install, as I understand it. Perhaps those of you who use MIME (I don't) could work on this. Eric From hayden at krypton.mankato.msus.edu Sun Apr 3 09:15:30 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sun, 3 Apr 94 09:15:30 PDT Subject: Detweilering (was Re: Positive uses for PGP) In-Reply-To: <9404031439.AA03546@vail.tivoli.com> Message-ID: On Sun, 3 Apr 1994, Mike McNally wrote: > I'm not Detweilering; I speak of the ostensible use of the signature > chain.) Detweilering? Sounds like an entry we need to get put into future versions of a Jargon File. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From norm at netcom.com Sun Apr 3 10:20:54 1994 From: norm at netcom.com (Norman Hardy) Date: Sun, 3 Apr 94 10:20:54 PDT Subject: Web of Trust? Message-ID: <199404031721.KAA03226@mail.netcom.com> At 9:17 3/30/94 -0800, Hal wrote: ... >In other words, if I want to communicate with joe at abc.com, I can only do so >if one of the signators of his key is a person I know. If not, I have no way >of judging the validity of his key. > >This belies simple interpretations of the "web of trust". I may have signed >A's key, A has signed B's, B has signed C's, C has signed D's, and D has signed >Joe's, but this is of no value unless I know D. Only then can I trust Joe's >key. Ideally, perhaps in cyberspace, one's public key is spread along with X's reputation, i.e. thru the same channels. When a reputation for X reaches you so does X's public key. You say that you want Henry Kissinger's public key. I respond that by whatever means you know that there exists such a person, you will (in cyberspace) already know his public key. The logical limit of this idea is that the public key becomes the name and the key authentication issue dissolves into the mist. We trust reputations because they reach us thru diverse paths. Public keys arriving thru diverse paths should likewise carry extra weight. As crypto becomes more common reputations will eventually belong more to public keys than to names. The question will then be not "What is Henry's public key?" but "What is the name of the person who knows the secret key that corresponds to this public key?". I suppose that Detwiler feared being unable to answer that question in specific cases. I don't. In the meantime, redundant webs that parallel the normal information webs thru which reputations propagate should provide public keys at least as reliable as the reputations themselves. One particular case is of interest. If you contract with me to process some of your secrets, I will agree not to divulge those secrets except under the protection of a one of a set of public keys that you give me. In such a case the web of trust model can be usefully employed and is not intrinsically limited in the number of levels. From sameer at soda.berkeley.edu Sun Apr 3 10:27:01 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Sun, 3 Apr 94 10:27:01 PDT Subject: PGP remailers In-Reply-To: <199404031408.WAA11260@lethe.uwa.edu.au> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Mikolaj Habryn spake: > > Are there any remailers which provide you with an anonymous account to > which other people may send messages, which are then forwarded to you in > a PGP-encrypted form? > Yes, but it's not running for real yet. Give me a few months until I get the computer + netlink for it. (It's running for testing though, so if you want to test it, mail me, but it's not running for real, so don't *use* it.) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZ7uNHi7eNFdXppdAQFDhwP/S0YcPizzQXfOvDyKFa2MQpYG6Xd/cBU4 eBB0yQC1k6OkeJw3g7E1hpqR5S3Ozhg9Usa9pcivQ/nD5xyJrJJ7FPfLYM373517 leRv+iXNaL3tYiXlAr+VvHSDXJVNxmfRnAgSPBn+L8liZLz1Tds180TS+aaWg8dQ WN3F2JTCoGI= =pLKZ -----END PGP SIGNATURE----- From pfarrell at netcom.com Sun Apr 3 10:27:40 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Sun, 3 Apr 94 10:27:40 PDT Subject: VISA's digital cash Message-ID: <48315.pfarrell@netcom.com> Today's (April 3) Washington Post business section has an article on a consortium of VISA and banks working on a digital cash card. Did I sleep thru the messages, or has the list been scooped? Basic story is that the card is a smartcard, designed to be reused, and suitable for small quantities. Nothing in the article about what would prevent it from storing large amounts. No serious technical discussion either, but I infer that it is an online cash card. Pat Pat Farrell Grad Student pfarrell at gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From iansmith at cc.gatech.edu Sun Apr 3 10:45:42 1994 From: iansmith at cc.gatech.edu (Ian Smith) Date: Sun, 3 Apr 94 10:45:42 PDT Subject: REMAIL: standardized remailer syntax Message-ID: <199404031745.NAA07982@chagall> In reply to messsage <9404031518.AA06509 at ah.com> of Sun, 3 Apr 94 08:18:37 -0700 regarding REMAIL: standardized remailer syntax Ok, I've been following this discussion with keen interest as someone who writes mail software and has written a "fairly clean" GUI interface to anonymous remailers, both encrypted and non-encrypted (although the differences to the user are not visible). All this talk of a standard syntax is great, but let me inject some notes from someone in the trenches doing this stuff: 1) Mail software authors would MUCH rather have the commands be in the header lines. If you are writing your own software, modifying header lines is easy. I understand that some people can't modify their headers due to their mail software, but ultimately this will be a chicken and egg problem if the simple header lines are proposed. If you make it easy for the mail software implementor, more software will be available with the capability (or at least patches to existing software). As for deleting subject lines, I think this reasonable to keep people doing potentially dumb things, but someway must be provided to allow people (and mailers) who understand what is going on to retain or insert new subject (header) lines. For example, my software presents a default subject line of "NONE" on anoymous mail (which I think is an ok substitute for ripping off the subject line), but if the user goes to the trouble of actually typing in a subject line it should be preserved in the resulting message. 2) MIME is a must. I just two days ago had my first user complaint that his MIME mail was "damaged" by the remailer. My user interface doesn't show people the details of MIME and he "just expected it to work". I've been considering hacks to use the :: to get the "Mime-Version" header back into the mail, but I have no idea what other shenanigans are going on with the remailer, and MIME parsers tend to be picky. An especially important area is the use of line feeds and carriage returns. I don't know how careful current remailers are to preserve the original message text at the line level, but that's going to be a big deal. Aside: I've been trying to figure out how to get a MIME message part to be a PGP signature in some reasonable way. It *should* work if the PGP sig is removed completely and the rest of the message stays intact. You should be able to concatenate them at the end and then use PGP to check it. Has anyone actually gotten this to work yet? PGP encrypted messages are a lot easier as they are self contained and fit nicely into the MIME paradigm. Also, does anyone out there know what the IANA registered types are for PGP? I heard that they were already registered, but I don't know the types. 3) I support Sameer's efforts as well as others for a standard syntax for all the commands of a remailer, but some of sort of simple syntax(es) are needed to allow users to "get their feet wet." My mailer allows you to just send anonymous mail (via hfinney, good job hal) without understanding/using PGP (or even knowing what it is). If you want to use the PGPed version of the remailers, I require (obviously) that you have my PGP interface set up. I went to a lot of trouble to create as simple a drag-n-drop interface to PGP as I could, but some people just don't want to learn it, so I had to "deal with it." This also allows people an "upgrade path" as they get more confident and interested in the use of remailers. I would very much like to present a GUI interface to a lot of other capabilities of remailers (such as chaining, the use of encrypted reply-to blocks, etc), but these are hard to implement in "clean" ways. Part of my philosophy in this is that sending anonymous mail MUST be just as easy as sending normal mail... it should look the same and work (basically) the same from the users point of view. Any new remailer syntax should consider how the mail program can implement/use the syntax is reasonable ways w.r.t. to a user who probably doesn't care about "the how" but just wants it to work. After saying all this, let me make some suggestions to make life easier for mail program authors: 1) All commands must be available without modifying the message body. This is especially important with respect to MIME mail messages whose body parts must be particularly formatted. I support E. Hughes suggestion about what the header lines should be for anon-remail, anon-post, etc. although this is not a big issue as long as there is a standard way to acess functionality. 2) When automated programs respond to mail messages, they should be formatted in ways to make it easy (preferably trivial) for programs to detect the message and its contents. Good example of this type of thing: Sameer's double blind server. It sends various kinds of control messages back to you.... it should be easy for a mail program author to detect these and take automated actions. Another example: Matt Ghio's anonymous ID allocator. Ideally these should be MIME messages with particular parts that indicate the results. I can assist people who would like to create MIME formats for their control messages. 3) Schemes and syntaxes which require multiple steps (stages) of user control should be avoided when possible (I realize this is not always possible). If a user can hit "compose" and type a mail message and then hit "send" to mail it, a very similar sequence should be preserved when using remailers. From a user interface point of view, forcing the user into some "sequenced steps" is irritating, especially in a GUI which has a very "unsequenced" way of doing things. hope this helps the discussion, ian --------------------------------------------------------------------------- "How soon is now?" ian smith, multimedia computing group, georgia tech, iansmith at cc.gatech.edu From schneier at chinet.com Sun Apr 3 11:10:42 1994 From: schneier at chinet.com (Bruce Schneier) Date: Sun, 3 Apr 94 11:10:42 PDT Subject: Applied Cryptography Errata - Version 1.5.7 Message-ID: APPLIED CRYPTOGRAPHY ERRATA Version 1.5.7 - April 2, 1994 This errata includes all errors I have found in the book, including minor spelling and grammatical errors. Please distribute this errata sheet to anyone else who owns a copy of the book. Page xvii: Third paragraph, first line: "Part IV" should be "Part III". Page 1: First paragraph, fourth line: "receiver cannot intercept" should be "intermediary cannot intercept". Page 6: Sixth and seventh lines: "against symmetric" should be "against a symmetric". Page 8: Second paragraph, first line: "q code" should be "a code". Page 10: Second paragraph, fifth line: Reference "[744]" should be "[774]". Page 11: Second paragraph: "The rotations of the rotors are a Caesar Cipher" should be "Each rotor is an arbitrary permutation of the alphabet". Page 13: Third paragraph: Delete parenthetical remark. Fifth paragraph, first line: "Shift the key" should be "shift the ciphertext". Page 15: Section 1.3, first line: "Throughout the book use" should be "Throughout the book I use". Page 25: "Attacks Against Protocols," first paragraph: "the protocol iself" should be "the protocol itself". Page 27: "One-Way Functions," fourth paragraph: "For example, x^2" should be "For example, in a finite field x^2." Page 28: Third paragraph, third and fourth sentences should be "How to put mail in a mailbox is public knowledge. How to open the mailbox is not public knowledge." Page 30: Fourth line: "symmetric cryptosystems: by distributing the key" should be "symmetric cryptosystems: distributing the key". Page 30: "Attacks Against Public Key Cryptography," second paragraph: "The database also has to be protected from access by anyone" should be "The database also has to be protected from write access by anyone". Also: "substitute a key of his choosing for Alice's" should be "substitute a key of his own choosing for Bob's". Page 30: Last line: "substitute that key for his own public key" should be "substitute his own key for that public key". Page 32: Ninth line: Delete the word "encrypted". Page 34" "Signing Documents with..." First sentence: "too inefficient to encrypt long documents" should be "too inefficient to sign long documents". Page 36: Second line: "document encrypted with" should be "document signed with". "Multiple Signatures," step (4): "Alice or Bob sends" should be "Alice sends". Page 38: Fifth paragraph: "V_X = E_X and that S_X = D_X" should be "V_X = E_X and S_X = D_X". Page 40: Third line: "computer can exist" should be "computer can be". Second paragraph: Delete "should be runs of zeros and the other half should be runs of ones; half the runs". Page 44: Ninth line: "for Alice's" should be "for Bob's". Page 50: First step (3): "With Alice's public key" should be "with "Alice's" public key." Page 51: Step 5: "with what he received from Bob" should be "with what he received from Alice". Page 55: First step (2): At the end of the step, add: "He sends both encrypted messages to Alice." Page 58: Last line: "Alice, Bob, and Carol" should be "Alice, Bob, Carol, and Dave". Page 59: First line: "Alice, Bob, and Carol" should be "Alice, Bob, Carol, and Dave". Page 69: Last line: "tried to recover her private key" should be "tries to recover Alice's private key". Page 73: "Bit Commitment Using One-Way Functions," last paragraph: Second and third sentences should be "Alice cannot cheat and find another message (R_1,R_2',b'), such that H(R_1,R_2',b') = H(R_1,R_2,b). If Alice didn't send Bob R_1, then she could change the value of both R_1 and R_2 and then the value of the bit." Page 77: "Flipping Coins into a Well," first line: "neither party learns the result" should be "Alice and Bob don't learn the result". Third line: parenthetical remark should be: "Alice in all three protocols". Page 78: Step (1): "Alice, Bob, and Carol all generate" should be "Alice, Bob, and Carol each generate". Page 80: Second paragraph, second sentence. It should read: "A general n-player poker protocol that eliminates the problem of information leakage was developed in [228]." Page 90: Last paragraph: "step (3)" should be "step (4)". Page 91: Second line: "step (3)" should be "step (4)". Page 93: "Blind Signatures," first line: "An essential in all" should be "An essential feature of all". Page 98: First paragraph after protocol, fourth line: "to determine the DES key with the other encrypted message" should be "to determine the DES key that the other encrypted message was encrypted in." Page 115: "Protocol #2," third paragraph: "together determine if f(a,b)" should be "together determine f(a,b)". Page 121: Second paragraph: Delete the colon in the third line. Page 131: Fifth paragraph: "each capable of checking 265 million keys" should be "each capable of checking 256 million keys". Page 133: Table 7.2: Third number in third column, "1.2308" should be "0.2308". Page 134: Table 7.3: "1027" should be "10^27". Page 139: Indented paragraph: "could break the system" should be "could break the system within one year". Page 141: "Reduced Keyspaces," last sentence: "don't expect your keys to stand up" should be "don't expect short keys to stand up". Page 148: Eighth line: "2^24" should be "2^32". Page 156: Second paragraph: "blocks 5 through 10" should be "blocks 5 through 12". Page 157: Figure 8.2: "IO" should be "IV". Page 159: Figure 8.3: "IO" should be "IV". Page 161: Figure 8.5: "Decrypt" should be "Encrypt". Page 162: Figure 8.6: "Encipherment" diagram: Input should be "p_i" instead of "b_i", and output should be "c_i" instead of "p_i". "Decipherment" diagram: "Decrypt" should be "Encrypt". Page 164: Figure 8.7: "IO" should be "IV". Page 165: Last equation: There should be a "(P)" at the end of that equation. Page 167: Second paragraph, last line: "2^(2n-4)" should be "2^(2n-14)". Page 168: Figure 8.8: This figure is wrong. The encryption blocks in the second row should be off-centered from the encryption blocks in the first and third row by half a block length. The pads are half a block length. Page 174: Middle of page: Equations should be: k_2 = c'_2 XOR p', and then p_2 = c_2 XOR k_2 k_3 = c'_3 XOR p_2, and then p_3 = c_3 XOR k_3 k_4 = c'_4 XOR p_3, and then p_4 = c_4 XOR k_4 Page 175: Last paragraph, second line: "acting as the output function" should be "acting as the next-state function". Page 177: Diffie's quote, second to last line: "proposal to built" should be "proposal to build". Page 178: Figure 8.20: In "Node 2", the subscripts should be "D_2" and "E_3". Page 190: Fourth paragraph, last line: "to determine M" should be "to determine P". Page 191: First paragraph: "3.5" should be "6.8" in fourth line. "0.56" should be "0.15". "EBCDIC (Extended Binary-Coded Decimal Interchange Code)" should be "BAUDOT". "0.30" should be "0.76". "0.70" should be "0.24". Page 193: Second sentence: "Unicity distance guarantees insecurity if it's too small, but does guarantee security if it's high" should be "Unicity distance guarantees insecurity if it's too small, but does not guarantee security if it's high." Page 197: Third paragraph, fifth sentence: "Thus SATISFIABILITY is the hardest problem in NP" should be "Thus, there is no problem harder than SATISFIABILITY in NP". Page 198: Fourth paragraph from bottom, second sentence: "If a and b are positive and a is less than n, you can think of a as the remainder of b when divided by n" should be "If a and b are positive and b is less than n, you can think of b as the remainder of a when divided by n". Page 199: Middle of the page: In the sentence "Calculating the power of a number modulo a number", a should not be italicized. Page 201: First line of code: Remove "assuming x and y are > 0". Page 202: Middle of the page: In the sentence "Now, how do you go about finding the inverse of a modulo n?" "a" should be italicized. Page 206: Third line from bottom: "L(a,p) = -1 if a is a nonresidue mod p" should be "L(a,p) = -1 if a is a quadratic nonresidue mod p". Page 207: "Jacobi Symbol," formula: Variable "h" should be "a". Also, J(0,n) = 0. Page 209: Fourth paragraph: "If that value does not equal q" should be "If that value does not equal 1". Page 214: Last line: "n" should be "p". Lines 29, 30, and 31: "r" should be "a", and "gcd(p,r)" should be gcd(a,p)". Page 215: Lehman test, step 5: All three "(n-1)/2" should be exponents. Page 217: There should be an open parenthesis in front of the second "ln" in both exponents. Sixth paragraph: "Guassian" should be "Gaussian". Page 222: "Validation and Certification of DES Equipment," first line: "As part of the standard, the DES NIST" should be "As part of DES, NIST". Page 223: Second to last paragraph, last line. Reference "[472]" should be "[473]". Page 225: Figure 10.2: L_i is taken from R_(i-1) before the expansion permutation, not after. And "L_(i)-1" should be "L_(i-1)". Page 226: Third sentence: "bit 1 to bit 58, bit 2 to bit 50, bit 3 to bit 42, etc." should be "bit 58 to bit 1, bit 50 to bit 2, bit 42 to bit 3, etc." Page 227: Fourth line from bottom: "output positions that correspond" should be "output positions correspond". Page 228: Fourth paragraph, last line: "0 to 16" should be 0 to 15". Page 228: Fifth paragraph should read: "For example, assume that the input to the sixth S-box (that is, bits 31 through 36 of the XOR function) are 110010. The first and last bits combine to form 10, which corresponds to row 2 of the sixth S-box. The middle four bits combine to form 1001, which corresponds to column 9 of the same S-box. The entry under row 2, column 9 of S-box 6 is 0. (Remember, we count rows and columns from 0, and not from 1.) The value 0000 is substituted for 110010. Page 230: Fifth sentence: "bit 4 moves to bit 21, while bit 23 moves to bit 4" should be "bit 21 moves to bit 4, while bit 4 moves to bit 31". Second to last line: delete "The key shift is a right shift". Page 231: Table 10.9, sixth line: "80286" should be "80386". Page 233: The second two weak keys should be: 1F1F 1F1F 0E0E 0E0E 00000000 FFFFFFFF E0E0 E0E0 F1F1 F1F1 FFFFFFFF 00000000 Page 238: Next to last line before "Additional Results": "NSA's" should be "IBM's". Page 238: "Differential Cryptanalysis," third paragraph: "(1/16)^2" should be "(14/64)^2". Page 239: Figure 10.4: "14/16" should be "14/64". Page 242: Table 10.14: In "XORs by additions" line, "2^39,2^3" should be "2^39,2^31". In "Random" line, "2^21" should be"2^18- 2^20". In "Random permutations" line, "2^44-2^48" should be"2^33-2^41". Page 245: Line 11" "8 bits is" should be "8 bits was". Page 247: Section heading, "Cryptanalysis of the Madryga" should be "Cryptanalysis of Madryga". Page 250: The two functions should be: S_0(a,b) = rotate left 2 bits ((a+b) mod 256) S_1(a,b) = rotate left 2 bits ((a+b+1) mod 256) Note the difference in parentheses. Page 250: Figure 11.4: Note that a is broken up into four 8-bit substrings, a_0, a_1, a_2, and a_3. Page 251: Figure 11.6: The definitions for S_0 and S_1 are incorrect ("Y = S_0" and "Y = S_1"). See corrections from previous page. Also, "S1" should be "S_1". Page 254: "REDOC III," second sentence: "64-bit" should be "80- bit". "Security of REDOC III," second sentence: Delete clause after comma: "even though it looks fairly weak." Page 262: Figure 11.9: There is a line missing. It should run from the symbol where Z_5 is multiplied with the intermediate result to the addition symbol directly to the right. Page 263: Table 11.1: The decryption key sub-blocks that are Z_n^(m)-1 should be Z_n^((m)-1). Also, the second and third column of decryption key sub-blocks in rounds 2 through 8 should be switched. Page 264: First line: "107.8 mm on a side" shouldbe "107.8 square mm". Page 265: Figure 11.10: There is a line missing. It should run from the symbol where Z_5 is multiplied with the intermediate result to the addition symbol directly to the right. Pages 266-7: Since the publication of this book, MMB has been broken. Do not use this algorithm. Page 267: Sixth line from bottom: Reference should be "[256]". Page 269: "Skipjack." First paragraph. Reference should be "[654]". Page 270: "Karn." Third paragraph. Last sentence: "append C_r to C to produce" should be "append C_r to C_l to produce". Page 271: Middle of the page: "(for example, MD2, MD5, Snefru" should be "(for example, MD2, MD4, Snefru". Page 272: Second to last line: "But it is be analyzed" should be "but it is being analyzed". Page 275: Second to last paragraph: "Using 1028 bits" should be "using 1024 bits". Page 277: First lines: The correct street address is "310 N Mary Avenue" and the correct telephone number is "(408) 735-5893". Page 281: Third paragraph: The correct street address is "310 N Mary Avenue" and the correct telephone number is "(408) 735-5893". Page 283: Table 12.2: "PRIVATE KEY: d e^(-1)" should be "PRIVATE KEY: d = e^(-1)". Page 286: Third paragraph: "Eve gets Alice to sign y," "y" should be italicized. Second to last line: "Eve wants to Alice to" should be "Eve wants Alice to". Page 287: Last line: Wiener's attack is misstated. If d is less than one-quarter the length of the modulus, then the attack can use e and n to find d quickly. Page 288: The correct street address is "310 N Mary Avenue" and the correct telephone number is "(408) 735-5893". Page 289: The correct street address is "310 N Mary Avenue" and the correct telephone number is "(408) 735-5893". Page 292: Fifth line: "sqrt(x/v)" should be "sqrt(1/v)". Page 294: Second and third lines: "Bob" should be "Victor." Page 295: First line: "t random integers fewer than n" should be "t random numbers less than n". Page 297: Last line: "when" should be "where". Page 301: Middle of the page: Delete the sentence "Since the math is all correct, they do this step." Page 302: Fourth line from bottom: "a" should be in italics. Page 303: "Authentication Protocol," step (1): Add "She sends x to Victor." Page 305: Third paragraph, parenthetical remark: "NIST claimed that having DES meant that both that both the algorithm and the standard were too confusing" should be "NIST claimed that having DES mean both the algorithm and the standard was too confusing". Page 306: Eighth line: "cryptographers' paranoia" should be "paranoia". Page 307: "Description of the Algorithm": "p = a prime number 2^L bits long" should be "p = a prime number L bits long". "g = h^((p-1)/q)" should be "g = h^((p-1)/q) mod p". Page 309: Third line: "random k values and then precompute r values" should be "random k-values and then precompute r-values". Page 314: Protocol, step (1): "when" should be "where". Page 319: There should be a blank line before "discrete logarithm:" and another before "factoring:". Fourth line from the bottom: "depends more on the" should be "depends on more than the". Page 321: Third line: "when h" should be "where h". Page 322: Second paragraph: "over 500 pairs of people" should be "253 pairs of people". Page 326: In the definition of h_i, "H_(i-1)" should be "h_(i- 1)". Page 330: Definitions of FF, GG, HH, and II are wrong. These are correct: FF: "a = b + ((a + F(b,c,d) + M_j + t_i) <<< s)" GG: "a = b + ((a + G(b,c,d) + M_j + t_i) <<< s)" HH: "a = b + ((a + H(b,c,d) + M_j + t_i) <<< s)" II: "a = b + ((a + I(b,c,d) + M_j + t_i) <<< s)" Page 336: "HAVAL," sixth line: "160, 92, 224" should be "160, 192, 224". Page 339: "LOKI Single Block": In computation of Hi, drop final "XOR M_i". Page 340: "Modified Davies-Meyer": In computation of H_i, "M_i" should be subscripted. Page 342: "Tandem Davies-Meyer": In computation of W_i, "M_i" should be subscripted. Page 345: "Stream Cipher Mac", first line:" "A truly elegant MDC" should be "A truly elegant MAC". Page 347: Formula: "aX_(n1)" should be "aX_(n-1)". Second paragraph: "(For example, m should be chosen to be a prime number.)" should be "(For example, b and m should be relatively prime.)" Page 351: Second line of text: "they hold current" should be "they hold the current". Page 353: Third line: ">> 7" should be ">> 31". Fourth line: ">> 5" should be ">> 6". Fifth line: ">> 3" should be ">> 4". Eighth line: "(ShiftRegister)" should be "(ShiftRegister))". Tenth line: "< 31" should be "<< 31". Second paragraph: "are often used from stream-cipher" should be "are often used for stream-cipher". Page 356: Source code: "ShiftRegister = (ShiftRegister ^ (mask >> 1))" should be "ShiftRegister = ((ShiftRegister ^ mask) >> 1)". Page 360: Equation should not be "l(2^1-1)^(n-1)", but "l(2^l- 1)^(n-1)". Page 362: Figure 15.10: "LFSR-B" should be "LFSR-A" and vice versa. The second "a(t+n-1)" should be "a(t+n-2)", and the second "b(t+n-1)" should be "b(t+n-2)". Page 363: Fourth paragraph: "cellular automaton, such as an CSPRNG" should be "cellular automaton as a CSPRNG". Page 365: "Blum-Micali Generator": In the equation, "x_i" should be an exponent of a, not a subscript. Page 367: Sixth paragraph: "Ingmar" should be "Ingemar". Page 370: "Using "Random Noise," first paragraph, last line: "output 2 as the event" should be "output 0 as the event". Page 371: Sixth line: "access/modify times of/dev/tty" should be "access/modify times of /dev/tty". Page 371: "Biases and Correlations," third line: "but there many types" should be "but there are many types". Page 376: Seventh line: "send a message, M" should be "send a message, P". Page 391: Second protocol, step (1): "in his implementation of DES" should be "in his implementation of DSS". Next sentence: "such that r is either q quadratic" should be "such that r is either a quadratic". Page 402: First line: "when" should be "where". Line 18: "2^t" should be "2^(-t)". Page 406: Step (5): "ij". Page 417: Last paragraph: "Kerberos is a service Kerberos on the network" should be "Kerberos is a service on the network". Page 421: Figure 17.2: In the top message "C" should be lower case. Page 435: "RIPEM": "Mark Riorden" should be "Mark Riordan". Page 436: "Pretty Good Privacy," third paragraph: Delete fourth sentence: "After verifying the signature...." Page 436: Pretty Good Privacy is not in the public domain. It is copyrighted by Philip Zimmermann and available for free under the "Copyleft" General Public License from the Free Software Foundation. Page 437: Fifth line: Delete "assess your own trust level". "Clipper," second paragraph: reference should be "[473]". Fourth paragraph: references should be "[473,654,876,271,57]". Page 438: Middle of page: reference should be "[654]". "Capstone," first paragraph: reference should be "[655]". Page 445: The IACR is not the "International Association of Cryptographic Research," but the "International Association for Cryptologic Research." This is also wrong in the table of contents. Source Code: The decrement operator, "--", was inadvertently typesetted as an m-dash, "-". This error is on pages 496, 510, 511, 523, 527, 528, 540, and 541. There may be other places as well. Page 472: Third line: "2, 18, 11" should be "22, 18, 11". Eighteenth line: "for( i = 0; i<<16; i++ )" should be "for( i = 0; i<16; i++ )". Page 473: Function "cpkey(into)". "while (from endp)" should be "while (from < endp)". Page 478: Fourth line: "leftt > 4" should be "leftt >> 4". Seventh line: "leftt > 16" should be "leftt >> 16". Twentieth line: "leftt > 31" should be "leftt >> 31". Page 508: Line 8: "union U_INTseed" should be "union U_INT seed". Page 531: "for( i = 0; i<; i++ )" should be "for( i = 0; i<2; i++ )". Page 558: "#defineBOOLEAN int" should be "#define BOOLEAN int", "#defineFALSE0" should be "#define FALSE 0", and "#defineTRUE(1==1)" should be "#define TRUE (1==1)". Page 564: "#define BOOLEANint" should be "#define BOOLEAN int", "#define FALSE0" should be "#define FALSE 0", and "#defineTRUE(1==1)" should be "#define TRUE (1==1)". Page 569: "rand() > 11" should be "rand() >> 11". Page 569: In "G13.H", "#define G13int" should be "#define G13 int". Page 572: Reference [45]: "Haglen" should be "Hagelin". Page 576: References [136] and [137]: "Branstead" should be "Branstad." Page 578: Reference [184] "Proof that DES Is Not a Group" should be "DES Is Not a Group." The correct page numbers are 512-520. Page 589: Reference [475]: The publisher should be E.S. Mittler und Sohn, and the publication date should be 1863. Page 601: References [835] and [836]: "Branstead" should be "Branstad." Page 602: Reference [842]: "Solvay" should be "Solovay". Page 603: Reference [878]: "Weiner" should be "Wiener." This errata is updated periodically. For a current errata sheet, send a self-addressed stamped envelope to: Bruce Schneier, Counterpane Systems, 730 Fair Oaks Ave., Oak Park, IL 60302; or send electronic mail to: schneier at chinet.com. From albright at scf.usc.edu Sun Apr 3 11:51:17 1994 From: albright at scf.usc.edu (Julietta) Date: Sun, 3 Apr 94 11:51:17 PDT Subject: Politics do not belong here In-Reply-To: <8hbazSq00iV2I5HqI5@andrew.cmu.edu> Message-ID: <199404031851.LAA01762@nunki.usc.edu> > > Many apologies. Aparently I was not clear enough in defining what I > meant by politics. I was refering to bickering about the correctness of > liberals or conservatives, left or right, etc. Well, now that we've gotten THAT straightened out.. I guess its always helpful to be clear in one's wording, hmm? Hopefully this will be the end of this thread- I'll go back to lurking again for now. By the way- am reading 1984 again- I think we should definetly get those NSA shirts out "We're just running a little late"! Scary! Ciao for now.. Julie ____________________________________________________________________________ Julie Albright Ph.D Student Department of Sociology University of Southern California albright at netcom.com From hayden at krypton.mankato.msus.edu Sun Apr 3 13:47:46 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sun, 3 Apr 94 13:47:46 PDT Subject: THOUGHT: International Electronic Declaration of Rights Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hi everyone. This is a fairly involved piece, so forgive me if I ramble a bit. I just finished reading Sterling's The Hacker Crackdown, and one of the statements he said in there struck a chord with me and got me to thinking. Paraphrasing, Bruce said soemthing along the lines of 'Cyberspace is a world unto itself, without borders or national identity.' Why is this important? Because at the same time we are witnessing the birth of Cyberspace (an archaic, and almost vulgar term, yet also most appropriate), we are also witnessing a terrifying and growing movement towards the heavy-handed regulation of this new world. In cyberspace, national borders are merely annoyances on the Information Superhighway, much like that one pothole you manage to hit every morning on your way to work or school. Yet, as the information future comes into existance, governments will seek to put up checkpoints and roadblocks to make sure information does not propogate. Thus, I had a thought. What if we took it upon ourselves to write an International Electronic Declaration of Rights? A single body of ideas (not necessarily founded upon the U.S. Bill of Rights) that will seek to define the underlying tone of this non-existant cyberspace. It would have to be no more that a few statements about what ideals and freedoms we feel are not only important, but also granted to us on the basis of being living beings. Hang on, don't run away yet. :-) What to do with it, you ask? How do we get a bunch of geek-written libertarian ideals to mean somehting? Well, assuming we come up with our Electrion Declaration of Rights, the next step would be to get various civil-liberty organizations (such as EFF, ACLU, CPSR, and others outside the US) to sign on as supporters. Then we pitch it to corporations and universities world-wide, and get them to sign on. Soon, public pressure would force governments to look at it as a Rights issue, and perhaps we get it adopted as bodies of law or some such (a UN resolution?). Ok ok, I'm _obviously_ getting quite ahead of myself, and I apologize. But think about it, I do not know of a single resolution or declaration of the rights a citizen of Cyberspace is granted. Yes, each country has their own rules, but cyberspace doesn't understand the concept of borders, and perhaps it never will. Furthermore, there is precedent for International declarations of this sort. The United Nations has a Declaration of Human Rights (ftp.eff.org :/pub/CAF/civil-liberty/human-rights.un) [Note, though, that I avoided the use of the term 'human' above' for reasons that any avid sci-fi reader should recognize :-)]. If we based our declaration on THAT declaration, as opposed to basing it on the U.S. Bill of Rights, it would be less likely to meet objections from people outside of the United States. In any case, among the rights I think that need to be established (and this is by no means a complete list, jsut what I came up with in the last few hours) Freedom to say what you wish without fear of retaliation Freedom to participate in any forum without fear of retaliation Fundamental right to personal privacy both in storage and in communication (therein lies the right to cryptography) Freedom to hold any religious views your wish, including no religion Freedom from having religious views the basis of policy Access will not be denied to a person without due process Policies will not be implemented on the basis of race, colour, creed, gender, sexual orientation, language, religion, political or other opinion, national or social status, property, birth, or other status. Oops, sorry, went a little overboard, but you get the point (actually, I like the 'access' one. It's actually pretty important.) In any case, we are on the esge of a new world here, and I fear that reactionary regulation will make it into a dreadful world to live in. Perhaps something like the above, coupled with a grassroots organizational effort that we have shown to be so successful in cyberspace will perhaps slow the regulational onslaught, or perhaps even turn it to freedoms advantage. I'd really like to hear your opinions on this. (BTW: I did not bring this up in EFF forums because I was concerned with 'Americanizing' this idea too much. Instead, it is my belief that if this was a more international effort, with US and other civil-liberty groups signing on AFTER, it may be more successful. Perhaps I'm wrong which case I will repost this into other forums). I appreciate your time. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" - - -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZ8siZ3BsrEqkf9NAQGTQQP+IjRM5BAUWY6sVYIAOoiZgHSlOzS327Ap CMnJ2ngMNQdtHN3S7kMkatrb9QA/W4H/tKTsQRTjVz4wR9OKO4R1KwDKMBpOfDGk Y95hUbWlnpcZwuS2g2cvOqY+yfHyazbI34VrnU8jFA0jd4vNLxL5hILyNQR3RaOS FjiGtJy0LPI= =ToZ2 -----END PGP SIGNATURE----- From tcmay at netcom.com Sun Apr 3 14:53:50 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 3 Apr 94 14:53:50 PDT Subject: THOUGHT: International Electronic Declaration of Rights In-Reply-To: Message-ID: <199404032154.OAA07844@mail.netcom.com> Robert Hayden proposes: > Because at the same time we are witnessing the birth of Cyberspace (an > archaic, and almost vulgar term, yet also most appropriate), we are also > witnessing a terrifying and growing movement towards the heavy-handed > regulation of this new world. Think "absence of centralized law," not "what new laws and "rights" can we think up?" > What if we took it upon ourselves to write an International Electronic > Declaration of Rights? A single body of ideas (not necessarily founded > upon the U.S. Bill of Rights) that will seek to define the underlying > tone of this non-existant cyberspace. It would have to be no more that a > few statements about what ideals and freedoms we feel are not only > important, but also granted to us on the basis of being living beings. A dangerous idea, and one I certainly can't support. I don't speak for others, though, so will make my points here. > What to do with it, you ask? How do we get a bunch of geek-written > libertarian ideals to mean somehting? As you'll see, I don't think Robert's ideal are very libertarian at all. (The motivations may be, but anytime one speaks of a "right of access" to something that costs money, that is the product of another person's labor and ingenuity.....well, why not a right declaring access to shelter and transportation, etc., shall not be denied based on an inability to pay? And so on. > Furthermore, there is precedent for International declarations of this > sort. The United Nations has a Declaration of Human Rights (ftp.eff.org > :/pub/CAF/civil-liberty/human-rights.un) [Note, though, that I avoided Yes, the U.N. has quite a fascist declaration of rights. It includes such chestnuts as a right to a job, a right to shelter, a right to medical care, and the right of a country to control its press (cf. the UNESCO fiasco). No thanks. > Freedom to say what you wish without fear of retaliation So if you are in my house or on my mailing list and you begin detweilering, I have no recourse? I can't "retaliate" because that would violate your rights? > Freedom to participate in any forum without fear of retaliation Again, Detweiler, Gannon, Hitler, and Rush Limbaugh *must* be tolerated in all forums? Huh? > Access will not be denied to a person without due process If I run a mailing list, or a service, or lease time on my networks or computers, then I don't want any crap about "due process" to stop me from throwing folks off who haven't paid, who haven't followed my rules, who have been abusive beyond my threshold, etc. The "due process" stuff has tainted what used to be a matter between buyer and seller, between patron and owner, between agents free to make or not make deals. > Policies will not be implemented on the basis of race, colour, > creed, gender, sexual orientation, language, religion, > political or other opinion, national or social status, > property, birth, or other status. OK, so a women's list can't exist in this Cyberspatial Utopia? What will the prison term be for excluding straights from a gay list? How many years in the gulag for running a cyberspace group that caters to Catholics and excludes Satanists? > Oops, sorry, went a little overboard, but you get the point (actually, I > like the 'access' one. It's actually pretty important.) "Access" to this list, to my list, to your list, to Fred's Network, to a movie theater, to a concert, to a private gym, to whatever, is not a "right." This is your basic flaw--all later flaws flow from this error. The good news, though, is that strong crypto will make attempts to enforce such notions of "rights" a losing proposition. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jkreznar at ininx.com Sun Apr 3 15:27:34 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Sun, 3 Apr 94 15:27:34 PDT Subject: Detweilering (was Re: Positive uses for PGP) In-Reply-To: Message-ID: <9404032227.AA06153@ininx> -----BEGIN PGP SIGNED MESSAGE----- > On Sun, 3 Apr 1994, Mike McNally wrote: > > I'm not Detweilering; I speak of the ostensible use of the signature > > chain.) > Detweilering? > Sounds like an entry we need to get put into future versions of a Jargon > File. Maybe it could be added to the FAQ. You know, the one Detweiler wrote. (:-) John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZ9COcDhz44ugybJAQH9OQP/TjJukjUH+PYP87Ims5OonokOlMVCSX8f QekhHf4XPSgODPJltFM6Z7QnjOwgRwUwD5TxwkPlAcol2c11/OtHIwFhei3jsATW H66KaQFr3LtGWMsdwEFTApRScr4CFSskzwsqMp1hXJRIZRNuy1qVKRBgufwd13sF qJtfwd9278Q= =NcUs -----END PGP SIGNATURE----- From hayden at krypton.mankato.msus.edu Sun Apr 3 15:34:15 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sun, 3 Apr 94 15:34:15 PDT Subject: THOUGHT: International Electronic Declaration of Rights In-Reply-To: <199404032154.OAA07844@mail.netcom.com> Message-ID: On Sun, 3 Apr 1994, Timothy C. May wrote: > Think "absence of centralized law," not "what new laws and "rights" > can we think up?" Unfortunately, I don't think the anarchy of the net will work for much longer. Sooner or later, cryptography issues aside, somebody is going to regulate access or content or both. > As you'll see, I don't think Robert's ideal are very libertarian at > all. (The motivations may be, but anytime one speaks of a "right of > access" to something that costs money, that is the product of another > person's labor and ingenuity.....well, why not a right declaring > access to shelter and transportation, etc., shall not be denied based > on an inability to pay? And so on. I'll re-qualify that below. I didn't fully explain my position. > > Freedom to say what you wish without fear of retaliation > > So if you are in my house or on my mailing list and you begin > detweilering, I have no recourse? I can't "retaliate" because that > would violate your rights? Ok, I should have qualified this as well. It also has to do with the proper 'forum' as well (and I didn't want to get into specific examples in my original posting). The old idea that you can't yell "fire" in a crowded theatre. Not because 'Fire' is a censored word, or yelling 'fire' is bad in all cases, but because a crowded theatre is an improper forum. As a list example, if you run a list about the ecology of fishes, and someone comes on and starts talking about women's rights issue (an actual example from LSTOWN-L), that is an improper forum. You are "retaliating" not because of the speech itself, but because this specific forum does not exist FOR that speech. I meant, I guess, that I have a right to, for example, criticize my government, religion, boss, etc without being fearful of real-world retaliation. Why did I say this? Because I can imagine the U.S. government deciding that electronic forums that aren't email, for example, are not protected speech, and thus if I am on IRC, and I and my buddys criticise Clinton, I am a candidate for arrest for "subversive" activity. > > Freedom to participate in any forum without fear of retaliation > > Again, Detweiler, Gannon, Hitler, and Rush Limbaugh *must* be > tolerated in all forums? Huh? Please see above. > > Access will not be denied to a person without due process > > If I run a mailing list, or a service, or lease time on my networks or > computers, then I don't want any crap about "due process" to stop me > from throwing folks off who haven't paid, who haven't followed my > rules, who have been abusive beyond my threshold, etc. The "due > process" stuff has tainted what used to be a matter between buyer and > seller, between patron and owner, between agents free to make or not > make deals. My initial concern, and this stems mostly from where I have encountered the networks, in an educational setting. It is very common to arbitrarily remove a student from access with neither hearing nor even informing of the student of why his/her access was cut. Yes, it may have been justified, but it is still my opinion that a person shoudl be given not only a reason for denial of access, but also a chance to address those reasons. As for private-oriented networks. This is a little more sticky. _IF_ they are common carrier (which is still, as I understand, being decided), then I feel that denying a patron, who is paying his bills, access is a tremendous wrong. If computer services are NOT common carrier, than that is certainly a different issue, and should be a more internal matter. As I understand, the telcos have a fairly established procedure of dealing with non-paying customers AND abusive customers. Of course, they are also protected legally by common-carrier status. Access shoudl be granted just like with a telephone. If you can pay for it, you shoudl get it. If you cannot pay for it, you don't get it. But, if you can pay for it, you shoud NOT(!!!) be denied access. > > Policies will not be implemented on the basis of race, colour, > > creed, gender, sexual orientation, language, religion, > > political or other opinion, national or social status, > > property, birth, or other status. > > OK, so a women's list can't exist in this Cyberspatial Utopia? What will > the prison term be for excluding straights from a gay list? How many > years in the gulag for running a cyberspace group that caters to > Catholics and excludes Satanists? See above about 'forums'. Also, my largest concern above was with access policies (sorry, you are the 4th born child, you cannot use the computer. Sorry, you are jewish, you are not allowed access). Remember, there are areas outside the US that will routinely deny rights based on these arbitrary classifications that we in the U.S. don't even think about. Also, the idea was that you would get access to Cyberspace. The individual groups and forums exist just as they do in real life. I find it doubtful that there would be many blacks clamboring to be members of the KKK, and few members of the KKK wanting to belong to the NAACP. The same applies to cyberspace. > "Access" to this list, to my list, to your list, to Fred's Network, to > a movie theater, to a concert, to a private gym, to whatever, is not a > "right." And I fear that, even if one can pay, it will become more and more common to outright deny access to people. The lifeblood of this world is the passing of information. The regulations I see on the horizon look to me to be a tourniquet on that information. > The good news, though, is that strong crypto will make attempts to > enforce such notions of "rights" a losing proposition. But even strong crypto is useless if people cannot access the information systems. --------- I think fundamentally you and I agree much more that it seems, so I hope not to start a flamewar. :-) ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From tcmay at netcom.com Sun Apr 3 16:17:10 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 3 Apr 94 16:17:10 PDT Subject: THOUGHT: International Electronic Declaration of Rights In-Reply-To: Message-ID: <199404032318.QAA16937@mail.netcom.com> Robert Hayden writes: (I've elided material to shorten the article, never to misrepresent his remarks.) > Unfortunately, I don't think the anarchy of the net will work for much > longer. Sooner or later, cryptography issues aside, somebody is going to > regulate access or content or both. The "anarchy of ideas," as manifested in the free market for books, records, movies, food, lifestyles, etc., has worked pretty well for a very long time. Most of our lives is not yet under regulated access, and the burden of proof is clearly on Robert to explain why he thinks cypberspace _should_ be regulated (I'm not saying he thinks it _should_ be, but he is claiming it likely _will_ be and that Cypherpunks should therefore help to develop the laws that will be used). Freedom from coercion works pretty well. > > person's labor and ingenuity.....well, why not a right declaring > > access to shelter and transportation, etc., shall not be denied based > > on an inability to pay? And so on. > > I'll re-qualify that below. I didn't fully explain my position. This underscores the danger with most such utopian ideals. I submit that only a minimalist set of postulates will work, and even that causes endless problems (witness the constant debate about the meaning of each and every clause of the U.S. Constitution). ... > > detweilering, I have no recourse? I can't "retaliate" because that > > would violate your rights? > > Ok, I should have qualified this as well. It also has to do with the proper > 'forum' as well (and I didn't want to get into specific examples in my > original posting). The old idea that you can't yell "fire" in a crowded > theatre. Not because 'Fire' is a censored word, or yelling 'fire' is bad > in all cases, but because a crowded theatre is an improper forum. The proper solution to the "improper forum" problem is to not have communally owned resources when privately owned facilities work. This list, for example, is *not* a "public good*, and sufficiently disruptive folks can be denied access. With crypto, it's much easier. By the way, the Justice who made the "shouting 'fire'"" argument later said he regretted ever using this line of reasoning. > example from LSTOWN-L), that is an improper forum. You are "retaliating" > not because of the speech itself, but because this specific forum does not > exist FOR that speech. A distinction without a difference. Think about it. > I meant, I guess, that I have a right to, for example, criticize my > government, religion, boss, etc without being fearful of real-world > retaliation. Why did I say this? Because I can imagine the U.S. Well, no. You don't have such a right. Imagine that I have hired you to represent me in court. You do "your job" well enough, but then badmouth me on the Oprah Winfrey show. I fire you. Have I violated your right to free speech? Of course not. Empoyees are free to leave, indentured servitude not being legal (though it should be, but that's another debate, for another time). Employers are free to fire employees...that's how I see things (the courts have decided otherwise. Again, another debate_). > My initial concern, and this stems mostly from where I have encountered > the networks, in an educational setting. It is very common to > arbitrarily remove a student from access with neither hearing nor even > informing of the student of why his/her access was cut. Yes, it may have > been justified, but it is still my opinion that a person shoudl be given > not only a reason for denial of access, but also a chance to address > those reasons. Most universities are scared shitless, for good reason, that a comment like "Lesbians are pigs" will get them sued for multiple millions of dollars. That the Womyn's Studies Department will boycott the computer network. That the campus newspaper will denounce the university as a hotbed of right-wing assault speech. Hence, universities adopt "speech codes" which is a topic unto itself (cf. alt.censorship, *.*.academic-freedom, comp.org.eff.talk, etc.). For-profit companies, like Netcom, mostly don't _care_ what subscribers say. Prodigy does, and Prodigy is losing. Mandating that a network service _must be_ like Netcom, and not allowing it to be like Prodigy or MormonNet or PeaceNet, is a cure that is much more frightening than the disease. > it, you shoudl get it. If you cannot pay for it, you don't get it. But, > if you can pay for it, you shoud NOT(!!!) be denied access. If I want only Catholics to be able to use my service, what's wrong with that? Or only crypto supporters on Cypherpunks? Remember, the incoming and outgoing physical lines to one's home may presently be a potential for monopoly--potentially--but _places_ and _channels_ in cyberspace cannot be monopolized....if you don't like Prodigy or Compuserve, switch to Panix or Netcom. In the future, absent government's interference, a zillion more channels will arise. > I think fundamentally you and I agree much more that it seems, so I hope > not to start a flamewar. :-) Nope, I think we're in rather sharp disagreement. Still, I never considered this to be any kind of flame war. (I think too many people are using the term "flame war" loosely. Debate is not a flame war. A flame war is when personal insults replace attention to points, when epithets are hurled, when mailbombs are used, and when the flamers go outside the normal channels, such as Detweiler did when he attached my signature block to his garbage and then posted it widely.) Robert is right, vis-a-vis his comment about flame wars, in that I expect to see at least several postings of the form "This is not what I joined Cypherpunks to hear about. I joined to hear about PGP and other K00l warez." To those who do not wish to read political commentary, be it about Clipper or a "Cypherpunks Bill of Rights" (ugh!), then just hit "delete" and move on. The structures in cyberspace, and the methods for avoiding repetition of the statist control so beloved by governments, is my main interest in these topics, and has been for half a dozen years. I don't plan to stop talking about these issues. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From ph at netcom.com Sun Apr 3 16:54:44 1994 From: ph at netcom.com (Peter Hendrickson) Date: Sun, 3 Apr 94 16:54:44 PDT Subject: THOUGHT: International Electronic Declaration of Rights In-Reply-To: Message-ID: <199404032355.QAA18985@mail.netcom.com> Robert Hayden wrote: > Unfortunately, I don't think the anarchy of the net will work for > much longer. Sooner or later, cryptography issues aside, somebody > is going to regulate access or content or both. I think the "anarchy" of the net works just fine and can be compared to the "anarchy" of conversation. Would it be considered reasonable to monitor and restrict conversations between free people? Would it be reasonable to regulate the friends people make or the parties they attend? The answer should be "no" in both cases. > The old idea that you can't yell "fire" in a crowded theatre. Not > because 'Fire' is a censored word, or yelling 'fire' is bad in all > cases, but because a crowded theatre is an improper forum. This analogy was originally used by Oliver Wendell Holmes to justify the arrest and imprisonment of people who spoke against World War I in the streets of New York City. This analogy is almost always used to justify repressive policies. It is entirely inappropriate for cyberspace anyway, since nobody is going to be trampled running to their front yard! I think you are well-intentioned, but I think looking to the U.N. to protect individual rights will not work well. Most of the governments which belong to the U.N. are totalitarian. I think that most of what you really want to see happen can be summarized as: "People have the right to communicate freely and, therefore, privately." I wouldn't complain if this became a Constitutional Amendment or if the U.N. adopted it, but I would prefer to see a world where free communication is so basic to the fabric of society that it would be difficult to do things in any other way. Peter From darklord+ at CMU.EDU Sun Apr 3 17:57:30 1994 From: darklord+ at CMU.EDU (Jeremiah A Blatz) Date: Sun, 3 Apr 94 17:57:30 PDT Subject: THOUGHT: International Electronic Declaration of Rights In-Reply-To: <199404032318.QAA16937@mail.netcom.com> Message-ID: THis appears to have grown rather long and dry. If you have had no interest in this thread to date, hit 'n' now. Excerpts from internet.cypherpunks: 3-Apr-94 Re: THOUGHT: International .. by Timothy C. May at netcom.co > For-profit companies, like Netcom, mostly don't _care_ what > subscribers say. Prodigy does, and Prodigy is losing. Actually, I think Netcom is the exception. A good example is AOL, which is not losing, and is big into censorship. The small services don't care, the big ones have a reputation to worry about, so they censor. Timothy C. May at netcom.co > To those who do not wish to read political > commentary, be it about Clipper or a "Cypherpunks Bill of Rights" > (ugh!), then just hit "delete" and move on. I have no objection to the current discussion, I object to "You and liberal friends are *ssholes whose wishy-washy big government plans will destroy freedom" and "You and your conservative friends are *ssholes whose facist big government plans will destroy freedom" type flame wars. The current discussion may involve some bickering, but it's at least productive. Back to the issue: I think rights in cyberspace can be readily modeled on "meat" laws. For example, take the freedom of speech. I can say what I like as long as I don't libel someone. However, I don't have the right to say it anywhere I choose. I can't for example, go into your house and give a dissertation on fish euthenasia without your permission. Similarly, I wouldn't expect the right to speak my mind on any topic on an IRC channel that had no relation to the topic. This is a tricky issue, though. One should definatly be able to speak one's mind in a public place, but what defines a public place in cyberspace? Really, no place (at the moment) is truly public. Every computer is owned by somebody. I think this is an area where the real-world paradigm is effective. In the real world, we have private spaces, and government-owned public ones (parks). I think a set government-run nodes would be a good idea. The law would require them to be freely accessable by everyone. Of course, how they could be used would be limited (you can't live on a park, you couldn't use an e-park for long-term data storage). The current basic internet (netnews, irc, anon ftp, most www) is run, more or less, how I would imagine this e-park. Re: right of access. I prefer some regulation, such as mandating that everyone would have access to a reasonably prices public carrier. This would have basic services, and would not be allowed to boot someone if they followed the rules and payed the bills. The market would probably create this without regulation, but some basic regulation does provide a safeguard against the unlikely. Full service private carriers would, of course, be created by the market. I also agree that there should be some sort of due process for denying someone access ONCE THEY HAVE IT. Those whose access has been withdrawn should be presented with a reason and given an oppourtunity to appeal the desicision, to a 3rd party (court) in the case of public carriers. I am assuming that this future cyberspace would be organized in the anarchistic way the internet is; many nodes, of varying freedom, interconnected so that there are few, if any borders between them. THis, I think, is the most important thing for preserving/attaining rights in cyberspace. THe best way I can think to do this is to keep the influence of government or any single large organization to a minimum. $.02 deposited, Jer darklord at cmu.edu | "it's not a matter of rights / it's just a matter of war finger me for my | don't have a reason to fight / they never had one before" Geek Code and | -Ministry, "Hero" PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/ From sbb at well.sf.ca.us Sun Apr 3 18:10:20 1994 From: sbb at well.sf.ca.us (Stewart Brand) Date: Sun, 3 Apr 94 18:10:20 PDT Subject: PHILIP ZIMMERMAN ARRESTED [NOT!] Message-ID: <199404040108.SAA02235@well.sf.ca.us> The Zimmerman prank---I'm sure not funny for him---hardens my line further against anonymity online. At its best, as here, it is an unholy nuisance. Thanks for posting the correction, John. I'm moderating a panel with Zimmerman later this week, and would have been confused. From klbarrus at owlnet.rice.edu Sun Apr 3 18:42:49 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Sun, 3 Apr 94 18:42:49 PDT Subject: MAIL: prank Message-ID: <9404040142.AA29777@seawolf.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- >The Zimmerman prank---I'm sure not funny for him---hardens my line >further against anonymity online. At its best, as here, it is an >unholy nuisance. Why? If you think about it, the prank doesn't demonstrate why anonymity is bad - it could have been off with ordinary mail forgery. What is does demonstrate is the need for digital signatures and authentication. In the future you would just ignore an announcement of this sort if it doesn't have a valid digital signature. Karl L. Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZ9wY4OA7OpLWtYzAQHV1gP+IXt0zpdjh+97V9I6SASc29dWW2JZR5QV kI7EJyk5e6/gacULgr+nkGz4KAPIImQ6M4+QNDjplxnRwrwrljSMPewqZLpd1REF kZWGC8rnKOxFlwuXamMCF8+0+3+XrGqCxD6H2WuOGVZ82nUc5fHO25nNDes0B2tp /nf9TI8+zYY= =kyRX -----END PGP SIGNATURE----- From tcmay at netcom.com Sun Apr 3 19:15:57 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 3 Apr 94 19:15:57 PDT Subject: Cyberspace, Crypto Anarchy, and Pushing Limits Message-ID: <199404040216.TAA09304@mail.netcom.com> Cyberspace, Crypto Anarchy, and Pushing Limits This messages touches on two topics of recent interest (to some) here: 1. Setting up payment systems for message transmission, to handle the issues of "mailbombing" and "flooding" in a more natural way (locality of reference, user of a service pays, avoidance of the "Morris Worm" explosion effects which could've happened with Detweiler bombed us, as Hal noted). 2. The general issue of "Cyberspace." This lies at the root of some recent disagreements here, and is worthy of more discussion. Crypto will make this a very real cusp issue in the next several years. Why debate it now? What could possibly come out of such a debate? It happens that I'm reading a wonderful new book by Kip Thorne, entitled "Black Holes and Space Warps." This is widely available in bookstores, in hardback only at this time. ($30, but it's a whopping big book, and I got it at Barnes and Noble for $24. Speaking of Barnes and Noble, the Santa Clara store is selling Li and Vitanyi's "Intro. to Kolmogorov Complexity" book for $44, before the 20% hardback discount, which may be a mispricingm, as I paid $60 for mine. Check it out if you're interested....I think there were two copies.) Thorne has spent 30 years studying gravitational collapse and black holes, and was a coauthor of the famed 1973 book on "Gravitation," which I got to use in a Xeroxed form for my general relativity class in 1973. The point? Thorne describes his involvement with Carl Sagan in working out the physics of time travel via wormholes. Thorne had an epiphany: however unlikely the engineering or financing of something is, there is something valuable to be gained in examining the absolute limits of what is possible without regard for engineering practicalities. Thus, he and his students looked into the implications of an extremely advanced civilization able to somehow hold open the mouth of a wormhole. The conclusions are fascinating and led to a new line of thinking about the structure of space-time. Pushing limits and seeing "ideal" behavior is invigorating. The connection to crypto is this: Perhaps we should be thinking more about the implicaitons and effects of strong crypto, digital money, ideal remailers, etc., assuming that certain practical problems that bedevil us today are, or soon will be, solved. To some extent we already do this, as when we discuss Chaum's ideal mixes in the same way engineer's discuss ideal op amps--a useful abstraction of behavior in the limit that lesser, real world implementations can then be contrasted with. And of course many of us have found Vernor Vinge's "True Names" to be an excellent (and quickly readable) treatment of how things could work in a world of fast, cheap, and secure communication. Other writers have seen things differently (e.g., "Shockwave Rider," "1984," "Snow Crash"). Here, to cut to the chase, are some brief statements of what I see as the "behavior in the limits." I won't elaborate on them right now. * "Pay as you go" is the natural way to handle most economic transactions. There are exceptions, of course, such as insurance, contracts for future perfomance, etc., but for the most part money is used to mediate immediate exchanges. For a timely example, why can your enemies not "junk mail bomb" you with truly large (tons) of junk mail? Junk mail, as we call it, is in relatively small volumes (at most a mailbox full, except for celebrities perhaps) because of one simple thing: someone has to pay for the delivery! There is no possibility of a "free" way to "Make 19 copies of this ton of garbabe and mail them to your enemies." That there is with software--the remailer bombing by Detweiler, the 1988 Morris Worm, the "Dave Rhodes" chain letters--is due to some flaws in the current Net model: - costs of message trasnmission are not directly borne by senders (encourage overuse by some of scarce resources, a la the "tragedy of the commons'). - sites and remailers will respond to "instructions" to send the message on, to make copies of it, etc. * I thus consider it imperative that we develop as quickly as we can the following: - payment systems for message transmission (I've argued for "digital postage" as a first and comparatively easy application of digital money, others have as well, and Ray Cromwell just today issued his own proposal....time we get going on this. And lest you think I'm calling for altruism here, I think some fortunes will be made in this area.) - anonymous or identity-obscuring protocols, a la Chaum. - a general move away from "commons"-oriented systems, which breed the notions of "fair access" and such. If the "problem" is that poor people cannot--it is alleged--afford a $17 a month Net connection (what Netcom charges, in about 25 cities and growing), then my solution would be to simply _subsidize_ their bill. (I'm not advocating this, nor do I think it wise to subsidize anyone's phone, Net, or dinner bills, but better this than "nationalizing" networks and thus creating more confusion and less efficiency for all.) * Connectivity will be altered dramatically, The "distance" in cyberspace is already uncorrelated to physical distance. (Hardly surprising, as this was apparent with the telephone. But a useful way of looking at cyberspace, as being a space of radically altered connectivities and distances.) * Local access to service, the phone or cable lines that reach the home or office, is a potential bottleneck. But once a connection is made to a local node where multiple competitors exist (that is, once beyond the local government-granted monopoly), the possibility of "censorship" decreases rapidly, for several reasons. - thus, push for "encrypted access" lines from a terminal node (home, office) to a point with unlimited connectivity. - this is the situation I now have with my PacBell line and Netcom: PacBell doesn't "care" what I use the local line for, and once outside, I can dial a less-censorious Netcom rather than a Big Brotherish AOL or Prodigy. * Cyberspace is infinitely colonizable. No limits to growth. (Assumption: realization of cyberspace is on various machines and networks, which are not free, nor infinite. But the "no limits" comes from ease with which those near a "boundary" can simply push out that boundary with more CPU resource, more networks, etc.). * Crypto means access to "regions" can be controlled by "owners": - "my house, my rules" enforced locally, without central State authority - esseentially unbreakable security (in crypto sense) * By the way, strong crypto is the "building material" of cyberspace...the mortar, the bricks, the support beams, the walls. Nothing else can provide the "permanence"...without crypto, the walls are subject to collapse at the first touch by a malicious person or agency. With crypto, not even a 100 megaton H-bomb can breach the walls. (If you think I'm exaggerating, do some calculations on the energy to break a 1000-decimal-digit modulus.) * No "zoning laws" will be needed, or possible, in cyberspace. (Neil Stephenson's "Snow Crash," while a wonderful and thought-provoking read, got it wrong here: cyberspace is too extensible and locally controllable.) * Physical location of cyberspace locations will be increasingly hard to pin down. A vast "labyrinth of rooms and corridors" might be physically instantiated on a computer in Malaysia, while a "virtual gambling hall" is being run via cryptographic cutouts (remailers) from someone's bedroom in Provo, Utah. * The talk about "access rules" is thus shown to be meaningless, unless the governments crack down on networks, crypto, and private systems in a way far beyond anything now being talked about. This is the "crypto anarchy" I have been writing about since 1988. Cyberspace will turn out to be a far vaster frontier than _anything_ we have seen so far. With "only" 10^70 or so particles in the entire universe, there's vastly more "space" (address space, key space, etc.) in even a relatively small set of digits. Cyberspace is mathematical space, and its spaciousness is truly unlimited. And we'll be moving our trade, our entertainment, and much of our lives into cyberspace a whole lot faster than we'll be slowly moving into low Earth orbit and beyond. In fact, I consider that I'm already half-way in. In a few years, with Mosaic-like one-touch connectivity, with a plethora of network choices, with secure remailers and similar tools to anonymize my transactions, I'll be so far in there'll be turning back. Enough for these remarks rigth now. I think it makes sense to take a slightly longer-range view of the inevitable trends, to see where we're going, to see what issues need more work. I hope some of you agree with me. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From ph at netcom.com Sun Apr 3 20:04:41 1994 From: ph at netcom.com (Peter Hendrickson) Date: Sun, 3 Apr 94 20:04:41 PDT Subject: THOUGHT: International Electronic Declaration of Rights In-Reply-To: Message-ID: <199404040305.UAA14774@mail.netcom.com> Jeremiah A Blatz writes: > One should definatly be able to speak one's mind in a public place, > but what defines a public place in cyberspace? Really, no place (at > the moment) is truly public. Every computer is owned by somebody. I > think this is an area where the real-world paradigm is effective. In > the real world, we have private spaces, and government-owned public > ones (parks). I think a set government-run nodes would be a good > idea. The law would require them to be freely accessable by > everyone. Of course, how they could be used would be limited (you > can't live on a park, you couldn't use an e-park for long-term data > storage). The current basic internet (netnews, irc, anon ftp, most > www) is run, more or less, how I would imagine this e-park. The concept of a public place isn't all that useful in cyberspace since it's easy and inexpensive for people to set up their own nodes. If you would like to see a node created with rules about how the participants behave, you are certainly free to set one up. It's pretty cheap to set up nodes now and it's going to be cheaper in the future. In effect, cyberspace has an unlimited area is infinitely dimensioned; that is, every point is connectable to every other point. > I prefer some regulation, such as mandating that everyone would have > access to a reasonably prices public carrier... I can't see any reason to regulate my node if you only want people to have access to other nodes. I would suggest that what you really want is a subsidy system. > For example, take the freedom of speech. I can say what I like as > long as I don't libel someone... I realize you are not advocating libel laws here, but I think it's important to recognize that they are opposed to free speech and are, in my view, unconstitional. In the San Francisco area they have been used in the East Bay to discourage people from speaking against, among others, the University of California. The problem isn't just the possibility of losing a lawsuit, many people simple cannot afford to defend themselves. I suspect libel laws prevent many interesting stories from being told. That is unfortunate. Peter From ph at netcom.com Sun Apr 3 20:12:15 1994 From: ph at netcom.com (Peter Hendrickson) Date: Sun, 3 Apr 94 20:12:15 PDT Subject: PHILIP ZIMMERMAN ARRESTED [NOT!] In-Reply-To: <199404040108.SAA02235@well.sf.ca.us> Message-ID: <199404040313.UAA16069@mail.netcom.com> Stewart Brand writes: > The Zimmerman prank---I'm sure not funny for him---hardens my line > further against anonymity online. At its best, as here, it is an > unholy nuisance. > Thanks for posting the correction, John. I'm moderating a panel > with Zimmerman later this week, and would have been confused. I once read a story in the newspaper about a popular mayor who, it was reported, died in a massage parlor. I didn't realize that it was a prank for some time. I felt sheepish. Should we monitor newspapers? I don't think so. Healthy skepticism of random messages on the net is a better way to solve this problem. Is this really Stewart Brand? Peter From sameer at soda.berkeley.edu Sun Apr 3 20:26:04 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Sun, 3 Apr 94 20:26:04 PDT Subject: Cyberspace, Crypto Anarchy, and Pushing Limits In-Reply-To: <199404040216.TAA09304@mail.netcom.com> Message-ID: <199404040325.UAA11843@soda.berkeley.edu> > > - a general move away from "commons"-oriented systems, which breed the > notions of "fair access" and such. If the "problem" is that poor > people cannot--it is alleged--afford a $17 a month Net connection > (what Netcom charges, in about 25 cities and growing), then my > solution would be to simply _subsidize_ their bill. (I'm not > advocating this, nor do I think it wise to subsidize anyone's phone, > Net, or dinner bills, but better this than "nationalizing" networks > and thus creating more confusion and less efficiency for all.) > We don't need subsidized bills for cheaper access. Just cheaper access. It'll happen. Market pressure + all that. From greg%ideath at uunet.UU.NET Sun Apr 3 20:49:32 1994 From: greg%ideath at uunet.UU.NET (Greg Broiles) Date: Sun, 3 Apr 94 20:49:32 PDT Subject: PHILIP ZIMMERMAN ARRESTED [NOT!] In-Reply-To: <199404040108.SAA02235@well.sf.ca.us> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > The Zimmerman prank---I'm sure not funny for him---hardens my line > further against anonymity online. At its best, as here, it is an > unholy nuisance. Interesting. The recent thread on alt.security re someone who mentioned thoughts of suicide on Usenet and was held for 48 hours' psychiatric evaluation hardens my line in favor of anonymity online. In any event, "street tech" cares little for what you or I think. As I see it, we've got two choices - anonymity or pseudonymity. (To be more accurate, we can have both, or just pseudonymity.) Let's say we choose to ban anonymity online. How shall we do this? What political body will we go to and propose a regulation or legislation mandating Real Names for messages? The United Nations? The net.cabal? How will we stop folks from setting up accounts with names other than their "real names" .. or from stealing others' accounts .. or from forging mail? A $1000 PC can run Linux and SLIP an look to the rest of the net like any other IP-connected site; how will we enforce our rules on those systems? -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLZ95dX3YhjZY3fMNAQEjSgQArODShMLu5RyOufwc5RAFVh+T9QflHnu9 C/9tKaEYNm1QIMpBqX9Qq5RvBJUuw2T0dhR4JkZS5Ym/U/HM3h0Oow7n+gwSfkUv SWTTiPXYraEem9mp/rFyIIm4KOx3T4ARvDgueiUc3+hGIZbio6+1ReLIGSiDSnJC GsfCj7Sr7fk= =SWQZ -----END PGP SIGNATURE----- From wd6cmu at netcom.com Sun Apr 3 20:51:50 1994 From: wd6cmu at netcom.com (Eric Williams) Date: Sun, 3 Apr 94 20:51:50 PDT Subject: THOUGHT: International Electronic Declaration of Rights In-Reply-To: <199404032355.QAA18985@mail.netcom.com> Message-ID: <199404040352.UAA27376@mail.netcom.com> > I think you are well-intentioned, but I think looking to the U.N. to > protect individual rights will not work well. Most of the governments > which belong to the U.N. are totalitarian. Doesn't the U.N. have some kind of list of basic human rights? (Un- enforceable, of course.) I thought I saw it in a story about Elanor Roosevelt. -- Eric Williams | wd6cmu at netcom.com | WD6CMU at WD6CMU.#NOCAL.CA.USA.NA From schirado at lab.cc.wmich.edu Sun Apr 3 21:15:49 1994 From: schirado at lab.cc.wmich.edu (Ian M. Schirado) Date: Sun, 3 Apr 94 21:15:49 PDT Subject: Cyberspace, Crypto Anarchy, and Pushing Limits In-Reply-To: <199404040216.TAA09304@mail.netcom.com> Message-ID: > Cyberspace, Crypto Anarchy, and Pushing Limits A concise and thought-provoking article, Tim; I've missed your presence on the Extropians list since your departure. Glad to see you still in top form. > ...Perhaps we should be thinking more about the implicaitons and effects > of strong crypto, digital money, ideal remailers, etc., assuming that > certain practical problems that bedevil us today are, or soon will be, > solved. To some extent we already do this... Always keeping in mind, of course, that these are merely theoretical exercises, correct? The idea of crossing a bridge when you come to it is fine, but we're talking here about bridges that don't exist yet, and won't without a lot of effort on our individual parts. The building can never be built without a solid foundation. > And of course many of us have found Vernor Vinge's "True Names" to be > an excellent (and quickly readable) treatment of how things could work > in a world of fast, cheap, and secure communication. I haven't been able to track down a copy yet, although I've read all of Vinge's other works by now. (His future version of the Net still seems all too possible. "Death to vermin", indeed!) [many excellent points elided] > I hope some of you agree with me. I think your post sums up the possibilities of cryptoanarchy to empower individuals quite well. My one bitch at this point is that privacy in the real world is so much harder to achieve than in the virtual world of cyberspace. From eagle at deeptht.armory.com Sun Apr 3 21:24:46 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Sun, 3 Apr 94 21:24:46 PDT Subject: Crunch Time Message-ID: <9404032124.aa20218@deeptht.armory.com> Hi Folks, McCandlish forwarded my request for help before I go see a Federal Reserve Bank President Tuesday 5 April. Thanks to you all, esp Ms. Dekker of DigiCash. It's occured to me that Clipper could cripple US banking in the world financial market due to the 80% opposition exposed by the Time poll. If all my banking is digitized, my private key ensure's secrurity of transactions and authentication of user. If privacy of US Banks are comprimised by Clipper, why can't I bank in Switzerland? Hoenig, the KC Federal Reserve President will be in a public forum 10:00 MST 5 April. I would appreciate your comments on my reasoning with an eye on turning the Federal Reserve Anti-Clipper. It's crunch time folks, so I'll be reading my email up until 09:30 Tuesday. This is my private battle, so send your email to: or -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From hfinney at shell.portal.com Sun Apr 3 23:44:12 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 3 Apr 94 23:44:12 PDT Subject: Cyberspace, Crypto Anarchy, and Pushing Limits Message-ID: <199404040645.XAA04171@jobe.shell.portal.com> A thought-provoking essay as usual from Tim. However, I see a contradiction between: > * Crypto means access to "regions" can be controlled by "owners": > > - "my house, my rules" enforced locally, without central State > authority and: > * Physical location of cyberspace locations will be increasingly hard > to pin down. A vast "labyrinth of rooms and corridors" might be > physically instantiated on a computer in Malaysia, while a "virtual > gambling hall" is being run via cryptographic cutouts (remailers) from > someone's bedroom in Provo, Utah. The problem I have is that it is not clear that cyberspace is a space, that one can identify regions which have boundaries, and which can be patrolled by owners. These physical, 2-D and 3-D concepts do not map well to cyberspace. Cyberspace is more of a mental conception, a meeting of the minds. It's not clear that it can be owned. For a concrete example, who owns the Cypherpunks list? Tim and Eric started it, Eric keeps the software working, and John Gilmore supplies the machine, as I understand it (apologies if I am leaving someone out). Do they own the list? What about the role of the contributors? Aren't they the ones who give the list value? (Granted, Tim, Eric and John have been some of the best contributors, but that is separate from their role, if any, as owners of the list.) Suppose, as Tim implies, that the list someday evolved to be some kind of virtual list, hosted on a flexible network of machines around the globe. Who would the owners be then? I would suggest that there would not nec- essarily be any. The list would be a voluntary meeting place for people who had certain interests. Its existance would be essentially defined by the commonality of that interest. It exists not in a cyberspace thought of as machines on a net of wires and fiber, but in a conceptual space that transcends the physical machines which support it. The issue of the ownership of cyberspace has similarities more to the ownership of intellectual property than of houses and roads and other physical objects, IMO. And the problems which arise when you try to fence off part of intellectual property space will also be a part of attempts to own cyberspace. Just another view - Hal From darklord+ at CMU.EDU Mon Apr 4 01:36:29 1994 From: darklord+ at CMU.EDU (Jeremiah A Blatz) Date: Mon, 4 Apr 94 01:36:29 PDT Subject: Cyberspace, Crypto Anarchy, and Pushing Limits In-Reply-To: <199404040645.XAA04171@jobe.shell.portal.com> Message-ID: Excerpts from internet.cypherpunks: 3-Apr-94 Re: Cyberspace, Crypto Ana.. by Hal at shell.portal.com > Suppose, as Tim implies, that the list someday evolved to be some kind > of virtual list, hosted on a flexible network of machines around the > globe. Who would the owners be then? As you said, no one. It would be pretty much a park in cyberspace. If however, it remained in the hands of a small number of people, it would be controlled by them ("their house"). Jer darklord at cmu.edu | "it's not a matter of rights / it's just a matter of war finger me for my | don't have a reason to fight / they never had one before" Geek Code and | -Ministry, "Hero" PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/ From tcmay at netcom.com Mon Apr 4 01:56:13 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 4 Apr 94 01:56:13 PDT Subject: Cyberspace, Crypto Anarchy, and Pushing Limits In-Reply-To: <199404040645.XAA04171@jobe.shell.portal.com> Message-ID: <199404040857.BAA26661@mail.netcom.com> Sorry to be writing so much today, but these topics of crypto-cypberpolitics are of great interest to me. Hal Finney raised good points. I won't elide any material: > A thought-provoking essay as usual from Tim. However, I see a contradiction > between: > > * Crypto means access to "regions" can be controlled by "owners": > > > > - "my house, my rules" enforced locally, without central State > > authority > > and: > > * Physical location of cyberspace locations will be increasingly hard > > to pin down. A vast "labyrinth of rooms and corridors" might be > > physically instantiated on a computer in Malaysia, while a "virtual > > gambling hall" is being run via cryptographic cutouts (remailers) from > > someone's bedroom in Provo, Utah. > > The problem I have is that it is not clear that cyberspace is a space, > that one can identify regions which have boundaries, and which can be > patrolled by owners. These physical, 2-D and 3-D concepts do not map well > to cyberspace. Cyberspace is more of a mental conception, a meeting of > the minds. It's not clear that it can be owned. I don't mean that it's a 2-D or 3-D (nor do I mean it's a tres-trendy N-dimensional space, though it's more that than it is a simple space, a la "Snow Crash"). Rather, we can create and maintain "worlds" which may be mailing lists (with input from others), publications ("Wired" is certainly a cyberspace, subject largely to the rules set down by its owners, publishers, editors, and writers---with market forces shaping the evolution of it), organizations, and so forth. These "worlds" or cyberspaces have access points, internal consistency/structure, metrics, geometries, topologies, etc. I agree that it's not always terribly _useful_ to force-fit things into a spatial model....sometimes a cigar is just a cigar, and sometimes a magazine is just a magazine. But the interactivity of things like this list, and the Extropians list (where Hal and I and others debated this "is the list the propery of the Extropian Institute" issue), and of so many similar things says that these cyberspaces are taking on a very real existence. In another 10 or 15 years, commerce will move more noticeably into the domain of these constructed realities, other structures will similarly complexify, and the "colonization of cyberspace" will be made manifest. > For a concrete example, who owns the Cypherpunks list? Tim and Eric started > it, Eric keeps the software working, and John Gilmore supplies the machine, > as I understand it (apologies if I am leaving someone out). Do they own > the list? What about the role of the contributors? Aren't they the ones > who give the list value? (Granted, Tim, Eric and John have been some of the > best contributors, but that is separate from their role, if any, as owners > of the list.) Right now, the list is effectively "owned" by Eric Hughes, with no input from me (and I like it that way, frankly!). Only he can delete users....he never has, to my knowledge, not even Detweiler (LD asked to be removed, last November or so). John Gilmore owns the machine(s) it runs on, and also graciously provides the meeting space for our physical meetings, at his company Cygnus. Hugh Daniel is also invvolved in various capacities. There's little need for overt expressions of ownership, because few issues have needed it. Detweiler has been the only troublemaker. A few others have gotten wound up about some issue, posted a lot, then either settled down or left the list. There are no formal offices or staff, unlike CPSR, EFF, etc., so no need for a budget, votes, etc. (Cypherpunks has never held a vote, never made up a formal charter, etc.) But the list has a "cultural life" that provides an operational way of viewing the ownership issue. Let us examine what whould happen under various contingencies: - If Eric Hughes were to leave the list, another person would take over his duties. Just as "Pink Floyd" outlived the departure of Roger Waters (and Syd Barrett almost 25 years ago), so, too, the list would survive. - If John Gilmore were to take away his machine, things would likely stumble along for a few weeks until another machine could be found. Manual list distribution, running it on Netcom or Panix, finding a university site....all are possible. - The rest of us are important for the things we contribute and would not effect the list if we left. So, in this sense the list does not belong to any single person, but to an emergent group. (Where it used to get silly on the Extropians list was when someone would claim that their participation has given them some kind of "squatters rights" to have a say in the running of the List....that's patently false. Ditto for the Cypherpunks list: the anarchic approach works well, but not when someone makes a claim that they have some kind of voting power over things.) > Suppose, as Tim implies, that the list someday evolved to be some kind of > virtual list, hosted on a flexible network of machines around the globe. > Who would the owners be then? I would suggest that there would not nec- > essarily be any. The list would be a voluntary meeting place for people who > had certain interests. Its existance would be essentially defined by the > commonality of that interest. It exists not in a cyberspace thought of as > machines on a net of wires and fiber, but in a conceptual space that > transcends the physical machines which support it. Well, of coure that "conceptual space" is precisely what I am talking about. But more than just a conceptual space: a set of economica and social interactions, a persistent structure, reputations, webs of trust and reputation, and all that stuff. The Internet, and especially Usenet, are already this kind of "distributed meeing place." Nothing revelatory there. (This doesn't mean improvements won't happen....paying for services is one such thing.) > The issue of the ownership of cyberspace has similarities more to the > ownership of intellectual property than of houses and roads and other > physical objects, IMO. And the problems which arise when you try to > fence off part of intellectual property space will also be a part of > attempts to own cyberspace. > It'll be easier to "fence off" regions of cyberspace becausee one _creates_ them out of nothingness and then uses controls access. In the "Wired" example, there was not some Platonic ideal of the "high tech magazine" out there that the founders of "Wired" staked a claim on and then fended off claim-jumpers. Rather, the founders of "Wired" created a product, a set of ideas and styles, a pool of writers and artists, and said: "This is our world. You can enter it for $4.95 an issue." An important difference. The realities are created, not claimed. Just as books are created, not claimed. (Needless to say, the virtual worlds of authors, fictional genres, art, etc., are prime examples of these conceptual spaces. They are every bit as "real" and important to most of us as the supposedly real world around us. Calling them "cyberspaces" may be a stretch, but when computers are used to help support and maintain the world-like illusion, I have no problem calling them cyberspaces.) Ditto for Mosaic-driven, 1280x1024 full-color "worlds" on the hardware of 5 years from now. The designers with special talents will be able to command a premium for their worlds, their mailing lists (mailing lists can have software architectures, too, as the Extropians list software shows). The may license their methods out, creating "Cyberspace Construction Kits." The same way skilled architects shaped the physical colonization of cities and suburbs. I hope this clarifies what I mean by cyberspaces and the infinite colonizability of them. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From lile at netcom.com Mon Apr 4 05:56:45 1994 From: lile at netcom.com (Lile Elam) Date: Mon, 4 Apr 94 05:56:45 PDT Subject: Hi... :) Message-ID: <199404041257.FAA22088@mail.netcom.com> I would like to join this alias/list. Please direct mee to the list server or wjhoever I need to talk to about getting added. thanks, -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From dmandl at lehman.com Mon Apr 4 06:18:55 1994 From: dmandl at lehman.com (David Mandl) Date: Mon, 4 Apr 94 06:18:55 PDT Subject: PHILIP ZIMMERMAN ARRESTED [NOT!] Message-ID: <9404041318.AA04464@disvnm2.lehman.com> > From: Stewart Brand > > The Zimmerman prank---I'm sure not funny for him---hardens my line > further against anonymity online. At its best, as here, it is an > unholy nuisance. People have gotten anonymous death threats over the telephone and poison pen letters by mail. Are you against phone and mail anonymity? And this wasn't even such a destructive prank! And it was perpetrated on April 1. Doesn't seem like such a big deal to me. --Dave. From ravage at bga.com Mon Apr 4 07:34:00 1994 From: ravage at bga.com (Jim choate) Date: Mon, 4 Apr 94 07:34:00 PDT Subject: Bekenstein Bound In-Reply-To: <199404020933.BAA25097@ucsd.edu> Message-ID: <199404041433.AA12910@zoom.bga.com> > > I know this is off topic, but as an astrophysicist I can't let it lie. > >First off, Black holes are singularities or points and have no volumes. > > Black Hole refers to the event horizon, the geometry is not nice inside that. > > > >Second, the 'surface' of the event horizon is a fractal and is therefore > >better represented by a volume. > > The 'surface' is not fractal. It is a simple bounded spheroid of finite area. > > > >Third, Black holes are not de-coupled from the rest of the universe, they > >emit 'Hawkings Radiation' which eventually leads to the evaporatio of every > >black hole, the bigger the faster. > > Blackholes evaporate through Hawking radiation the SMALLER the faster. > Stellar mass black holes will not evaporate in the age of the universe. > This radiation does not carry information about the interior. It is formed > from the quantum field just above the surface. > > > >Fifth, volume is not an issue because several accepted theories imply a > >'many worlds' type of reality. Some of these theories even allow a certain > > > >amount of information to leak between them. This occurs because when the > >Hamiltonian is constructed some states prevent or exclude other states and the > >state space turns out to be smaller than at first apparent. > > This is philosophy not physics. > > > >Sixth, everyone (incl. me initialy) was discussing QED in exclusion. This is > >completely incorrect. You must include QCD and it is a complete unknown at this > >point. When QED succeded because of Feynmann the tools were applied to the > >Quantuam Chromodynamics of Quarks and it has not solved any problems. > > I have no idea what you are trying to say here. > > -------------------------------------------------- > Lance Cottrell who does not speak for CASS/UCSD > loki at nately.ucsd.edu > PGP 2.3 key available by finger or server. > > "Love is a snowmobile racing across the tundra. Suddenly > it flips over, pinning you underneath. At night the ice > weasels come." > --Nietzsche > > > I appreciate your feedback. From what I have read of Hawkings and others work I would have to disagree w/ your statements that a black hole is equated w/ the event horizon. In every text (incl. the Hawkings book from the 70's on the subject) to makes a clear distinction. Several years ago (around '90) there was a whole raft of work dealing w/ the event horizon and the consensus that I got was that the event horizon was a fractal. Perhaps you would site some references where this theory is not accepted and a argumetn as to why it fails? What I am saying as far as QED/QCD is that w/o discussing both then the actions of electrons and photons are not quantum mechanical in the sense that they require statistical terms to describe their behaviour. Nowhere in Maxwells Equations is there a statistical term. If you know of a hole in the equations please let me know of it. I am not aware of any behaviour of electrons/photons which are not covered by these equations until hadrons are introduced. From ravage at bga.com Mon Apr 4 07:44:49 1994 From: ravage at bga.com (Jim choate) Date: Mon, 4 Apr 94 07:44:49 PDT Subject: How Many Games of Chess? In-Reply-To: <9404012052.AA04563@newton.apple.com> Message-ID: <199404041444.AA13205@zoom.bga.com> > > >This is tangentially related to crypto. I've been reading A.K. Dewdney's > >_The New Turning Omnibus_ recently to refresh my memory of all that stuff > >I learned in undergrad that I'm going to see again on the Comp Sci GRE > >shortly. :-) Anyway, I was glancing through the chapters on complexity, > >computabilty, and minimax trees, and I got to wondering something: how > >many possible games of chess are there? I know that it has to be a finite > >number, but I'm not sure how to go about finding this number. Any > >pointers would be appreciated. > > First, I think there are a finite number of games only if all stale-mates > are are required to terminate. > > Second, here's one way if `just walking the tree` is too boring for you: > > 0 - Start your computer on this while you hop in a starship and circle in > local space at a significant fraction of C. > > 1 - Generate every legitimate board position (don't forget, pawns may be > promoted to other pieces) without regard for playing games. A board > position might be expressed as a 64 digit, base 13 number. More efficient > representation is probable (and desirable). Plainly the number of board > positions is something vastly smaller than 13^64 which is 1.96e71 or > > 196053476430761073330659 > 760423566015424403280004 > 115787589590963842248961 > > At this time, use two extra bits per state to note the mate condition. > > Additionally, the total number of games must be less than or equal to the > total number of permutations of every possible board position. Thus the > total number of possible chess games is something (again vastly) less than > (13^64)! (i.e., factorial --- sorry, Mathematica found this a little too > daunting to give me an estimate). > > 2 - Connect nodes with edges representing possible moves. For each > position, there can be no more than 64 pieces that might move, and for > each, no more than 63 possible results (including pawn promotion), so the > maximum number of edges is (13^64)*64*63 or about 7.90e74. > > At this time, or slightly later, use the mate bits to indicate stale-mates. > > 3 - Remove all subgraphs unreachable from the distinguished node that > represents the starting position. > > 4 - Count the number of distinct paths through the graph that end in a > mate or a stale-mate. > > 5 - Land your spaceship, collect your answer and find out how much money > accumulated in your hedge-fund while you were gone. > > > Scott Collins | "That's not fair!" -- Sarah > | "You say that so often. I wonder what your basis > 408.862.0540 | for comparison is." -- Goblin King > ................|.................................................... > BUSINESS. fax:974.6094 R254(IL5-2N) collins at newton.apple.com > Apple Computer, Inc. 5 Infinite Loop, MS 305-2D Cupertino, CA 95014 > ..................................................................... > PERSONAL. 408.257.1746 1024:669687 catalyst at netcom.com > > > Seems to me a simpler method would be to start at the end game and work backward. Start w/ a single piece and it has 64 positions. a game which ends w/ 2 pieces on the board has 64*63 possible positions, 3 pieces have 64*63*62 possible positions, and so on. The fact is that the end game is what defines a game of chess and not the infinitude of possible paths between the first and last move. From ravage at bga.com Mon Apr 4 07:48:59 1994 From: ravage at bga.com (Jim choate) Date: Mon, 4 Apr 94 07:48:59 PDT Subject: Bekenstein Bound (was: Crypto and new computing strategies) In-Reply-To: <199404011647.IAA29956@mail.netcom.com> Message-ID: <199404041448.AA13298@zoom.bga.com> You made the assertion in your rebuttal about area -v- volume in relation to black holes and event horizons about the entire universe not being containable in a volumn, if you accept this premice then you have to accept the premice that the universe is unbouded and hence not containable. This leads the bounds on the B-equation to be infinitly large number of possible states. From tmp at netcom.com Mon Apr 4 08:12:58 1994 From: tmp at netcom.com (tmp at netcom.com) Date: Mon, 4 Apr 94 08:12:58 PDT Subject: wrong place at wrong time... Message-ID: <199404041513.IAA11198@netcom9.netcom.com> hello, whoever this `detweiler' person is you really seem to hate him. i appear to have been in the wrong place at the wrong time. would you like me to change my login name to something different so you don't confuse me with him? i think i heard it only costs $10 or so. yes, i do post from denver but i thought i heard detweiler was posting from somewhere else in colorado. (of course, geography is pretty meaningless in cyberspace.) yes, i am something of a newbie to this list. i heard about it out in talk.politics.crypto or something like that. i have also been reading up on your remailers from the public domain stuff out there (soda.berkeley.edu, etc.) the issues of `detweilering' do bring up some interesting questions. it seems to me that merely charging for access to remailers is not a sufficient deterrent (although it would have some effect). consider this argument: top-notch explosives can be very expensive, but that doesn't prevent terrorists from using them. in fact, it just has the effect of deterring the use of them by `casual' terrorists. wouldn't it be simpler to put limits on message propagation through a remailer? for example, limiting the volume of mail from a given source address? other interesting issues raised by `detweilering': hal finney forbids detweiler from using his remailer at any time. but (hello? is anyone home?) remailers operate on precisely the principle that names are irrelevant. how can you forbid anyone from doing something when you have no way of *identifying* them? how do you know what their mail aliases are? i wouldn't be surprised if hal finney censors *me* from his mailers just because he *suspects* that i am detweiler (ouch!). i think everyone here needs to be reminded why names were *invented*-- so that people can attribute actions to various individuals. it is `social ettiquete'. now, in some cases you may say that there is no need to attribute a name to an action (such as a posting) but then it seems you have no right to complain about `detweilers'. consider this-- suppose that i really hate t.c.may (this is just an example). i would like to screen my mailbox of everything he writes. but if he has dozens of imaginary aliases on netcom.com, each individually pretending to be a real person, how can i do this? it would be impossible. and don't say that the cost of multiple addresses would be a deterrent. what if he is a bored millionaire with nothing better to do? what if detweiler is a bored millionaire as well? apparently (from what i can determine) he seems to be endlessly entertained by harassing cypherpunks. and the criteria `that's an annoying post' is obviously not a very effective way of identifying him. so, `cypherpunks', you might consider the following problem. is it possible to have a system where there are multiple aliases allowed to a given person, and comparison between aliases (does alias1 == alias2) is permitted, but anonymity is generally preserved? one possibility is to remove screening one level from the users. that is, i tell a central server `stop sending me all posts generated by [alias1]'. if certain people suddenly disappear from my view that would be highly incriminating but not conclusive that they are all the same person. p.s. if detweiler is using the initials `tmp' (which he is judging by the FAQ piece that was reposted here) does anyone know what they stand for? p.p.s. can anyone tell me of recent press or media accounts of cypherpunk activity? thanks. p.p.p.s. try not to be so paranoid about `detweilers'. seems to me that if all he does is bang on a keyboard he is probably quite harmless. but then again, that's all that mitnick and morris did From m5 at vail.tivoli.com Mon Apr 4 08:32:13 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 4 Apr 94 08:32:13 PDT Subject: wrong place at wrong time... In-Reply-To: <199404041513.IAA11198@netcom9.netcom.com> Message-ID: <9404041532.AA05194@vail.tivoli.com> tmp at netcom.com writes: > hello, whoever this `detweiler' person is you really seem to hate him. Oh yes, "we" hate him alright. He got awful close to finding out "our" secret, but he was wrong on one count: "we" are not all Eric Hughes, "we're" Billy Idol! But: shhhhh! It's a secret! (Have you sent away for your Tentacle ID Decoder Ring yet?) -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From hfinney at shell.portal.com Mon Apr 4 08:34:08 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 4 Apr 94 08:34:08 PDT Subject: REMAIL: Ray's improved anonymous remailer Message-ID: <199404041535.IAA25481@jobe.shell.portal.com> I meant to reply to this several weeks ago, but was too busy then, so here are some comments now. From: rjc at gnu.ai.mit.edu (Ray) > Seeing as how everyone else is announcing their anonymous remailers, > I may as well announce mine which is nearing completion. The remailer > is written in Knuth's WEB using Perl so there is nice documentation. This sounds like an interesting approach. WEB is Knuth's methodology for creating self-documenting programming projects. You run them through a filter to create the executable code, Perl in this case. This should help portability and ease of support. > The remailer includes among other things, virtual addresses (handles), > padding/packetizing messages (splitting them up and sending pieces through > multiple remailer chains), chaining, mixing, a key-server, a list of > remailers server, a socket-server to bypass the sendmail queue and > get immediate error return, a stealth mode (delivery via direct SMTP or > socket instead of through the local sendmail), secure remailer network > (remailers sign and encrypt chained messages between each other), > fake remailer traffic, and other small features. The virtual handles are > fairly secure. They can be stored in the database as either plaintext real > email addresses, virtual addresses located elsewhere on the remailer network, > or SAEE cypherpunk remailer blocks (self-addressed encrypted envelope) These mostly sound like great features. The virtual addresses are something we have needed for a long time. The idea of keeping records of which remailers are responding should help with the use of the network, too. The one problem with this is that it might be tempting for the users to just trust the remailers to choose their chain paths. It would be much better for the user's own software to hook up, find out which remailers are operating, then choose a chain. Ray's software will allow this, but this function could be split off from the remailers to a specialized server, perhaps. I'm not sure about the advantages of remailers signing and encrypting messages between themselves. It seems to me that the network should work even without this. Ideally we don't want the remailer network to be too centralized and close-knit. It's better for them to be strangers to each other since if they coordinate their efforts they can defeat anonymity. > p.p.s. e-mail commands are of the same form as the extropian's mailing > list, backwards compatibility with the cypherpunks pasting token is not > supported. Why? All headers in the message are ignored (and in socket-mode, > there is no header anyway) and the prefered mode of operation is to encrypt > the body and the commands so no outside eyes can see the remail request > destination nor the message subject. This was one reason I suggested supporting both old-style CP and the extropians-style syntax ("::Anon-To"). As Ray suggests, in some cases we might not have message headers in the RFC822 sense. I think it is simpler to think about a message which has remailer commands at the top. > Socket mode provides a more secure form of operation by bypassing the > standard sendmail delivery mechanism allowing a message to be > piped directly to the remailer. In addition, the socket mode remailer > functions as an information server allowing clients to request > a publically networked list of public keys and up-to-date list of > \rem servers. The port number can be anything but I'm suggesting we all > agree to use port 2258. The number of sites which allow users to run socket servers is far smaller than the number which allow mail filters, so not many people will be able to use this feature. OTOH the mail-only sites are generally of low security and an owned-and-operated system should be able to use this feature. So it is definately a plus for those who can use it. > Upon connection to the remailer port, a greeting message will be sent to you > of the following form. On the first line is a general greeting message > which can be any string. On the next line is status information separated > by ``/''. The status information in order is: \verb|remailer_name|, > version, administrator e-mail address, and finally a list of flags. > The flags are single character upper case letters specifying > the following options. {\bf P} to specify that the machine is > privately owned and single-user, {\bf M} for mixing enabled, {\bf C} for > chaining, {\bf K} if the keyserver is turned on, {\bf E} if this remailer > only accepts encrypted messages, and {\bf S} if stealth mode is on. This is a good feature, but it should also be available from non-socket remailers. There should probably also be a "Help" command to tell how to use the remailer. (A lot of people already have these features.) > Virtual Addresses consist of a {\bf user handle} and an optional > {\bf remailer name} separated by `{\bf \#}' I used `\#' because I wanted > to differentiate virtual addresses from internet style addresses. > An example of a virtual address is ``darkmodem\#deepanon'' which > means that the message should be sent to the user connected with the > handle ``darkmodem'' through the remailer named ``deepanon'' You can > chain your own remailers by simply adding multiple remailer names to the > virtual address. For example, ``user\#remailer1\#remailer2\#remailer3'' > which will send the message first through remailer1, then remailer2, > then remailer 3, and finally to whoever happens to be connected with > ``user''. A special remailer name ``*'' is provided. Each instance of > ``*'' in a remailer chain will be replaced by a random remailer. > For example, ``darkmodem\#*#*#deepanon'' will first chain the message > through two random remailers and then finally to deepanon. The random > remailers chosen are not guaranteed to be unique. Ray had mentioned above that these user handles can also map to encrypted remailer strings. This way users don't have to trust any one remailer op- erator to keep their identity secret. This need for trust is one reason I am not enthusiastic about user#remailer1#remailer2#remailer3 as an address, although it is admirably concise and easy to use. The problem is that it exposes the path to the first remailer in the chain. I really feel that paths must use nested encryption to be of much value. Similarly, the darkmodem#*#*#deepanon requires the user to really trust the first remailer in the chain. Perhaps it deserves such trust, but I feel that a system which does not require such trust would be superior. (Again, Ray's proposal is broad enough that it will allow non-trust modes of operation, as I understand it; my main concern is that these other options are so easy that they will tempt people to be lazy and slip into modes where they are vulnerable to unscrupulous remailer operators.) I am really looking forward to seeing Ray's software. It sounds like a good package of functions. Hal From wcs at anchor.ho.att.com Mon Apr 4 09:32:02 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 4 Apr 94 09:32:02 PDT Subject: THOUGHT: International Electronic Declaration of Rights Message-ID: <9404041630.AA27374@anchor.ho.att.com> > Doesn't the U.N. have some kind of list of basic human rights? (Un- > enforceable, of course.) I thought I saw it in a story about Elanor > Roosevelt. I don't have the UN rights stuff handy, but most of it's non-useful, and is a good example of what happens when you let a committee of governments "define" your "rights" for you. I've spent more time looking at the UN treaty on the Rights of the Child (my church was lobbying our senator about getting the US to sign it, which I had problems with.) Typical "rights" included the right to free speech, subject to the needs of a society to preserve public order, the right to freedom of religion, subject to the needs of a society to preserve public order, the right to free compulsory education through 5th grade, without any particular identification of who would be forced to pay for "free", or acknowledgement of the more important right not to be compelled to be indoctrinated in whatever the government wants to force you to believe (e.g. South Africa forbidding public school students to use their native languages leading to Soweto massacre or France forbidding female public-school students to wear traditional Arab head-coverings), the right to national identity cards, etc. It's a mixture of "rights" that apply unless the government doesn't want them to, "rights" to have other people do things for you, rights that are too watered down to be worth the name, and rights that don't really include enforcement when governments don't honor them. It did have some meaningful parts - forbidding execution of children, forbidding drafting children under some age (I think it was 15 or 16) - and for many governments it would mean positive changes in spite of all the concessions to letting governments do whatever they want in the name of "social order". We can do better than that. Bill Stewart From wcs at anchor.ho.att.com Mon Apr 4 09:36:40 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 4 Apr 94 09:36:40 PDT Subject: Cyberspace, Crypto Anarchy, and Pushing Limits Message-ID: <9404041635.AA27428@anchor.ho.att.com> Sameer writes, in response to Tim: > > - a general move away from "commons"-oriented systems, which breed the > > notions of "fair access" and such. If the "problem" is that poor > > people cannot--it is alleged--afford a $17 a month Net connection > > (what Netcom charges, in about 25 cities and growing), then my > > solution would be to simply _subsidize_ their bill. (I'm not > > advocating this, nor do I think it wise to subsidize anyone's phone, > > Net, or dinner bills, but better this than "nationalizing" networks > > and thus creating more confusion and less efficiency for all.) > > We don't need subsidized bills for cheaper access. > Just cheaper access. It'll happen. Market pressure + all that. Tim's point, though was that we don't "need" cheaper access, and government-regulation solutions to achieve this pressing social need are not only bad, but unnecessary - if the government really wants to provide people with cheaper net access, it can hand them money, with less distortion of the market than regulation. One of the problems with the EFF open access proposals is that they tend to favor, or at least tolerate, regulation of the networks, which is an invitation to disaster, however well-intentioned it may be. Bill Stewart From frissell at panix.com Mon Apr 4 10:43:29 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 4 Apr 94 10:43:29 PDT Subject: THOUGHT: Internation Message-ID: <199404041742.AA09722@panix.com> To: cypherpunks at toad.com T >Yes, the U.N. has quite a fascist declaration of rights. It includes T >such chestnuts as a right to a job, a right to shelter, a right to T >medical care, and the right of a country to control its press (cf. T >the UNESCO fiasco). No thanks. Also, the right to two weeks paid vacation a year. As a self-employed individual, I want all you UN advocates out there to pay for my two-week vacations since I've never had one. DCF --- WinQwk 2.0b#1165 From GRABOW_GEOFFREY at tandem.com Mon Apr 4 10:57:37 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Mon, 4 Apr 94 10:57:37 PDT Subject: How many games of chess? Message-ID: <199404041057.AA25913@comm.Tandem.COM> When "different games" are mentioned, are we talking about any difference a significant difference. Are two 1000 move games different just because they have one move difference, or does the outcome need to be different? And, bye the outcome being different, does that just mean that the King i captured in a different square or does it require more? G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | |----------------------------------------------------------------------| | PGP fingerprint = C9 95 0F C4 E9 DD 8E 73 DD 99 4E F5 EB 7A B6 1D | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From hughes at ah.com Mon Apr 4 11:03:31 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 4 Apr 94 11:03:31 PDT Subject: Cyberspace, Crypto Anarchy, and Pushing Limits In-Reply-To: <199404040645.XAA04171@jobe.shell.portal.com> Message-ID: <9404041750.AA08094@ah.com> >The problem I have is that it is not clear that cyberspace is a space, >[...] These physical, 2-D and 3-D concepts do not map well >to cyberspace. A mathematical space need not be linear, even locally, and therefore it need not have dimensionality. While the use of the word space started as a reference to our spatial experience, it has generalized out of that restriction. >For a concrete example, who owns the Cypherpunks list? Tim and Eric started >it, Eric keeps the software working, and John Gilmore supplies the machine, >as I understand it (apologies if I am leaving someone out). Here's how I explained it a recent cypherpunks meeting: John Gilmore is the pope. He owns the hardware. Hugh Daniel is the cardinal. He does much of the maintenance. Eric Hughes is the king. He looks like a figurehead. Insert your own conception of divine right of kings, etc., in order to complete the analogy. Should I ever move the list to my own hardware and net connection, I get to be Napoleon. Eric From jamiel at sybase.com Mon Apr 4 11:15:46 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Mon, 4 Apr 94 11:15:46 PDT Subject: THOUGHT: Internation Message-ID: <9404041815.AA26736@ralph.sybgate.sybase.com> At 1:42 PM 04/04/94 -0400, Duncan Frissell wrote: >To: cypherpunks at toad.com > > >T >Yes, the U.N. has quite a fascist declaration of rights. It includes >T >such chestnuts as a right to a job, a right to shelter, a right to >T >medical care, and the right of a country to control its press (cf. >T >the UNESCO fiasco). No thanks. > >Also, the right to two weeks paid vacation a year. > >As a self-employed individual, I want all you UN advocates out there to >pay for my two-week vacations since I've never had one. > >DCF I don't want to start a huge debate on this, I just would like to know if those who object to this object on grounds of practicality or ideology (in other words, for example do you object because you don't believe everyone is *entitled* to a job, or because you think it is idealistic and silly to write something like this when everyone knows capitalism requires unemployment.) From hughes at ah.com Mon Apr 4 11:34:49 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 4 Apr 94 11:34:49 PDT Subject: Economic assumptions Message-ID: <9404041821.AA08128@ah.com> I just read (after a reference by Duncan Frissell on this list) an essay by Nobel-prize economist R. H. Coase. The essay is called "The Nature of the Firm". I have it in a collection called _The Firm, the Market, and the Law_, published by University of Chicago Press. This is a sure-fire antidote to the idea that "the market is the best solution for everything". This is the essay, evidently, that introduced the idea of transaction costs. Some of his basic points are the following: -- There is a cost to using the price mechanism. -- Not all economic allocations use the price mechanism. -- Firms exist because they have lower transaction costs than the market. I can imagine that bandwidth in the fibersphere for text transmission will be too cheap to meter, which means that the cost of metering would more than the marginal revenue. In this case, and this is not the near future, there aren't any delivery charges per message. Suppose 5 billion people are all typing continuously at 300 bps. That's 1.5 Tbps, certainly within the conceivable for a single transmission line. So that's everything everyone in the world types, delivered at flat rate to your computer. The assumption of scarcity for bandwidth, while true now, may not generalize to the future. We should also not assume that every commons is subject to the tragedy of overuse. Eric From hughes at ah.com Mon Apr 4 11:44:05 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 4 Apr 94 11:44:05 PDT Subject: PHILIP ZIMMERMAN ARRESTED [NOT!] In-Reply-To: <199404040108.SAA02235@well.sf.ca.us> Message-ID: <9404041830.AA08146@ah.com> >The Zimmerman prank---I'm sure not funny for him---hardens my line >further against anonymity online. You can't get rid of anonymity such as this without also getting rid of pseudonymity. The first use of a pseudonym is as good as anonymous, because it has no past history. If the user of this pseudonym never again uses the name, then it has no future history. A one-time pseudonym is an anonym. An arbitrary string of letters only become a name if it is presented as a name and if it has persistence. Identity is a persistence through time of a source, be that a source of speech or a source of action. Without persistence there is no identity, but rather only unconnected assertions in a formal (and sterile) symbolic system. Eric From tcmay at netcom.com Mon Apr 4 11:45:47 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 4 Apr 94 11:45:47 PDT Subject: This List--Public, Private, or Other? Message-ID: <199404041846.LAA06510@mail.netcom.com> I have a few more things to say on the question Hal raised: is this list privately owned, publically owned, or is it something else? * It's effectively under the control of the folks mentioned (Huhges, Gilmore, Daniel, etc.), but.... * anyone with access to the mailing list names (cf. majordomo) could "invite" subscribers to try another list. Detweiler tried something like this with his "cypherwonks" group. The point: the "list" could move around. * sufficiently bizarre management practices on the List, such as if Eric decided to really crown himself King, would cause folks to leave. The point: the "list" is not permanent. * anyone trying to create their own Cypherpunks-type list would have to deal with inertia, head starts (by us), and so on. The point: sometimes inertia wins. In different words, the list exists as an "emergent phenomenon," like a popular trend or a fad. It's "official" existence is not crucial, as that could evaporated, change, etc. The hundreds of subscribers (can it really be 700?) find this list presumably more convenient than forming their own list, recruiting members, and achieving some critical mass. Call it a "Schelling point" in cyberspace, a meeting place. (A Schelling point is named after the game theorist, and can best be quickly described by an example: if Hal Finney and I agree to meet in Washington, D.C., without making further plans as to place, where might we meet? The Air and Space Museum? The base of the Washington Monument, the EFF offices? A limited number of points are likely to be independently picked by us--these are Schelling points for us. Prices are often Schelling points.) If enough of us "moved" to another list, or another machine, then that's "where" the Cypherpunks list would move to (it didn't happen with "Cypherwonks," for various and obvious reasons). The concept of "ownership" is thus tenuous. I would liken it to the "ownership" by a store of its customer base. Fry's Electronics "owns" the hacker-technophile customers it attracts in such throngs throughout the Bay Area, and no one (except the State, of course) can come in and command them to change their policies. But Fry's must be careful to not lose its customer base, which could easily happen (and will eventually, in all likelihood). To wrap it up: Cyberspace ownership has more similarities to the voluntary asssociations desscribed here--customer bases, clubs, subscriptions to magazines, etc.--than to conventional ideas of "public" and "private" property ownership. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Mon Apr 4 12:03:43 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 4 Apr 94 12:03:43 PDT Subject: Economic assumptions In-Reply-To: <9404041821.AA08128@ah.com> Message-ID: <199404041904.MAA08571@mail.netcom.com> Eric Hughes writes: > I can imagine that bandwidth in the fibersphere for text transmission > will be too cheap to meter, which means that the cost of metering > would more than the marginal revenue. In this case, and this is not > the near future, there aren't any delivery charges per message. > > Suppose 5 billion people are all typing continuously at 300 bps. > That's 1.5 Tbps, certainly within the conceivable for a single > transmission line. So that's everything everyone in the world types, > delivered at flat rate to your computer. > > The assumption of scarcity for bandwidth, while true now, may not > generalize to the future. We should also not assume that every > commons is subject to the tragedy of overuse. Ah, but the issue of mail overload is _rarely_ caused by what a person can personally type! Rather, by the _forwardings_ of other masses of stuff, written by others. "MAKE.MONEY.FAST" is but the most recent example. Not to mention images, coredumps, etc. (There's a guy on Netcom who, interestingly, sets his "plan" file to be redirected to a file called "/vmunix," which apparently dumps a nearly unending stream of stuff onto one's screen.) If data delivery is free, then what will the service providers (be they PacBell, Yoyodyne Enterprises, or (ugh) the government) do when I choose to take whatever bandwidth I can get and simply _fill_ it. After all, if it's "free" and "unmetered," then I can fill it to capacity (if I can). Or will there be quotas? (If the answer is "No fees, no quotas, use as much as you can," then I maintain it will be relatively easy to continue to flood sites. Flood them worse than anything we've seen so far, in fact. I'll go out on a limb and speculate that cheap delivery makes a fee schedule of some sort _more important_, not less important. Of course, this is up to the service providers; anyone who wishes to provded a free bandwidth link should be free to do so!) I was always skeptical of George Gilder's "fibersphere" assertions, that the fibers will be mostly "dark" because of a shortage of things to say, for example, and that usage would be "too cheap to meter." (Hmmmhh, where have I heard _that_ before?) Things will get much cheaper, that's for sure, but never free. (This is not an ideological statement, but a practical statement, in my view.) I can think of certain malicious persons--and I expect more of them in the future, not fewer--who would mount "denial of service" attacks on sites they didn't like by turning the firehoses of data on them. Of course, I expect sites to be able to refuse delivery without being charged, so clever mail-filtering agents will be essential. TANSTAAFL--There Ain't No Such Thing As A Free Link --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From consensus at netcom.com Mon Apr 4 12:04:32 1994 From: consensus at netcom.com (Christopher Allen) Date: Mon, 4 Apr 94 12:04:32 PDT Subject: Electronic Purse Press Release (Originally Re: VISA's digital cash) Message-ID: <199404041904.MAA23728@mail.netcom.com> At 1:25 PM 4/3/94 -0400, Pat Farrell wrote: >Today's (April 3) Washington Post business section has an article on >a consortium of VISA and banks working on a digital cash card. > >Did I sleep thru the messages, or has the list been scooped? > >Basic story is that the card is a smartcard, designed to be reused, >and suitable for small quantities. Nothing in the article about what would >prevent it from storing large amounts. No serious technical discussion >either, but I infer that it is an online cash card. > >Pat > >Pat Farrell Grad Student pfarrell at gmu.edu >Department of Computer Science George Mason University, Fairfax, VA >Public key availble via finger #include I was sent this by a friend today. It is the original press release: PR NEWSWIRE 03/22 VISA ESTABLISHES INTERNATIONAL CONSORTIUM FOR ELECTRONIC PURSE SPECIFICATIONS SAN FRANCISCO, March 22 /PRNewswire/ -- Visa today formed an international consortium of market leaders in the consumer payments industry to develop common specifications for a new way to pay -- an "Electronic Purse," a card with a micro chip that can be used instead of cash and coins for everything from vending machines to public transportation. The Electronic Purse would consist of a micro-chip embedded in a credit card, debit card, or stand alone card to store value electronically. The card would replace cash and coins for small-ticket purchases (less than U.S. $10), such as gasoline stations, pay phones, road/bridge tolls, video games, school cafeterias, fast food restaurants, convenience stores, and cash lanes at supermarkets. Cardholders can "reload" the micro-chip and control the amount of value stored in the card's memory. The Electronic Purse provides cardholders with the security and convenience of carrying less cash and coins, eliminating the need for exact change. Many participants in this worldwide effort are currently pilot testing electronic purse products, additional pilots are expected in late 1995. Joining forces with Visa to develop international technical specifications for the Electronic Purse are: Banksys; Electronic Payment Services, Inc., (EPS); Financial Information Systems Center, (FISC); Groupement des Cartes Bancaires, (CB); NationsBank Corporation; Sociedad Espanola de Medios de Pago, (SEMP); Sociedade Interbancaria de Servicos, S.A., (SIBS); and Wachovia Corporation. To ensure worldwide representation, limited additional payment systems that have invested energies in open-market electronic purse projects, will be invited to join. In addition, Visa will form a parallel group with technology companies to ensure the specifications support low-cost, efficient production of necessary equipment. "The goal of our combined efforts is to lead the market into the next frontier of payment processing -- the automation of cash and coins," said Ed Jensen, president and chief executive officer, Visa International. "The highly complementary capabilities of the participating companies will allow us to address issues for all aspects of smart card-based electronic purse solutions, including the cards themselves, point-of-sale systems, networks and back-end interchange and settlement systems." This announcement reflects Visa's commitment to providing superior, convenient payment services to its member financial institutions who serve consumers and merchants around the globe. The consortium was formed in response to member requests that Visa take the lead in facilitating the addition of an electronic purse to existing credit and debit cards, as well as the introduction of a stand alone card. Visa will leverage its global brand presence by teaming up with strategic partners to develop common standards. "The most critical step in making this concept a global market reality is the definition of open standards that can be shared among all participants," said Wesley Tallman, president, Visa Products and Information Services. "Recognizing that important domestic electronic purse developments are underway, the consortium will leverage the expertise of all participants. Group 'knowledge sharing,' especially with our European participants that have made significant advancements in the chip card arena, will facilitate the development of a specification that is relevant to markets worldwide." The technological specifications will govern the standards needed to establish an infrastructure that supports electronic purse payments. The worldwide market for automating cash transactions remains virtually untapped. According to the Bank for International Settlement, consumer cash transactions in the U.S. alone exceed 300 billion per year. By contrast, bank-facilitated consumer transactions, such as credit and debit cards, checks, and wire transfers total only 60 billion per year. As these figures indicate, there is a vast market potential for automating cash transactions. "EPS has been investing significant resources to develop smart card solutions since 1991," stated David Van Lear, chairman and chief executive officer of Electronic Payment Services, Inc. "Combining the resources of these industry leaders will accelerate market acceptance." Just as the standard operating environments have fueled the growth of the personal computer industry, the specifications that emerge from this collective effort will provide the essential framework to ensure compatibility, reduce development time and cost, and open up the market for others. International payment system participants included in this cooperative effort are: Banksys -- based in Brussels, Belgium, is a leading European specialist in electronic funds transfer (EFT) and payment security. Banksys operates the automated teller machine (ATM) and point-of-sale (POS) network on behalf of all card issuing banks in Belgium. Besides Belgium, 10 other countries are equipped with the Banksys system. Banksys is entrusted with the development of the Belgian Electronic Purse project, with pilot testing expected to begin in December 1994. Electronic Payment Services, Inc.(EPS) -- based in Wilmington, Del., is the leading electronic funds transfer company in the United States with an annual transaction volume of 1.7 billion. EPS is the holding company for BUYPASS Corporation and MONEY ACCESS SERVICE INC., operator of the MAC(R) network. Financial Information Systems Center (FISC) -- based in Taipei, Taiwan, is a government organization that supports electronic purse initiatives in that country. Through its members, FISC has issued 80 thousand integrated circuit cards and has installed more than one thousand point-of-sale systems with integrated circuit card readers. Groupement des Cartes Bancaires (CB) -- based in Paris, is the country's payment cards organization that has succeeded in launching the world's largest integrated circuit card program, with more than 22 million cards in circulation generating 2.2 billion transactions per year. NationsBank Corporation -- headquartered in Charlotte, N.C., is the third largest banking company in the United States with approximately $158 billion in assets, more than 1,900 retail banking centers in nine states and the District of Columbia, and consumer offices in 33 states. NationsBank is a financial services company providing products and services nationally and internationally to individuals, businesses, corporations, institutional investors and government agencies. Sociedad Espanola de Medios de Pago (SEMP) -- based in Madrid, SEMP is a sister company of Visa Espana, a group member of Visa banks in Spain. SEMP operates Sermepa, the card processing company of Visa Espana. Sociedade Interbancaria de Servicos, S.A., (SIBS) -- based in Lisbon, Portugal, is the country's leading bank payments company which provides electronic clearing services and operates the national Multibanco ATM and EFT/POS networks. As an extension to its service offerings, SIBS, is introducing the Multibanco Electronic Purse, (MEP). Visa International -- headquartered in the United States, is the world's leading consumer payments system with more than 333 million cards issued, more than 11 million acceptance locations, and the largest global ATM network. Wachovia Corporation -- with dual headquarters in Atlanta, and Winston-Salem, N.C., is one of the United States' leading debit card issuers and provides credit card services to three million cardholders nationwide. /NOTE TO EDITORS: In December 1993 Visa International, MasterCard International and Europay announced an agreement to form a joint working group to develop a common set of technical specifications for the integration of microprocessor chips in payment cards -- commonly known as "Integrated Circuit," "Chip," and "Smart" cards. The electronic currency specifications referenced in this release will enable the electronic purse application to be added to the integrated circuit cards./ /CONTACT: Albert Coscia of Visa, 415-432-2039/ 09:05 EST PR NEWSWIRE 03/28 VISA TECHNOLOGY GROUP SUPPORTS ELECTRONIC PURSE SPECIFICATIONS SAN FRANCISCO, March 28 /PRNewswire/ -- Visa today announced the formation of a technology group of international manufacturers to support the adaptation of specifications for a variety of technologies that will facilitate the issuance and acceptance of the "Electronic Purse" -- a payment card that stores value electronically and is designed to replace cash and coins for a wide range of low-value (under U.S. $10) consumer payments. The technology group will work with Visa who recently formed an international consortium of payment systems that will develop common specifications for Electronic Purse programs. Because plans are underway for the card to be used globally in a variety of venues -- including, gas/petrol stations, grocery stores, convenience stores, fast food restaurants, school cafeterias, and for such routine items as telephone calls from pay phones, road/bridge tolls and video games -- a number of technologies required to support card acceptance in global markets will be examined by the group. The first suppliers to join the international technology group are VeriFone, Inc., the leading global provider of point-of-sale transaction systems, and Gemplus, SCA, the world's leading manufacturer of smart cards. VeriFone and Gemplus have formed a joint venture, called VeriGem, to pursue electronic purse opportunities. To ensure worldwide representation, additional technology leaders who have invested energies in electronic purse applications will be invited to join the group. In addition to acceptance technologies, "loading" systems that enable cardholders to restore currency value into the micro chip will also be analyzed. Automated Teller Machines (ATMs) are expected to play an important role in loading value into the electronic purse. Future loading methods, such as specialized devices located at merchant locations or in the home, will also be explored. Operating both the largest international consumer payment network, VisaNet, and the world's largest ATM network puts Visa in a unique position to lead this global effort. "As with all emerging technologies, consultation with suppliers responsible for physically implementing the technology is critical to ensuring the viability of the product design," said Wesley Tallman, president, Visa Products and Information Services. "As market leaders in the payment systems field, all of those who have joined us in this initiative are truly partners in paving this 'express lane' of the electronic payment superhighway." Tallman emphasized that the technology group will be charged with ensuring that the specifications developed by the consortium support low-cost, efficient production of necessary systems and equipment. This group approach has been a key tool in support of Visa's product and market development efforts. In December 1992, Visa formed a manufacturer's group to support development efforts for security specifications of integrated circuits on payment cards. Still active today, this group lends critical on-going support and expertise to Visa's chip card efforts. Participants in this international group include: Bull, CPS (France); Gemplus, (France); Giesecke and Devrient (Germany); Schlumberger Industries (France); and Toshiba Corporation (Japan). Visa expects and welcomes the participation of these and other technology partners in the electronic purse effort. Hatim Tyabji, chairman, president and chief executive officer of VeriFone, agreed with the need for a supplier's group that would lend systems expertise to this effort. "Establishing worldwde specifications is the essential first step in the global standardization of the electronic purse, uniting all industry participants on a common playing field with a common set of rules. The endorsement and support of the electronic purse by Visa, its member banks and leading worldwide payment systems send a strong message to the industry -- the electronic purse is no longer merely a possibility, but a real market direction," said Tyabji. "With their high storage capacity, programmability and increasing affordability, smart cards are now poised to move beyond specialized applications and become a truly universal payment medium," said Dr. Marc Lassus, president and chief executive officer of Gemplus. "We share the consortium's vision of the electronic purse, and are excited about helping to bring speed, reliability and efficiency of smart card-based electronic cash to markets around the globe." Visa International, headquartered in San Francisco, California, is the world's leading consumer payments system with more than 333 million cards issued, more than 11 million acceptance locations, and the largest global ATM network. VeriFone, Inc., based in Redwood City, California, is a leading global provider of Transaction Automation solutions used to deliver payment processing and other transaction services to various retail market segments, as well as the healthcare and government benefits market. The company has more than 30 facilities located throughout Asia, Europe and the United States. To date, VeriFone has shipped more than 3.4 million Transaction Automation systems, which have been installed in more than 70 countries. Net revenues in 1993 were U.S. $258.9 million. Gemplus Card International, based in Gemenos, France, is the leading worldwide manufacturer of smart cards. Gemplus' cards are used for secure transactions in public and cellular telephone, banking, pay TV, transportation, healthcare and defense applications. The company has three manufacturing facilities: two near Marseilles, France, and one near Stuttgart, Germany. Current Gemplus production exceeds 14 million cards per month. The company has direct sales offices in 12 countries and a distribution network covering an additional 50 countries worldwide. The company's 1993 revenues were U.S. $130 million. NOTE: Gemplus is a registered trademark of Gemplus Card International. VeriFone is a registered trademark of VeriFone, Inc. Visa is a registered trademark of Visa International, Inc. /NOTE TO EDITORS: On March 22, 1994, Visa announced the formation of an international consortium to develop worldwide technical specifications for the Electronic Purse. The supplier's group discussed in this release is a complementary effort, serving Visa in a consultative or advisory capacity. /CONTACT: Albert Coscia of Visa, 415-432-2039/ 08:45 EST ------------------------------------------------------------------------ ..Christopher Allen Consensus Development Corporation.. .. 4104-24th Street #419.. .. San Francisco, CA 94114-3615.. .. o415/647-6383 f415/647-6384.. ..Mosaic/World-Wide-Web Front Door: .. ..ftp://netcom7.netcom.com/pub/consensus/www/ConsensusFrontDoor.html .. From blancw at microsoft.com Mon Apr 4 12:29:41 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 4 Apr 94 12:29:41 PDT Subject: THOUGHT: Internation Message-ID: <9404041930.AA11739@netmail2.microsoft.com> From: Jamie Lawrence "....... I just would like to know if those who object to this object on grounds of practicality or ideology (in other words, for example do you object because you don't believe everyone is *entitled* to a job......." having a job = making a living using $ "a living": having an idea of a kind of life to live pre-requisite: having a purpose in life requisite: arranging your life to realize (achieve) that purpose following-through on the work required adjusting things around you to suit your interest/sensibilities It would be impractical for another person to deliver all of these things for me at their expense, when they should be spending time on their own dreams & plans. It does not represent an ideal method to me to have my lifestyle delivered to me, while aiming to be an independent, autonomous individual with a mind of my own. Otherwise I would be obliged to serve the purposes & interests of those who supply the means, the job, the money, on their schedule; that is, whenever they could think of something for me to "do" on the entitled job list. Blanc From jamiel at sybase.com Mon Apr 4 12:40:16 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Mon, 4 Apr 94 12:40:16 PDT Subject: Economic assumptions Message-ID: <9404041940.AA13599@ralph.sybgate.sybase.com> At 12:04 PM 04/04/94 -0700, Timothy C. May wrote: >(If the answer is "No fees, no quotas, use as much as you can," then I >maintain it will be relatively easy to continue to flood sites. Flood >them worse than anything we've seen so far, in fact. I'll go out on a >limb and speculate that cheap delivery makes a fee schedule of some >sort _more important_, not less important. Of course, this is up to >the service providers; anyone who wishes to provded a free bandwidth >link should be free to do so!) Obviously it doesn't map directly, but phones can provide a good example. people can phone-bomb people, but it gets boring. Most prank callers ger sick of it by the time they hit highschool. There are cases of prank callers getting scary but these are pretty few and fall between. You may say that the difference is that I have to have to be on the phone to do this, which doesn't apply to computers- well, I can, using a Macintosh and phone set up a pretty good combination war dialer/recorded message to bomb everyone in my local access range. How often does this happen? and what would happen to me if I did this? *There's* the key. You slap people's hand for this kinda thing. If I send a 200 meg binary file to a site once every 15 seconds for a couple of hours, I get in trouble. Easy. People talking about the future with computers always talk about ways to make things impossible for someone to do- this has never worked in the real world, and won't in the virual one. You just make it not worth doing. >I can think of certain malicious persons--and I expect more of them in >the future, not fewer--who would mount "denial of service" attacks on >sites they didn't like by turning the firehoses of data on them. See above- If I mount a denial of service attack on you via phone- tell my computer to call you once every 15 seconds, forever, how long would it take to get the cops to pay me a visit? About as long as it took you to find a phone that isn't tied up by me ;) >TANSTAAFL--There Ain't No Such Thing As A Free Link I still agree- Whoever ends up standing to profit from this ain't gonna give it way... >--Tim May From fnerd at smds.com Mon Apr 4 12:56:05 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 4 Apr 94 12:56:05 PDT Subject: Economic assumptions Message-ID: <9404041952.AA25986@smds.com> Eric says- > I just read (after a reference by Duncan Frissell on this list) an > essay by Nobel-prize economist R. H. Coase. The essay is called "The > Nature of the Firm". I have it in a collection called _The Firm, the > Market, and the Law_, published by University of Chicago Press. ... > -- There is a cost to using the price mechanism. > -- Not all economic allocations use the price mechanism. > -- Firms exist because they have lower transaction costs than the market. There's a piece by Kevin Kelly called "Network Economics" in the latest Whole Earth Review, about how better communications tech and changed business practices lower transaction costs and (along with competition and the pace of things these days) are pushing down the optimum size of businesses. -fnerd quote me - - - - - - - - - - - - - - - `We want information.' `You won't get it!' `By hook or by crook, we will.' -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From tcmay at netcom.com Mon Apr 4 12:59:00 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 4 Apr 94 12:59:00 PDT Subject: The AntiCash -- was: Electronic Purse Press Release In-Reply-To: <199404041904.MAA23728@mail.netcom.com> Message-ID: <199404041959.MAA14536@mail.netcom.com> Thanks to Christopher Allen for passing on that latest "Digital Purse" proposal. I won't quote-and-comment here. Does this system provide _any_ protection againt fine-granularity monitoring of payer identity? The talk of "clearinghouses" and the involvement of VISA International and the Usual Suspects suggest identity-blinding protocols are not in use. I also see no mention of DigiCash, or even RSA (but maybe I missed that--and the presence of RSA would not necessairly mean identity-blinding protocols were being planned). Likely Scenario: This is *not* digital cash as we think of it. Rather, this is a future evolution of the cash ATM card and credit card, optimized for faster and cheaper clearing. Scary Scenario: This could be the vehicle for the long-rumored "banning of cash." (Just because conspiracy theorists and Number of the Beast Xtian fundamentalists belive it doesn't render it implausible.) There are many "reasons" to ban cash and make it all electronic: * War on Drugs....need I say more? * surface the underground economy, by withdrawing paper currency and forcing all monetary transaction into forms that can be easily monitored, regulated, and taxed. * reduce theft of welfare checks, disability payments, etc....a problem in some locales, and automatic deposit/cash card approaches are being evaluated. * illegal immigrants, welfare cheats, etc. Give everyone a National Identity Card (they'll call it something different. to make it more palatable, such as "Social Services Portable Inventory Unit" or "Health Rights Document"). There was a time when I would've said Americans, at least, would've rejected such a thing. Too many memories of "Papieren, bitte. Macht schnell!" But I now think most Americans (and Europeans) are so used to producing documents for every transaction, and so used to using VISA cards and ATM cards at gas stations, supermarkets, and even at flea markets, that they'll willingly--even eagerly--adopt such a system. Make no mistake, this is not the digital cash that Cypherpunks espouse. This gives the credit agencies and the government (the two work hand in hand) complete traceability of all purchases, automatic reporting of spending patterns, target lists for those who frequent about-to-be-outlawed businesses, and invasive surveillance of all inter-personal economic transactions. This is the AntiCash. Beware the Number of the AntiCash. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hfinney at shell.portal.com Mon Apr 4 12:59:10 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 4 Apr 94 12:59:10 PDT Subject: This List--Public, Private, or Other? Message-ID: <199404042000.NAA10597@jobe.shell.portal.com> I can find a lot more to agree with in Tim's clarification of his views on ownership of cyberspace: > In different words, the list exists as an "emergent phenomenon," like > a popular trend or a fad. It's "official" existence is not crucial, as > that could evaporate, change, etc. > > [...] > > To wrap it up: Cyberspace ownership has more similarities to the > voluntary asssociations desscribed here--customer bases, clubs, > subscriptions to magazines, etc.--than to conventional ideas of > "public" and "private" property ownership. > > --Tim May Getting back to the original discussion, though, I think the point remains that such a tenuous and abstract form of ownership does not serve as a good foundation for a model of cyberspace as private property. Cyberspace, in my view, is essentially a conversation. Its value comes from the interplay between different people who contribute, each bringing their own expertise and points of view. It seems odd to me for someone to lay claims to the ownership of the conversation, especially someone who is not participating. One problem in thinking about these issues is focussing too closely on cur- rent software in the form of mailing lists and usenet. Already newer forms of communication such as IRC, MUDs, etc. are breaking out of these molds. Other possibilities include more fluid communications models where organization is provided by links between messages. In such a system, there would be no "cypherpunks list" as such; rather, messages on the kinds of topics we find interesting would be linked together in various ways, with side ties to messages on related topics as well. Who would "own" this kind of cyberspace? One possible unambiguous answer is to simply say that people own their own words, and to leave it at that. In that sense nobody owns the cp list; rather, each poster owns his postings. This is pretty uncontroversial, I think. But even then the value of a posting depends heavily on the context in which it appears, and this simple ownership model does not particularly capture that. Because of these considerations, I think cyberspace is not really subject to the kinds of ownership and control that we associate with private property. Look at the Extropians list as an example. They try to say that the list is private property and feel free to kick people off. But sometimes people get disgusted with their autocratic practices and leave. The list ends up losing value. The more they tighten their iron fist of ownership the more individuals slip out of their grasp, to paraphrase noted cyberspace pundit Princess Leia. (I say this not to disparage members of that list, which has a lot of talented people, but because to me it is a good example of the mis- application of the idea of private property.) My model of the ultimate future of cyberspace emphasizes selectivity and filtering of a huge corpus of messages, articles, essays, debates, etc. The hard part is going to be picking out what is interesting to you, and making your contributions in such a way that interested people see them. I really don't think our current infrastructure of mailing lists and usenet does a very good job of this, and I hope that in the future better approaches will be possible. It's not clear what role ownership will play in that system. Hal From tmp at netcom.com Mon Apr 4 13:07:01 1994 From: tmp at netcom.com (tmp at netcom.com) Date: Mon, 4 Apr 94 13:07:01 PDT Subject: rights in cyberspace Message-ID: <199404042007.NAA22262@mail.netcom.com> t.c. may argues against codifying a sort of `bill of rights' or `magna carta' for cyberspace, saying that these documents tend to become meaningless from empty promises. but, on the other hand, what is the point of the nation's bill of rights? we could argue that the concept of `free speech' is meaningless in the realm of private industry, yet we still have a bill of rights that guarantees us certain rights. where, precisely, are we guaranteed these rights to e.g. free speech, freedom of assembly, etc? do the cypherpunks believe in the u.s. constitution as sacred or not? i think something that `cypherpunk' ideology often misses is the concept of a community. this mailing list is a community. most of cyberspace is a community. when you yell at a site administrator to censor e.g. detweiler, you are exercising a role in that community (as is he). and the bottom line is that communities *demand* rules. otherwise, one only has anarchy. do you really *like* anarchy? keep in mind that `detweilering' seems to thrive in it IMHO anyone who argues that cyberspace does not require a bill of rights similar to the one we have in the `real world' is essentially mistaken. t.c. may argues that these kinds of `accesses' such as cheap connections etc. will arise naturually via private enterprise and competition. but! this just doesn't hold out in what might be termed the `pathological' situations. consider that all the internet providers decide they can make a lot of money from collusion. what is to prevent them from price fixing? also, i have seen t.c. may essentially condone the practice of private companies censoring their users from internet access. but, correct me if i'm wrong, there is *only* access through the internet through private companies! what if they all decided to censor a particular user? suppose you want to create your own company-- they could just as easily decide to deny service to your company!! this is why we have a government, `punks'-- it is a sort of `codified community'. we are guaranteed freedom of speech and assembly etc. in any forums associated with the *government* the bill of rights ensures you certain minimum expectations. one solution to this on the internet would be to create a subnetwork in which rights of users, as well as laws governing their freedoms, are codified. people who subscribe to the network are committing to upholding the charter of the overall organization in return for their `minimal expectations'. some of these expectations might be: 1. right not to be censored for most forms of speech or net use. 2. if someone tries to censor them, that a `due process' ensue 3. this might be something like a `trial by one's peers' 4. the accused would have the right to confront accusors etc. note that these have been recognized as basic human rights for centuries, and they are very sensibly applied to cyberspace. now, the organization of other users also has a certain set of laws they adhere to: 1. allowed to censor sites/users that `misbehave' by initiating the `due process' 2. expectation of identity-- in joining the system a site makes guarantees that they will not forge mail by users or other sites, etc. 3. a police force representing the authority of the organization over members would be required for enforcement. we could call this the `cyberspatial citizenship' subset of the internet or something like that. the whole point is to be *explicit* about what sites and users can expect. you see, it is impossible to be connected to cyberspace without being subject to the potential whims of some other human being between you and your digital data!! hopefully, gradually this `cybernation' would grow to the point that it encompasses the entire internet -- sort of like usenet does today, and everyone has a clear expectation of their roles. notice that in our government as well as the system above, `corruption' is recognized as possible. we have a system that transcends individual companies, government agencies, policemen, etc.-- they are all `purged from the system' (theoretically) if they engage in behavior that is illegal in the community. to subscribe to a system like this is *not* to subjugate yourself to a higher authority. it is the way you `mesh' or `interface' with the mechanisms that embody the community you live in. now, a lot of you are going to get upset because all of the above sounds a lot like a `government'. but if you can get away from the mindset that `government==evil' you can see that this system has benefits to everyone involved, and moreover it would be possible to erect outside the scope of the u.s. government. that is, in one sense you could call it a `private' organization. `punks', until a system like the above is implemented, no one is free. we have no rights. we have nothing but the feudal system, and one is either a slavish serf or oppressive king, and this could change at a moment's notice. suppose that someone bought a few dozen accounts around the world, and made you their enemy (or vice versa) and simultaneously sent complaints from every one to your site administrator saying that you had caused irreparable harm to various cyberspatial forums? would your administrator listen for very long before they decided to yank your account because, after all, `we've had dozens of complaints'? what if you had never even posted to the forums? would your administrator know? would he give a damn? if he did, why should he? what if netcom yanked all the accounts of cypherpunks *today*? are you saying they should be allowed to do that merely because they are a private company? what if *all* internet providers decided to do this? are you going to argue that this is impossible? what *prevents* it? do you think a company is going to care how loud you screech on the phone if they have some other plan? the bottom line: if you think you have any rights today in cyberspace, or guaranteed access to the internet, you are *wrong*. so, codifying a cyberspatial magna carta ranks as a very noble and ideal pursuit. i urge the ambitious and fairminded among us to strive to realize this vision. `you have nothing to lose but your barbed wire fences'.... --tmp From ebrandt at jarthur.cs.hmc.edu Mon Apr 4 13:09:44 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Mon, 4 Apr 94 13:09:44 PDT Subject: wrong place at wrong time... In-Reply-To: <199404041513.IAA11198@netcom9.netcom.com> Message-ID: <9404042009.AA06101@toad.com> > From: tmp at netcom.com > hello, whoever this `detweiler' person is you really seem to hate him. [note use of scare quotes where ordinary ones would be appropriate] > consider this-- suppose that i really hate t.c.may (this is just an [note spaceless initials] > then again, that's all that mitnick and morris did [note closing ] If this isn't Detweiler, it's certainly someone trying to look like him. The quoted message demonstrates some familiarity with his epistolary style; note also the tmp/TMP `coincidence'. I have to conclude that the "whoever this `detweiler' person is" opener is disingenuous (as well as being stylistically similar to an12070's attempts to distance himself from "his colleague" Detweiler), and that tmp at netcom.com is probably the Blight itself. Eli ebrandt at hmc.edu finger for PGP key. "I have noticed an interesting overlap between radical libertarians, crypto- anarchists, psychopunks, and people who promote sodomy." -- L. Detweiler From perry at snark.imsi.com Mon Apr 4 13:14:53 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 4 Apr 94 13:14:53 PDT Subject: rights in cyberspace In-Reply-To: <199404042007.NAA22262@mail.netcom.com> Message-ID: <9404042012.AA09958@snark.imsi.com> tmp at netcom.com says: > i think something that `cypherpunk' ideology often misses is the concept ^^^^^ Gee, tmp, and I thought you were a "newcomer". I see you are displaying other stigmata, too. Perry From tcmay at netcom.com Mon Apr 4 13:16:44 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 4 Apr 94 13:16:44 PDT Subject: This List--Public, Private, or Other? In-Reply-To: <199404042000.NAA10597@jobe.shell.portal.com> Message-ID: <199404042017.NAA16738@mail.netcom.com> Hal Finney writes: ...stuff elided... > Getting back to the original discussion, though, I think the point remains > that such a tenuous and abstract form of ownership does not serve as a good > foundation for a model of cyberspace as private property. Cyberspace, in > my view, is essentially a conversation. Its value comes from the interplay > between different people who contribute, each bringing their own expertise > and points of view. It seems odd to me for someone to lay claims to the > ownership of the conversation, especially someone who is not > participating. Well, I have _never_ said that anyone can "lay claim to ownership" of a conversation! I had hoped I had made this clearer. Think of a coffehouse. Perhaps in Vienna in the 1920s and 30s, when the Vienna Circle was meeting....Wittgenstein, Freud, Carnap, Reichenbach, Popper, others. Nobody "owned" their conversation, but certainly the coffeehouse owner was free to set his polices, his "two-espresso minimums," whatever. Clearer? > One problem in thinking about these issues is focussing too closely on cur- > rent software in the form of mailing lists and usenet. Already newer > forms of communication such as IRC, MUDs, etc. are breaking out of these > molds. Other possibilities include more fluid communications models where > organization is provided by links between messages. In such a system, there > would be no "cypherpunks list" as such; rather, messages on the kinds of topics > we find interesting would be linked together in various ways, with side ties > to messages on related topics as well. Who would "own" this kind of > cyberspace? This is why I specifically mentioned Mosaic, WWW, and other "future" systems. This is why "Pushing the Limits" was part of the title of my thread. I don't see Hal's point here....I am not just focussing on the current approach to mailing lists. This is why the broader issues of cyberspace are so interesting. > Because of these considerations, I think cyberspace is not really subject to > the kinds of ownership and control that we associate with private property. > Look at the Extropians list as an example. They try to say that the list > is private property and feel free to kick people off. But sometimes people > get disgusted with their autocratic practices and leave. The list ends up > losing value. The more they tighten their iron fist of ownership the more > individuals slip out of their grasp, to paraphrase noted cyberspace pundit > Princess Leia. (I say this not to disparage members of that list, which has > a lot of talented people, but because to me it is a good example of the mis- > application of the idea of private property.) Both Hal and I left the Extropians list, for whatever reasons. But saying that things can lose value is not inconsistent with the ownership of the forum or place....that was my Fry's Electronics example. Fry's does not "own" its customer base, and it could easily lose it. But it owns its own places of businesses and thus can set policies without "democratic input" from other folks who _claim_ to own a part of it. > My model of the ultimate future of cyberspace emphasizes selectivity > and filtering of a huge corpus of messages, articles, essays, debates, > etc. The hard part is going to be picking out what is interesting to > you, and making your contributions in such a way that interested people > see them. I really don't think our current infrastructure of mailing > lists and usenet does a very good job of this, and I hope that in the > future better approaches will be possible. It's not clear what role > ownership will play in that system. I agree with Hal here. But on the issue of "ownership," laws will play a small role. Crypto will provide the key. Regions in cyberspace will be "owned" by the "right of arms" of the creators/colonizers being the ones able to control access, limit behaviors, etc. Of course, no one can be forced to visit "Tim's Cyberspace Coffeehouse." But if they do, a la the Fry's Electronics or Vienna examples, it's "my house, my rules." It's amazingly straightforward. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From gtoal at an-teallach.com Mon Apr 4 13:25:07 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 4 Apr 94 13:25:07 PDT Subject: Electronic Purse Press Release (Originally Re: VISA's digital cash) Message-ID: <199404042025.VAA24813@an-teallach.com> Unlike the Natwest scheme, I don't see anything in here about anonymity. Want to bet that VISA's system allows tracking of purchases? G From shipley at merde.dis.org Mon Apr 4 13:32:47 1994 From: shipley at merde.dis.org (Evil Pete) Date: Mon, 4 Apr 94 13:32:47 PDT Subject: Economic assumptions In-Reply-To: <199404041904.MAA08571@mail.netcom.com> Message-ID: <199404042032.NAA14631@merde.dis.org> > I can imagine that bandwidth in the fibersphere for text transmission > will be too cheap to meter, which means that the cost of metering > would more than the marginal revenue. In this case, and this is not > the near future, there aren't any delivery charges per message. that is what Tom Edison said about electrity.... From collins at newton.apple.com Mon Apr 4 13:49:57 1994 From: collins at newton.apple.com (Scott Collins) Date: Mon, 4 Apr 94 13:49:57 PDT Subject: How Many Games of Chess: Exact answer given! Message-ID: <9404041923.AA21272@newton.apple.com> Based on new information I have at last answered the question of `How many games of Chess' with finality. Here is the quote that woke me up to the reality of this problem in combinatorics. Jim choate writes: >The fact is that the end game is what defines a game of chess and >not the infinitude of possible paths between the first and last move. The natural conclusion is that the complexity of the problem depends on how much of the game you consider to be the `endgame'. Thus, the actual number of different chess games: 5 2) White mates 1) Black resigns 0) Stalemate -1) White resigns -2) Black mates Happily, this agrees with observed behavior. In fact, this is the way posterity remembers them, e.g., "Oh, yes, Spasky won." ;-) Scott Collins | "That's not fair!" -- Sarah | "You say that so often. I wonder what your basis 408.862.0540 | for comparison is." -- Goblin King ................|.................................................... BUSINESS. fax:974.6094 R254(IL5-2N) collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2D Cupertino, CA 95014 ..................................................................... PERSONAL. 408.257.1746 1024:669687 catalyst at netcom.com From tmp at netcom.com Mon Apr 4 13:50:20 1994 From: tmp at netcom.com (tmp at netcom.com) Date: Mon, 4 Apr 94 13:50:20 PDT Subject: 666 Message-ID: <199404042051.NAA27409@mail.netcom.com> well EXCUUUUSE ME for reading /pub/cypherpunks/rants on soda.berkeley.edu, parry metzger!!! i just don't understand how remailers can even exist in cyberspace given that a *lot* of people like to try to yell at system administrators to get mail censored. if people are doing this to remailer operators, and they cave in, we are back to square one. ok, so whoever detweiler is, he's obnoxious, but i thought that cypherpunks were against censorship. is it `censorship is BAD-- UNLESS detweiler is involved'... (hee, hee) why are you guys so !@#$%^&* paranoid, anyway? what the heck did detweiler do, anyway? if that goofy string of DEATH TO CRYPTOANARCHISTs messages was due to him is all, then i think you guys might be overreacting just a *tad*. --`scarlet A' (boy, i am really paying for the particular combination of initials i picked. do you guys really think detweiler would be stupid enough to pick something that you leap on in a microsecond?! to bait you in front of your face?! i can't recall a detweiler post recently in the newsgroups, what is his last address? i think i will write him ... quite a celebrity ... maybe he has managed to get censored) From perry at snark.imsi.com Mon Apr 4 13:54:57 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 4 Apr 94 13:54:57 PDT Subject: Economic assumptions In-Reply-To: <199404042032.NAA14631@merde.dis.org> Message-ID: <9404042051.AA10013@snark.imsi.com> Evil Pete says: > > I can imagine that bandwidth in the fibersphere for text transmission > > will be too cheap to meter, which means that the cost of metering > > would more than the marginal revenue. In this case, and this is not > > the near future, there aren't any delivery charges per message. > > > that is what Tom Edison said about electrity.... Actually electricity too cheap to meter was an idiotic comment made about nuclear power in the 1950s. However, I'll point out that its been some years since I noticed the cost of my electric bill. Now, admittedly, I'm a fairly well off person, but were my communications costs for a very wide band fiber connection, even if usage based, as low as that for my electric usage, I would never notice the cost. Perry From a2 at ah.com Mon Apr 4 14:03:02 1994 From: a2 at ah.com (Arthur Abraham) Date: Mon, 4 Apr 94 14:03:02 PDT Subject: PHILL ZIMMERMAN ARRESTED [NOT] In-Reply-To: <9404042015.AA08368@ah.com> Message-ID: <9404042049.AA08456@ah.com> > >>The Zimmerman prank---I'm sure not funny for him---hardens my line >>further against anonymity online. > You can't get rid of anonymity such as this without also getting rid > of pseudonymity. Eric argues simply that you can't get rid of annonymity, and he is correct in the strict logic of his aguement against the current technological background. What neither of you discuss is your actual concern, which is that of having some way to rapidly access the factual content of a message. Instead of addressing that problem, you rail against anonymity. In current discourse one often sees symbolic or subsitute issues being discussed, so that the underlying discourd is obscured, ignored, and unresolved. Lions that stalk shadows remain hungry. -a2 From perry at snark.imsi.com Mon Apr 4 14:09:26 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 4 Apr 94 14:09:26 PDT Subject: 666 In-Reply-To: <199404042051.NAA27409@mail.netcom.com> Message-ID: <9404042107.AA10049@snark.imsi.com> tmp at netcom.com says: > well EXCUUUUSE ME for reading /pub/cypherpunks/rants on soda.berkeley.edu, > parry metzger!!! i just don't understand how remailers can even exist in > cyberspace given that a *lot* of people like to try to yell at system Hmmm. Redirecting again, Detweiler (or Detweil-alike)? I didn't even comment on remailers. I only commented on you. > (boy, i am really paying for the particular combination of initials i picked. > do you guys really think detweiler would be stupid enough to pick something > that you leap on in a microsecond?! to bait you in front of your > face?! Yes, actually. Perry From jims at Central.KeyWest.MPGN.COM Mon Apr 4 14:11:02 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Mon, 4 Apr 94 14:11:02 PDT Subject: rights in cyberspace In-Reply-To: <199404042007.NAA22262@mail.netcom.com> Message-ID: <9404042109.AA26487@Central.KeyWest.MPGN.COM> "Detweiler" said: > 4. the accused would have the right to confront accusors With all the anonymous remailers, etc, how do you expect this to happen? You yourself refuse to be identified (as is your right) yet you promote the right to confront accusors? > 3. a police force representing the authority of the organization over > members would be required for enforcement. How can you have a police force? Who will be there to see you type something evil? I can see you shoot someone and the judge can ask my testimony to help convict you, but what about computers? With the use of modems an act can be committed anonymously since the real world has no proof that was you who did something... only that it was your account that was used. paraphrase: Suppose someone bought a few thousand accounts and ... > made you their enemy (or vice versa) and simultaneously sent complaints > from every one to your site administrator saying that you had caused > irreparable harm to various cyberspatial forums? Like the "frame" job you did on Tim? (And not a very good one at that.) > > so, codifying a cyberspatial magna carta ranks as a very noble and > ideal pursuit. i urge the ambitious and fairminded among us to strive > to realize this vision. `you have nothing to lose but your barbed > wire fences'.... > > --tmp Amazing that a person who has a fairly good grasp of the English language and a pretty good vocabulary can't seem to find the shift key. -- Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com Key West, FL 33041 CIS: 71061,1027 (305) 293-8100 "We keep coding and coding and coding..." From jamiel at sybase.com Mon Apr 4 14:32:25 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Mon, 4 Apr 94 14:32:25 PDT Subject: THOUGHT: Internation Message-ID: <9404042132.AA16539@ralph.sybgate.sybase.com> At 12:15 PM 04/04/94 -0700, Blanc Weber wrote: >From: Jamie Lawrence > >"....... I just would like to know if >those who object to this object on grounds of practicality or ideology (in >other words, for example do you object because you don't believe everyone >is *entitled* to a job......." > >having a job = making a living using $ >"a living": having an idea of a kind of life to live >pre-requisite: having a purpose in life >requisite: arranging your life to realize (achieve) that purpose > following-through on the work required > adjusting things around you to suit your >interest/sensibilities > >It would be impractical for another person to deliver all of these >things for me at their expense, when they should be spending time on >their own dreams & plans. It does not represent an ideal method to me >to have my lifestyle delivered to me, while aiming to be an >independent, autonomous individual with a mind of my own. Well, I guess we concieve of the meaning of the phrase "'right' to a job" somewhat differently. I see it as meaning everyone has the oppurtunity to earn a living. Whether or not I have the responsibility to follow through or not, I have that chance. (I also don't know that I think my job has anything to do with my purpose in life- If someone can find that to be the case, great, but otherwise it is just a way to stay alive while they are looking for the real thing, so to speak.) >Otherwise I would be obliged to serve the purposes & interests of those >who supply the means, the job, the money, on their schedule; that is, >whenever they could think of something for me to "do" on the entitled job list. I suppose I look at the alternative- that people don't have the right to earn a living, that doing so is a priviledge. How easy is it to get by without a job in this country? It can be done, but it sucks. >Blanc -j From hughes at ah.com Mon Apr 4 14:38:53 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 4 Apr 94 14:38:53 PDT Subject: Economic assumptions In-Reply-To: <199404041904.MAA08571@mail.netcom.com> Message-ID: <9404042126.AA08549@ah.com> >> I can imagine that bandwidth in the fibersphere for text transmission >> will be too cheap to meter, which means that the cost of metering >> would more than the marginal revenue. [re: overload] >Rather, by the _forwardings_ of other masses of >stuff, written by others. "MAKE.MONEY.FAST" is but the most recent >example. Not to mention images, coredumps, etc. I only talked about text transmission, not about arbitrary bit transmission. The situation for automatic bit sources is not the same. >I'll go out on a >limb and speculate that cheap delivery makes a fee schedule of some >sort _more important_, not less important. Look, there is a cost to using the price mechanism. When the cost of the thing being purchased becomes too small, it's no longer economical to price it. That doesn't mean that it's free. It means there are other structures for accounting. One transaction per packet will almost always be more overhead than it's worth. There are other ways of paying for service, though, by connection, by total bandwidth, by link. The structure of the transaction is different, because a different thing is being purchased. Flat rate local phone calling is common. The expensive part of using a local phone switch is the switching, not the connection. Maintaining the connection is cheap. >Of course, this is up to >the service providers; anyone who wishes to provded a free bandwidth >link should be free to do so!) This is irrelevant. The Libertarian-PC police aren't around, last I looked. Tim made the statement that pay-as-you-go was the obvious choice. That's not at all obvious. The accounting mechanisms are but one aspect of the transaction costs involved. It is quite possible that the only economically viable communications services are aggregated services. Whenever you have aggregation, there is some persistence, and that yields an identity. (It need not be a personal identity.) There are some interesting questions here. What is the characteristic length of that persistence? It will vary depending on the cost to do another transaction. The length of persistence is the length of exposure of an identity. What are the forseeable tradeoffs between link costs, switching, and general-purpose computing? This gives some idea about where the bounds of accounting will fall. Analyses which disregard transaction costs are unrealistic. The question is not one of paying for service; let's bury this libertarian hype against socialism right now. The question is what the structure of the communications market, both buyers and sellers, will be. I want a system with low transaction costs, because that lowers the characteristic persistence time of a communications transaction, and the smaller the time, the better the privacy. That means we have to lower the transaction costs. Let's take remailers as an example. One current suggestion is to add some sort of money system to the remailers as a condition of use. This is exactly the wrong priority at the current time. The remailers are already hard enough to use, and adding a payment system on top of that will make them used even less. Making a system harder to use increases the transaction cost. The current priorities should be to lower these costs. When the remailer system begins to be overloaded, then adding some restriction on use, perhaps by means of payment or a payment analogue, will be warranted, because it will lower overall transaction costs, trading off ease of use for throughput and reliability. What are some of these costs that should be lowered? -- Finding out that remailers exist and what they do. -- Finding a remailer to use. -- Deciding what remailer to use. -- Figuring out how to use a particular remailer. -- Formatting a message for a remailer. -- Receiving mail through a remailer. There much more need for improving the ease of use of remailers than for paying for them. The less expensive privacy is, the more privacy there will be. Privacy has non-linear benefit; the more that people are private, the better any individual's privacy actually is. Eric From jim at bilbo Mon Apr 4 15:30:32 1994 From: jim at bilbo (Jim Miller) Date: Mon, 4 Apr 94 15:30:32 PDT Subject: This List--Public, Private, or Other? Message-ID: <9404042140.AA02237@bilbo.suite.com> Who owns the games of volleyball played in my backyard? Since it's my backyard, I could tell everybody to go away, but then the games would also go away. The games could start up again in another backyard. Do I own the games? Effectively, no. The problem is with the term "own". I merely control the existence and character of games within the space of my backyard, but I can't control the existence or character of all games everywhere. I also cannot control the migration of a specific game from my backyard to another backyard. Sure, I can make sure the players don't use my volleyball or my net, but they can get other volleyballs and other nets. What is a volleyball game? Is it a volleyball court, a net, and a ball. No. Is it a group of people? No. Is it a group of people standing in a volleyball court with a net and a ball? No. Is it a group of people playing in a volleyball court with a net and a ball? Maybe. It depends on what they exactly they are doing with the net and the ball. A volleyball game only exists when they are playing volleyball. As soon as they stop, or are prevented from continuing, the specific game dissipates. A volleyball game emerges from specific interactions between the people and the items they manipulate (court, net, and ball). Can anyone own a mailing list? What is a mailing list? Is a mailing list a collection of hardware and software? Is it a bunch of people? Is it one message CC'ed to a group of people? A specific mailing list emerges over time from the specific interactions between an dynamic collection of people and the equipment used to support the interactions. Someone can own the equipment used to support a mailing list. They might also be able to "own" the name of the mailing list (copyrighted mailing list names?), but the name is not the most important characteristic of the list. They can also attempt to control the character of the list as long as the list is hosted on their equipment. However, the people who participate on the list can migrate the list to another host. Conclusion: You cannot own a mailing list because you cannot own the collections of people and interactions that define the mailing list. Jim_Miller at suite.com From shipley at merde.dis.org Mon Apr 4 15:36:52 1994 From: shipley at merde.dis.org (Evil Pete) Date: Mon, 4 Apr 94 15:36:52 PDT Subject: Economic assumptions In-Reply-To: <9404042051.AA10013@snark.imsi.com> Message-ID: <199404042236.PAA15043@merde.dis.org> > >Evil Pete says: >> > I can imagine that bandwidth in the fibersphere for text transmission >> > will be too cheap to meter, which means that the cost of metering >> > would more than the marginal revenue. In this case, and this is not >> > the near future, there aren't any delivery charges per message. >> >> >> that is what Tom Edison said about electrity.... > >Actually electricity too cheap to meter was an idiotic comment made >about nuclear power in the 1950s. However, I'll point out that its >been some years since I noticed the cost of my electric bill. My electric bill averages around $200 to $250 -Pete From lefty at apple.com Mon Apr 4 16:03:23 1994 From: lefty at apple.com (Lefty) Date: Mon, 4 Apr 94 16:03:23 PDT Subject: THOUGHT: Internation Message-ID: <9404042302.AA10966@internal.apple.com> Jamie Lawrence writes > >Well, I guess we concieve of the meaning of the phrase "'right' to a job" >somewhat differently. I see it as meaning everyone has the oppurtunity to >earn a living. Whether or not I have the responsibility to follow through >or not, I have that chance. What does "have that chance" mean in this context? Will appropriately non-demanding jobs be created (how? by whom? of what sort?) for those too untalented, careless, surly or offensive to get themselves "real" jobs? Do you actually see this as meeting some sort of need? -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From tmp at netcom.com Mon Apr 4 16:15:23 1994 From: tmp at netcom.com (tmp at netcom.com) Date: Mon, 4 Apr 94 16:15:23 PDT Subject: rights in cyberspace Message-ID: <199404042316.QAA14782@netcom9.netcom.com> "James Sturgeon" said >> 4. the accused would have the right to confront accusors > >With all the anonymous remailers, etc, how do you expect this >to happen? You yourself refuse to be identified (as is your >right) yet you promote the right to confront accusors? the point is, this `citizen' organization is built of people who agree to the rules `upon entry'. i forgot to mention that the charter of the organization would require agreements by individual users. for example: `i am todd marvin peterson, this account is for my use only and i will not permit use of it by any other person'. now, you are probably going to say that this is an invasion of your privacy, but then on the other hand, so would detweiler. who's right? (hee, hee). guys, it seems to me that if you want to censor detweiler, then you would have to construct a system where names map to people as a `given'. otherwise, you are just going to be tortured forever by your own `cryptoanarchy'. (a complex subject, one that i don't fully grasp, perhaps only the author t.c. may does) if you don't want to `liquidate' detweiler, then WHY THE HELL IS EVERYONE SO HOSTILE TO INNOCENT BYSTANDERS WHO HAVE THE SAME INITIALS BY COINCIDENCE?! is this your idea of an ideal meeting place? where there is suspicion and distrust? >> 3. a police force representing the authority of the organization over >> members would be required for enforcement. > >How can you have a police force? Who will be there to see you type >something evil? I can see you shoot someone and the judge can ask >my testimony to help convict you, but what about computers? With the >use of modems an act can be committed anonymously since the real world >has no proof that was you who did something... only that it was your >account that was used. take your pick -- no accountability for actions whatsoever, *ever*, and you have rampant `detweilering'. or, people agree to some accountability. there is no such thing as `an anonymous act'. people who live in communities can ask that each other adhere to the laws of the community and evict them if there is evidence otherwise. the purpose of a trial is to `judge evil deeds'. let me give you an example. suppose that i had technology that would allow me to `morph' to the point of looking exactly like tim may. except, i would go and terrorize everyone in denver and urinate on sidewalks, flash women, etc. you say that `modems allow an anonymous act'. well, for me, that morphing is the same way, it allows me to run rampant without any personal consequence. the way that whoever posted the bogus `death to cryptoanarchist' stuff glommed his signature, this is a similar idea. so, should we allow morphing? or are you going to insist that morphing is an uncontrollable technology and therefore regulation is futile? you see, anything is possible among people who are willing to cooperate. if we decide that maymorphing is illegal in our society, we can work to prevent it. but if we have the ulterior motive that, ultimately, we don't want to be held accountable for `our own evil deeds', then you have anarchy, or rampant detweilering. (hee, hee, love that verb) note: i am not arguing against remailers. they are useful in some forums. but what you seem to have right now is an `anything goes' atmosphere that practically invites abuse. you don't even appear to have simple preventions of things like mailbombing etc. do you condone mailbombing through remailers? >Amazing that a person who has a fairly good grasp of the English language >and a pretty good vocabulary can't seem to find the shift key. WOW!! A SHIFT KEY!! WHAT A CONCEPT!! well, it appears that no one here is interested in developing a sort of `cyberspatial community' that has codified rules of conduct. do you know of anyone who might? seriously, i mean. don't give me snide email like `try the nsa'... pseudonymously, --tmp From ebrandt at jarthur.cs.hmc.edu Mon Apr 4 17:11:35 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Mon, 4 Apr 94 17:11:35 PDT Subject: rights in cyberspace In-Reply-To: <199404042316.QAA14782@netcom9.netcom.com> Message-ID: <9404050011.AA10550@toad.com> > well, it appears that no one here is interested in developing a sort of > `cyberspatial community' that has codified rules of conduct. do you know > of anyone who might? seriously, i mean. You might try the "cypherwonks" list, run on anon.penet.fi; it addresses exactly the issues you're interested in. > --tmp Eli ebrandt at hmc.edu From phantom at u.washington.edu Mon Apr 4 17:35:30 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Mon, 4 Apr 94 17:35:30 PDT Subject: In the latest IEEE Spectrum Message-ID: For personal use only -- posted without permission "Classified algorithm for encryption" IEEE Spectrum, April 1994. Federal policy makers should reconsider the Clipper/Skipjack cryptography scheme, which employs a classified algorithm and Government-held keys as the basis of a new encryption standard, according to a six-page statement by IEEE-United States Activities. "Federal cryptography policy should not fight technological progress by attempting to retain outdated techniques of surveillance at the cost of the reliability and the security of the American information infrastructure," the statement concluded. The reasons given for issuing the statement included IEEE-USA's concerns that classified algorithms "cannot be proven secure," that individuals seeking to avoid detection would simply choose another cryptography method that can be downloaded from the Internet, and that law enforcement agencies can use other new methods--from vibration-sensing lasers on windows to keyboard-trapping programs. For more information, contact IEEE-USA at (202)785-0017. mt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From 68954 at brahms.udel.edu Mon Apr 4 19:17:38 1994 From: 68954 at brahms.udel.edu (Grand Epopt Feotus) Date: Mon, 4 Apr 94 19:17:38 PDT Subject: rights in cyberspace In-Reply-To: <199404042316.QAA14782@netcom9.netcom.com> Message-ID: On Mon, 4 Apr 1994 tmp at netcom.com wrote: > guys, it seems to me that if you want to censor detweiler, > then you would have to construct a system where names map to people > as a `given'. otherwise, you are just going to be tortured forever by > your own `cryptoanarchy'. (a complex subject, one that i don't fully > grasp, perhaps only the author t.c. may does) if you don't want to > `liquidate' detweiler, then WHY THE HELL IS EVERYONE SO HOSTILE TO > INNOCENT BYSTANDERS WHO HAVE THE SAME INITIALS BY COINCIDENCE?! is > this your idea of an ideal meeting place? where there is suspicion > and distrust? > I comprehend my own brand of crypto/cyber-anarchy. I personally do not go for any of the regulations or "protections" that have been proposed so far. IMO, if you want to put your machine on the net, take your chances. It's getting very cheap to set up a node now, and if I choose to do so I would not take kindly to any restrictions upon my activity, be it legal, or illegal even. Myself, I would much rather take the lumps of some abuse, rather than have ANY regualtion put on my usage of my personal node, or interaction between connected nodes. This makes room for alot of abuse, I admit that, but I just don't see how all these Bill-O-CyberRights stuff, and CyberKommunity will work when your dealing with a space that has no boundary. This is a metric space, whos distances are measured in connectivity, there are no real boundaries as the are easily breached and morphed. Basically I don't care if you are or not Dietwieller, so I won't get flurried or nmothing over it. > take your pick -- no accountability for actions whatsoever, *ever*, and > you have rampant `detweilering'. or, people agree to some accountability. > there is no such thing as `an anonymous act'. people who live in communities > can ask that each other adhere to the laws of the community and evict them > if there is evidence otherwise. the purpose of a trial is to `judge evil > deeds'. > IMO, FUCK that shit. How the hell are you going to evict me if I break one of the laws? There is no way you can develop a fool-proof system to control use, I even seriously doubt you can install a shitty system even. Basically if I want to do something, it will get done. The whole concept of a police force controlling cyberspace is a leap back about a billion evolution cycles. You can't patrol an amorphous blob. I would actually prefer the possibility to Detwielering so to speak,than to allow someone to try and control this. If they dont like what my node is doing, than cut connections to my node. > so, should we allow morphing? or are you going to insist that morphing is > an uncontrollable technology and therefore regulation is futile? you see, > anything is possible among people who are willing to cooperate. if we decide > that maymorphing is illegal in our society, we can work to prevent it. > but if we have the ulterior motive that, ultimately, we don't want to be > held accountable for `our own evil deeds', then you have anarchy, or rampant > detweilering. (hee, hee, love that verb) > This loses consequence in Kyberspace. You can decide that hacking is illegal(cracking) but you wont stop it, you may stop the casual cracker, but someone who does it professionally or witha passion etc... will not be able to be stopped. You are unable to hold someone accountable for their own deeds in a space like kyberspace where psuedonyms are part of the fabric of the space. > well, it appears that no one here is interested in developing a sort of > `cyberspatial community' that has codified rules of conduct. do you know > of anyone who might? seriously, i mean. don't give me snide email like > `try the nsa'... > Your right, I dont want a kyberspace community, thats the wrong idea. Dont bring your three dimensional models into a space that is amorphous and IMO best related to a infitine dimensions metric space. Perhaps that is not the aboslute correct topological term for it, but I think it should get the point across. You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary---- From lake at evansville.edu Mon Apr 4 19:23:32 1994 From: lake at evansville.edu (Adam Lake) Date: Mon, 4 Apr 94 19:23:32 PDT Subject: How Many Games of Chess: Exact answer given! In-Reply-To: <9404041923.AA21272@newton.apple.com> Message-ID: > > > The natural conclusion is that the complexity of the problem depends on how > much of the game you consider to be the `endgame'. Thus, the actual number > of different chess games: 5 > > 2) White mates > 1) Black resigns > 0) Stalemate > -1) White resigns > -2) Black mates > i am not sure this is a very reasonable question without any restrictions. while this answer is humerous, i don't think anybody has addressed the fact that i can move a king back and forth between 3 squares infinitely many times. POSSIBLE answer: uncoutably infinite? lake at uenics.evansville.edu ---------------------------------------------------------------------------- Isn't it nice to have only one simple question..... Zero or One. ---------------------------------------------------------------------------- From rjc at gnu.ai.mit.edu Mon Apr 4 19:30:03 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Mon, 4 Apr 94 19:30:03 PDT Subject: Economic assumptions Message-ID: <9404050229.AA08022@geech.gnu.ai.mit.edu> Eric Hughes: >Let's take remailers as an example. One current suggestion is to add >some sort of money system to the remailers as a condition of use. >This is exactly the wrong priority at the current time. The remailers >are already hard enough to use, and adding a payment system on top of >that will make them used even less. Making a system harder to use >increases the transaction cost. > >The current priorities should be to lower these costs. When the >remailer system begins to be overloaded, then adding some restriction >on use, perhaps by means of payment or a payment analogue, will be >warranted, because it will lower overall transaction costs, trading >off ease of use for throughput and reliability. > >What are some of these costs that should be lowered? > >-- Finding out that remailers exist and what they do. build a remailer "who" server into each remailer >-- Finding a remailer to use. ditto >-- Deciding what remailer to use. ditto (remailer server should list remailer properties like keylength, private?, delay length, chaining?, mixing?, padding?, encryption required? etc) >-- Figuring out how to use a particular remailer. standardize remailer help system, standard remailer command format (but not neccessaily the commands themselves) Sorta like an SGML for remailers >-- Formatting a message for a remailer. see above >-- Receiving mail through a remailer. Get/Creating a nice client. At the moment, 100% of the mail in my mailbox is encrypted. I wrote a script called "deliver" which encrypts incoming mail, then pipes it through procmail/slocal. I modified morepgp and made it a lot more user friendly (and recursive). Reducing complexity cost: All of this could be lowered by creating an easy-to-use remailer client which is compiled (or perl/tcl interpreted) and installed with every unix out there so it becomes ubiquitous. If someone's machine doesn't have a client, they can telnet to a machine where one is set up (just like gopher, archie, www) by some generous cryptoaltruist. The current remailer solution of putting all of the remailer system complexity on the server side can't make remailers too easy to use. My Extropians list software attempted to make it easy to use by allowing commands to be contained in-band with messages to be posted. It's still too complex for the user who wants hot-key style operation. (which is why I will eventually write a client for it) Once you write a generalized client that can communicate with standardized remailers, you can easily include digicash/postage in the system. >There much more need for improving the ease of use of remailers than >for paying for them. Are you objecting to paying for remailers on a philosophical grounds (anti-property/money)? No one has proposed paying real money for remailer use (although that is a future possibility). There needs to be some way to authenticate remailer users and limit use in a "free" sense (instead of top-down rationing) The best way to do this is to use some form of monetary system. >The less expensive privacy is, the more privacy there will be. >Privacy has non-linear benefit; the more that people are private, the >better any individual's privacy actually is. Every standard is enhanced by more people using it. However, this alone can't be a justification for making services into public goods which are free to everyone. If the Detweilers of the world take advantage of totally free remailers, they could end up limiting the privacy for all. The same "free" philosophy has killed many a porno/music/book site (or created absolutely long user queues reminiscent of food lines in the xUSSR) Spamming/Spoofing attacks on remailers must be dealt with. The situation is not helped by either-or logic. We need both ease-of-use and some notion of postage. -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From lake at evansville.edu Mon Apr 4 19:52:59 1994 From: lake at evansville.edu (Adam Lake) Date: Mon, 4 Apr 94 19:52:59 PDT Subject: rights in cyberspace In-Reply-To: <9404050011.AA10550@toad.com> Message-ID: On Mon, 4 Apr 1994, Eli Brandt wrote: > > well, it appears that no one here is interested in developing a sort of > > `cyberspatial community' that has codified rules of conduct. do you know > > of anyone who might? seriously, i mean. > awe.....nice try at saving SOME dignity. i hope this is not considered a flame, but it is a valid point, someone will eventually step in and set rules, but there is a saying about rules....... lake at uenics.evansville.edu ---------------------------------------------------------------------------- Isn't it nice to have only one question in the "modern world"? Zero or One. ---------------------------------------------------------------------------- From rjc at gnu.ai.mit.edu Mon Apr 4 20:15:58 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Mon, 4 Apr 94 20:15:58 PDT Subject: This List--Public, Private, or Other? (fwd) Message-ID: <9404050315.AA08794@geech.gnu.ai.mit.edu> Hal writes: > Because of these considerations, I think cyberspace is not really subject to > the kinds of ownership and control that we associate with private property. > Look at the Extropians list as an example. They try to say that the list > is private property and feel free to kick people off. But sometimes people > get disgusted with their autocratic practices and leave. The list ends up > losing value. The more they tighten their iron fist of ownership the more > individuals slip out of their grasp, to paraphrase noted cyberspace pundit > Princess Leia. (I say this not to disparage members of that list, which has > a lot of talented people, but because to me it is a good example of the mis- > application of the idea of private property.) > On the other hand, the list also tries to perform a useful function for many people which is to filter down the enormous amount of chatter conversation out there to make it easier to read. It's interesting to note that the people who left the list were not leaving because of our tight copyright rules but because they disliked the code-of-conduct rules with respect to politeness and the enforcement of them. Code of conduct is a form of property control which won't disappear even in a "free" cyberspace. People will still form electronic country clubs excluding the non-elite or the non-polite from their ranks. The Extropian's list copyright rules are mainly e-cultural politeness. Just as it is considered bad netiquette to forward private e-mail to a public newsgroup, the Extropian's list administration considers it inappropriate to forward private exchanges to public lists without prior permission from the author. Such a rule would likely be in place on "women only space" e-lists or abuse recovery lists. Although the cypherpunks membership list is public, I bet many cypherpunks would consider it inappropriate to sell or give away this list to direct electronic marketing agencies. The extropians list has its copyright rule also to create a safe-zone. One where you can speak your mind without worrying about someone publishing your words in a "usenet cd-rom archive" where your boss could see it. Until pseudonymity is easier to use, restrictions will have to stay in place. I see electronic copyright as mainly just good manners. > My model of the ultimate future of cyberspace emphasizes selectivity > and filtering of a huge corpus of messages, articles, essays, debates, > etc. The hard part is going to be picking out what is interesting to > you, and making your contributions in such a way that interested people > see them. I really don't think our current infrastructure of mailing > lists and usenet does a very good job of this, and I hope that in the > future better approaches will be possible. It's not clear what role > ownership will play in that system. I think mailing lists do a much better job of filtering than usenet where membership to a discussion group can not be moderated or limited. (it doesn't work in practice. it usually kills the group or e-sociopaths just bypass the insecurity of the system) I like AOL's "auditorium" model. In the future, people will still want to pay others for locating information, filtering, and formating it in the oceans of information out there. Lexus/Nexus, IQuest, and some of the financial report natural-language filters out there are good examples. Information itself would probably be relatively free, but useless because *finding it* would be the hard part. Electronic Consultants would make their money by hooking you up with the right database or search software, or sell you their personal time over an electronic market. -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From blancw at microsoft.com Mon Apr 4 20:22:52 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 4 Apr 94 20:22:52 PDT Subject: THOUGHT: Internation Message-ID: <9404050323.AA29905@netmail2.microsoft.com> From: Jamie Lawrence: "Well, I guess we concieve of the meaning of the phrase "'right' to a job" somewhat differently. I see it as meaning everyone has the oppurtunity to earn a living." Except that you didn't say that, you said 'right to a job'. To me that means that there is a job in existence to which I have a right, or that one should be created for me so that I may be the beneficiary of it. "I also don't know that I think my job has anything to do with my purpose in life- If someone can find that to be the case, great, but otherwise it is just a way to stay alive while they are looking for the real thing, so to speak." Your basic purpose in life could be simply to maintain it while you or someone else figures out what it's for. Maintaining a life requires work, which is what a job is and does. The reference to a 'right' to a job is usually intended to mean that it should be provided, not just that the opportunity should exist. But in fact, no one is required to maintain another's particular existence; especially if they impress as being a purposeless being with no particular reason for being assisted in the maintenance of their purposeless life (i.e. there being no reason to be even *moved* to provide them with a job). It has been pointed out in my readings, that the Constitution makes a case for the *pursuit* of one's interest, to emphasize that it should not be hampered or prevented, but that it makes no case for the provision of that particular thing which one would pursue (like a house or a job). "I suppose I look at the alternative- that people don't have the right to earn a living, that doing so is a priviledge. How easy is it to get by without a job in this country? It can be done, but it sucks." People don't really have a right to do anything, yet they have the given means and a whole world & beyond, with which to do most of what they can imagine or anything they can manage. It's easy, when you know how. Blanc From hughes at ah.com Mon Apr 4 21:06:01 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 4 Apr 94 21:06:01 PDT Subject: Economic assumptions In-Reply-To: <9404050229.AA08022@geech.gnu.ai.mit.edu> Message-ID: <9404050353.AA09101@ah.com> me: >>One current suggestion is to add some sort of money system to the >>remailers as a condition of use. This is exactly the wrong priority >>at the current time. [...] [re: other transaction costs] >>The current priorities should be to lower these costs. [later] >>There much more need for improving the ease of use of remailers than >>for paying for them. rjc: > Are you objecting to paying for remailers on a philosophical >grounds (anti-property/money)? Four words: Libertarian Political Correctness Witchhunt. If it's not really clear that I was making a statement about priorities, I don't think that repeating it a fourth time will help. If, of course, I'm not all in favor of monetarizing remailers immediately, could it be that I'm not in favor of ... money? Please. > The situation is not helped by either-or logic. We need both ease-of-use >and some notion of postage. Are you talking about me? It appears that you are, but I thought I was only comparing priorities. Enough of this. I'd rather discuss lowering transaction costs. rjc comments on my list: >>-- Finding out that remailers exist and what they do. > build a remailer "who" server into each remailer I point out this doesn't help if you don't know where the first remailer is. What I was specifically referring to was public education. Were remailers ubiquitous, there would be a chapter on them in each of the latest rage of 'how to use the internet' books. They could be a well-used service, like archie. In fact, they are not. There are numerous reasons for this, some of which are self-referential (as in, there aren't a lot of remailers yet) and some of which are not. For example, there's no FAQ for comp.mail.remailer, because there's no such group. Why shouldn't there be? >>-- Finding a remailer to use. > ditto I specifically made this a separate item because it has a different solution. Let's assume the potential user has some beginner's document about remailers. How do they go about finding out what remailers exist? Well, the document could have a list of them, but that doesn't exactly work well in the face of rapid changes. Some centrality in the initial query seems called for. That could be a stable machine, or some stable name, even. What the query actually looks like is less important. We need DNS or something like DNS for this purpose. We need something where changes can propagate outward rapidly, which pushes data out, and unlike BIND (the standard implementation of DNS), which pulls it in after it times out. The standard DNS query format could be kept, but the current back end may not quite work. And what about users on Compuserve, AOL, Genie, Delphi, and Prodigy? >>-- Deciding what remailer to use. > ditto (remailer server should list remailer properties like > keylength, private?, delay length, chaining?, mixing?, padding?, > encryption required? etc) Certainly a standard way of listing the properties of a remailer would help. This seems to be mostly a matter of syntax. There is, also, the question of trustworthiness. That mythical beast the reputation system might be applicable, but I know of none to judge for suitability. More generally, there are questions of policy. What, for example, is the policy of the remailer in case of administrative request for mappings? Are there liquidated damages available to someone whose privacy is breached? These legal issues are not so easily made into syntax. >>-- Figuring out how to use a particular remailer. > standardize remailer help system, standard remailer command format > (but not neccessaily the commands themselves) Sorta like an SGML for > remailers I think the commands ought to be standardized, just like RFC-822 standardized on the To: field. I realize this is going to create a little havoc for the half-dozen or so remailer developers who have all chosen not to talk to each other during their developments. If you don't have standard commands, then you need a way of specifying semantics for all these various commands. Not good. >>-- Formatting a message for a remailer. > see above Personally, I don't think we need multiple algorithms for this. Is there any compelling reason, other than to avoid wasting existing but not yet deployed code? >>-- Receiving mail through a remailer. > Get/Creating a nice client. There's a transaction cost to switching clients which is huge. It's completely unrealistic to expect everyone to use a particular client for remailers. It just won't happen. Far better is to rework existing clients to support remailers and to get those changes into the main distributions. >Reducing complexity cost: > All of this could be lowered by creating an easy-to-use >remailer client which is compiled (or perl/tcl interpreted) and >installed with every unix out there so it becomes ubiquitous. The dream of universal software. When I can unpack some software and type 'make', and do nothing else except read the man pages that 'make' caused to be formatted, I'll call that universal software. And not before. I'm glad lowering these transaction costs garnered a response. But what I really want to see is, what did I forget about transaction costs to use remailers? Eric From tcmay at netcom.com Mon Apr 4 21:13:18 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 4 Apr 94 21:13:18 PDT Subject: This List--Public, Private, or Other? (fwd) In-Reply-To: <9404050315.AA08794@geech.gnu.ai.mit.edu> Message-ID: <199404050414.VAA14836@mail.netcom.com> Ray Cromwell writes: > On the other hand, the list also tries to perform a useful function > for many people which is to filter down the enormous amount of chatter > conversation out there to make it easier to read. It's interesting > to note that the people who left the list were not leaving because > of our tight copyright rules but because they disliked the code-of-conduct > rules with respect to politeness and the enforcement of them. I hope Ray was not counting me in with those who left the Extropian list because they "disliked the code-of-conduct rules with respect to politeness and the enforcement of them." I left for a number of reasons, most of which I chose not to spell out when I left. Of the several notable folks who left, for various reasons I'm sure, Hal Finney left long before this issue arose, Perry Metzger became dormant also before this issue arose, I left in January for these aforementioned multiple reasons, and the only one I know of who left over a conflict such as Ray describes was Vince Kirchner, who left the list a few days after I did (I missed the big blow-up). The Extropians are a fine bunch, and I enjoyed my 18 months on the list. Ultimately, it was taking too much of my time for too little new information in return, certain folks were treating the "Extropian Principles 2.0" as a kind of catechism to be quoted to doubters, and the personal invective was intensifying. I chose to leave and to use the saved time to learn to play the electric guitar....seriously. I had great fun with the concept of the "PPL" (privately-produced law) justice system. At the encouragement of Harry Shapiro and other list folks, I was the first to create an independent PPL, which I dubbed "Mr. May's Greater Extropia." (You may see the reference to "Snow Crash.") My PPL agreed to hear cases from other PPLs at the reasonable rate of $100 an hour....$100 in real, U.S. currency. (This could not argued against, as surely the Extropians could not argue for wage-price controls!) This was received in good humor by Harry, at least from his comments to me, and was not the source of my leaving. It is true that Max More, the Extropian Maximalus, and I did exchange some harsh words, mostly over Max's dislike of my pointing out some disturbing parallels between Extropianism and certain religions. I don't believe Max is a huckster, a la L. Ron Hubbard and Dianetics/Scientology, but it is also the case that I found nothing personally very interesting or satisfying in centering arguments around ideas like "Dynamic Optimism" and "Unbounded Rationality" (I never did learn the exact wording of the Five Principles, so bear with me). I remain on good terms with the many Extropian folks who I see at Bay Area events and parties, and I even talked to Max at a party several weeks ago. I wish them well, as our interests often coincide (and many are on the Cypherpunks list), but I have some doubts that membership will grow significantly--the type of bright, independent, anarcho-capitalist folks drawn to discussions of the sort Extropians like to engage in are seldom interested in dogma, even if the dogma is Rational and Dynamically Optimistic. Whatever reasons I had for leaving the Extropians list are complex...but I suspect you can all tell from my skeptical tone above that my reasons had more to do with disenchantment with the general tone of the group than it had to do with any kind of rejection of the concept of codes-of-conduct (something I used to argue _for_, as Ray and Harry can attest). I just wanted to set the record straight. I know that Ray did not single me out in his comments, but I think it's safe to say that my departure was a high-profile event, due to my many postings to their list, and so Ray's comments might be taken to apply to me. No false modesty from me. I support Ray's point about the value of mailing lists in creating the kind of "private spaces" I've been talking about. A mailing list is essentially just that, a "private space." > I think mailing lists do a much better job of filtering than usenet > where membership to a discussion group can not be moderated or > limited. (it doesn't work in practice. it usually kills the group or > e-sociopaths just bypass the insecurity of the system) I like > AOL's "auditorium" model. And I support Ray's point that we need both improved remailer features _and_ some concept of digital postage. I hope Ray can pull this off. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From dwomack at runner.utsa.edu Mon Apr 4 21:14:59 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Mon, 4 Apr 94 21:14:59 PDT Subject: Burn 2.0 file deletion Message-ID: <9404050414.AA10789@runner.utsa.edu> My Apologies! Mia Culpa! I've come across a really great freeware program called burn2.o for the Mac. I offered to send it to anyone who was interested... two people responded...and I promptly lost the e-mail addresses. Please e-mail me and I'll do better...this is a great little program! Regards Dave From blancw at microsoft.com Mon Apr 4 22:00:40 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 4 Apr 94 22:00:40 PDT Subject: rights in cyberspace Message-ID: <9404050501.AA00935@netmail2.microsoft.com> tmp: The point of the nation's bill of rights was to deal with the fear that the federal governing body would not understand sufficiently the principles in the Constitution, if these were not more precisely spelled out. The philosophically capable founders & writers of the Constitution & nation were able to think in terms of wide principles, but this was not expected so much from those who would follow after them. The intent of trying to codify guarantees was to try to present to their more limited successors the definite, specific crucial elements of the freedom to action which otherwise would be ignored. They were aimed at the government, because it was being created and because it was new & different, and because the people at that time were very familiar with what it meant to be insignificantly considered by a ruling class. They were trying to uphold their dignity as individuals whose manifested existence they thought should not be overlooked or easily mistreated by those to whom so much power had been entrusted. They were looking to a government to both be a tool for upholding and preventing the destruction of the values which they all were aiming for. They were looking to the government because that is all that they had at the time to think about, in terms of a means to achieve their goals. But that was a long time ago, and since then everyone has learned much about what is possible to the individual, as well as what is possible to a 'free' government and to a collective body of any group of people. Many concepts have been clarified, developed, refined. Some people have developed other ideas of how to live which do not require the use of an elected class to guard things which they (the elected) do not themselves actually value or know how to defend. We have many more tools now by which to exist more independently than ever, and some of us are prepared to use the opportunity to advance in that direction. You might have noticed that the 'cypherpunk ideology' has much to do with tools. I can't speak for the others on this list, especially those who set it up, but this is what I think: 'Tis a better thing to use a tool than to use another person. It permits of a different kind of association; it opens pu the possibility of conceiving another person more in terms of friendship and similar interests, compared to what exists in a community where people will gather for comfort against fear, or primarily for the utilitarian benefits the group can provide. There develops a change of proportion in what the 'community' represents to those who consort with each other. Considering how successful the bill of rights has been so far at creating a more perfect government, it is difficult to accept that another set of commandments would accomplish anymore than they ever have. Success does not depend solely upon what has been stated, but upon what has been understood; nay, further, upon the ability to understand the statement; and better yet, upon the ability to act in regard of it. To have to wait for recognition or for permission is too dependent upon the mercy of another. It is better to move forward into efficacy than to wait for the generosity of strangers, especially when it is for your own benefit. Where was the access to the internet before there were private companies? Where was the internet before it was constructed? What if no one had conceived of the idea at this time yet? We would all be effectively censored from cyberspace simply from the absence of a place to go! How does the existence of a government and a codified community relate to the existence of an electronic means to commune? I wouldn't expect that a bunch of, say, poets, just milling around, would result spontaneously in a network made up of wires and cables and hardware and software and . . . . things that make up what comprises the net, just from having the freedom to speak and assemble. Yet once each of these things had been created, and once the idea to use them in this speciallized way had occurred to some bright person, it is expected by many that they suddenly should have the right to use that system, as though they owned these strangers who happened to have a practical idea, and had therefore the right to use the results of their creativity. Codified behavior is useful to people when they are not prepared to make their own decisions about what they will do or in what manner they will carry out those actions to success. It is not useful to those who are venturing out into new territories or who wish to be creative and self-composed. It is not agreeable to those who wish to act from their own authority and take up the responsibility for their actions, because coding does not require thought, it only requires obedience; it doesn't require understanding, it only requires following, accomplishable simply by imitation; it doesn't require conscious & studied agreement, it only requires complicity. Codified behavior assures minimum expectations, but it does necessarily allow for enlarged perspective or insight. I personally would not want to fall into the category of those who need codified behavior in order to meet a minimum standard of normal social interaction. I would not wish to be a part of such a 'community', as I would be operating in a realm far beyond their expectations and ability to deal with. Individuals who go out into the sunless world of cyberspace should realize that it is an abstract atmosphere, where often little more than heat (vs light) is to be expected. How much can you care about digital data, how seriously can you consider it, how much will you allow it to affect you or push you out of shape? It could be more the money, the expense vs the reward, which could be anything to really worry about. Lions and Tigers and Bears! Oh, My! You could do a little cost/benefit analysis of your involvements on the net and calculate that you might be more free by staying off than by staying involved or hanging on. But if you *are* so interested in the subject of codified rights, you should enter into a conversation with Dorothy Denning, as she also pursues the same vision of rights and laws as yourself. She would probably not only agree with you, but perhaps offer additional ideas as well. Blanc From rjc at gnu.ai.mit.edu Mon Apr 4 22:12:11 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Mon, 4 Apr 94 22:12:11 PDT Subject: REMAIL: Ray's improved anonymous remailer Message-ID: <9404050511.AA10240@geech.gnu.ai.mit.edu> Hal writes: >These mostly sound like great features. The virtual addresses are something >we have needed for a long time. The idea of keeping records of which remailers >are responding should help with the use of the network, too. The one problem >with this is that it might be tempting for the users to just trust the >remailers to choose their chain paths. It would be much better for the user's >own software to hook up, find out which remailers are operating, then choose >a chain. Ray's software will allow this, but this function could be split >off from the remailers to a specialized server, perhaps. Good idea. The remailer assumes a few things. 1) if you don't give an explicit chaining path, and chaining is turned on, the remailer automatically picks the remailers with the heaviest usage for chaining. 2) if you give an explicit path, do not override it unless a remailer in the path doesn't respond A better idea might be a sort of "domain remailer naming service" which locates users on a remailer network (instead of explicitly giving out the remailer that your virtual address is located on) This DrNS would have to be trusted and secure, but it does cut down the number of trust entities since you only have it to trust, not every remailer on the network which has a copy of where your virtual address is located. Julf's APS is sorta like this already. I like the decentralized approach best. Let's say you don't want any plaintext associated with your real e-mail address. Simply set up two virtual addresses as follows: Remailer1: foo -> rjc at gnu.ai.mit.edu Remailer2: AnonymousRay -> foo#remailer1 Now when a plaintext arrives at remailer2, it is encrypted for remailer1, and with *your* public key (associated with "AnonymousRay") if one is present. So one remailer sees (plaintext, foo#remailer1), the other one sees (ciphertext, rjc at gnu.ai.mit.edu), but neither sees (plaintext, rjc at gnu.ai.mit.edu) Of course, collaboration is a problem, but you can always increase the chain length to take care of that. You can include SASE standard cypherpunk remailer blocks too if you want to further confuse the issue. >I'm not sure about the advantages of remailers signing and encrypting messages >between themselves. It seems to me that the network should work even without >this. Ideally we don't want the remailer network to be too centralized and >close-knit. It's better for them to be strangers to each other since if they >coordinate their efforts they can defeat anonymity. Ah, I didn't explain this. Originally, I planned to implement some remailer network level commands such as "add/change my stats in your list of remailers", "put a link to this virtual user in your networking map", "change my public key", etc. To do this, I assumed that only *trusted* remailers would be added to your remailer network list so that only trusted entities could do network level commands (by signing them) and only trusted remailers could introduce other remailers to the network. Now I think I'll require the operator to do this stuff manually so if you change the parameters of your remailer, you have to manually notify others on the network and they have to update the configuration files manually. Encrypting messages between remailers is useful because you want to make sure there is no correlation between incoming requests and outgoing ciphertexts. You not only want to encrypt them, you want to alter the sizes of them. I didn't think it was wise to pad a 1,000 byte message out to a 100,000 byte message if both were in the "mix" Instead, I opted to "packetize" the messages and quantize the packet lengths to an operator configurable length. Each packet is encrypted separately and I'm investigating the feasibility of sending them through separate chains. The problem is, all the pieces must end up at some remailer where they are reassembled. This situation would be alleviated if there was a standardized remailer client operating on the receiving/user side. Even cooler, a telescript/postscript like language for splicing and dicing incoming mail streams. Sort of a PGP/Mail scripting language that can't do any damage executing scripts embedded in incoming mail. >>p.p.s. e-mail commands are of the same form as the extropian's mailing >>list, backwards compatibility with the cypherpunks pasting token is not >>supported. Why? All headers in the message are ignored (and in socket-mode, >>there is no header anyway) and the prefered mode of operation is to encrypt >>the body and the commands so no outside eyes can see the remail request >>destination nor the message subject. >This was one reason I suggested supporting both old-style CP and the >extropians-style syntax ("::Anon-To"). As Ray suggests, in some cases we >might not have message headers in the RFC822 sense. I think it is simpler >to think about a message which has remailer commands at the top. It was an easier implementation issue for me to just handle commands in the body vs. header and body. Putting commands in unencrypted headers seems to be a bad idea (especially if you are giving the remailer an explicit chain. You want to defeat traffic analysis, not help it) >> Socket mode provides a more secure form of operation by bypassing the >>standard sendmail delivery mechanism allowing a message to be >>piped directly to the remailer. In addition, the socket mode remailer >>functions as an information server allowing clients to request >>a publically networked list of public keys and up-to-date list of >>\rem servers. The port number can be anything but I'm suggesting we all >>agree to use port 2258. >The number of sites which allow users to run socket servers is far smaller >than the number which allow mail filters, so not many people will be able >to use this feature. OTOH the mail-only sites are generally of low security >and an owned-and-operated system should be able to use this feature. So it >is definately a plus for those who can use it. This works already. The remailer is written such that it doesn't care whether the data is coming from a sendmail STDIN stream, or a socket. All it does is redirect the socket to STDIN once the "DATA" command is given. Then, the same routine which processes the mail side of the server works on the socket data. The socket-mode is pretty much a 'free' feature (didn't take any special logic in the command processor). The software can run without it, but it works better for internet users. >Ray had mentioned above that these user handles can also map to encrypted >remailer strings. This way users don't have to trust any one remailer op- >erator to keep their identity secret. This need for trust is one reason >I am not enthusiastic about user#remailer1#remailer2#remailer3 as an >address, although it is admirably concise and easy to use. The problem is Karl Barrus suggested that I use the usenet style FIFO format as in, remailer1#remailer2#remailer3#user (like foo!bar!user) I'm not sure which is more intuitive, but I would like some feedback on this. I agree that one must trust a remailer operator, but I think there's already too much trust in the single non-networked remailer currently used. (operator logging easily catches any anonymity) >that it exposes the path to the first remailer in the chain. I really feel >that paths must use nested encryption to be of much value. Similarly, the >darkmodem#*#*#deepanon requires the user to really trust the first remailer >in the chain. Perhaps it deserves such trust, but I feel that a system which >does not require such trust would be superior. (Again, Ray's proposal is >broad enough that it will allow non-trust modes of operation, as I understand >it; my main concern is that these other options are so easy that they will >tempt people to be lazy and slip into modes where they are vulnerable to >unscrupulous remailer operators.) I agree completely. This is always the danger which is why I think remailers should have ratings, flags, and comments in the list of remailers, and that remailer operators should only include those that they trust. I also feel that virtual addresses should always be many levels deep. (user -> foo#remailer1 -> bar#remailer2 -> baz#remailer3 which is an encrypted Eric Hughes style cypherpunk remailer block. The only problem is that since Eric's software isn't part of the notification net, the software has no idea whether the remailer is up and running or not) Some security through obscurity will be needed. >I am really looking forward to seeing Ray's software. It sounds like a >good package of functions. Thanks. I still have a lot of work to do on it. I got side tracked for the last two weeks and my undertaking was a little too ambituous. When I announced it, most of the library I/O functions were done, but the major network logic still needs to be written. It should be beta testing in the next few weeks. Make any requests/suggestions now. ;-) Thanks for the comments, -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From blancw at microsoft.com Mon Apr 4 22:21:23 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 4 Apr 94 22:21:23 PDT Subject: Cyberspace, Crypto Anarchy, and Pushing Limits Message-ID: <9404050522.AA01169@netmail2.microsoft.com> From: Timothy C. May: "And we'll be moving our trade, our entertainment, and much of our lives into cyberspace a whole lot faster than we'll be slowly moving into low Earth orbit and beyond. In fact, I consider that I'm already half-way in. In a few years, with Mosaic-like one-touch connectivity, with a plethora of network choices, with secure remailers and similar tools to anonymize my transactions, I'll be so far in there'll be [no] turning back." Reach over quietly and s l o w l y *push* the 'Esc' button. Actually, some of us could become quite bored and decide to go to the beach, instead. Sometime, someday (when you least expect it), you'll have to come out and do some 3-dimensional living. Blanc From oriole at world.std.com Mon Apr 4 22:29:20 1994 From: oriole at world.std.com (Alan J Poulter) Date: Mon, 4 Apr 94 22:29:20 PDT Subject: SecureDrive Message-ID: <199404050529.AA03931@world.std.com> Hi, I am interested in finding out about a package called SecureDrive. Any information about it would be gratefully received. Thanks in advance. Alan Poulter oriole at world.std.com From mpj at netcom.com Mon Apr 4 22:58:08 1994 From: mpj at netcom.com (Michael Paul Johnson) Date: Mon, 4 Apr 94 22:58:08 PDT Subject: Earn $271.82 if you break new crypto freeware. Message-ID: <199404050559.WAA14989@mail.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- __ / \ New Cryptographic Freeware Available: Data Lock /____\ \ / * Uses the Diamond Encryption Algorithm (slight variation on MPJ2) \ / * Includes complete source code \/ * No patent infringement problems * Includes source code library for Diamond & Diamond Lite * Can be strong enough to protect very valuable data (see below) * Can be weakened enough to be exportable in executable form only * Ciphertext doesn't advertise its algorithm or key (stealth) Documentation only (exportable): ftp:csn.org//mpj/public/dlockdoc.zip or dlockdoc.tar.gz ftp:ftp.netcom.com//pub/mpj/public/dlockdoc.zip or dlockdoc.tar.gz Full package (including all source code & executable file): ftp:csn.org//mpj/I_will_not_export/crypto_???????/mpj/dlock.zip or dlock.tar.gz ?????? and anti-export warning given in ftp:csn.org//mpj/README.MPJ ftp:ftp.netcom.com//pub/mpj/I_will_not_export/crypto_???????/mpj/dlock.zip or dlock.tar.gz ?????? and anti-export plea given in ftp:ftp.netcom.com//pub/mpj/README.MPJ Colorado Catacombs BBS 303-938-9654 DLOCK.ZIP Data Lock itself may be useful, but its greater value lies in the fact that it is written more to be used as a function library for people who want to incorporate encryption into other applications. The only change from MPJ2 to the Diamond Encryption Algorithm is that the key expansion mechanism now distinguishes between keys of different lengths. For example, the keys "aaaaaaaa" and "aaaaaaaaaaaa" would have been equivalent in MPJ2, but are not in Diamond. Diamond Lite is just the logical contraction of Diamond from a 16 byte (128 bit) block to an 8 byte (64 bit) block. Even though "Lite" is in the name, it yields better security for small numbers of rounds because of the faster avalanche effect (1 bit to 64 in just 2 rounds instead of 1 bit to 128 in 5 rounds). MPJ2 and Diamond are derived from the MPJ encryption algorithm, invented in 1989, but use an improved key scheduling algorithm that eliminates the slight bias in the way the substitution arrays were filled. The following is a comparison of some of the symmetrical key ciphers available to the general public today. Included is a (somewhat subjective) strength comparison to give a general idea of how Diamond and Diamond Lite compare: ALGORITHM BLOCK KEY ROYALTY ECB RELATIVE APPROXIMATE WORK FACTOR NAME SIZE SIZE FREE? MODE SPEED TO BREAK log base 2 of BITS BITS OK? number of operations DES 64 56 YES YES MEDIUM 43 3DES 64 112-168 YES YES SLOW 64-168 DIAMOND 128 variable YES YES MEDIUM 128-key size DIAMOND LITE 64 variable YES YES VERY FAST 64-key size BLOWFISH 64 variable YES YES VERY FAST 64-key size? SHA-CFB 160 variable YES NO VERY FAST 80-160 MD5-CFB 128 variable YES NO VERY FAST 64-128 REDOC II 80 160 NO YES FAST 80-key size REDOC III 64 variable NO YES VERY FAST 64-key size KHUFU 64 512 NO YES ? 64-512 IDEA 64 128 NO YES FAST 64-128 MMB 128 128 ? YES FAST 128? The "work factor to break" column is somewhat subjective, and is based on the best attacks that I have knowledge of (hardly an exhaustive list), combined with a GUESS at what attacks might succeed. They also assume that the key length is at least as long as the numbers indicated when the key length is variable. You should decide for yourself what you will believe. Don't put all your eggs in one basket. Besides those things listed above, some distinguishing characteristics of Diamond and Diamond Lite include: * They can easily and securely take a pass phrase directly as a key. * They can be extremely fast when implemented in hardware. * They allow you to perform some security vs. speed and size tradeoffs. * Key setup is designed to make brute force attacks very costly. OK, this is where I put my money where my keyboard is. If you are the first one to correctly decipher my challenge text (CHALLENG.ENC in DLOCK.ZIP), enciphered with DLOCK.EXE, before midnight UTC, 29 April 1997, and follow the redemption instructions contained within the challenge text, then I will send you US$271.82 of my hard-earned money. You must (1) reveal to me how you did this, and (2) not break any laws in the process to collect the prize. I know that this isn't enough to justify much serious cryptanalysis, but it should demonstrate that such a challenge is beyond the reach of the average hacker. ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp:csn.org//mpj/README.MPJ for crypto stuff | | |||/ /_\ | aka mpj at netcom.com mpjohnson at ieee.org mikej at exabyte.com | | |||\ ( | m.p.johnso at nyx.cs.du.edu CIS 71331,2332 PGP key by finger | | ||| \ \_/ |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLaDz1j9nBjyFM+vFAQHJ8QP/UgnrRX0u5AAnEoOIuNPi1Y8yRPrY7U3R BWTb04eyi1hqSuWnVQaAkINp84R5d/PhyS7wa5xEEoq+UmhISEoGHoSVc6e2QWr+ xsSR5vjvUQpc5zkPIdkFOpVb94aCUCDHh5Zv4bU6WsVoKI+zAXSrRDL7o4zhwfxp +H6ov+NPI1M= =9Ul1 -----END PGP SIGNATURE----- From rjc at gnu.ai.mit.edu Mon Apr 4 23:20:43 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Mon, 4 Apr 94 23:20:43 PDT Subject: Remailer Standards (was Economic Assumptions) Message-ID: <9404050620.AA10726@geech.gnu.ai.mit.edu> Eric: > Enough of this. I'd rather discuss lowering transaction costs. rjc > comments on my list: > >>-- Finding out that remailers exist and what they do. > > build a remailer "who" server into each remailer > I point out this doesn't help if you don't know where the first > remailer is. What I was specifically referring to was public > education. Were remailers ubiquitous, there would be a chapter on > them in each of the latest rage of 'how to use the internet' books. > They could be a well-used service, like archie. But this has nothing to do with writing code. There are plenty of people on this list who aren't writing code, who most likely have better writing skills than CS/Engineering majors, and who have the time to write remailer faqs and evangelize remailer use. This type of project can be done in parallel with remailer development. I don't see why any priority scheme is needed. Cypherpunks, as often repeated, are not a monolithic group governed from the top-down who obey directions to focus all their efforts on one priority. > In fact, they are not. There are numerous reasons for this, some of > which are self-referential (as in, there aren't a lot of remailers > yet) and some of which are not. For example, there's no FAQ for > comp.mail.remailer, because there's no such group. Why shouldn't > there be? Maybe because it would get voted down or maybe because no one has RFD'd it yet. Nothing is stopping anyone from going ahead and doing this. An alt group would be better. > >>-- Finding a remailer to use. > > ditto > I specifically made this a separate item because it has a different > solution. Let's assume the potential user has some beginner's > document about remailers. How do they go about finding out what > remailers exist? > Well, the document could have a list of them, but that doesn't exactly > work well in the face of rapid changes. Some centrality in the > initial query seems called for. That could be a stable machine, or > some stable name, even. What the query actually looks like is less > important. This is already included in my new remailer, but I proposed a "remailer server" for keeping an up to date automatically generated list of working remailers almost a year ago (I even hacked up some partially working code for it) when it became obvious that Karl's list of remailers weren't good enough (although it was a good effort) The biggest problem is getting a stable machine or a stable network of 'DNS'-like machines. There is already a similar mechanism for MUDs. Besides the static list of running muds there is a MUD "mudwhod" server which maintains a list of running muds and who is logged into them. > There is, also, the question of trustworthiness. That mythical beast > the reputation system might be applicable, but I know of none to judge > for suitability. More generally, there are questions of policy. > What, for example, is the policy of the remailer in case of > administrative request for mappings? Are there liquidated damages > available to someone whose privacy is breached? These legal issues > are not so easily made into syntax. This type of standardization is only likely to spontaneously evolve after a remailer network is already up and running and these policy issues come up. I don't think we can centrally draft some kind of Constitution/Bylaws for remailers which covers all possible future problems. Remailer politics and legal systems are an unexplored area. I think we should leave it up to the remailer operators for now since they will have to deal with these issues first hand. > >>-- Figuring out how to use a particular remailer. > > standardize remailer help system, standard remailer command format > > (but not neccessaily the commands themselves) Sorta like an SGML for > > remailers > I think the commands ought to be standardized, just like RFC-822 > standardized on the To: field. I realize this is going to create a > little havoc for the half-dozen or so remailer developers who have all > chosen not to talk to each other during their developments. All someone needs to do is write up an RFC and submit it. > >>-- Formatting a message for a remailer. > > see above > Personally, I don't think we need multiple algorithms for this. Is > there any compelling reason, other than to avoid wasting existing but > not yet deployed code? It could be that the best encapsulation method for remailer messages hasn't been developed yet. I certainly think the recursive-pasting token method needs a lot of work. A method should be general enough to work with any RSA/Pkey system and not rely on PGP's standard format. Cut lines definately needed to be standardized abstracted away from the underlying cryptosystem. > >>-- Receiving mail through a remailer. > > Get/Creating a nice client. > There's a transaction cost to switching clients which is huge. It's > completely unrealistic to expect everyone to use a particular client > for remailers. It just won't happen. Far better is to rework > existing clients to support remailers and to get those changes into > the main distributions. Either way works, and the actual method used will probably be a combination of both. However, getting cypherpunk software installed in existing distributions will require some politics and lobbying on behalf of cypherpunks. (e.g. getting remailer mods into something like Eudora might be really hard) > >Reducing complexity cost: > > All of this could be lowered by creating an easy-to-use > >remailer client which is compiled (or perl/tcl interpreted) and > >installed with every unix out there so it becomes ubiquitous. > The dream of universal software. When I can unpack some software and > type 'make', and do nothing else except read the man pages that 'make' > caused to be formatted, I'll call that universal software. And not > before. Already exists. Almost every Unix system I have encounted comes with atleast Perl4, and many come with TCL. Perl is a standard environment and any correctly installed Perl should run a correctly written Perl script. I'd say that one can create a remailer/client in Perl that can be installed by almost anyone. (as long as you don't rely on "absolute" paths which change, or non-standard environment variables) > I'm glad lowering these transaction costs garnered a response. But > what I really want to see is, what did I forget about transaction > costs to use remailers? The biggest thing you're missing is the fact that many users can't even understand how to use LISTSERVs or run mail(1) To many people, typing "::\n request-remailing-to: xxxx" and encrypting it, then adding "Encrypted: PGP" is a huge transaction cost. I don't use remailers for similar reasons. A simple mod to the elm script, "mailpgp" which detects a remailer in the To: address, prompts you for "mail anonymously to? " and then does all the underlying remailer commands and chaining stuff automatically would be a huge benefit. Even better would be a script which asks you "Mail anonymously?" and if answered yes, it would automatically pick a remailer and do the nasty stuff. Emacs and Elm are pretty standard, plug in elisp/perl scripts would work fairly well to encourage remailer use but some evangelization would be required also to encourage use and educate. I once suggested that someone set up a porno-server on the remailer network as the ultimate carrot-and-stick method for getting people to use remailers. I still think this is a good idea. (after all, the two biggest uses of Julf's system I see are in the sex newsgroups and in IRC phreak/warez trading) -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From danisch at ira.uka.de Tue Apr 5 03:33:33 1994 From: danisch at ira.uka.de (Hadmut Danisch) Date: Tue, 5 Apr 94 03:33:33 PDT Subject: PGP mail disabled ??? Message-ID: <9404051031.AA00682@deathstar.iaks.ira.uka.de> Hi, someone in Germany was posting a message about his friends mail problems: He (the friend) very often has mail contact with another friend, but sometimes mail was lost. They found out that normal mail always works well and pgp encrypted mail always gets lost. Did anyone hear about machines which don't transport pgp encrypted mail? Hadmut From werner at mc.ab.com Tue Apr 5 05:57:38 1994 From: werner at mc.ab.com (tim werner) Date: Tue, 5 Apr 94 05:57:38 PDT Subject: Cyberspace, Crypto Anarchy, and Pushing Limits Message-ID: <199404051257.IAA13120@sparcserver.mc.ab.com> >From: Blanc Weber >Date: Mon, 4 Apr 94 22:18:07 PDT >Actually, some of us could become quite bored and decide to go to the >beach, instead. I'd rather be riding my bicycle. The beach is boring to me, and dangerous, what with all that UV. >Sometime, someday (when you least expect it), you'll have to come out >and do some 3-dimensional living. You mean like Doom, or Castle Wolfenstein, right? :) tw From eagle at deeptht.armory.com Tue Apr 5 06:39:32 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Tue, 5 Apr 94 06:39:32 PDT Subject: Cyberspace, Crypto Anarchy, and Pushing Limits Message-ID: <9404050639.aa05838@deeptht.armory.com> I was getting laid last night and I kept thinking, "Detweiler..." So this is getting a little weird for me. I got a proposition for you guys, just to cut down on the suspicion around here, (and it's justified suspicion). I live in Laramie, Wyoming- a mere 60 miles from Detweiler in Ft. Collins. Any time I get a notion to do so, I will go down to Ft. Collins, hunt down Detweiler like a crippled dog, and spit on him. Any time I get a notion to do so. That's what anarchy is all about. BTW- I'm up and around and headed for that Fed Reserve showdown at 10:00. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From m1tca00 at FRB.GOV Tue Apr 5 06:42:23 1994 From: m1tca00 at FRB.GOV (Tom Allard) Date: Tue, 5 Apr 94 06:42:23 PDT Subject: PGP mail disabled ??? In-Reply-To: <9404051031.AA00682@deathstar.iaks.ira.uka.de> Message-ID: <9404051338.AA05741@mass6.FRB.GOV> > > someone in Germany was posting a message about his friends > mail problems: > > He (the friend) very often has mail contact with another > friend, but sometimes mail was lost. They found out that > normal mail always works well and pgp encrypted mail always > gets lost. > > Did anyone hear about machines which don't transport pgp > encrypted mail? > Well, email can only transfer ASCII data, so my first guess would be that you forgot the '-a' option to apply ASCII armour. rgds-- TA (tallard at frb.gov) [awaiting approval of new disclaimer] pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6 DE 14 25 C8 C0 E2 57 9D From eagle at deeptht.armory.com Tue Apr 5 06:51:58 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Tue, 5 Apr 94 06:51:58 PDT Subject: Psychological Warfare Primer Message-ID: <9404050651.aa06077@deeptht.armory.com> Since we are engaged in Revolutionary War in Cyberspace, it would behoove us who are actively participating to have a delineation of strategy, tactics, and operations of guerilla warfare eidetic to this medium. Our Guerilla Warfare Operating Area, (GWOA), is the internet, with its peculiar strategic advantages and vulnerabilities. The genius of Patton's campaign in North Africa was the result of simple reading comprehension skills; he read Rommel's book. This primer on psychological warfare is prepared for your perusal offering fundamental intelligence to increase the probability of success in engagements with the competition. It's been said that every revolutionary was a patriot. Our competition has different ideas about patriotism and vastly superior resources. Little is known about the operations of the US intelligence community. If one is going to play hard ball with the big boys, one needs a general understanding of the game before the first pitch is thrown. The DOD view of Vietnam was essentially to train men and test new weapon systems. In this respect, the Vietnam War was quite successful. This point was reiterated ad nauseam during the Gulf War on a daily basis via a sharply censored 4th estate for the duration of conflict. The contrast of censorship in the interest of National Security between the Gulf War and Vietnam is quite marked. The DOD official statement the day of the initial bombing of Iraq made no mention of B-52 strategic bombing missions. Only the tactical missions were announced publicly. Bernard Shaw's awestruck reports from his hotel window in Tehran were broadcast live on CNN. With heightened exclamation he reported a new sound of the ensuing battle, a sustained roar like thunder that refused to quit. From the ground, a conventional B-52 strike is a quarter mile wide, 200 feet high, and travels at 700 mph. There is no sound on earth like it. Having known Pentagon spokesperson Pete Williams since high school, I found it vaguely amusing that he saw fit to inform the rest of the world of B-52 involvement in the bombing several days latter. In Vietnam, we had the grunt's down in the #10 latrine stepping on cockroaches piped into our homes by the US networks nightly. Occasionally the hands playing Cowboy's and Indian's, (LURP's- reconnaissance, locate and identify missions, as opposed to search and destroy), got some air time. Then there was the Harvard/Yale game. The public knew it existed, but heard very little about it. Spooks have their own language. The first principle of psychological warfare is to dehumanize the enemy. Everything is a football game to them. The Administration's policy decision on Clipper, 4 February 1994, would be a, "Double Whammy End Around." The FBI Digital Telephony Bill would be a, "Forward Pass." These analogies were expressed to the public by pilots returning from Persian Gulf combat missions during interviews. No big deal folks, just another football game, and we all know what fun football is! Surgical is not synonymous with random evisceration of innocent men, women and children. Remember the luckiest man in Iraq? Swartzkoff stood by a screen with laser guidance cross hairs centered on a bridge. As a vehicle entered the picture he drew our attention to it with his pointer and followed it's path directly through the center of the bull's eye. "And in his rear view mirror-" Stormin' Norman gloated, the entire bridge was annihilated. The truth of the Gulf War is just now leaking to the public. Let's take a look at the roster of the competition's coaches and quarterback strings. The heavy weights are the DIA, NSA, and CIA, in that order. The CIA is a central clearing house informed on a need to know basis. The NSA obviously has a clearer channel of classified access. The Defense Intelligence Agency, as has been published, is composed of several independent operations reporting to a specific Admiral or General, each with their own S-2 sections. Thus, operations are very difficult to compromise. The CIA is prohibited by its charter from engaging in domestic operations. The DIA is not. These folks are the best on the planet. The other day I was logged on in a friends account at an educational site showing her the ropes of Cyberspace. Out of curiosity I ran an arbitrary finger on the American Embassy in Moscow. Unbelievably, it worked famously. User names and real names of everybody logged on scrolled by on the screen. It's nice to live in an open society. Another friend stopped by and I attempted to demonstrate the phenomenon again. I swear to God, this time I popped up in the San Diego State educational computer. The third time I was dead in the water. The last log on in SDSU's computer was "COSOC Just Passing Through". If I remember my history correctly, this whole EFF thing started over the 911 codes being posted to Usenet. Instantaneous caller location identification capability became generally known. The idiot kid who threatened the president got an autoresponder from Whitehouse.gov that traces the message. Minimal leg work produced the actual perpetrator. The competition is hot, but our apparent vulnerability is our greatest strategic advantage. This is like being on Acid in 1964. We are doing nothing illegal! Cyberspace, in its present state, is a very wild and free place, not unlike the Wyoming high country a few miles from me. With diligence and fortitude, it will continue to be free. The spooks can tie up a tremendous amount of time and resources gathering intelligence on Cyberians rather easily. At present, an analysis of our actions boils down to private citizens well with in their rights doing nothing illegal. One would have to be completely brain dead not to have considered the populist power of the internet. It's guaranteed we will pry power from the intelligence community with much wailing and gnashing of teeth by minuscule increments. Our greatest tactical advantages are the speed of light and non location specificity. We are highly mobile in the field and wired as well as the competition. We are by nature decentralized and deployed for maximal survivability from nuclear attack. We are virtually immune from censorship due to the internal survivability architecture of the net. We're on our own turf. We've chosen our own battle ground, brought nothing unnecessary with us, and are ready to make our last stand here and now. We are defending our homeland from invasive attack, and the 4th estate is fully aware of this. Thomas Jefferson said, "When the press is free and every man able to read, all is safe." Our operations are multifaceted and independently organized. The CPSR petition and the EFF letter campaigns work in concert, yet have not the vaguest resemblance to a Civil War Pincer attack. They more closely resemble the jump and run tactics of the Viet Cong and NVA that gave the DOD fits on the battle field and in the press. We have the ability to concentrate a great number of people on a specific operation with the added fluidity of multiplicity of tasks. The concept of truly democratizing not only the United States but the entire planet is a tremendous vision. The collapse of a Union that built its SS-18 and SS-20 missile systems on what are essentially ripped off Pac Man chips has thrown a list to the global economy. Homeostasis is a principle of the universe. Time will restore a natural balance to everything. One small voice in Cyberspace becomes global interpersonal communication at the speed of light as the net grows geometrically. Global interpersonal communication is the greatest tool for world peace our species has ever known. We have the technology to achieve virtual collective consciousness on a planetary scale. The potential of the Electronic Revolution is awesome. Instead of electing an aristocracy who's choices are packaged by mass media marketing to govern us, we have the ability to transcend the physical limitations of deceptive appearance, and illuminate the truth of being through the digitized reflection of intelligence. As it stands now, the Russians pay an information tariff on every bit they transmit or receive. Their phone system is archaic. The infrastructure is neanderthal in comparison to the US. The closest approximation to a backbone they have is an Estonian site hanging by a 80Km fiber optic thread to Helsinki, and the Glasnet site in Moscow linked by a T1. I know what this net is capable of. Consider the invention of digitized satellite navigation. The first bird the Air Force sent up could simultaneously locate 4K automobiles on America's highways. The second bird up could simultaneously locate every single vehicle on the interstate highway system. I'm one small voice in Cyberspace speaking only for myself. Psychological Warfare is the way to fly in the Electronic Revolution. When the competition has been playing hardball with the big boys globally without equal, we would to well to play Medicine Ball with the Gods instead. Keep your personal visions of justice and reciprocity tempered by altruism in your hearts, and fare you well, my compatriots. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From frissell at panix.com Tue Apr 5 07:56:15 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 5 Apr 94 07:56:15 PDT Subject: Economic assumptions Message-ID: <199404051455.AA12560@panix.com> F >There's a piece by Kevin Kelly called "Network Economics" in the F >latestWhole Earth Review, about how better communications tech and F >changed business practices lower transaction costs and (along with F >competition and the pace of things these days) are pushing down the F >optimum size of businesses. F > F >-fnerd F >quote me Likewise "The Incredible Shrinking Company" from THE ECONOMIST of DECEMBER 15, 1990. "Computers were supposed to centralise decision-making and produce ever, bigger firms. They seem to have done just the opposite Peering into its crystal ball in 1958, the Harvard Business Review said that computers would revolutionise American business. By the end of the 1980s they would ensure that American business would be concentrated as never before. The economy would be dominated by a few giant firms. Within each firm important decisions would be made by a handful of executives with access to the firm's single, big computer. The exact opposite has occurred. In America the average number of employees per firm has been falling since the late 1960s; but more and more of those employees have a computer on their desk." DCF --- WinQwk 2.0b#1165 From habs at warwick.com Tue Apr 5 08:01:02 1994 From: habs at warwick.com (Harry Shapiro Hawk) Date: Tue, 5 Apr 94 08:01:02 PDT Subject: Re(2): Economic assumptions Message-ID: <9404051435.AA01257@warwick.com> Evil Pete says: > > I can imagine that bandwidth in the fibersphere for text transmission > > will be too cheap to meter, which means that the cost of metering ------ From: imsi.com!perry at panix.UUCP, Tue, Apr 5, 1994 ------ @ Abeen some years since I noticed the cost of my electric bill. Now, @ admittedly, I'm a fairly well off person, but were my communications @ costs for a very wide band fiber connection, even if usage based, as @ low as that for my electric usage, I would never notice the cost. Interesting to note here, is that if you are paying by the bits for an Movie (full lenght feature film, etc.) and its TOTAL cost is around 3 or 4 dollars, than the cost of voice phone calls and test transfer would be ALMOST to cheap to calculate. It has been discussed that one results is your "network provider" may effectly GIVE you free long distance service if you, for examply, buy your movie "rentals" from him/her. Harry Shapiro Hawk Manager of Computer Services Warwick Baker & Fiore habs at uucp.warwick.com From hfinney at shell.portal.com Tue Apr 5 08:44:53 1994 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Tue, 5 Apr 94 08:44:53 PDT Subject: Economic assumptions Message-ID: <199404051545.IAA01792@jobe.shell.portal.com> From: hughes at ah.com (Eric Hughes) > I point out this doesn't help if you don't know where the first > remailer is. What I was specifically referring to was public > education. Were remailers ubiquitous, there would be a chapter on > them in each of the latest rage of 'how to use the internet' books. > They could be a well-used service, like archie. > > In fact, they are not. There are numerous reasons for this, some of > which are self-referential (as in, there aren't a lot of remailers > yet) and some of which are not. For example, there's no FAQ for > comp.mail.remailer, because there's no such group. Why shouldn't > there be? There is alt.privacy.anon-server. BTW, while reading some postings in that group just now I noticed that yesterday was the first birthday of the jarthur remailer's key. Happy Birthday! Actually, I don't think most people are interested in remailers yet. Most people can't even use encryption. I view encryption as being a first step towards privacy, with remailers being a second step, protecting the destina- tion of a message like encryption protects its contents. Also, without encryption the protection provided by a remailer is not very great. OTOH, I could see someone arguing that remailer use, even without encryption, is an important privacy technology in its own right, as we have seen with anon.penet.fi. The privacy provided by that system may not be defensible against a powerful agency which can tap network links, or even for hackers who can forge mail, but it is enough for most people, most of the time. Eric spoke of transaction costs in using the remailers, but to me the biggest problem is obvious: there is no system that I know of that allows me to send or post a message pseudonymously, such that no one person knows the mapping of my pseudonym to my true name. I know that a lot of people have been talking about new systems lately, so maybe I am wrong about this. Ray's proposal would allow it, with his virtual encrypted addresses, but that is not running yet. I think this is the biggest barrier to using pseudonymous communications. Another thing worth noting is that pseudonymity has a terrible reputation on the net. Look at the complaint we saw here from Stewart Brand a few days ago. And unfortunately, it does seem that most anonymous postings are of very low quality, at least in the groups I read. Perhaps we need a concerted effort to make high-quality anonymous/pseudonymous postings in order to improve the reputation of this technology. Maybe then the books will start writing about it. (The recent newspaper article posted here was as favorable a treat- ment of the topic that I have seen.) Hal From mech at eff.org Tue Apr 5 09:18:33 1994 From: mech at eff.org (Stanton McCandlish) Date: Tue, 5 Apr 94 09:18:33 PDT Subject: Detweilering (was Re: Positive uses for PGP) In-Reply-To: <9404031439.AA03546@vail.tivoli.com> Message-ID: <2ns300$mro@eff.org> In article , Robert A. Hayden wrote: >On Sun, 3 Apr 1994, Mike McNally wrote: > >> I'm not Detweilering; I speak of the ostensible use of the signature >> chain.) > >Detweilering? > >Sounds like an entry we need to get put into future versions of a Jargon >File. Certainly, but as I recall it was "to detweil", rather than "to detweiler", though the latter should probably be recorded as a "dialectal variation". Someone needs to come up with a precise definition, and I'll submit it for the Jargon file. I think some old posts using the term would be of value for authenticating it. [NB: I have a far less dim view of LD that most of you, since I've seen him do useful work, so it's nothing personal. The word detweil, however, is an honest-to-goodness incidence of a new term arising in the language of it's own accord, regardless of how anyone feels about it, so it ought to be recorded for posterity.] -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G O P E N P L A T F O R M O N L I N E R I G H T S V I R T U A L C U L T U R E C R Y P T O From frissell at panix.com Tue Apr 5 10:12:10 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 5 Apr 94 10:12:10 PDT Subject: The AntiCash Message-ID: <199404051711.AA07997@panix.com> To: cypherpunks at toad.com T >Does this system provide _any_ protection against fine-granularity T >monitoring of payer identity? Most current phone card systems allow the cards to be purchased for cash. The French VISA electronic purse smartcard assumes an account relationship with the bank as does the Nat West Monex system proposed for the UK. T >Scary Scenario: This could be the vehicle for the long-rumored T >"banning of cash." (Just because conspiracy theorists and Number of T >the Beast Xtian fundamentalists belive it doesn't render it T >implausible.) Since none of the proposed systems involve physiologic identification, they could function as cash just by giving the card+pin to someone else. Depends on what you have to do to refill them. Can they be refilled from any account or only from one account. Is it economic to just throw them away when empty. The Monex system allows two "purses" to make an exchange without an intermediate device. More cashlike. Since in America, today, one can obtain a (secured) VISA card in a nome de guerre, use phone cards bought for cash, and (soon) use VISA's own "electronic traveller's cheques" ( basically a throw away VISA card), I don't see vast privacy problems with these forms of payment. T >Make no mistake, this is not the digital cash that Cypherpunks T >espouse. This gives the credit agencies and the government (the two T >work hand in hand) complete traceability of all purchases, automatic T >reporting of spending patterns, target lists for those who frequent T >about-to-be-outlawed businesses, and invasive surveillance of all T >inter-personal economic transactions. T > T >This is the AntiCash. T > T >Beware the Number of the AntiCash. T > T > T >--Tim May Time for one of my screeds on why it doesn't matter. "Jim" our tame FBI agent at CFP '94 said that the FBI did 500 wiretaps (that they'll admit to) and one datatap in 1993. He said that they can only find someone willing to do about one datatap a year because it takes an incredible amount of time to go through the logs and there's rarely anything interesting. (Pause while hundreds scream that they will be able to deploy fabulous AI programs to scan everything and arrest everyone and convict everyone and throw everyone in jail.> 1) They don't have the fabulous AI programs yet. 2) AI programs can't bust anyone until Robocop arrives on the scene and Robocop can't (easily) bust people outside of the jurisdiction. 3) If you run AI software against something as complex as human society, you get loads of hits. So you tighten your parameters until you only get the number of hits that you can handle. 4) The feds can only investigate, bust, convict and imprison a comparatively few people a year. (The US couldn't even pull off a decent version of The Holocoust these days. It would cost too much. WACO was 80 some odd dead and it must have cost the feds $millions.) 5) AI programs *can* be used to "punish" people by withdrawing government "benefits" automatically from miscreants. This is a form of "punishment" that we can favor because it adds to the pool of those living independent lives. 6) Communication itself is the most dangerous activity driven by modern technology and it is very hard to outlaw. Communication=trade=society. 7> Communication leads to dangerous economic and social changes like action at a distance, multiplication of entities, and the ability to homestead new "space" in territory unclaimed (because uncreated) by any national state. These are generally not illegal, however. 8) Peasants bound to the soil have very few "communications sessions." They are restricted to just a few options in life yet Machiavelli had to write a whole book about the challenges involved in ruling a society in which 95% of the population was stuck in place. 9) In a few years, 2-3 billion people will be wired and capable of scores of transactions/day with other people/entities anywhere on earth. Who will/can control that volume of transactions. 10) As artificial entities/agents proliferate, it seems likely that the "average institutional size" (natural persons per organization) will be *less* than 1. If I deploy 7 software "agents".... 11) Market Earth (and the "Cybermarches" that will be its constituent parts) is too complex to rule. Duncan Frissell "We're going to free you sons of bitches whether you want to be freed or not." --- WinQwk 2.0b#1165 From frissell at panix.com Tue Apr 5 10:12:15 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 5 Apr 94 10:12:15 PDT Subject: VISA Electronic Purse Message-ID: <199404051711.AA07994@panix.com> To: cypherpunks at toad.com For personal use only as directed... Heading #1 Search: 04-05-1994 10:09 ^S/^Q: start/stop; ^C/: interrupt; ^T: Paging ON/OFF 2185964 PERSONAL FINANCE - Seeking the Card That Would Create A Cashless World. The Washington Post, April 03, 1994, FINAL Edition By: Albert B. Crenshaw, Washington Post Staff Writer Section: FINANCIAL, p. h01 Story Type: News National Line Count: 105 Word Count: 1164 Now that credit cards are in the hands of virtually every living, breathing adult in the country-not to mention a lot of children and the occasional family pet-and now that almost as many people have ATM cards, card companies are wondering where future growth will come from. At *Visa* International, the answer is: Replace cash with plastic. Last month, the giant association of card issuers announced it had formed a coalition of banking and technology companies to develop technical standards for a product it dubbed the "Electronic Purse," a plastic card meant to replace coins and bills in small transactions. A second coalition of manufacturers and suppliers will seek to develop low-cost equipment for use with the card. The concept is much like a Metro Farecard. Consumers would prepay-or electronically "load"-the card with a small sum, typically $40 or less, according to *Visa* officials, and carry it with them to use in pay telephones, highway toll booths, vending machines, parking meters and thousands of other small-ticket transactions. Unlike a Farecard, though, the card would be reusable. It would contain a memory chip that could exchange information with bank ATM terminals for "loading" and with terminals at vending machines and other places for payments. *Visa* envisions it both as a stand-alone product and as a feature that could be incorporated into credit or ATM cards. "There are a number of benefits to different players" in the market, said Albert Coscia of *Visa*. In theory, machines that would take the "electronic purse" would be used with small-change kinds of devices, such as phones and parking meters, so for consumers, it would eliminate the problem of having the right change. In addition, depending on what consumers want and what the technology can accomplish, the cards might have other features, such as the ability to remember specific transactions so that a consumer could keep track of exactly what he or she spent the money on and where. Budget-conscious individuals or business travelers doing their expense accounts might find that very appealing. For vendors, the card would cut the need for sorting and counting coins and carting them to the bank. The day's transactions would be totaled instantly. Also, vendors would be less likely to lose sales because a potential customer didn't have change. Since transactions would be electronic, it would be tougher for employees or others to dip their hands into the till. But while the idea certainly has appeal, it is far from certain that *Visa* and its allies can make it fly. People have been talking about a cashless society for years, but the number of cash and check payments continue to dwarf those made on plastic. Robert B. McKinley of Ram Research Corp., a Frederick research and publishing company that tracks the credit card market, noted that putting in all the terminals and other equipment "has a horrendous price to it." In addition, he said, "smart cards," those with chips in them, have in the past proved expensive to make and easy to break. Also, a smart card that replaced all your credit and debit cards as well as checks and cash would become "a gateway to your entire financial being, and without some kind of safeguards," loss or theft of the card could be a disaster, he said. Putting in safeguards such as a personal identification number (PIN) would make the card cumbersome to use for small transactions and require more elaborate equipment at the point of sale. The card "certainly (could be) a personal financial management tool" and might evolve into a global payment system-*Visa*'s goal-but it has a long way to go, McKinley said. "It's all pretty much concept stuff right now." *Visa* concedes that there are major technical and market hurdles to overcome. Coscia said the company expects that the concept will spread faster in other countries where telecommunications and on-line systems-that allow instant credit checks and debit transfers-are less developed and less established. Where such systems are not as advanced, off-line systems such as the Electronic Purse are more appealing because they offer the merchant the assurance of payment without external verification. Cards containing microchips cost anywhere from $3 to $8, depending on the sophistication of the electronics, but *Visa* officials said they think that with the volumes they envision, the cost would drop to around $1. Coscia also said that pilot programs in Europe indicate that the physical durability of the cards is improving. "Dropping it won't wipe it out," he said. He indicated that some of the apparent conflicts might be resolved through technology; perhaps it could require a PIN for credit and debit transactions but not for those that tap the prepaid funds carried in the card. As chips become more and more sophisticated, more alternatives become possible, he said. Coscia said *Visa* doesn't expect the Electronic Purse to come into widespread use for years. The purpose of the alliance is to develop standards that would ensure that cards and terminals could talk to each other no matter who makes them or country they are in. "We want to eliminate the possibility that someone gets too far down the road" with a system that is incompatible with others, as happened in videocassette recorders with the VHS and Beta formats, he said. He said the consortium hopes to have its first pilot application of its new standards operating by the end of next year. Besides *Visa*, the consortium includes two large U.S. banking companies-NationsBank Corp., based in Charlotte, N.C., and Wachovia Corp., based in Winston-Salem, N.C.-as well as Electronic Payment Services Inc. of Wilmington, Del. The non-U.S. members are Banksys of Brussels; Financial Information Systems Center of Taipei, Taiwan; Groupement des Cartes Bancaires of Paris; Sociedad Espanola de Medios de Pago of Madrid; and Sociedade Interbancaria de Servicos of Lisbon. The consortium will accept other members in the future, *Visa* said. Both critics and proponents of the Electronic Purse point to the debit card as instructive. The technology to use debit cards at the point of sale-that is, to transfer payment from the customer's bank to the merchant's bank right on the spot-was around for years before they came into widespread use, such as at many grocery stores. It was the growth of one form of debit card-the ATM card-that finally pushed them into general use. Proponents look at that history and say it is only a matter of time, while critics argue that unless some particular use comes along to give it a shove it may never go anywhere. Ultimately, *Visa* hopes to become a true international payments system. Consumers could use its cards for credit or debit transactions or in place of cash and get a single statement with all the currency conversions already done. "If you look at payment alternatives, with a credit card you pay later, with a debit card you pay now, and with a prepaid card you pay before," Coscia said. CAPTIONS: CHANGING PURCHASE PATTERNS (Graphics are not available.) Jerry Edwards helps Isabel Ernst use a credit card at the Georgetown Safeway. Card issuers are now looking beyond credit cards to a card to replace coins and bills in small transactions. ORGANIZATION NAME: *VISA* INTERNATIONAL DESCRIPTORS: Credit cards; Banking industry; Money --- WinQwk 2.0b#1165 From pcw at access.digex.net Tue Apr 5 10:23:43 1994 From: pcw at access.digex.net (Peter Wayner) Date: Tue, 5 Apr 94 10:23:43 PDT Subject: Economic assumptions Message-ID: <199404051723.AA09478@access1.digex.net> >F >There's a piece by Kevin Kelly called "Network Economics" in the >F >latestWhole Earth Review, about how better communications tech and >F >changed business practices lower transaction costs and (along with >F >competition and the pace of things these days) are pushing down the >F >optimum size of businesses. >F > >F >-fnerd >F >quote me > >Likewise "The Incredible Shrinking Company" from THE ECONOMIST of DECEMBER >15, 1990. > >"Computers were supposed to centralise decision-making and produce >ever, bigger firms. They seem to have done just the opposite > >Peering into its crystal ball in 1958, the Harvard Business >Review said that computers would revolutionise American business. >By the end of the 1980s they would ensure that American business >would be concentrated as never before. The economy would be >dominated by a few giant firms. Within each firm important >decisions would be made by a handful of executives with access to >the firm's single, big computer. > >The exact opposite has occurred. In America the average number of >employees per firm has been falling since the late 1960s; but >more and more of those employees have a computer on their desk." > >DCF > > > >--- WinQwk 2.0b#1165 > > I think we should be careful here. Yes, the big companies are getting smaller, but that doesn't mean that we're not seeing centralization. You might argue the exact opposite: The economy is becoming _increasingly_ centralized and the computers and automation are allowing the large companies to cut out even more people. Consider some facts. Microsoft and Intel dominate the microcomputer market. The auto market in the US expanded over the last several years because more imports started arriving, but now the global auto capacity is really much too large. That's why Jaguar, Lotus and many of the other brands are now just divisions of the large companies. This will continue to happen as the auto companies merge and cross purchase shares. In the airplane market, Boeing is considering pooling resources with one of its two major competitors, Airbus, so the two can design the next big plane. Yes, there are many small, new companies, but I think this is largely because of other considerations. It is much cheaper for companies to hire contractors than employees. The high cost of benefits makes it easier to shed the people and make them fend for themselves. Plus, the affirmative action and other discrimination laws makes it difficult if not impossible to fire anyone but a young, straight, white man without worrying about a discrimination suit. These are the principle reasons why the corporations don't have many employees. From jim at bilbo.suite.com Tue Apr 5 10:49:37 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Tue, 5 Apr 94 10:49:37 PDT Subject: Headline News Message-ID: <9404051739.AA20029@bilbo.suite.com> [My apologies if you see this twice. I think the first attmpt got lost when our system went down earlier today.] At around 9:45 AM Central DST today, Headline News displayed the following "Factoid": [from memory] -------------- Two-thirds of US residents say cell phone privacy is more important than police ability to wiretap phones. - source: Yankelovich Partners -------------- Jim_Miller at suite.com From cfrye at ciis.mitre.org Tue Apr 5 11:06:33 1994 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Tue, 5 Apr 94 11:06:33 PDT Subject: Sen. Kennedy Uses Code to Disguise Personal Data! Message-ID: <9404051815.AA07602@ciis.mitre.org> Fellow 'punks - This comes from the National Journal and it sure as hell ain't an April Fools Day joke. Read the last line carefully! -----No. 5 of 40------------------------ 04/02/94 -- (C) 1994 National Journal (LEGI-SLATE Article No. 201346) Inside Washington - Here's a Real Weighty Matter "National Journal" Saturday, April 2, 1994 Page 759 Sen. Edward M. Kennedy, D-Mass., used the recent death of Senate gym attendant Troy Brown as an opportunity to discuss his own much-noted waistline problems. Brown, Kennedy told his colleages in late March, helped him monitor his tendency "to gain a few pounds on occasion." While reassuring the Senator that it had been OK to graze on eggs Benedict that morning, Brown discreetly recorded Kennedy's weight in the back of the gym book so that no other Senator could see them. "I knew he was on my side," Kennedy added, "when he volunteered to keep my numbers in code." -- Best regards, Curtis D. Frye - Job Search Underway!!! cfrye at ciis.mitre.org or cfrye at mason1.gmu.edu "Here today, gone ?????" From tmp at netcom.com Tue Apr 5 11:17:44 1994 From: tmp at netcom.com (tmp at netcom.com) Date: Tue, 5 Apr 94 11:17:44 PDT Subject: going in anarchic circles Message-ID: <199404051818.LAA17079@netcom9.netcom.com> From: Grand Epopt Feotus <68954 at brahms.udel.edu> > I comprehend my own brand of crypto/cyber-anarchy. I > personally do not go for any of the regulations or > "protections" that have been proposed so far. IMO, if > you want to put your machine on the net, take your > chances. It's getting very cheap to set up a node now, > and if I choose to do so I would not take kindly to any > restrictions upon my activity, be it legal, or illegal > even. ok, suppose that every internet company decided that they would install `fingerprint keyboards' and require use of them by users. these keyboards sense your fingerprints as you type on the keyboard and can be used to reject users not authorized to use a given account. they simply tell people who do not want to use the system, `tough luck'. in a sense, this is something like how our social security system and drivers licensing works today. there are few (legal) alternatives to them. so, how do you get a connection to this net? you are probably going to propose `starting a new net without these draconian restrictions'. but what you have done is propose a new set of rules -- `we don't need no stinkin rules'. how is your system going to deal with sites that corrupt passed mail? that harbor hackers and crackers? it really amazes me guys, but if you think the internet is some kind of anarchy right now,you are completely mistaken. you agree to a set of rules when you join the net. those rules are set by your provider. you agree not to corrupt mail you forward, don't mailbomb usenet, etc. currently there are many `unspoken rules' -- but it makes sense for them to be codified so that everyone understands what they can expect of each other. there is no guarantee of your access to the current net. doesn't that seem kind of fragile? you think you don't have to have any faith? it seems you have a lot of faith you will always be able to get a connection to the internet. why not try to set up a system or organization that is committed to formalizing the rights and expectations of users on the net and specifying what constitutes `basic access'? > Myself, I would much rather take the lumps of some > abuse, rather than have ANY regualtion put on my usage of > my personal node, or interaction between connected nodes. ok, so i set up a node that randomly corrupts all the mail that i pass through my site. i mailbomb the cypherpunks list and all the remailers. how do you deal with it? you send shrieking mail to all my upstream site providers asking them to yank me. what if i have bribed them all very lucratively? what if they decide that you don't pay enough, so they are going to yank you instead? (not worth the hassle of your insults, after all) what if i have dozens of accounts on different public domain sites? i seem to be going in circles here. > This makes room for alot of abuse, I admit that, but I > just don't see how all these Bill-O-CyberRights stuff, > and CyberKommunity will work when your dealing with a > space that has no boundary. This is a metric space, whos > distances are measured in connectivity, there are no real > boundaries as the are easily breached and morphed. excuse me, mr. idealist, but you live in a world that no one would recognize as their own. cyberspace exists only because people have constructed it. you cannot escape that interaction of a community. no man is an island. what guarantees you will have a connection to the network today? absolutely nothing. it is just your faith in the great cybergods. cyberspace is nothing but crystallized human interaction. how do you deal with the `pathological' cases of human behavior such as harassment, terrorism, censorship, etc? > How the hell are you going to evict > me if I break one of the laws? There is no way you can > develop a fool-proof system to control use, I even > seriously doubt you can install a shitty system even. unix passwords represent a reasonable amount of security. they prevent me from hijacking your account. more sophisticated levels exist. look, you are evicted from your apartment if you don't pay your rent. it is just as simple to evict someone from their cyberspatial connection, and throw out all their furniture on the street!! believe me, it has happened to me twice!! > Basically if I want to do something, it will get done. > The whole concept of a police force controlling > cyberspace is a leap back about a billion evolution > cycles. You can't patrol an amorphous blob. don't think of it as `us vs. them'. think of it as `us' erecting our own framework of self-regulation. it would allow `us' to get rid of the detweilers of the world in our community. cyberspace is not an amorphous Gibsonian blob!! it is a physical infrastructure policed by humans as simply as our physical roads are!! the police already exist, they are called `system administrators', except they have no uniform code of conduct today, except `if something pisses me off, disconnect it'. > If they dont like what my node is doing, than cut > connections to my node. what if you wake up one day and find that all the people you want to talk to, and you thought were your friends, all on a separate network, and you are isolated with Detweiler, Depew, Morris, and Mitnick on the AnarchyNet? > I would > actually prefer the possibility to Detwielering so to > speak,than to allow someone to try and control this. If hee, hee, suit yourself.... > You are unable to hold someone > accountable for their own deeds in a space like > kyberspace where psuedonyms are part of the fabric of the > space. cyberspace is what we make it. if no name is ever connected to a human, it can be constructed that way. if identity is important (as most of human history seems to imply) we can translate it into the new realm. but you are continuously mixing up what is possible with what you want. if you don't want something that is possible, then it's possibility is irrelevant. why don't you just preface your remarks by saying `i only want a version of cyberspace where no one is responsible for their actions!!' and i'd just leave it alone. as it stands you argue that cyberspace = anarchy by definition. i cannot agree. this dialogue appears to be at the point of arguing two different religions, so it is not very fruitful for any of us, but if grand epopt feotus represents the basic cypherpunk views, then i find it all very fascinating. you guys realize that you have a very unusual culture that is highly distinct from virtually any other culture ... at least that i am aware of. you do seem to have some parallels to the russian nihilists, some of the libertarians, some of the anarchists, but you have a very distinct blend of it .... anyway, it is all kind of bizarrely alien to me, so maybe i will check out that cyberwonk group or whatever that eli brandt mentioned and see if anyone there is on the same wavelength. pseudonymously yours, --tmp From jim at bilbo Tue Apr 5 11:22:57 1994 From: jim at bilbo (Jim Miller) Date: Tue, 5 Apr 94 11:22:57 PDT Subject: Headline News Message-ID: <9404051521.AA17714@bilbo.suite.com> At around 9:45 AM Central DST, Headline News displayed the following "Factoid": [from memory] ------------- Two-thirds of US residents say cell phone privacy is more important than police ability to wiretap phones. source - Yankelovich Partners ------------- Jim_Miller at suite.com From whitaker at dpair.csd.sgi.com Tue Apr 5 11:25:09 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Tue, 5 Apr 94 11:25:09 PDT Subject: Sen. Kennedy Uses Code to Disguise Personal Data! In-Reply-To: <9404051815.AA07602@ciis.mitre.org> Message-ID: <9404051123.ZM16383@dpair.csd.sgi.com> On Apr 5, 2:15pm, Curtis D. Frye wrote: > Subject: Sen. Kennedy Uses Code to Disguise Personal Data! > Fellow 'punks - > > This comes from the National Journal and it sure as hell ain't an April > Fools Day joke. Read the last line carefully! [text elided for brevity] >"I knew he was on my side," Kennedy added, "when > he volunteered to keep my numbers in code." > So, just how is this to be taken? I don't understand, Curtis. Do you know something about Kennedy's position on issues of information privacy that you'd like to expand on here? Kennedy's comment seems more of an inconsequential offhand remark. Russell >-- End of excerpt from Curtis D. Frye -- Russell Earl Whitaker whitaker at sgi.com Silicon Graphics Inc. Technical Assistance Center, Mountain View CA ================================================================ #include From pcw at access.digex.net Tue Apr 5 11:33:18 1994 From: pcw at access.digex.net (Peter Wayner) Date: Tue, 5 Apr 94 11:33:18 PDT Subject: VISA Electronic Purse Message-ID: <199404051832.AA13961@access1.digex.net> >At *Visa* International, the answer is: Replace cash with plastic. > > Last month, the giant association of card issuers announced >it had formed a coalition of banking and technology companies to >develop technical standards for a product it dubbed the >"Electronic Purse," a plastic card meant to replace coins and bills >in small transactions. Gosh, how many Real Men are going to carry an electronic "purse?" From tmp at netcom.com Tue Apr 5 11:36:39 1994 From: tmp at netcom.com (tmp at netcom.com) Date: Tue, 5 Apr 94 11:36:39 PDT Subject: nsa digital cash? Message-ID: <199404051837.LAA20193@netcom9.netcom.com> ok, so the nsa looked at commercial cryptography and said, `we need to control it'. and out pops clipper (quite an ugly baby, eh?) this makes me wonder. i bet that they see that announcement by visa for `digital cash' and go crazy. they are already thinking of how to put clipper into a nationwide digital cash system, don't you think? this brings up some serious issues. i doubt it will be long before there are some official government agencies developing the official u.s. digital cash system. in fact, it wouldn't surprise me if there are divisions in the nsa dedicated to doing it *this moment*. if there are any non-nsa agencies, too, the nsa will probably `pull an nist' and dominate their development. how? send in a few austere-looking spooks and speak in phrases like `imperative to national security' and `presidential directive' and *boom* the flimsy bureacrats are putty in their hands. so would anyone like to wager? i'd say that we have an official government group dedicated to digital cash standards in say, 4 years, with an official agency in say, 7 years. cpunks, are you going to be ready by then with your own cash? btw, could someone tell me how the proposed visa cash system is different than debit cards (which exists today)? From cfrye at ciis.mitre.org Tue Apr 5 11:47:47 1994 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Tue, 5 Apr 94 11:47:47 PDT Subject: Sen. Kennedy Uses Code to Disguise Personal Data! Message-ID: <9404051856.AA08171@ciis.mitre.org> >So, just how is this to be taken? Just as a bit of humor, not meant to be taken seriously. I left out the smilies where I guess I shouldn't have :-). -- Best regards, Curtis D. Frye - Job Search Underway!!! cfrye at ciis.mitre.org or cfrye at mason1.gmu.edu "Here today, gone ?????" From tcmay at netcom.com Tue Apr 5 12:02:36 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 5 Apr 94 12:02:36 PDT Subject: Psychological Warfare Primer In-Reply-To: <9404050651.aa06077@deeptht.armory.com> Message-ID: <199404051903.MAA26592@mail.netcom.com> Thanks to Jeff Davis for writing such an interesting essay! --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From strat at uunet.uu.net Tue Apr 5 12:08:40 1994 From: strat at uunet.uu.net (Bob Stratton) Date: Tue, 5 Apr 94 12:08:40 PDT Subject: one small comment about a big problem In-Reply-To: <199404051818.LAA17079@netcom9.netcom.com> Message-ID: <9404051908.AA13274@odin.UU.NET> >>>>> "tmp" == tmp writes: ... tmp> unix passwords represent a reasonable amount of tmp> security. they prevent me from hijacking your account. more tmp> sophisticated levels exist. I would take issue with this statement on its face. I refer you all to the recent House hearings on Internet Security, and the statements made by all of the panel members. Reusable passwords are dead. Anyone who insists on using them is part of the problem, not part of the solution. If you won't do it for yourself, do it for your neighbors who will be attacked from your site. --Strat From cs000rrs at selway.umt.edu Tue Apr 5 12:25:55 1994 From: cs000rrs at selway.umt.edu (Ryan Snyder--Consultant) Date: Tue, 5 Apr 94 12:25:55 PDT Subject: CRYPT Message-ID: I am trying to crack a textfile which has been encrypted with a program (for the IBM) called CRYPT. Can anyone help me with a method, a program which will break it, or a pointer to more information on how I might go about it? Thanks in advance. Ryan Snyder, Consultant | --->Finger me for my PGP public key.<--- ___ University of Montana CIS| |\ /| CS000RRS at SELWAY.UMT.EDU | Copyright 1994 by Ryan R. Snyder. | 0 | RYE at ILLUMINATI.IO.COM | |/_\| RYE at CYBERSPACE.ORG | From hughes at ah.com Tue Apr 5 12:45:27 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 5 Apr 94 12:45:27 PDT Subject: CRYPT In-Reply-To: Message-ID: <9404051932.AA10374@ah.com> >I am trying to crack a textfile which has been encrypted with a program >(for the IBM) called CRYPT. The first thing you want to know is what the underlying algorithm used was. The documentation might tell you. The source code would tell you. Disassembled object code would also tell you. Do you have any of these? Eric From nobody at soda.berkeley.edu Tue Apr 5 12:48:19 1994 From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu) Date: Tue, 5 Apr 94 12:48:19 PDT Subject: The AntiCash -- was: Electronic Purse Press Release Message-ID: <199404051948.MAA06688@soda.berkeley.edu> Will I be able to buy these cards with (real, physical) cash at local stores? Will I be able to swap them with strangers? From hughes at ah.com Tue Apr 5 12:49:32 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 5 Apr 94 12:49:32 PDT Subject: nsa digital cash? In-Reply-To: <199404051837.LAA20193@netcom9.netcom.com> Message-ID: <9404051937.AA10400@ah.com> >i doubt it will be long before there >are some official government agencies developing the official u.s. >digital cash system. This statement betrays an enormous ignorance at the scale of Federal involvement in retail transaction systems. The Fed operates Fedwire, for moving federal funds around, and also does check clearing at the national level. All the retail level transaction systems are in private hands, be they ATM networks and consortia or the credit card companies. Eric From jim at rand.org Tue Apr 5 12:49:33 1994 From: jim at rand.org (Jim Gillogly) Date: Tue, 5 Apr 94 12:49:33 PDT Subject: CRYPT In-Reply-To: Message-ID: <9404051949.AA03223@mycroft.rand.org> > Ryan Snyder--Consultant writes: > I am trying to crack a textfile which has been encrypted with a program > (for the IBM) called CRYPT. Can anyone help me with a method, a program > which will break it, or a pointer to more information on how I might go > about it? Thanks in advance. If that's the program I wrote back in '82 called CRYPT and marketed through the Software Toolworks and Norell Data Systems, then you should be able to break it with crib dragging, if you know enough plaintext. It XORed the output of a linear feedback shift register against the text. The documentation listed that attack under "bugs". Depending on how you select keys, it might be easier to brute force it against a dictionary. If that's not the program, try giving more identification on it... Jim Gillogly Highday, 14 Astron S.R. 1994, 19:48 From hughes at ah.com Tue Apr 5 12:50:16 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 5 Apr 94 12:50:16 PDT Subject: VISA Electronic Purse In-Reply-To: <199404051832.AA13961@access1.digex.net> Message-ID: <9404051937.AA10417@ah.com> >Gosh, how many Real Men are going to carry an electronic "purse?" Probably the same number of Real Women that are going to carry an electronic "wallet". Eric From pcw at access.digex.net Tue Apr 5 13:04:39 1994 From: pcw at access.digex.net (Peter Wayner) Date: Tue, 5 Apr 94 13:04:39 PDT Subject: VISA Electronic Purse Message-ID: <199404052004.AA21158@access1.digex.net> >>Gosh, how many Real Men are going to carry an electronic "purse?" > >Probably the same number of Real Women that are going to carry an >electronic "wallet". > >Eric Most women I know carry a "wallet" in their "purse". From frissell at panix.com Tue Apr 5 13:07:53 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 5 Apr 94 13:07:53 PDT Subject: The AntiCash -- was: Electronic Purse Press Release In-Reply-To: <199404051948.MAA06688@soda.berkeley.edu> Message-ID: On Tue, 5 Apr 1994 nobody at soda.berkeley.edu wrote: > Will I be able to buy these cards with (real, physical) cash > at local stores? Will I be able to swap them with strangers? > > Maybe. It depends on how the system is devised. The From m1tca00 at FRB.GOV Tue Apr 5 13:24:24 1994 From: m1tca00 at FRB.GOV (Tom Allard) Date: Tue, 5 Apr 94 13:24:24 PDT Subject: Sen. Kennedy Uses Code to Disguise Personal Data! In-Reply-To: <9404051815.AA07602@ciis.mitre.org> Message-ID: <9404052021.AA19826@mass6.FRB.GOV> > [...] "I knew he was on my side," Kennedy added, "when > he volunteered to keep my numbers in code." I think this should get Phil Zimmermann's award for best crypto-application... rgds-- TA (tallard at frb.gov) [awaiting approval of new disclaimer] pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6 DE 14 25 C8 C0 E2 57 9D From werner at mc.ab.com Tue Apr 5 13:30:33 1994 From: werner at mc.ab.com (werner at mc.ab.com) Date: Tue, 5 Apr 94 13:30:33 PDT Subject: CRYPT Message-ID: <9404052030.AA00496@werner.mc.ab.com> >Date: Tue, 5 Apr 1994 13:25:38 -0600 (MDT) >From: Ryan Snyder--Consultant >I am trying to crack a textfile which has been encrypted with a program >(for the IBM) called CRYPT. Can anyone help me with a method, a program >which will break it, or a pointer to more information on how I might go >about it? Thanks in advance. This reminds me of cwb, I think, or else it's cbw (stands for codebreaker's workbench), that is supposedly a tool for breking crypt-ed text. I tried to make this tool work a couple of times, and never got it working. One fellow I corresponded with said it worked for him right out of the box. I eventually decided that it didn't work for me at least partly because it was too dependent on the vt220 display. I never actually ran it on a vt220. Did anyone ever do any work to improve cbw (or cwb)? Everyone is always saying what a joke crypt is, but I've never been able to crack it with anything I got on the net. What do people really use to break (BSD) crypted text? tw From jamiel at sybase.com Tue Apr 5 13:38:40 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Tue, 5 Apr 94 13:38:40 PDT Subject: VISA Electronic Purse Message-ID: <9404052038.AA22055@ralph.sybgate.sybase.com> At 4:08 PM 04/05/94 -0400, Peter Wayner wrote: >Most women I know carry a "wallet" in their "purse". Most people who don't have hormone problems don't worry about it. From 68954 at brahms.udel.edu Tue Apr 5 13:50:47 1994 From: 68954 at brahms.udel.edu (Grand Epopt Feotus) Date: Tue, 5 Apr 94 13:50:47 PDT Subject: going in anarchic circles In-Reply-To: <199404051818.LAA17079@netcom9.netcom.com> Message-ID: On Tue, 5 Apr 1994 tmp at netcom.com wrote: > ok, suppose that every internet company decided that they would install > `fingerprint keyboards' and require use of them by users. these keyboards > sense your fingerprints as you type on the keyboard and can be used to > reject users not authorized to use a given account. they simply tell people > who do not want to use the system, `tough luck'. in a sense, this is something > like how our social security system and drivers licensing works today. there > are few (legal) alternatives to them. > Won't happen. Espaecially since there is not some monolithic organization of internet companies, and as a matter of fact, not all providers are companies, some are colleges who could ill afford such keyboards, and even some more are simply people running providers out of their basementsand bedrooms. Not only that, butsuch a system would be bypassable by abusers and their ilk. Just like the social security and drivers license system is easily bypassable by abusers who so desire. But you did put the legal limiter in thier, but as we both now, that doesnt mean shit in this world really. > so, how do you get a connection to this net? you are probably going to > propose `starting a new net without these draconian restrictions'. but > what you have done is propose a new set of rules -- `we don't need no > stinkin rules'. how is your system going to deal with sites that corrupt > passed mail? that harbor hackers and crackers? it really amazes me guys, > but if you think the internet is some kind of anarchy right now,you > are completely mistaken. you agree to a set of rules when you join the > net. those rules are set by your provider. you agree not to corrupt > mail you forward, don't mailbomb usenet, etc. currently there are many > `unspoken rules' -- but it makes sense for them to be codified so that > everyone understands what they can expect of each other. > hehe, the who idea of saying we don't need stinking rules being a setting up of our own rules is ludicrous. That's the argument I would expect froma afifth grader. How will mysystem deal with crackers etc? I will do my best with security as I can, ye I know these still leaves me open to attack, but that's part of the territory. Because even if you DO set upa list of guidelines these things would still happen. Your trying to put laws on people who have no intention of following them. Do you think a law outlawing cracking sniffing etc would stop someone capable of them who wanted to? Noway. And by the way, suggested guidelines and niceties are not "illegal" in an anarchy. You make the mistake of thinking that all anarchy means everyone kill everyone else, but it doesnt. Basically I have no problems with being nice with agreements, but don't try to make them law, because all that does is make more criminals and doesnt reduce the problems. > there is no guarantee of your > access to the current net. doesn't that seem kind of fragile? you think > you don't have to have any faith? it seems you have a lot of faith you > will always be able to get a connection to the internet. why not try > to set up a system or organization that is committed to formalizing > the rights and expectations of users on the net and specifying what > constitutes `basic access'? > I will always have connection to the internet if I desire it, be it legal or not, but yes, I do have a bit of compassion for those unable to do that. My answer tho is not regulations and the like, my answer is to make it as open as possible, the more people providing the more freedom and competition to drive down prices. When I can provide acces from my bedroom, and it is reasonable to do so, then any concept of restrictions is nullified, since there is no way of enforcing them really. And the good news is, that I CAN run a provider on my lowly budget if I so desire NOW. the answer is not an ORGANIZATION, since they would have no ral jurisdiction or power on the net, the answer is to make setting up providers very easy. My favorite example of this is FIDOnet, and the hundrds of other bbs nets that sprang up with it,after it. FIDO net may have a central organization or set of laws, but I can think of a lot of such nets that have no rules, tho yes I do admit noen as big as FIDO net. > > ok, so i set up a node that randomly corrupts all the mail that i pass > through my site. i mailbomb the cypherpunks list and all the remailers. > how do you deal with it? you send shrieking mail to all my upstream > site providers asking them to yank me. what if i have bribed them > all very lucratively? what if they decide that you don't pay enough, > so they are going to yank you instead? (not worth the hassle of your > insults, after all) what if i have dozens of accounts on different > public domain sites? i seem to be going in circles here. > No, for the first, I dont pass mail thru your system, and no I would not send screiching mail to upstream providers. I would simply find a way to deal with it thru filters or rerouting, or I would cope. I know this may not be appealing to alot of people, but I see it as the only viable option. > excuse me, mr. idealist, but you live in a world that no one would > recognize as their own. cyberspace exists only because people have > constructed it. you cannot escape that interaction of a community. > no man is an island. what guarantees you will have a connection to > the network today? absolutely nothing. it is just your faith in > the great cybergods. cyberspace is nothing but crystallized human > interaction. how do you deal with the `pathological' cases of human > behavior such as harassment, terrorism, censorship, etc? > NO fuckin kiddin. And you seem to have some desire to create your own cybergods with your organizations. IMO yeah such organizations weould be nice for show, to develop niceties etc.. but they would have no real power at all. What garauntees my connection? Well for some people it's cash, money, for others it's their job, for me it's who I know and my skills. Im in school now so my connection is provided for, if the school decided to go elsewhere, I would go to a local provider or to another method. As for how would I deal with these pathological habits, I would certainly not rely on some central organization which itself would be unable to stop them. There part of life, and their part of cyberlife(badpun). > unix passwords represent a reasonable amount of security. they prevent > me from hijacking your account. more sophisticated levels exist. > That's true, it's reasonable but easily broken if really desirous. Such abusers would be able to surpass it. Also account hijacking is unnecasary most of the time to reek havoc. > don't think of it as `us vs. them'. think of it as `us' erecting our > own framework of self-regulation. it would allow `us' to get rid of the > detweilers of the world in our community. cyberspace is not an amorphous > Gibsonian blob!! it is a physical infrastructure policed by humans as > simply as our physical roads are!! the police already exist, they are > called `system administrators', except they have no uniform code of > conduct today, except `if something pisses me off, disconnect it'. > Because there is no real us. You'll never get rid of the abusers, and yes it will be an amorphous blob. You cannot police kyberspace, since I can create my own extension of that spacde at will, all I need is a willing provider, or an unwilling provider whos a little lax in security. > what if you wake up one day and find that all the people you want to > talk to, and you thought were your friends, all on a separate network, > and you are isolated with Detweiler, Depew, Morris, and Mitnick on the > AnarchyNet? > Cool, I would dig talking with morris, mitnick, and busting on Det. hehe. I see no need to answer this since it will NEVER happen. Settin gupa provider is too easy. All you will do by enforcing regulations and the ilk is making it harder to provide acces at a grass roots level. > cyberspace is what we make it. if no name is ever connected to a human, > it can be constructed that way. if identity is important (as most of > human history seems to imply) we can translate it into the new realm. but > you are continuously mixing up what is possible with what you want. if > you don't want something that is possible, then it's possibility is > irrelevant. > > why don't you just preface your remarks by saying `i only > want a version of cyberspace where no one is responsible for their > actions!!' and i'd just leave it alone. as it stands you argue that > cyberspace = anarchy by definition. i cannot agree. > Your a fool if you think that what I want is a place wher noone is responsible. I just said that organizations and regulations will not make those who are the abusers any more responsible. I see as much potential in kyberspace as you do, to make a change etc.. but a centralization of something that is inaely decentralized, at it's core is utter stupidity. > this dialogue appears to be at the point of arguing two different religions, > so it is not very fruitful for any of us, but if grand epopt feotus represents > the basic cypherpunk views, then i find it all very fascinating. you guys > realize that you have a very unusual culture that is highly distinct from > virtually any other culture ... at least that i am aware of. you do seem > to have some parallels to the russian nihilists, some of the libertarians, > some of the anarchists, but you have a very distinct blend of it .... > I myself dont even know the basic cypherpunk views, it's just my views, dont rty and group me or anyone else please. So which one of our religions is the equivalent of the centralized catholic church? Who is your pope tmp? Will we let some organization try and put restrictions on something that is unrestrictable? You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary---- From danisch at ira.uka.de Tue Apr 5 14:01:38 1994 From: danisch at ira.uka.de (Hadmut Danisch) Date: Tue, 5 Apr 94 14:01:38 PDT Subject: PGP mail disabled ??? Message-ID: <9404052101.AA02864@deathstar.iaks.ira.uka.de> > Well, email can only transfer ASCII data, so my first guess would be that > you forgot the '-a' option to apply ASCII armour. No, of course they were using the -a option and the mail was normal ASCII armoured. Hadmut From ravage at bga.com Tue Apr 5 14:22:36 1994 From: ravage at bga.com (Jim choate) Date: Tue, 5 Apr 94 14:22:36 PDT Subject: Bekenstein Bound (was: Crypto and new computing strategies) In-Reply-To: <199404041625.MAA08781@eeyore.INS.CWRU.Edu> Message-ID: <199404042135.AA29973@zoom.bga.com> > > > > >You made the assertion in your rebuttal about area -v- volume in relation > >to black holes and event horizons about the entire universe not being > >containable in a volumn, if you accept this premice then you have to accept > >the premice that the universe is unbouded and hence not containable. This > >leads the bounds on the B-equation to be infinitly large number of possible > >states. > > > > > > > > > So what's wrong with that? > > Jay > > -- > ------------------------------------------------------------------------- > I am an attorney, seeking a position in the area of Computer Law. If you > know of such a position available, or of someone who may know of such a > position, please send e-mail! Thanks. > If you accept the universe as unbounded then you have to throw out the Big Bang and much of conventional physics, including large parts of what you are trying to prove. From lefty at apple.com Tue Apr 5 14:37:25 1994 From: lefty at apple.com (Lefty) Date: Tue, 5 Apr 94 14:37:25 PDT Subject: VISA Electronic Purse Message-ID: <9404052136.AA27010@internal.apple.com> >Gosh, how many Real Men are going to carry an electronic "purse?" I suppose you'd have to hire some Virtual Man to carry it for you. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From collins at newton.apple.com Tue Apr 5 15:19:15 1994 From: collins at newton.apple.com (Scott Collins) Date: Tue, 5 Apr 94 15:19:15 PDT Subject: I need a book: Applied Combinatorics Message-ID: <9404052111.AA21118@newton.apple.com> It goes for 84 bucks new. I'm looking for a used copy. Moe's is looking for it. Is there anyone out there who can sell or loan me a copy? Scott Collins | "That's not fair!" -- Sarah | "You say that so often. I wonder what your basis 408.862.0540 | for comparison is." -- Goblin King ................|.................................................... BUSINESS. fax:974.6094 R254(IL5-2N) collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2D Cupertino, CA 95014 ..................................................................... PERSONAL. 408.257.1746 1024:669687 catalyst at netcom.com From mpd at netcom.com Tue Apr 5 15:24:51 1994 From: mpd at netcom.com (Mike Duvos) Date: Tue, 5 Apr 94 15:24:51 PDT Subject: Bekenstein Bound (was: Crypto and new computing strategies) In-Reply-To: <199404042135.AA29973@zoom.bga.com> Message-ID: <199404052225.PAA19717@mail.netcom.com> Jim Choate writes: > If you accept the universe as unbounded then you have to throw out the Big > Bang and much of conventional physics, including large parts of what you > are trying to prove. I think you may be confusing the notion of "unbounded" with the notion of "finite". The Big Bang is perfectly consistant with the notion of a finite but unbounded universe. On a completely different note, physicists were planning to rename the event which created the universe after complaints from feminists that "Big Bang" was a sexist term. Does anyone know what new name was ultimately selected? -- Mike Duvos $ PGP 2.3a Public Key available $ mpd at netcom.com $ via Finger. $ From sandfort at crl.com Tue Apr 5 15:46:18 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 5 Apr 94 15:46:18 PDT Subject: going in anarchic circles In-Reply-To: <199404051818.LAA17079@netcom9.netcom.com> Message-ID: C'punks, On Tue, 5 Apr 1994 tmp at netcom.com wrote: > [a shit-load of nonsense.] Oh boy, looks like it's time for another Detweilerian Pledge. TMP, I don't care who you are, you're on my "D-list." C'punks, take the Pledge. Bye, S a n d y (Eric May's testicle) S a n d f o r t From pdn at dwroll.dw.att.com Tue Apr 5 15:49:12 1994 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Tue, 5 Apr 94 15:49:12 PDT Subject: CYPHERPUNK CRIMINAL shirts (?) Message-ID: <9404052249.AA21405@ig1.att.att.com> -----BEGIN PGP SIGNED MESSAGE----- Hello all, Have the CYPHERPUNK CRIMINAL shirts been shipped out yet? I used to have Christian Void's e-mail address, but I blew up my mail file in a fit of incompetence.... We now return you to black holes, chess games, and the Bill of Rights. - -- ........................................................................ Philippe D. Nave, Jr. | Strong Crypto: Don't leave $HOME without it! pdn at dwroll.dw.att.com | Denver, Colorado USA | PGP public key: by arrangement. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLaHqpwvlW1K2YdE1AQHvsAQAhpGyfdknItqSzo35V4TOeusrHTNhlKNR M5HdGJ3M7dxfH4EVmQZqKRtaapjF2IjCnxsyAb1HAUbPmg4XzS+N6zN54zRGPCWY 7fseS5lBsCMNeDv1EIK4BjD7vI/VugdpkXGmFANtii0TIjXpKHo1lCWuJtplR2uE vWxyp1MuFcg= =/uF4 -----END PGP SIGNATURE----- From cs000rrs at selway.umt.edu Tue Apr 5 16:01:52 1994 From: cs000rrs at selway.umt.edu (Ryan Snyder--Consultant) Date: Tue, 5 Apr 94 16:01:52 PDT Subject: CRYPT In-Reply-To: <9404052030.AA00496@werner.mc.ab.com> Message-ID: On Tue, 5 Apr 1994 werner at mc.ab.com wrote: > Did anyone ever do any work to improve cbw (or cwb)? Everyone is always > saying what a joke crypt is, but I've never been able to crack it with > anything I got on the net. What do people really use to break (BSD) > crypted text? If cracking a CRYPT file really is easy, could someone please explain to me exactly how to go about doing so? Thanks. Ryan Snyder, Consultant | --->Finger me for my PGP public key.<--- ___ University of Montana CIS| |\ /| CS000RRS at SELWAY.UMT.EDU | Copyright 1994 by Ryan R. Snyder. | 0 | RYE at ILLUMINATI.IO.COM | |/_\| RYE at CYBERSPACE.ORG | From ravage at bga.com Tue Apr 5 16:05:48 1994 From: ravage at bga.com (Jim choate) Date: Tue, 5 Apr 94 16:05:48 PDT Subject: How Many Games of Chess: Exact answer given! In-Reply-To: Message-ID: <199404052103.AA01909@zoom.bga.com> > > > > > > > The natural conclusion is that the complexity of the problem depends on how > > much of the game you consider to be the `endgame'. Thus, the actual number > > of different chess games: 5 > > > > 2) White mates > > 1) Black resigns > > 0) Stalemate > > -1) White resigns > > -2) Black mates > > > i am not sure this is a very reasonable question without any > restrictions. while this answer is humerous, i don't think anybody has > addressed the fact that i can move a king back and forth between 3 > squares infinitely many times. > > POSSIBLE answer: uncoutably infinite? > > lake at uenics.evansville.edu > ---------------------------------------------------------------------------- > Isn't it nice to have only one simple question..... > Zero or One. > ---------------------------------------------------------------------------- > > I would counter that this was a single game irrispective of how many times it could be moved since the outcome is the same. From tmp at netcom.com Tue Apr 5 16:27:12 1994 From: tmp at netcom.com (tmp at netcom.com) Date: Tue, 5 Apr 94 16:27:12 PDT Subject: going in anarchic circles In-Reply-To: Message-ID: <199404052327.QAA27179@mail.netcom.com> > I will always have connection to the internet if I desire > it, be it legal or not, pure faith. nothing guarantees this to you. you cannot point to any intentionally designed aspect of the existing internet that guarantees that you personally will have a internet account or connection. in fact, there are many limitations in your existing contract with your provider, i'm sure, and lots of vague clauses that give them the ability to yank it whenever they feel like it for whatever reason they like. why is this such a bizarre idea? i heard of the cypherpunks coming up with `big brother stickers' for at&t phones. how about a `cypherpunk approved' sticker for internet providers that grant a minimal amount of service? i see tc may yelling at netcom all the time-- do something constructive!! come up with a statement that describes exactly what *you* demand of an internet provider, and maintain a list of sites that conform. at the root level, when tc may complains that his internet service is lousy, he is saying that `we deserve better than this'. `we deserve some basic amount of service'. `we have expectations'. these are the same thoughts that motivated the writing of the bill of rights. > my answer is to make it as > open as possible, the more people providing the more > freedom and competition to drive down prices. it is not always the case that regulation guarantees that freedom and competition will be stifled. there is a very strict code of entry into the nasdaq stock exchange or any other stock exchange, yet companies manage to flourish within this framework. the internet is *crying* for a universal policy that everyone can agree, `this is what it means to be on the internet' > What garauntees my connection? Well for some > people it's cash, money, for others it's their job, for > me it's who I know and my skills. none of these guarantee you a connection. > Because there is no real us. You'll never get rid of the > abusers, and yes it will be an amorphous blob. You > cannot police kyberspace, since I can create my own > extension of that spacde at will, all I need is a willing > provider, or an unwilling provider whos a little lax in > security. you seem to argue again that cyberspace = anarchy or at least cyberspace will always lack the security necessary to prevent certain accesses. well, consider this argument. the nsa has a network. in a sense it is `cyberspace'. but you don't have access, try as you might. wouldn't you like to poke around that corner of cyberspace? you can't. there is a titanium lock in front of you. > Your a fool if you think that what I want is a place wher > noone is responsible. absurd statement given the rest of your commentary. you sound to me like a thief saying, `i can break any lock'. well, yes, but that is no reason to stop building strong locks, and rational people will use them. > Will we let some organization try and put > restrictions on something that is unrestrictable? apparently none of the cpunks will. but you may find that in the blink of your eye, all the rest of the world has, and you are left with nothing but a small sandbox to play in. pseudonymously yours, --tmp From kafka at desert.hacktic.nl Tue Apr 5 16:31:50 1994 From: kafka at desert.hacktic.nl (Patrick Oonk) Date: Tue, 5 Apr 94 16:31:50 PDT Subject: PHILIP ZIMMERMAN ARRESTED [NOT!] Message-ID: <199404052330.AA02521@xs4all.hacktic.nl> In article , you write the following: GR> -----BEGIN PGP SIGNED MESSAGE----- GR> GR> GR> > The Zimmerman prank---I'm sure not funny for him---hardens my line GR> > further against anonymity online. At its best, as here, it is an GR> > unholy nuisance. GR> GR> Interesting. The recent thread on alt.security re someone who mentioned GR> thoughts of suicide on Usenet and was held for 48 hours' psychiatric GR> evaluation hardens my line in favor of anonymity online. GR> [stuff deleted] GR> GR> How will we stop folks from setting up accounts with names other than GR> their "real names" .. or from stealing others' accounts .. or from GR> forging mail? A $1000 PC can run Linux and SLIP and look to the rest of GR> the net like any other IP-connected site; how will we enforce our rules GR> on those systems? You can run slip on a $200 vintage IBM-AT. Patrick :) --- "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 4 1994 == To get PGP, FTP /pub/unix/security/crypt/pgp23A.zip from ftp.funet.fi == From ebrandt at jarthur.cs.hmc.edu Tue Apr 5 17:12:57 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Tue, 5 Apr 94 17:12:57 PDT Subject: How Many Games of Chess: Exact answer given! In-Reply-To: <199404052103.AA01909@zoom.bga.com> Message-ID: <9404060012.AA03909@toad.com> > I would counter that this was a single game irrispective of how many times it > could be moved since the outcome is the same. This would really simplify the strategy of chess... Smirnov Jagermeister 1. Wn !! Rsgn Commentary: Smirnov's "White wins" opening gave him an early and dramatic tactical advantage. Jagermeister showed foresight and played "Black resigns". This whole argument is getting rather weird, its topicality aside. There are a finite number of legal positions in chess. If any shows up a third time, the game is over. Thus we have a bound on the length of a legal chess game. Hence the number of games is finite, and we don't have to quibble about whether it's countably or uncountably infinite. Eli ebrandt at hmc.edu From 68954 at brahms.udel.edu Tue Apr 5 18:03:05 1994 From: 68954 at brahms.udel.edu (Grand Epopt Feotus) Date: Tue, 5 Apr 94 18:03:05 PDT Subject: going in anarchic circles In-Reply-To: <199404052327.QAA27179@mail.netcom.com> Message-ID: On Tue, 5 Apr 1994 tmp at netcom.com wrote: > pure faith. nothing guarantees this to you. you cannot point to any > intentionally designed aspect of the existing internet that guarantees > that you personally will have a internet account or connection. in fact, > there are many limitations in your existing contract with your provider, > i'm sure, and lots of vague clauses that give them the ability to > yank it whenever they feel like it for whatever reason they like. > And the sad truth is that even if you made a "Bill Of Rights" I would not be garaunteed acces. There is no nation or group that could hold enough sway in Cspace to do this IMO. They could write one up and go "ohhhh ahhhhhh wow" at it, but there would be little they could do to enforce it. This net is multi-national, multi-government, and multi-cultured. While such an idea may sound good, it's not going to solve any problems. > why is this such a bizarre idea? i heard of the cypherpunks coming up > with `big brother stickers' for at&t phones. how about a `cypherpunk > approved' sticker for internet providers that grant a minimal amount of > service? i see tc may yelling at netcom all the time-- do something > constructive!! come up with a statement that describes exactly what > *you* demand of an internet provider, and maintain a list of sites that > conform. > I would like the idea of cypherpunk approved stickers for those sites that are discreet in their service and provide good acces, but what would this do? Nothing really except maybe make a few readers of this list go to those providrd if they are close enough. I mean what owuld be the criteria for sucha approval? We are far from an organized group, so who would make the decisions? Noone really could. > at the root level, when tc may complains that his internet service is > lousy, he is saying that `we deserve better than this'. `we deserve some > basic amount of service'. `we have expectations'. these are the same > thoughts that motivated the writing of the bill of rights. > I am wondering why every statemetn revovles aroun tc may? he's cool and all but... do you have an unatrual attraction for him or do you se him as my leader? I have never seen these complaints so I cant respond to this in an informed manner. > > my answer is to make it as > > open as possible, the more people providing the more > > freedom and competition to drive down prices. > > it is not always the case that regulation guarantees that freedom > and competition will be stifled. there is a very strict code of > entry into the nasdaq stock exchange or any other stock exchange, > yet companies manage to flourish within this framework. the internet > is *crying* for a universal policy that everyone can agree, `this > is what it means to be on the internet' > The nasdaq in my opinion is far from a ample model for cyberspace. The internet is not crying for a policy at all. I dont se what prompts this notion. > > none of these guarantee you a connection. > And as I said before, neither would an organization or bill o rights. Or have you noticed that constitutional rights mean nothing in this country anymore? 8) > you seem to argue again that cyberspace = anarchy or at least > cyberspace will always lack the security necessary to prevent certain > accesses. well, consider this argument. the nsa has a network. in > a sense it is `cyberspace'. but you don't have access, try as you might. > wouldn't you like to poke around that corner of cyberspace? you can't. > there is a titanium lock in front of you. > I coudlnt, others could. Also, the NSA space is not of the same nature as Inet. you comparing a closed system to a naturally open system. > absurd statement given the rest of your commentary. you sound to me > like a thief saying, `i can break any lock'. well, yes, but that is > no reason to stop building strong locks, and rational people will > use them. > And that is my point. Make your own locks, but DONT go out and try to force them on others, you can suggest them, yes, but dpont ry to initiate some global policy. > apparently none of the cpunks will. but you may find that in the blink > of your eye, all the rest of the world has, and you are left with nothing > but a small sandbox to play in. > Not likely. We're out of the realm of small sandboxes, and into interconnected beaches 8). and PLEASE do not lump Cpunks at all. The rest of the world may try and regulate is, but the problewm IS that I can just add my little space that isnt regulated, be it legal or illegal, and if it comes to bieng illegal to get my words out, than so be it. Im prepared for that, and I think alot of people on this list are too. > pseudonymously yours, > --tmp > You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary---- From cfrye at mason1.gmu.edu Tue Apr 5 18:42:18 1994 From: cfrye at mason1.gmu.edu (Curtis D Frye) Date: Tue, 5 Apr 94 18:42:18 PDT Subject: CYPHERPUNK CRIMINAL shirts (?) Message-ID: <9404060141.AA04034@mason1.gmu.edu> Phillipe- Yep - I received my order last week. The shirts look great, though I would have made the "Safety in large numbers" banner bigger. From dwomack at runner.utsa.edu Tue Apr 5 18:54:50 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Tue, 5 Apr 94 18:54:50 PDT Subject: Jamie Lawrence Message-ID: <9404060154.AA21838@runner.utsa.edu> I regret that I'm not able to read your metashell messages...would it be possible to send me your email address otherwise.. a plain text type perhaps? I think you're looking for a copy of Burn 2.0...but I can't send it until I can find an address! (Sorry for the waste of bandwidth...) Regards, Dave From wcs at anchor.ho.att.com Tue Apr 5 18:57:08 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 5 Apr 94 18:57:08 PDT Subject: How Many Games of Chess: Exact answer given! Message-ID: <9404060156.AA23324@anchor.ho.att.com> > > The natural conclusion is that the complexity of the problem depends on how > > much of the game you consider to be the `endgame'. Thus, the actual number > > of different chess games: 5 > > > > 2) White mates > > 1) Black resigns > > 0) Stalemate > > -1) White resigns > > -2) Black mates There are at least 3 others - there's - Black/White's clock runs out - game completion gets postponed for whatever reason and never resumed > i am not sure this is a very reasonable question without any > restrictions. while this answer is humerous, i don't think anybody has > addressed the fact that i can move a king back and forth between 3 > squares infinitely many times. You can't - after the board has been in the same position three times, the rules say it's a stalemate. This lets you calculate an upper bound which somebody did a few days ago. From klbarrus at owlnet.rice.edu Tue Apr 5 19:25:20 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Tue, 5 Apr 94 19:25:20 PDT Subject: CHESS: max # of games Message-ID: <9404060224.AA03414@growler.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- Chesspunks, Since this thread won't seem to die, I thought I might (hopefully) present an argument that will convince you who are interested that there are a finite number of chess games. A chess game may end by checkmate, resignation, statemate, or draw. The draw category is important: it can be agreed or forced. Draws are forced when: * the same position repeats three times. This is commonly used to end games by "perpetual check". * 50 moves pass and no pawn is moved, or piece captured I've never seen this invoked, but it could happen if say one player doesn't have enough material to checkmate the other. E.g. white has a king and black has a king and bishop. Checkmate is impossible so the game will eventually end. Or the players could be smart enough to realize no win is possible and draw the game right there. So, there are a finite number of moves in a game. In fact, the following is excerpted from the FAQ for rec.games.chess: > How long is the longest possible chess game? > The basic idea is a player may claim a draw if fifty moves elapse without a > capture or a pawn advance. Ignoring the special cases where more than 50 > moves are allowed by the rules, the answer is after Black's 5948th move, > White is able to claim a draw. The simple calculation is ( + > - + ) * > , or (16*6 + 30 - 8 + 1) * 50 = 5950; we're able to trim > two moves from this total by observing that sequences of Captures/Pawn_moves > must have (at least) 4 alternations between the two players. Now, as an EXTREMELY LOOSE upper bound on the number of positions possible, allowing illegal positions, not differentiating between the various pieces, etc.... chessboards have 64 squares, white has 16 pieces and black has 16 pieces. There are 64!/32! ways to place the pieces (1st piece gets 64 choices, 2nd gets 63, on down to the last which gets 33 choices). 64!/32! = 4.8222 10^53. (Right? No combinations or permutations here). Again, this allows ALL positions, even illegal positions and position which are othewise impossible. So I calculate the ABSOLUTE maximum number of games to be (4.8222 10^53) ^ 5048 = 1.0516 10^270993 I don't see how it is possible under the rules to have more; indeed the true number is FAR less. While this number is pretty big, it is less than infinity. And send followup questions to me and not the list. Karl Barrus -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLaIdN4OA7OpLWtYzAQFNawQAsemEdO6pQlbwDhiNboNp5pR2Xs54bfCe TCECI70wwtLToaQU76KSz0pRcZLrrkbOX9R4AfJlEWBF7Ae+TVs495xx8QzMHADs KgHej8Y7BIncTrUcE9Y76yH299tHEyB/5yJW+/mNB+8XYRivLpdpxZ+udXwcpeZX wo/AzrmkJvU= =T5rF -----END PGP SIGNATURE----- From wcs at anchor.ho.att.com Tue Apr 5 19:32:06 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 5 Apr 94 19:32:06 PDT Subject: PGP mail disabled ??? Message-ID: <9404060231.AA23644@anchor.ho.att.com> > No, of course they were using the -a option and the > mail was normal ASCII armoured. Some of the FIDO and FIDO-like networks have policies against sending encrypted email. I don't know if this means their operators actually read the messages that go by, or do pattern-matching to look for "BEGIN PGP" or whatever, but they at least have that policy. From rjc at gnu.ai.mit.edu Tue Apr 5 20:10:08 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Tue, 5 Apr 94 20:10:08 PDT Subject: Proposal: some more standard remailer features Message-ID: <9404060309.AA25086@geech.gnu.ai.mit.edu> Here are some proposed remailer standards some of which I have already implemented. Command Formatting: I propose that all remailer commands start on the first non-blank line of a message body and start with the string '::' followed by a command-name with no spaces in it. A command block should end when two blank lines are encountered (which are stripped from the output) or a non-blank line that doesn't start with '::' is encountered. Message Encapsulation: I propose a standard format for recursively storing messages in envelopes with standard formats. Each envelope should begin with the command "::envelope" followed by the envelope method, followed by the body. The end of the "envelope" is specified with ::end METHODNAME The following is an envelope: ::envelope PGP [optional keyID] ----- BEGIN PGP ... ----- ..... ----- END PGP ... ----- ::end PGP I have defined several types of envelopes for the workings of my remailer, one of them is for internal packetizing/splitting of large messages. ::envelope PACKET part#/partmax:idstring For example ::envelope PACKET 1/5: [important data] ::end PACKET When creating envelopes, I escape any commands/escape chars inside them by preceding the command line with '\'. This is removed when removing the envelope. The other envelope I have defined is "PAD startline:endline" When removing this envelope, the remailer simply deletes lines numbered startline to endline in the message. The first line is 0. Header formating: I propose the header pasting token, "::@" which gets applied only after the message is delivered to someone (not chained). For example ::@Subject this is the subject line ::@From this is the from line ::@x-foo this is the x-foo: header Depending on how the remailer is set up, incoming subject headers may or may not be preserved. Anonymous Posting: On any mailer which supports virtual addresses, the following special feature shall be implemented: If the virtual address contains any '.' characters, the address is first assumed to be a newsgroup. If the newsgroup exists and/or it is not blocked by the operator, two possible actions can take place. 1) if the variable NNTPSERVER is defined, the remailer will open a tcp connection and post the message directly to the newsgroup specified in the virtual address 2) if not condition 1, then if the variable NEWSGATE is defined, the remailer will mail your message to newsgroup at NEWSGATE doing any translations on the address string as needed. e.g. NEWSGATE=cs.utexas.edu, it sends the message to alt-news-group at cs.utexas.edu 3) else posting is disabled (visible flag in the remailer list) Example: ::to remailer1#remailer2#talk.politics.crypto If asked, I will supply the magic perl subroutine needed to do this. [note above, I have eliminated the redundant "request-remailing-to". When mailing through a remailer, you know the mail is going to be remailed. ::to is easier to type] EXAMPLE MESSAGE: ::envelope PGP [PRETEND EVERYTHING FROM HERE DOWN IS ENCRYPTED FOR THE REMAILER] ::to ann's_remailer#darkmodem ::@Subject Hello World ::end PGP when sending this out, the remailer might encrypt the message for ann's remailer and split it into two pieces ::envelope PGP [below is encrypted] ::envelope PACKET 1/2:#xxyyblahblah ::to darkmodem ::@Subject Hello World ::end PACKET ::end PGP ::envelope PGP [below is encrypted] ::envelope PACKET 2/2:#xxyyblahblah ::end PACKET ::end PGP Now when ann's remailer receives a two parted message, it queues each piece until it gets the full message (timing out after a few days) After all pieces are received, it removes the envelopes, pieces the message together, and sends the message off to darkmodem (which may be a virtual address for lightmodem#bob's_remailer) Most of the envelope I/O is hidden from the user. Additional ideas: A command ::error-to to specify where errors encountered during processing of the message should be sent. e.g. ::error-to idstring an99999 at anon.penet.fi or ::error-to idstring alt-waste at cs.utexas.edu [idstring will let you know which message the error was for] I also propose ::route which would specify preferences preferred for remailers when searching for other remailers to chain your message to. e.g. ::route Private [attempt to chain to remailers which are running on single-user non-public machines first] ::route Stealth [don't use sendmail if possible, use socket-to-socket delivery remailers first] Comments welcome, -Ray p.s. most of the above proposals are not complicated to code for -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From unicorn at access.digex.net Tue Apr 5 20:48:43 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 5 Apr 94 20:48:43 PDT Subject: Al Haig and Secure Communictions Message-ID: <199404060348.AA02588@access1.digex.net> -----BEGIN PGP SIGNED MESSAGE----- About two weeks ago while making a point about the absurdity of taking government on its word, I mentioned an incident involving then Secretary of State Al Haig. Specifically the point was in reply to Mr. Sternlight's assertion that because a public relations official for the NSA had made statements regarding the Data Encryption Escrow plan's harmless nature and the equally harmless and benign character of the NSA's paternal hand, they were unquestionably authentic and complete. Among other points, I indicated that there was significant reason to doubt bald assertions made by government officials, especially in a public relations capacity. One of the examples I used relied on the events following the attempted assassination of President Reagan, (who's name I then spelled incorrectly). Specifically I noted that Secretary of State Haig appeared before the press and announced (in some form or another) that he was in charge. The implication in my statement was that Secretary Haig was not in charge at all, and that relying on government to operate by its own rules, even with the scrutiny of the press is silly. An irate Haig supporter, who also defended the President's name (by correcting my spelling error anyhow) insisted that this event was a big fabrication by the press and that indeed Secretary Haig was in authority in some way or another. He insisted the press had blown the issue out of proportion. I was forced out of town for some time, and was unable to reply immediately. I bring up the point now to clarify my information, and to tie in some interesting concerns regarding secure communications and operations in a Emergency. Secretary of State Al Haig was not next in line for either succession stream, and his asserting so in the national media was a gross error. The relevant authorities are the Department of Defense Directive 5100.30 (1971) and the Constitution of the United States. The first sixteen successors in the Presidential line of succession are: 1. The Vice President 2. Speaker of the House of Representatives 3. President pro tempore of the Senate 4. Secretary of State 5. Secretary of the Treasury 6. Secretary of Defense 7. The Attorney General 8. Secretary of the Interior 9. Secretary of Agriculture 10. Secretary of Commerce 11. Secretary of Labor 12. Secretary of Health and Human Services 13. Secretary of Housing and Urban Development 14. Secretary of Transportation 15. Secretary of Energy 16. Secretary of Education. The national command authority line kicks in when the President and his/her successors are dead or cannot be located and immediate U.S. military decisions must be made: 1. Secretary of Defense 2. Deputy Secretary of Defense 3. Secretary of the Army 4. Secretary of the Navy 5. Secretary of the Air Force 6. Under Secretary of Defense for Policy 7. Under Secretary of Defense for Research and Engineering A plethora of the Assistant Secretaries of Defense and General Council to the Defense Department in order of their lengths of service. etc. When President Reagan was injured, and the Vice President (George Bush at the time) was out of town, the successor to the Presidency was the Speaker of the House, Tip O'Neill. The Secretary of State was two more rungs down the ladder. The Secretary of State appears nowhere in the command authority side of succession. Casper Weinberger was the then Secretary of Defense and next in line there. Al Haig's source of sovereignty? Control of the national media? Perhaps that's a touch conspiracy oriented, but how does the proper authority convince the citizenry that he or she should be followed when another authority figure is effectively seizing the reigns? Herein lies the stuff of constitutional crisis. It is the responsibility of the Federal Emergency Management Agency to keep track of the Presidency and the line of succession. The question becomes, if a figure claims authority how is this verified, and enforced? Former FEMA director Giuffrida: "One of the things we discovered is there was no authentication system.... if [someone] got on the horn and said, 'I'm the successor,' and somebody said 'prove it,' [no one could]." Of course this was some time ago, but how much things have changed is a real question. It seems to me that the Unites States has never recognized the potential problems that national crises may cause. I cite a particularly interesting tale that might be amusing if it were not so alarming. On the presidential emergency evacuation procedures from National Security Advisor Brzenzinski's Memoirs: I called in the person responsible for evacuating the President in the event of a crisis. I obtained a detailed account on how long it actually would take to evacuate the President by helicopter.... I ordered him to run a simulated evacuation right now, turning on my stopwatch. The poor fellow's eyes...practically popped: He looked so surprised. He said, "Right now?" And I said "Yes, right now." He reached for the phone and could hardly speak coherently when he demanded that the helicopter immediately come for a drill. I took one of the secretaries along to simulate the First Lady and we proceeded to the South Lawn to wait for the helicopter to arrive. It took roughly two and a half times longer to arrive as it was supposed to. We then flew to a special site from where another evacuation procedure would be followed. To make a long story short, the whole thing took roughly twice as long as it should have. Moreover, on returning we found that the drill somehow did not take into account the protective services and we were almost shot down. There have been significant changes in technology no doubt since the Carter Administration. For one thing fiber optics seem to present some resistance to EMP effects that before threatened normal lines of communication, but how have authentication methods changed? It seems to me that there are great potentials for advance in authority authentication with new technologies not limited to and newer than public key cryptography. On the other hand it seems the United States culture of vulnerability, justified by theories of Mutually Assured Destruction or budgeting concerns, is so strong that such advances would never take hold in a meaningful way. Can you see a reporter in the famed President Haig press conference asking: "Excuse me Secretary Haig, may we examine your FEMA signed authority key?" - -uni- (Dark) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLaI9HxibHbaiMfO5AQEBZgP/fZaGM/WG4sgJuqmmn/uBgLIoUzn9bBe1 CDaOUYzCvyssFWp23qIqXZMgKVorxQXIObbKORFSfG2Nj+n3gcyKF2oRUtrbqmsT oam6h+wABTpawNt2Kc3P0MwwX9QyHK/afPNpuztwCntdvCOmXd3YHybQ5dLHAk5d ku9cQlHjMBo= =Qz+l -----END PGP SIGNATURE----- From wwweb at aol.com Tue Apr 5 21:37:21 1994 From: wwweb at aol.com (wwweb at aol.com) Date: Tue, 5 Apr 94 21:37:21 PDT Subject: San Jose Mercury News Article Message-ID: <9404060033.tn462027@aol.com> SAN JOSE MERCURY NEWS Copyright 1994, San Jose Mercury News DATE: Sunday, April 3, 1994 PAGE: 1F EDITION: Morning Final SECTION: Computing LENGTH: 41 in. Long ILLUSTRATION: Drawing SOURCE: SIMSON L. GARFINKEL, Special to the Mercury News KEEPING SECRETS SECRET ENCRYPTION SOFTWARE SPARKS DEBATE OVER PRIVACY LAW ENFORCEMENT AGENCIES CONTEND UNFETTERED ENCRYPTION POSES A THREAT TO INTELLIGENCE GATHERING, COURT-ORDERED WIRETAPS AND THE EXECUTION OF SEARCH WARRANTS. IN THE last year, a piece of public domain software has become the bane of the FBI, the rallying cry for a new generation of anti-government radicals and the focal point of an international debate about privacy on the information superhighway. Pretty Good Privacy allows two people anywhere in the world to exchange electronic mail messages by telephone or over the Internet in absolute and total privacy. PGP accomplishes this feat of technological magic with a technique called public key encryption, the newest twist on the time-honored technique used by spies for protecting their messages from interception by the enemy. What's significant about PGP, say both its admirers and critics, is that the encryption it uses is so powerful that PGP-protected messages cannot be forcibly decrypted, or broken, by even the world's most sophisticated code breakers. ''The problem is that guaranteeing privacy to everybody will guarantee privacy to people who are going to misuse that technological sanctuary,'' said Stewart Baker, general counsel of the National Security Agency, addressing the fourth annual conference on Computers, Freedom and Privacy last week in Chicago. The nation's intelligence and law enforcement establishments have mounted a crusade against unfettered encryption in general and PGP in particular, saying they pose a serious threat to intelligence gathering, court-ordered wiretaps and the execution of search warrants. ''With respect to PGP, the only use that has come to the attention of law enforcement agencies is a guy who used it so police couldn't tell which little boys he had seduced over the Internet,'' Baker said. PGP users at the conference said such characterizations are grossly unfair. The overwhelming majority of people using PGP, they said, are law-abiding individuals who simply wish to protect their communications from the prying eyes of computer hackers and unscrupulous system administrators. ''If privacy is outlawed, only outlaws will have privacy,'' said Phil Zimmerman, the Colorado-based*cryptography*consultant who wrote the first version of PGP in March 1991. That year, the U.S. Senate considered an amendment to the Anti-Crime Bill of 1991 that would have made it illegal to use encryption within the United States unless law enforcement agencies were provided with a copy of the keys. Although the proposal was ultimately withdrawn, it put the electronic underground on notice that widespread encryption might be outlawed by government before most people even realized what encryption was all about - or its value for protecting individual privacy. Zimmerman's solution was to write PGP and flood the country with high-quality cryptographic software. Leveling the playing field ''Intelligence agencies have access to good cryptographic technology,'' Zimmerman wrote in the PGP manual. ''So do the big arms and drug traffickers. So do defense contractors, oil companies and other corporate giants. But ordinary people and grass-roots political organizations mostly have not had access to affordable 'military grade' public-key cryptographic technology . . . until now.'' While personal computer-based encryption programs have been available for years, Zimmerman's PGP was the first to bring public-key encryption - which is ideal for encrypting communications to a variety of people - to the masses. Most*cryptography*programs available for personal computers use private-key*cryptography.*With private-key schemes, the same encrypting ''key'' is used to encrypt and to decrypt any given file. This means you can't exchange encrypted e-mail with somebody unless you first exchange a cryptographic key. Public-key cryptographic systems, first developed in the 1970s, use two keys. The first key is called the public key; it encrypts the message. But it takes a second key, called the private key, to decrypt the message and recover the original text. The big advantage of public-key systems is that the public keys of many people can be gathered and published in electronic address books. Then, if you want to send somebody an encrypted message, all you have to do is look up her key and use it: No prior arrangement is necessary. Launching the Clipper One year ago, the National Institute of Standards and Technology, working in conjunction with the NSA, proposed a system for encrypting communications within the United States called the Clipper chip. Like PGP, Clipper uses public-key encryption so that any two Clipper chips can communicate with each other without fear of wiretappers. But Clipper also uses a system called key escrow to make it possible for law enforcement agencies - with authorization by a court of law - to wiretap an encrypted conversation. Key escrow means the private key used by each Clipper chip is held in a central repository. The Clipper system actually splits the key into two parts, each stored with a different agency, to minimize the chance of an illegal wiretap. The agencies are supposed to give up their copies of the private key only when they are presented with a warrant for a wiretap. This March, NIST published a notice in the Federal Register setting forth Clipper as a voluntary encryption standard for the federal government. By endorsing an encryption standard, the Clinton administration hopes that telephones, faxes and modems implementing a compatible encryption system will soon be widely available. ''The rationale behind the Clipper and key escrow is to lower the cost, to make encryption tools available to a large number of people while maintaining the ability of the government to do the 1,000 or so authorized wiretaps every year,'' said David Lytel, a policy analyst with the president's Office of Science and Technology Policy. ''If you don't think Clipper keeps your communications secure, don't use it,'' said Lytel. ''And if you want to use your own encryption on top of it, go ahead.'' Many people at the Computers, Freedom and Privacy conference said they would avoid Clipper and added that it was likely that drug dealers, organized crime and terrorists would do the same. ''The administration can't come up with examples of criminals bright enough to use encryption in the first place but dumb enough to do it with the government's chip,'' said Charles C. Marson, a San Francisco-based lawyer. Nevertheless, many organizations might be interested in telecommunications systems based on Clipper, said the NSA's general counsel. For example, said Baker, a company might prefer that its employees use a system like Clipper, which provides security but can be wiretapped in extraordinary circumstances, so it can monitor its employees should the need arise. The next generation To use Clipper, however, these organizations will have to wait for manufacturers to build the expensive Clipper chips into the next generation of telephones. In the meantime, PGP is a solid system that provides privacy today. PGP is free software, so if you have a friend who has it, you can simply make a copy. If you have access to the Internet, you can also get a copy from the computer SODA.BERKELEY.EDU using the Internet's File Transfer Protocol system. Companies and individuals who feel more comfortable buying their programs can now get a version of PGP that works on DOS and several Unix systems from Viacrypt of Phoenix. Most oppose Clipper plan Buying the program entitles you to customer support - important for people new to*cryptography.* Will the Clipper plan fly? No one knows. But a recent New York Times/CNN poll found 80 percent of the U.S. public opposed to the Clipper and key escrow when the proposal was explained to them, said Marc Rotenberg, director of the Computer Professionals for Social Responsibility's Washington office. On the other hand, Zimmerman and others like him say unrestricted*cryptography*is already making a difference around the world. As proof, he cites an electronic mail message that he received from Russia in October on the day that President Boris Yeltsin was shelling the Russian Parliament building. The e-mail said, in part: ''Phil, I wish you to know: Let it never be, but if dictatorship takes over Russia, your PGP is widespread from Baltic to Far East now and will help democratic people if necessary. Thanks.'' IF YOU'RE INTERESTED The public-domain version of Pretty Good Privacy is available on many bulletin board systems or can be obtained from the FTP site SODA.BERKELEY.EDU via the Internet. A commercial version is available from Viacrypt, 2104 W. Peoria Ave., Phoenix, Ariz. Phone: (602) 944-0773. Fax: (602) 943-2601. CAPTION: DRAWING: CHRISTINE BENJAMIN - SPECIAL TO THE MERCURY NEWS [An eagle, representing the US government, scans a flow of data from one computer to another to interpret encrypted data.] [940403 CO 1F; color] KEYWORDS: COMPUTER SOFTWARE PRODUCT ETHICS CRIME END OF DOCUMENT. From michael.shiplett at umich.edu Tue Apr 5 22:05:53 1994 From: michael.shiplett at umich.edu (michael shiplett) Date: Tue, 5 Apr 94 22:05:53 PDT Subject: Proposal: some more standard remailer features In-Reply-To: <9404060309.AA25086@geech.gnu.ai.mit.edu> Message-ID: <199404060505.BAA08693@totalrecall.rs.itd.umich.edu> "r" == Ray writes: r> Here are some proposed remailer standards some of which I have r> already implemented. [ command formatting section deleted ] r> Anonymous Posting: r> On any mailer which supports virtual addresses, the following special r> feature shall be implemented: r> If the virtual address contains any '.' characters, the address r> is first assumed to be a newsgroup. If the newsgroup exists and/or it r> is not blocked by the operator, two possible actions can take place. [ details on newsgroup posting deleted ] r> Example: r> ::to remailer1#remailer2#talk.politics.crypto r> If asked, I will supply the magic perl subroutine needed to do r> this. r> [note above, I have eliminated the redundant "request-remailing-to". r> When mailing through a remailer, you know the mail is going to be r> remailed. ::to is easier to type] I suggest changing "to" to the previously mentined "post-to"/"send-to" convention. This eliminates the need to perform parsing magic on the virtual address. Also it's a simple issue, but what's the syntax for defining a variable, e.g., NNTPSERVER or NEWSGATE? [ details on fragmented messages deleted ] r> Now when ann's remailer receives a two parted message, it queues r> each piece until it gets the full message (timing out after a few r> days) After all pieces are received, it removes the envelopes, r> pieces the message together, and sends the message off to darkmodem r> (which may be a virtual address for lightmodem#bob's_remailer) Sounds like a nice feature. r> Additional ideas: r> A command ::error-to to specify where errors encountered during r> processing of the message should be sent. e.g. r> ::error-to idstring an99999 at anon.penet.fi r> or r> ::error-to idstring alt-waste at cs.utexas.edu r> [idstring will let you know which message the error was for] Another good idea, but how would I, as a user, know with which idstring one of my messages is associated? r> I also propose ::route which would specify preferences preferred r> for remailers when searching for other remailers to chain your r> message to. e.g. r> ::route Private r> [attempt to chain to remailers which are running on single-user r> non-public machines first] I've followed the arguments for having the remailers keep track of each other's availability. This is fine as long as one can strongly trust at least one of the remailers. The chaining functionality also belongs in the mail client--even more so than in the remailers. With extensible mail environments, e.g., mh/mh-e, this should be possible without too much difficulty. I don't know if it's been suggested, but has anyone created a remailer that scans a newsgroup for posts addressed to it in some manner, e.g., an X-header or the first non-blank line, and then handles the post as if it had received it via mail? Sort of a Kibo mail gateway. michael From hfinney at shell.portal.com Tue Apr 5 22:48:23 1994 From: hfinney at shell.portal.com (Hal) Date: Tue, 5 Apr 94 22:48:23 PDT Subject: Bekenstein Bound (was: Crypto and new computing strategies) Message-ID: <199404060549.WAA16935@jobe.shell.portal.com> From: mpd at netcom.com (Mike Duvos) > Jim Choate writes: > > > If you accept the universe as unbounded then you have to throw out the Big > > Bang and much of conventional physics, including large parts of what you > > are trying to prove. > > I think you may be confusing the notion of "unbounded" with the notion of > "finite". The Big Bang is perfectly consistant with the notion of a > finite but unbounded universe. The big bang is also perfectly consistent with an infinite and unbounded universe. This is part of the well-known debate over whether the universe is "open" or "closed". An open universe is infinite in extent. However, at any given time only a finite portion of the universe is avail- able, so the infinity is not really accessible. Hal From hfinney at shell.portal.com Tue Apr 5 22:49:54 1994 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Tue, 5 Apr 94 22:49:54 PDT Subject: Proposal: some more standard remailer features Message-ID: <199404060550.WAA17000@jobe.shell.portal.com> From: rjc at gnu.ai.mit.edu (Ray) > Here are some proposed remailer standards some of which I have > already implemented. > > Command Formatting: > > I propose that all remailer commands start on the first non-blank line of a > message body and start with the string '::' followed by a command-name > with no spaces in it. A command block should end when two blank lines are > encountered (which are stripped from the output) or a non-blank > line that doesn't start with '::' is encountered. Why look for *two* blank lines to end a command block? Why not just end a command block when you find a line not starting with ::? > Message Encapsulation: > > I propose a standard format for recursively storing messages in > envelopes with standard formats. Each envelope should begin with the > command "::envelope" followed by the envelope method, followed by the > body. The end of the "envelope" is specified with ::end METHODNAME This is reminiscent of MIME. Have you looked at that? They already deal with encapsulation as well as message splitting, I think. You could copy their message formats without committing to full MIME support. Plus it might be possible to add encryption and remailing support to MIME mail user agents by using the hooks they already provide. > I propose the header pasting token, "::@" which gets applied > only after the message is delivered to someone (not chained). > For example > ::@Subject this is the subject line > ::@From this is the from line > ::@x-foo this is the x-foo: header The only thing that seems wrong about this is that the remailer apparently has to know whether it is sending to a person or another remailer. I think you should follow instructions about pasting these header fields by what the user has requested rather than deciding for him. Maybe I don't under- stand exactly how Ray is proposing that these commands be used. > Depending on how the remailer is set up, incoming subject headers > may or may not be preserved. I would recommend that they not be preserved, but I suppose that is up to the operator. This may sound crazy, but I am concerned about adding these features which make the system too easy to use. It seems that at the limit a person can just put "::To: friend at college.edu#remailer1#remailer2#*#*#remailer3" at the top of his message and his mail goes zipping down this extremely com- plicated path. But the problem is that this is really deceptive in terms of how secure it is. All this ease of use is at the expense of having to put a lot more trust into one or a few remailer operators. It's not clear that it's better to provide the temptation of easy-to-use but falsely secure remailers. At least with Julf you know you're trusting him. With addresses like the above users may not realize how many eggs they're putting into that first remailer's basket. > EXAMPLE MESSAGE: > > ::envelope PGP > [PRETEND EVERYTHING FROM HERE DOWN IS ENCRYPTED FOR THE REMAILER] > ::to ann's_remailer#darkmodem > ::@Subject Hello World > > > ::end PGP > > when sending this out, the remailer might encrypt the message > for ann's remailer and split it into two pieces > [...] > Now when ann's remailer receives a two parted message, it queues > each piece until it gets the full message (timing out after a few > days) After all pieces are received, it removes the envelopes, > pieces the message together, and sends the message off to darkmodem > (which may be a virtual address for lightmodem#bob's_remailer) This kind of splitting would be more useful if it were carried through to the end user. Otherwise the reassembled message is conveniently provided for inspection by the spooks as it goes to him. Again, I think MIME may provide for reassembly at the end user. > I also propose ::route which would specify preferences preferred for > remailers when searching for other remailers to chain your > message to. e.g. Would this be used with the "*" remailer-chooses-remailer feature? If the user specifies the path then presumably there is no provision for remailers to make choices like these. Despite my concerns, I think Ray has so many good ideas here that it will be great to see his software operating. The "market" for remailers is the users who want both privacy and ease of use. Ray's enthusiasm and energy in putting all these ideas into code will go a long way towards finding out what kinds of trade-offs the market wants. Hal From hfinney at shell.portal.com Tue Apr 5 23:14:21 1994 From: hfinney at shell.portal.com (Hal) Date: Tue, 5 Apr 94 23:14:21 PDT Subject: Chaum on Traceable Cash Message-ID: <199404060615.XAA18552@jobe.shell.portal.com> I wrote something last week on whether digital cash should be traceable. Here is a quote by Chaum in favor of traceable cash. It is from Eurocrypt 87, "Blinding for Unanticipated Signatures", on page 228: "The ability to anticipate a large number of signature types can benefit the payment system described in [Chaum, D. "Security without identification: transaction systems to make big brother obsolete," Communications of the ACM, 28, 10 (Octoboer 1985), pp. 1030-1044]. This would allow customers of the bank providing a system to each supply a large number of blinded items when their accounts are opened, without the customers knowing in advance which particular type of signature will later be applied by the bank. Not only can this provide economy of data transfer, but it protects the bank's customers from being able to (and hence from being coerced into) making payments that they cannot later trace." The technical basis for Chaum's statement is obscure, but the political point is that if you can make an untraceable payment, you could be coerced into doing so, for example by being robbed at gunpoint. Contrariwise, if the cash system used by you and your bank is such that all money is in- herently traceable, it will be a lot harder to commit robbery, extortion, kidnapping, and all those other horrors which people fear will come with digital cash. Hal From vkisosza at acs.ucalgary.ca Wed Apr 6 00:05:11 1994 From: vkisosza at acs.ucalgary.ca (Istvan Oszaraz von Keszi) Date: Wed, 6 Apr 94 00:05:11 PDT Subject: Rubbish Lister Message-ID: <9404060706.AA83559@acs5.acs.ucalgary.ca> I've been following the remailer debate, and have found it's easier to understand in code. Right now, I am trying to find a regular expression which unfolds the from line. All it does is parse on the message using :: for a command block. (That should finish up the first parse.) It keeps a subject from the header but overwrites it. And it keeps track of who sent the mail in case they want something sent back. It looks for /^command/ in the command block (it reads in lines of 2) and acts accordingly. (To: is understood, but unfolding the rest?????) It also sends an operator message based on log and debugging levels. I'm editting this code myself, both so that I understand it and can maintain it. My problems are twofold, first, the operator can look at the messages. Although, why would anyone want to, given the risks? Second, PGPPASS on a multi-user system gives a false sense of security. Definitely, not a feature. So, I've got skeleton code, which way to turn, how to flesh it out. -- "My memory is so bad, that many times I forget my own name!" From rjc at gnu.ai.mit.edu Wed Apr 6 01:16:51 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Wed, 6 Apr 94 01:16:51 PDT Subject: Proposal: some more standard remailer features Message-ID: <9404060815.AA28162@geech.gnu.ai.mit.edu> Hal writes: > From: rjc at gnu.ai.mit.edu (Ray) > > with no spaces in it. A command block should end when two blank lines are > > encountered (which are stripped from the output) or a non-blank > > line that doesn't start with '::' is encountered. > Why look for *two* blank lines to end a command block? Why not just end a > command block when you find a line not starting with ::? Experience from the Extropians list. A large number of people made the mistake of inserting blank lines between commands and some people's mailers did it automatically (one of the more stupider one's actually removed a leading colon from the line changing ::exclude to :exclude) I got a lot of complaints, so I removed the restriction of single blank lines being able to terminate. In fact, the regular expression which parses lines looks like this: /^\s*::\s*(.*)$/ So that spaces are allowed before and after the '::' On the extropians list, an arbitrary amount of whitespace is allowed because ':::' is used to separate command blocks from the body of messages. > > Message Encapsulation: > > > > I propose a standard format for recursively storing messages in > > envelopes with standard formats. Each envelope should begin with the > > command "::envelope" followed by the envelope method, followed by the > > body. The end of the "envelope" is specified with ::end METHODNAME > This is reminiscent of MIME. Have you looked at that? They already deal > with encapsulation as well as message splitting, I think. You could copy > their message formats without committing to full MIME support. Plus it > might be possible to add encryption and remailing support to MIME mail user > agents by using the hooks they already provide. I thought of MIME, but I didn't know it was so popular (I last looked at it over a year ago). I just looked at the comp.mail.mime FAQ and the RFCs and I see that MIME is gaining momentum. Two problems instantly jumped out at me when reading the MIME documents: 1) more than 2-level encodings are not supported (no recursion) 2) no application/viewpgp or transfer-encoding: pgp type MIME actually takes care of the multipart issue nicely. I'm going to do some more research and I may end up scraping ::envelope if MIME's encapsulation is powerful enough for inter-remailer I/O. (the one pain in the butt is that now I will have to process the headers instead of throwing them away) Perhaps the PEM/MIME documents will be of help. > The only thing that seems wrong about this is that the remailer apparently > has to know whether it is sending to a person or another remailer. I think > you should follow instructions about pasting these header fields by what > the user has requested rather than deciding for him. Maybe I don't under- > stand exactly how Ray is proposing that these commands be used. Correct. You don't want headers to be visible during the chaining, and the remailers throw away incoming headers. Therefore, I felt that ::@ shouldn't be applied until the message is posted or sent to a real e-mail address. Any suggestions on a better method? > This may sound crazy, but I am concerned about adding these features which > make the system too easy to use. It seems that at the limit a person can > just put "::To: friend at college.edu#remailer1#remailer2#*#*#remailer3" at > the top of his message and his mail goes zipping down this extremely com- > plicated path. But the problem is that this is really deceptive in > terms of how secure it is. All this ease of use is at the expense of having > to put a lot more trust into one or a few remailer operators. You could concentrate your trust on the first remailer in the chain. Once it goes through that remailer, it is now encrypted for the recipient and the source of the message is destroyed. Keep in mind, the other remailers in the chain can not snoop on the message because it is encrypted for the recipient automatically (if a key is present). The other remailers can do traffic analysis if the user doesn't use any wildcards ("*"), but this can be limited using recursion. e.g. ::envelope PGP ::to remailer1 ::envelope PGP [for remailer 1] ::to remailer2 ::envelope PGP [for remailer 2] ::to remailer3 ::envelope PGP [for friend] ::to friend at college.edu I agree most of the power should be in the client (hopefully, my approach allows both a powerful client or simplemail use), but there also needs to be a "lowering of transaction costs" as Eric suggested. Many people don't have unix accounts and with the advent of Compuserve/Delphi/Genie/AOL internet gateways, some sort of server approach is required. Part of the reason for including a socket-server in the remailer is to allow clients to hook into the network and get data fast. > This kind of splitting would be more useful if it were carried through > to the end user. Otherwise the reassembled message is conveniently > provided for inspection by the spooks as it goes to him. Again, I think > MIME may provide for reassembly at the end user. If I understand correctly from my fast reading, it does: the multipart/partial content-type. (the comp.mail.mime faq is an example) The hurdle is getting a MIME type registered which can recognize pgp encrypted and/or signed messages. > > I also propose ::route which would specify preferences preferred for > > remailers when searching for other remailers to chain your > > message to. e.g. > Would this be used with the "*" remailer-chooses-remailer feature? If the > user specifies the path then presumably there is no provision for remailers > to make choices like these. Correct. It would be used with the "*" feature and also the auto-chaining. (if a user just says ::to friend at college.edu, the remailer may choose to chain this through several other remailers automatically) Thanks, -Ray From nobody at shell.portal.com Wed Apr 6 01:38:07 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Wed, 6 Apr 94 01:38:07 PDT Subject: PGP Tools bug fixed Message-ID: <199404060838.BAA01008@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- Several weeks ago someone mentioned a bug in the fifo_destroy function. At the time, I couldn't find it. The bug finally showed up. Fifo_destroy was freeing some memory and then immediately reading it. This caused problems on systems with fancy memory management, but not under DOS or most Unixes. I just sent an update to csn.org. fifo.c is the only program which has been changed. Pr0duct Cypher -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLaI4aMGoFIWXVYodAQGpRgP/YQZnwUt1o0DGuNWuTuSRK6W4GOapglc9 r7nnb73A2S5kahmSjPVOaaHcAkSg1KYdJiddJbooKW3ptenFaRujr8dEz4/bnbrE IqL0cBrPKBTUJ9ivjpyzktXfEhXbtDw+k1lA6ISQ1W3IadRQqUnqJ89aN2wiaqNW 3YjVm/nCbI8= =wdvG -----END PGP SIGNATURE----- From barrett at daisy.ee.und.ac.za Wed Apr 6 02:11:32 1994 From: barrett at daisy.ee.und.ac.za (Alan Barrett) Date: Wed, 6 Apr 94 02:11:32 PDT Subject: PGP-MIME In-Reply-To: <9404060815.AA28162@geech.gnu.ai.mit.edu> Message-ID: Ray said: > Two problems instantly jumped out at me when reading the MIME > documents: > > 1) more than 2-level encodings are not supported (no recursion) Why is this a problem? A MIME "Content-Transfer-Encoding" context is a reversible transformation that is made to permit binary or other non-email-friendly data to be carried in an email-friendly form. Once you have performed the encoding once, the result is email-friendly, so there is usually no need to emcode it again. Note that MIME places no restrictions on the nesting of multipart messages; it merely requires that the content-transfer-encoding be applied only at the innermost levels of the nesting. > 2) no application/viewpgp or transfer-encoding: pgp type I have been trying, on and off, for about two years to persuade the PGP folk to design a suitable MIME interface for PGP, modelled as closely as reasonable on the ongoing PEM-MIME work. Nobody ever seems to be interested in that, but several folk have come up with their own ad-hoc methods. You could come up with your own ad-hoc method, or adopt one of the others, or design something that is compatible with the PEM-MIME stuff. If anybody is interested in designing a PGP-MIME encapsulation that is compatible (or nearly compatible) with PEM-MIME, I volunteer to help. --apb (Alan Barrett) From shipley at merde.dis.org Wed Apr 6 02:12:01 1994 From: shipley at merde.dis.org (Evil Pete) Date: Wed, 6 Apr 94 02:12:01 PDT Subject: remailer fyi... Message-ID: <199404060851.BAA27690@merde.dis.org> ------- Forwarded Message Return-Path: geek at imageek.york.cuny.edu Return-Path: Received: from imageek.york.cuny.edu by merde.dis.org (8.6.8.1/MERDE-940323) id TAA26402; Tue, 5 Apr 1994 19:51:09 -0700 Received: by imageek.york.cuny.edu (931110.SGI/931108.SGI.evr1) for remailer at utter.dis.org id AA15418; Tue, 5 Apr 94 22:58:31 -0400 From: geek at imageek.york.cuny.edu (Erik VanRiper) Message-Id: <9404060258.AA15418 at imageek.york.cuny.edu> Subject: entropy.linet.org To: root at dis.org, remailer at dis.org Date: Tue, 5 Apr 1994 22:58:21 -0500 (EDT) X-Mailer: ELM [version 2.4 PL22] Content-Type: text Content-Length: 579 I am the MX and the site admin for linet.org. You have a "user" remailer at utter.dis.org that is sending PGP messages to entropy.linet.org!remailer Can you please stop? entropy.linet.org has not polled for almost 2 months, and I have not been able to contact him. I assume that he is down for good. Thanks! - -- geek at imageek.york.cuny.edu Erik VanRiper (718) 262-2667 Systems Administrator Janitor Photon Counter Chemistry Department & MBRS York College, City University of New York ------- End of Forwarded Message From eagle at deeptht.armory.com Wed Apr 6 03:33:32 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Wed, 6 Apr 94 03:33:32 PDT Subject: Security Contingencies Message-ID: <9404060332.aa24406@deeptht.armory.com> Date: Tue, 5 Apr 1994 23:48:29 -0400 From: Black Unicorn Subject: Al Haig and Secure Communictions >incident involving then Secretary of State Al Haig. >Specifically the point was in reply to Mr. Sternlight's >assertion that because a public relations official for the >NSA had made statements regarding the Data Encryption >Escrow plan's harmless nature and the equally harmless and >benign character of the NSA's paternal hand, they were >unquestionably authentic and complete. Sternlight is an idiot educated beyond his intellegence, unworthy of futher comment, exept to say you're beginning to make an exceptional point. >Secretary of State Al Haig was not next in line for either >succession stream, and his asserting so in the national >media was a gross error. >The relevant authorities are the Department of Defense >Directive 5100.30 (1971) and the Constitution of the United >States. [skipping the event of peacetime Presidential elimination] >The national command authority line kicks in when the >President and his/her successors are dead or cannot be >located and immediate U.S. military decisions must be made: >1. Secretary of Defense >2. Deputy Secretary of Defense >3. Secretary of the Army >4. Secretary of the Navy >5. Secretary of the Air Force >6. Under Secretary of Defense for Policy >7. Under Secretary of Defense for Research and Engineering >A plethora of the Assistant Secretaries of Defense and >General Council to the Defense Department in order of their >lengths of service. Well let's hope that the President survives the unlikely event of a tactical nuclear detonation or we're all fucked. While we're on the subject: -- Article III, section 3. Treason against the United States, shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort. No person shall be conviced of treason unless on the testimony of two witnesses to the same overt act, or on confession in open court. The Congress shall have power to declare the punishment of treason, but no attainder of treason shall work corruption of blood, or forfeiture except during the life of the person attained. -- So if encryption is outlawed, outlaws will get life. I talked to Federal Reserve President Thomas Hoenig (KC Branch) in an open public forum yesterday. I asked him if the Fed was going to let Clipper encryption cripple US competitiveness in the world monetary market. He looked down at his feet and said, "No." He was very suprised that I was already using public key encryption. He knew well the superiority of software encryption. However, he had never heard of Phil Zimmerman. When I elucidated a brief history of PGP, he agreed that embargoing encryption is tantamount to embargoing wind. This hand is an economic warfare expert. He agreed the 4 February policy decision is economic warfare. I don't think the Fed is going to let the NSA severely hobble its ability to wage economic warfare in the world monetary market. Digital cash is the Fed's dream. That's my analysis based on the facts presented and what I saw in the man. So I think now, more than ever, we really have to stick together. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From perry at snark.imsi.com Wed Apr 6 03:51:16 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 6 Apr 94 03:51:16 PDT Subject: going in anarchic circles In-Reply-To: <199404052327.QAA27179@mail.netcom.com> Message-ID: <9404061050.AA12168@snark.imsi.com> tmp at netcom.com says: > > > I will always have connection to the internet if I desire > > it, be it legal or not, > > pure faith. nothing guarantees this to you. In spite of being a complete asshole, Detweiler, you've managed to get account after account. Doesn't that mean anything to you? Perry From werner at mc.ab.com Wed Apr 6 04:47:22 1994 From: werner at mc.ab.com (tim werner) Date: Wed, 6 Apr 94 04:47:22 PDT Subject: How Many Games of Chess: Exact answer given! Message-ID: <199404061146.HAA06061@sparcserver.mc.ab.com> >From: Eli Brandt >There are a finite number of legal positions in chess. If any >shows up a third time, the game is over. Thus we have a bound on >the length of a legal chess game. Hence the number of games is >finite, and we don't have to quibble about whether it's countably >or uncountably infinite. Since this is the second time this has shown up here, I must clarify it by saying that it is only a draw when the pieces are in the same position with the same person to move for the third time. It is possible to repeat the position but change the opposition, which constitutes a different situation. tw From pfarrell at netcom.com Wed Apr 6 05:44:36 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Wed, 6 Apr 94 05:44:36 PDT Subject: Reinventing the wheel, was Re: Proposal: some more standard remailer features Message-ID: <31290.pfarrell@netcom.com> In message Tue, 5 Apr 1994 22:50:46 -0700, hfinney at shell.portal.com writes: > This is reminiscent of MIME. Have you looked at that? They already deal > with encapsulation as well as message splitting, I think. You could copy > their message formats without committing to full MIME support. Plus it > might be possible to add encryption and remailing support to MIME mail > user agents by using the hooks they already provide. > One major reason that I pay attention to the IETF-EDI discussions on EDI over the Internet it to make sure that someone brings up encrypting EDI transactions. I'm convinced that EDI over the 'net will explode, and strong encryption (PGP, PEM, etc.) will be required. The IETF-EDI is basing their work on MIME. While it isn't perfect, it is an existing standard, has a published RFC, etc. I strongly second Hal's suggestion that developers of mailers and remailers look at MIME and use it as a starting point. Pat Pat Farrell Grad Student pfarrell at gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From darklord+ at CMU.EDU Wed Apr 6 06:58:59 1994 From: darklord+ at CMU.EDU (Jeremiah A Blatz) Date: Wed, 6 Apr 94 06:58:59 PDT Subject: Remailer Standards (was Economic Assumptions) In-Reply-To: <9404050620.AA10726@geech.gnu.ai.mit.edu> Message-ID: <4hcfzCO00iV2M2Pt8a@andrew.cmu.edu> Excerpts from internet.cypherpunks: 5-Apr-94 Remailer Standards (was Eco.. by Ray at gnu.ai.mit.edu > Even > better would be a script which asks you "Mail anonymously?" and if > answered yes, it would automatically pick a remailer and do the > nasty stuff. I was thinking about this for a Mac AMS client I'm working on. The send mail window currently has check boxes for "Keep Copy" and "Sign Mail". I'm hoping to add "PGP Encrypy" and "PGP Sign", and eventually "Remail anonymously..." which would bring up a dialog box to allow you to create a remailer chain (sort of like the sort command in ClarisWorks or the interface of Font/DA mover, where there are two lists, one of avalable remailers, and another which is your remailer chain, and you can move/add/delete items from the chain list). Of course... AMS II is in beta or something now, so there isn't much chance of finishing it before it's obsolete... Jer darklord at cmu.edu | "it's not a matter of rights / it's just a matter of war finger me for my | don't have a reason to fight / they never had one before" Geek Code and | -Ministry, "Hero" PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/ From tmp at netcom.com Wed Apr 6 08:40:42 1994 From: tmp at netcom.com (tmp at netcom.com) Date: Wed, 6 Apr 94 08:40:42 PDT Subject: nsa digital cash? In-Reply-To: <9404051937.AA10400@ah.com> Message-ID: <199404061541.IAA13847@mail.netcom.com> erik hughes writes: >>i doubt it will be long before there >>are some official government agencies developing the official u.s. >>digital cash system. > >This statement betrays an enormous ignorance at the scale of Federal >involvement in retail transaction systems. The Fed operates Fedwire, >for moving federal funds around, and also does check clearing at the >national level. All the retail level transaction systems are in >private hands, be they ATM networks and consortia or the credit card >companies. so? what's your point? my point was that the nsa was a prime candidate agency for trying to *expand* the current federal role in the cash system. are you saying the federal government already has a `digital cash system'? well, yes, i guess in some sense. what guarantees that `retail level transaction systems' will always be in private hands? don't you think the nsa would really get their jollies from building the offical Secure Cash Register System with clipper chips built in? isn't this pretty much what they are trying to do with `private' computers right now? are you saying you don't expect the federal government to expand their role in cash systems? or that it is already as large as it can get? we have to fight off these encroaches onto private territory wherever they happen. clipper was *not* a surprise given the past nsa history. it would *not* be surprising if the nsa got into the digital cash design area in the future, or expanded its role in the current one. besides, who the hell are you to call me `enormously ignorant', vacuum brain! you act like you own the list or something. (oh no, not that thread again-- cypherpunks list as a volleyball game.... SPIKE!!!) `betraying an enormous ignorance', --tmp (erik hughes's OTHER testicle ) From montgo at nws.globe.com Wed Apr 6 11:09:05 1994 From: montgo at nws.globe.com (montgo at nws.globe.com) Date: Wed, 6 Apr 94 11:09:05 PDT Subject: No Subject Message-ID: <0097C8C836433E60.27615C99@globe.com> Undersigned is non-computing, non-cyphering reporter at Boston Globe working on a little story on the solution of RSA129 (I believe the primes will be published April 23, or so). Looking for people who loaned computer cycles for the project, hoping to hear why they did, what fun if any it was, and what's it like when they tell you to shut down...sense of loss? Whatever M. R. Montgomery The Boston Globe montgo at nws.globe.com From m1tca00 at FRB.GOV Wed Apr 6 11:14:44 1994 From: m1tca00 at FRB.GOV (Tom Allard) Date: Wed, 6 Apr 94 11:14:44 PDT Subject: PGP mail disabled ??? In-Reply-To: <9404052101.AA02864@deathstar.iaks.ira.uka.de> Message-ID: <9404061811.AA13932@mass6.FRB.GOV> > > > Well, email can only transfer ASCII data, so my first guess would be that > > you forgot the '-a' option to apply ASCII armour. > > No, of course they were using the -a option and the > mail was normal ASCII armoured. > > Hadmut > Try just uuencoding the message and see what happens. rgds-- TA (tallard at frb.gov) [awaiting approval of new disclaimer] pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6 DE 14 25 C8 C0 E2 57 9D From nobody at shell.portal.com Wed Apr 6 11:21:22 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Wed, 6 Apr 94 11:21:22 PDT Subject: No Subject Message-ID: <199404061820.LAA29011@jobe.shell.portal.com> Since people are talking about new remailer features, can I suggest another one - how about single-use (or limited use) anonymous return addressess (ARAs) ? There are quite a few situations I can envisage where I might want to give an anonymous return address to someone that could only be used a limited number of times, or for a limited period of time (e.g. in the medium term, buying something over the network from a company with digicash, but not wanting to receive junk mail from them afterwards). How I'd see it working is this : You'd send a message to a remailer requesting an anonymous address token, along with the email address to send to, the number of uses you want and the time period (perhaps up to some maximum set by the operator of the remailer). In the future, you'd also send some digicash in payment for the token, the value based on the number of uses and time limit. The remailer would then create an encrypted token containing an id number and the address, either signed or with an attached random number. The id, number of uses and expiry date would be stored in a database, along with the random number if you were using that for authentication. The remailer would then mail the token (probably using an anonymous return address) to the requester. The database shouldn't need to be very large if only details of the outstanding tokens are stored. BEGIN NOTES I'm not sure whether it would be better to store the address in the token or in the database, but I suspect that storing it in the token is better since it avoids the possibility of anyone getting hold of a copy of the database and reading all the addresses stored in there. However, if it's in the token then if all keys of all remailers used are compromised, you can follow the entire chain even after the token is used up, whereas if it was deleted from the database the chain would be broken forever. Perhaps a mixture of mechanisms in the remailers would be best. Another option might be to keep the address completely seperate, so the token would merely indicate whether the message should be sent to the address specified in the ARA, not for a specific address that the token was requested for. END NOTES After the ARA had been sent to someone and they used it to reply to the sender, the remailer would recognize the token, and decrypt it to get the real address, database id and authentication. If the authentication was valid and the time/usage limit not exceeded, then it would forward the message to the email address enclosed (which presumably could be another ARA), otherwise it would just ignore the message. Obviously using only a single remailer would require you to trust the operator to limit usage correctly, however chaining several limited use addresses will solve any problems if one remailer is trustworthy. Example: Message to remailer might be something like (comments in {}, -- shows begining and end of messages) : -- Request-Token 5 {uses} 14 {days} ARA {or email address} { standard PGP-encrypted ARA goes in here } Request-Token-End :: Request-Remailing-To: remail at foo.com {ARA to send token to via remail at foo.com goes here} -- The remailer would create something like : -- Limited-Use-Token: 00000001/F4870921 (ID/random authentication) {ARA or Request-Remailing-To: goes here} -- This would then be encrypted with the remailer's public key, attached to the end of the original message (after the Request-Token line was stripped off), then fed into the remailer as usual. The sender would create the ARA using this token, and forward it to whoever they wanted to communicate with. When a message using the ARA came back, it would be decrypted as usual, and if the token line was valid the database would be checked for timed expiry, updated to indicate another use, then if valid, after the token line was stripped off the message would be remailed as usual. If noone else does this in the next few months then I may hack it into a remailer once I have my own machine to run one off. From 97smg at wheatonma.edu Wed Apr 6 11:26:33 1994 From: 97smg at wheatonma.edu (Thoth) Date: Wed, 6 Apr 94 11:26:33 PDT Subject: Remailer Help please? Message-ID: Hiya. I'm hoping you all can help me. I want to set up a remailer here, and was wondering if you had any sugestions on where to get software (for a unix based machine) for both Anonymous remailing, and for Digital encrpytation. I'm VERY new to all this, and desperately need help getting started. Any and all help will be apreciated. Thanks.... *************************************************************** * Sean M. Gomez * "The Urge to Destroy is always a * * 97smg at wheatonma.edu* creative one":Freedom=Privacy:Digital * * seangomez at aol.com * Freedom:The outlaw always Knows the Law* * Neuromancer at tmok.uu* better than the cops.:Anonimity is a * * .ids.net.com * a virtue in this Day and age. Violence * * * is a tool of the weak. freedom=action * *****************Peace Y'all.....we out.*********************** *************************************************************** From whitaker at dpair.csd.sgi.com Wed Apr 6 11:45:57 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Wed, 6 Apr 94 11:45:57 PDT Subject: PGP-MIME In-Reply-To: Message-ID: <9404061142.ZM23511@dpair.csd.sgi.com> On Apr 6, 11:10am, Alan Barrett wrote: > If anybody is interested in designing a PGP-MIME encapsulation > that is compatible (or nearly compatible) with PEM-MIME, I volunteer to > help. > I can't volunteer help at this time, but am willing to *pay* $100 for a working copy I can use with MediaMail, if it's delivered by 6 May 1994. I will pay $50 between 7-21 May, and $25 thereafter. Russell > >-- End of excerpt from Alan Barrett -- Russell Earl Whitaker whitaker at sgi.com Silicon Graphics Inc. Technical Assistance Center, Mountain View CA ================================================================ #include From tmp at netcom.com Wed Apr 6 12:03:30 1994 From: tmp at netcom.com (tmp at netcom.com) Date: Wed, 6 Apr 94 12:03:30 PDT Subject: who, me?!?! Message-ID: <199404061902.MAA09923@netcom9.netcom.com> > tmp at netcom.com says: > > > > > I will always have connection to the internet if I desire > > > it, be it legal or not, > > > > pure faith. nothing guarantees this to you. > > In spite of being a complete asshole, Detweiler, you've managed to get > account after account. Doesn't that mean anything to you? !?!?!?!?! detweiler this, detweiler that!!! why does everyone keep calling me `detweiler' when my name is `tmp at netcom.com'?!! look, i admit i am posting pseudonymously, but your detweilerian witchhunt is a good reason why its not really a good idea for *anyone* here to post under their real name, given all this hostility, particularly to the newbies. this digital stalking is really unconscionable and intolerable. besides, even if i were detweiler-- is it just me, or does anyone get overly upset by these kinds of ad hominem attacks? seems like they should reserved for usenet & dorothy denning. i'm a bit shocked, because i have always found parry to be very civil in the newsgroups. i am just a good cyberspatial citizen trying to build up reputation under a new name, and it doesn't help that just because i i use the word `detweiler', you throw me in your kill files. it was YOU YOU YOU who brought up this detweiler bugaboo. maybe detweiler would be happy designing those fingerprint id keyboards for the nsa. as it stands, though, i don't see any significant evidence that he is continuing his apparently over-dramatized `harassment campaign' on the list. you guys look pretty weird ranting over this detweiler guy. as far as i can tell, all he has ever done is write idiotic anonymous postings, and that's not very unusual. just a lot of `cyberbole' IMHO. (i have seen some of the detweilerian idiocy in the newsgroups, and he loves to pretend that he has `decoy' addresses. so if you are in a really paranoid mood, i suppose you could consider me a decoy. if i really were a decoy, the ruse would seem to be working very well. while `i' am running into all kinds of flames, maybe some of his other postings under other pseudonyms are going completely unchallenged.) ( in fact, considering that he has apparently lost at least one address, maybe he is doing this as preventative medicine in the future. i assume that everyone who has yelled at me and cursed me as a `detweiler' so far (tcmay, erik hughes, parry meztger, etc.) are his prime enemies. lighten up guys, i assure you that, to the contrary, i am nothing but a harmless pseudonym.) do you guys frown on pseudonymous postings to this list? i'm not too sure of the ettiquete around here. it seems to me that cyberspace is an essentially anonymous place, and no amount of screeching by the detweilers of the world is ever going to change that. besides, the constitution guarantees the right to privacy, which is essentially the same thing as using pseudonyms in cyberspace. we all have a right to trick and deceive the privacy-invading corporate monsters of the world about our identity. the lone underdog needs all the tools he can get to prevent the `information oppression' that we call Big Business. software like PGP frees us from the shackles of tyranny that our government chains us in daily. things like social security numbers and total IDs on every check we pass is orwellian. i had to get a new apartment recently, and the credit check was really horrendous. they wanted past and present employer etc. and made *me* pay $20 for them to process the application!!! just so i could have the great privilege of paying them rent every month!!! that reminds me. it would be really useful to sneak into trw and look at detweiler's credit history, if we really wanted to keep track of him. surely there are some cpunks who could pull that off . hee hee, this is detweiler we are talking about, after all, and he should be hunted down like a rabid rat, hee hee. i'm really interested what becomes of that latest `detweiler hunt' proposed by whats-his-name on the list. (ok, ok, i promise not to use the d-word if everyone else stops too. but so far with everyone yelling `detweiler' in this crowded theater, it's tough to avoid it.) p.s. i love you too, parry meztger, erik hughes, and tc may :) hey, i have an idea. since you guys have so much hostility to detweiler, maybe just for kicks i could start a `what to do with detweiler' list. send me your favorite ideas and i will post a summary. it could be kind of entertaining. we already have `hunt him down like a dog' -- any others? be creative!!! we could use it as the official document to mailbomb anyone who uses the d-word. From banisar at washofc.cpsr.org Wed Apr 6 13:27:42 1994 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Wed, 6 Apr 94 13:27:42 PDT Subject: Clipper Segment on TV Message-ID: <00541.2848488695.4878@washofc.cpsr.org> Date 4/6/94 Subject Clipper Segment on TV From Dave Banisar To CPSR Crypto List Clipper Segment on TV Hello All, I just heard that barring any late breaking news that preempts it, McNeil-Lehrer will be showing a 10 minute segment on Clipper tonight. Here in DC, it shows on Channel 26 at 7 and 11pm. Dave Banisar CPSR Washington Office From karn at qualcomm.com Wed Apr 6 13:28:56 1994 From: karn at qualcomm.com (Phil Karn) Date: Wed, 6 Apr 94 13:28:56 PDT Subject: Reporting the RSA129 story In-Reply-To: <0097C8C836433E60.27615C99@globe.com> Message-ID: <199404062027.NAA28564@servo.qualcomm.com> When you write your story, *please* help correct what already seems to be a widespread misconception by emphasizing that solving RSA129 does *not* mean that the RSA public key cryptosystem has been "broken". It only means that one *particular* and relatively short RSA key, chosen long ago for test purposes, has been broken by brute computational force. An equally intensive effort would have to be mounted from scratch to break any other RSA key of the same length; this is why it's good practice to change "real" keys from time to time. And, of course, the longer the RSA key, the more work it is to crack. Barring major breakthroughs in the underlying algorithms for attacking RSA, which have not occurred, a sufficiently long key (e.g., 1024 bits) will be secure for quite some time even with present trends in brute-force computer power. The real importance of the RSA129 effort is that it provides a new experimental "data point" on the security of a particular key length. This is a good example of the seemingly paradoxical principle that publishing the design of a cryptographic system and inviting attacks by all comers can actually help to strengthen it in actual use. This is in sharp contrast to, say, Clipper/Skipjack, where the NSA classifies the algorithm and says "trust us, it's secure". The NSA may believe that it's secure. It may even *be* secure (except, of course for the gaping front door of key escrow). But without a sustained, long-term public review there's no way to know if they missed something. Phil From mcguirk at enuxsa.eas.asu.edu Wed Apr 6 13:30:49 1994 From: mcguirk at enuxsa.eas.asu.edu (Dan McGuirk) Date: Wed, 6 Apr 94 13:30:49 PDT Subject: Bekenstein Bound In-Reply-To: <199404041433.AA12910@zoom.bga.com> Message-ID: <199404062031.NAA23415@enuxsa.eas.asu.edu> -----BEGIN PGP SIGNED MESSAGE----- Jim choate writes: > What I am saying as far as QED/QCD is that w/o discussing both then the actions > of electrons and photons are not quantum mechanical in the sense that they > require statistical terms to describe their behaviour. Nowhere in Maxwells > Equations is there a statistical term. If you know of a hole in the equations > please let me know of it. I am not aware of any behaviour of electrons/photons > which are not covered by these equations until hadrons are introduced. Of course electrons are quantum mechanical. Ever hear of electron diffraction? Jonsson did Young's double-slit experiment with electrons in 1961. How about the scanning tunneling microscope? In an STM the electrons tunnel from one place to another, which is clearly not a classical effect. Maxwell's equations only describe the electron classically, which is the whole reason why quantum electrodynamics is required. Maxwell's equations hold up with the introduction of relativity, but not quantum mechanics. - -- Dan McGuirk "This is the revenge of the people who couldn't djm at asu.edu go to Woodstock because they had too much trig homework." --Stuart Baker, NSA General Counsel -----BEGIN PGP SIGNATURE----- Version: 2.3a iQBVAgUBLaMcAo6/chyd1nKpAQEKQgH/TwzXQdS2HAceCx+tEHZrFVHVZK5N05za 44n+jmfWNz8cPrUEflVyBA8Jil3wPmaVJQmVyJi6IQnB8YmsMkk7Ig== =vllK -----END PGP SIGNATURE----- From warlord at MIT.EDU Wed Apr 6 13:41:13 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 6 Apr 94 13:41:13 PDT Subject: PGP-MIME In-Reply-To: <9404061142.ZM23511@dpair.csd.sgi.com> Message-ID: <9404062040.AA24197@toxicwaste.media.mit.edu> Actually, there is work underway to to generate an inter-operation between MIME and PGP, similar to the interoperation between MIME and PEM. It will *not* have detached signatures (i.e., a signature in one MIME part which is signing another part). The idea is to have two PGP types, one that is defines a PGP-encoded text object, and one that defines a PGP-encoded MIME object. When using a text-object, it will just use PGP. When its a MIME object, the output from PGP will be run through a MIME program again (like metamail). Details are still being drawn. -derek From CCGARY at MIZZOU1.missouri.edu Wed Apr 6 13:59:27 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Wed, 6 Apr 94 13:59:27 PDT Subject: Canadian Revolt Message-ID: <9404062059.AA14621@toad.com> A great article has has appeared in the Columbia Tribune, April 04, 94 from Associated Press. "CANADIANS GROW MORE REBELLIOUS WHILE SEEKING MORAL BEARINGS" Some quotes: "A booming underground economy has sprung up, largely in reaction to a hated federal goods and services tax of 7 percent on virtually everything, even postage stamps, added to provincial sales taxes of up to 12 percent." "It is common for home-repair contractors, auto mechanics, landscap- ers & other small entrepreneurs to give 2 estimates: cash, with no paper work, & a much higher estimate that includes taxes & a receipt." "Cigarette taxes as high as 400% caused a revolt among Quebec merchants, who began selling cheap contraband smokes openly in defi- ance of the law. The revolt spread, & ultimately, the federal govern- ment & several provinces drastically reduced tobacco taxes." "A judge in Ontario ordered a ban on publication of evidence in a sensational sex-murder case until a 2nd person charged had been tried. It didn't take long for details to spread across Canada through computer networks." "Things are so bad in New Brunswick that the provincial government urges citizens to inform on people they suspect of evading taxes, using a crime-stoppers telephone number New Brunswickers call "The Rat Line."" "Is government losing control over the people?" "How does a gov'ment enforce a publication ban in an electronic age?" "What does a heavily indebted government do when it can push taxes no higher?" "In some cases, its government at the limit of its control, or the limit of how much control people will tolerate." Hey! is this happy news or what? I'm surprised that AP carried this. I'm surprised that no other C'punks mentioned this. Didn't anyone else's paper carry this? This is shameful! Our docile homebody neighbors to the north are out- doing us in revolting! All that Americans can do is get into race, gender, & ethnic hostilities contrived by our Federal govt. & its bedmate big-news-media. Of course this is why the Feds have contrived & fed these hostilities. Otherwise, we'd notice that all the Federal govt. does is take approx. 25-30% of our money, encourage internal hostilities & monopolies, & in this century, drag us into wars all over the world. Strategic Investing has predicted that in the next few years the Federal gov. will lose a lot of its power. Not many were predicting the demise of the Soviet Union a few years before it did so. Lets hope the Feds won't have completely destroyed our economy before we dump them. Note to our foreign list members: About all we hear from our mass media news sources of foreign conflicts are body counts, statements of "strife", & press releases. Its pretty bad in content although the production values are great. Usually we don't get told the really good news of State powers lost - such as taxes not able to be collected, id schemes that fail, laws collectively scoffed at. If you have some good news - write! Yours Truly, Gary Jeffers PUSH EM BACK! PUSH EM BACK! WWWAAAAYYYY BBBAAACCCKKK! BBBEEEAAATTTT STATE! From plaz at netcom.com Wed Apr 6 14:00:01 1994 From: plaz at netcom.com (Plaz) Date: Wed, 6 Apr 94 14:00:01 PDT Subject: This List--Public, Private, or Other? (fwd) Message-ID: <199404062100.OAA10111@mail.netcom.com> I found Tim's post the other day on why he quit the extropians list a tad offensive. In a forum where no one is interested in the particulars, he brought up the old "Extropian Dogma" argument. It would be unreasonable of me to argue the point, as it would be far off topic in this forum to refute him. I would like to state, however, that I dislike the his stating his ignorance and then pronouncing his opinion as fact. (Or more annoyingly, in the reverse order.) Tim, you are well aware that I read the cypherpunks list, and that I would interpret the jibe 'certain folks were treating the "Extropian Principles 2.0" as a kind of catechism to be quoted to doubters' as aimed at myself, since you levelled that charge at me at the time. Is this a deliberate attempt to insult me? In a forum that would be difficult to reasonably defend myself? A tactic hardly worthy of you. Difficult to swallow portions of the message: >The Extropians are a fine bunch, and I enjoyed my 18 months on the >list. Ultimately, it was taking too much of my time for too little new >information in return, certain folks were treating the "Extropian >Principles 2.0" as a kind of catechism to be quoted to doubters, and >the personal invective was intensifying. I chose to leave and to use >the saved time to learn to play the electric guitar....seriously. [...] >It is true that Max More, the Extropian Maximalus, and I did exchange >some harsh words, mostly over Max's dislike of my pointing out some >disturbing parallels between Extropianism and certain religions. I >don't believe Max is a huckster, a la L. Ron Hubbard and >Dianetics/Scientology, but it is also the case that I found nothing >personally very interesting or satisfying in centering arguments >around ideas like "Dynamic Optimism" and "Unbounded Rationality" (I >never did learn the exact wording of the Five Principles, so bear with >me). > >I remain on good terms with the many Extropian folks who I see at Bay >Area events and parties, and I even talked to Max at a party several >weeks ago. I wish them well, as our interests often coincide (and many >are on the Cypherpunks list), but I have some doubts that membership >will grow significantly--the type of bright, independent, >anarcho-capitalist folks drawn to discussions of the sort Extropians >like to engage in are seldom interested in dogma, even if the dogma is >Rational and Dynamically Optimistic. In spite of the fact that I would like to "set the record straight" on some of your assertions, I refuse to debate this terribly one sided representation of these events. Events that entailed some of the worst behavior I've ever seen from all parties, particularily from you, Mr. May. IMO, levelling these assertions up out of nowhere, for no reason, is not a way to stay on good terms. - A somewhat pissed plaz, who still maintains he is not, nor has ever been, dogmatic about the damned Extropian Principles. _______________________________________________________________________ Geoff Dale -- Cypherpunk/Extropian -- Plastic Beethoven AnarchyPPL - Anarch (Adjudicator) ExI-Freegate Virtual Branch Head plaz at netcom.com 66 Pyramid Plaza plaz at io.com Freegate, Metaverse at io.com 7777 From darklord+ at CMU.EDU Wed Apr 6 14:03:09 1994 From: darklord+ at CMU.EDU (Jeremiah A Blatz) Date: Wed, 6 Apr 94 14:03:09 PDT Subject: one small comment about a big problem In-Reply-To: <9404051908.AA13274@odin.UU.NET> Message-ID: Excerpts from internet.cypherpunks: 5-Apr-94 one small comment about a b.. by Bob Stratton at uunet.uu.ne > >>>>> "tmp" == tmp writes: > > ... > tmp> unix passwords represent a reasonable amount of > tmp> security. they prevent me from hijacking your account. more > tmp> sophisticated levels exist. > > I would take issue with this statement on its face. I refer you all to > the recent House hearings on Internet Security, and the statements > made by all of the panel members. Note, he said *your* account. *My* password is immune to a dictionary attack, is yours. Now, people can choose their passwords, and you can choose a password that's easier to remember and harder to crack than a PIN number (or long distance number, or whatever). These recent hearings will alert (l)users to choose something other than "simple" ( <-- Ames ) as a password. > Reusable passwords are dead. Anyone who insists on using them is part > of the problem, not part of the solution. If you won't do it for > yourself, do it for your neighbors who will be attacked from your > site. Ummmm, yeah, or something. Doncha love it when someone makes a claim like this, y'know, one that's so out there, so whacked, and doesn't back it up except with some limp attempt at coersion? I mean, I usually assume that people who can figure out how to send e-mail are intelligent enough to realize that people don't go for this sort of thing. I just don't get it. Shaking his head disappointedly, jer darklord at cmu.edu | "it's not a matter of rights / it's just a matter of war finger me for my | don't have a reason to fight / they never had one before" Geek Code and | -Ministry, "Hero" PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/ From unicorn at access.digex.net Wed Apr 6 14:16:37 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 6 Apr 94 14:16:37 PDT Subject: nsa digital cash? In-Reply-To: <199404061541.IAA13847@mail.netcom.com> Message-ID: <199404062116.AA13470@access3.digex.net> > > > erik hughes writes: > >>i doubt it will be long before there > >>are some official government agencies developing the official u.s. > >>digital cash system. > > > >This statement betrays an enormous ignorance at the scale of Federal > >involvement in retail transaction systems. The Fed operates Fedwire, > >for moving federal funds around, and also does check clearing at the > >national level. All the retail level transaction systems are in > >private hands, be they ATM networks and consortia or the credit card > >companies. > > so? what's your point? my point was that the nsa was a prime candidate > agency for trying to *expand* the current federal role in the cash > system. are you saying the federal government already has a `digital > cash system'? well, yes, i guess in some sense. I don't think this is consistent with the approach the NSA has traditionally taken, nor do I think it is consistent with the general attitude for the proper place of intelligence agencies. See below. > what guarantees that `retail level transaction systems' will always be > in private hands? don't you think the nsa would really get their jollies > from building the offical Secure Cash Register System with clipper > chips built in? isn't this pretty much what they are trying to do with > `private' computers right now? What intelligence agency would want to use a system that was obviously in federal control? Why do you think BCCI was so popular with intelligence agencies? The KEY effort in any agency is money laundering. This is by definition the primary function of intelligence agencies, to bring funds to bear properly and quietly on projects and goals that don't sit well in public. Using an "offical [sic] Secure Cash Register System" is shooting an intelligence agency and all the benefits of quiet transactions in the foot. Rule #X: Intelligence agencies use foreign banks frequently. > > are you saying you don't expect the federal government to expand their > role in cash systems? or that it is already as large as it can get? Lumping the Federal system in with intelligence agencies in this context betrays significant ignorance in the structure of modern government. Between this and your misconception of the Federal financial structure that Eric was so quick to point out, I think you should keep your day job Det, or is this it? > we have to fight off these encroaches onto private territory wherever > they happen. clipper was *not* a surprise given the past nsa history. Clipper is a HUGE surprise considering the NSA history. Two words: Too Public. I attribute the public outing of the NSA to an [unnamed] high administration official with no concept of the proper application of intelligence agencies except as a tool to support his dwindling programs. I have a tremendous respect for the Office of the Presidency however. The fact that the NSA is publicly supporting clipper betrays fear by the administration, the improper use of the agency, and a great deal of ignorance in intelligence in general. I might add that in my personal opinion it is a perversion. > it would *not* be surprising if the nsa got into the digital cash > design area in the future, or expanded its role in the current one. Yes it would. This is not the function of the NSA. The NSA either performs communications and signal intelligence or functions as an appropriations agency for secure communications channels for government. The contemporary trend to use the agency for anything from public relations and government regulations is a mistake of application by the current administration. The NSA is enjoying its moment in the spotlight for the time, but at the core this is a secret agency. One of two things will happen (and I would argue one of these already has) 1> The responsibility for the darker activities the NSA is (was) responsible for will be switched. 2> The NSA will grow tired of its moments in the limelight and realize that serious business needs to be attended to. The NSA is always better off when no one is talking about the NSA. An NSA that participates in the public restructuring of a basic financial system on any level beyond the development of the technology is just not in line with an agency that has better security on the local power stations than the President has in general. > besides, who the hell are you to call me `enormously ignorant', > vacuum brain! you act like you own the list or something. (oh no, > not that thread again-- cypherpunks list as a volleyball game.... > SPIKE!!!) > Your petty attempts at punctuation filtration leave much to be desired. We all know you, just use caps ok? > `betraying an enormous ignorance', > --tmp You said it, I did not, except for above. > (erik hughes's OTHER testicle ) > I don't think so. Eric's testicles are surely much larger than you. -uni- (Dark) From unicorn at access.digex.net Wed Apr 6 14:49:49 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 6 Apr 94 14:49:49 PDT Subject: Remailer Pinging Message-ID: <199404062149.AA26083@access1.digex.net> It occured to me, and I'm probably not the first, that it would be quite a resource to have a finger server that dumps the last ping responses for the active remailers. Would it be difficult to cook up a script that pings the remailers every 12 or 24 hours and then stores the "last ping received" data and dumps it on a remote finger command? I would myself but I dont have the hardware resources :( My programming leaves much to be desired as well. Problems? Comments? -uni- (Dark) From jim at Tadpole.COM Wed Apr 6 15:16:52 1994 From: jim at Tadpole.COM (Jim Thompson) Date: Wed, 6 Apr 94 15:16:52 PDT Subject: "Big Brother Inside" Message-ID: <9404062217.AA01429@chiba.tadpole.com> A local paper would like to include this in a story they (may be/are) doing. Is it available in PostScript anywhere? Jim From fhalper at pilot.njin.net Wed Apr 6 15:29:06 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Wed, 6 Apr 94 15:29:06 PDT Subject: Need Remailer list Message-ID: <9404062228.AA03232@pilot.njin.net> Hi, Could someone send me a list of Remailers or recommend one which they think is the most reliable? Much thanks, Reuben Halper Montclair High -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi16KosAAAEEAMUwRni4a9+GbuAhHDLcBWK60hCJUYxhr2hYokpELAhx0ejp 2fq61Tu9Hjn051CN8Xy5nu6sv2ODfG/t59l4DJSb5pirQaII3zaX0rMX0ydwGDoW YakL4ow1lNY+d/k14KpIuUW404+fNuNhIGSkdVLQIfbOgh0preK7/P44AKvdABEB AAG0JlJldWJlbiBIYWxwZXIgPGZoYWxwZXJAcGlsb3Qubmppbi5uZXQ+iQCVAgUQ LXorceK7/P44AKvdAQEUxwQAoffTibRlwE5tNQVGvrulh1OQgXNhTRec9vUaUwPy U64FIZ+KnmdfYgiJYXtcItA90EB9MDexazKeqJzMOPShVNOfyiwy2yUlnQs425f8 DxBvM//zuvj6s4/mXDTPUZtG9PP0HVaEGTJY15JdfRqtj/w+HHnsHlgCnj0NnIhX TW8= =D9UX -----END PGP PUBLIC KEY BLOCK----- From cknight at crl.com Wed Apr 6 16:20:36 1994 From: cknight at crl.com (Chris Knight) Date: Wed, 6 Apr 94 16:20:36 PDT Subject: who, me?!?! In-Reply-To: <199404061902.MAA09923@netcom9.netcom.com> Message-ID: On Wed, 6 Apr 1994 tmp at netcom.com wrote: > !?!?!?!?! detweiler this, detweiler that!!! why does everyone keep > calling me `detweiler' when my name is `tmp at netcom.com'?!! The above listed information is NOT a name. > look, i admit i am posting pseudonymously, but your > detweilerian witchhunt is a good reason why Remember the price of being anonymous... Nobody has to believe a word you say. I've sat back and watched my box fill with bullshit for a while now, and I'm quite bored of hitting the delete key... I came on to this list after this "Detweiler" person was long gone. I really have no ideas or impressions of this person. I also have no idea who you are, but I am aware that there have been some inconsistancies in your behavior and knowledge. 1) You claim to be a reent arrival to this list, yet post messages that are inflamitory, and refer to topics that traversed the net before your arrival. 2) In a recent post, you used the term "detweilering". Funny, but that term has never been posted in any public messages to you, yet was a common term... 3) In one message you use the phrase "Whoever this Detweiler person is", and then go on in the message to speak about his MO, which you, as a new list member, wouldn't know... 4) In a recent message you made a pun of testical/tentical... Before your time, if you weren't lying about being new... Personally, I don't care who you are. I do think you try to be an asshole, and you love getting on people's nerves. You have earned this flack. Enjoy it. -ck From jamiel at sybase.com Wed Apr 6 16:37:59 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Wed, 6 Apr 94 16:37:59 PDT Subject: Message-ID: <9404062337.AA21920@ralph.sybgate.sybase.com> At 11:26 AM 04/06/94 -0400, montgo at nws.globe.com wrote: >the project, hoping to hear why they did, what fun if any it was, and what's >it >like when they tell you to shut down...sense of loss? Whatever Sound excited to be doing the story. ;) From blancw at microsoft.com Wed Apr 6 17:15:33 1994 From: blancw at microsoft.com (Blanc Weber) Date: Wed, 6 Apr 94 17:15:33 PDT Subject: who, me?!?! Message-ID: <9404070016.AA14203@netmail2.microsoft.com> From: !?!?!?!?! detweiler this, detweiler that!!! why does everyone keep calling me `detweiler' when my name is `tmp at netcom.com'?!! i am just a good cyberspatial citizen trying to build up reputation under a new name, and it doesn't help that just because i i use the word `detweiler', you throw me in your kill files. ...................................................................... ........................... If tmp at netcom.com is what you say & think you are, then I say that is what you must be, and how you should be considered. If you are trying to build up a reputation under a new name on this list, I should think it would be best to post only upon those subjects which are relevant and pertinent to the interests of those who subscribe to it, without continuing to draw attention to, focus upon, and emphasize the inappropriate associations to the inimitable detweiler and the impressions which his personality has made upon everyone in the past. If you are not so ignorant after all and have serious contributions to the subjects which are of mutual interest to others on the list besides T.C. May, Eric Hughes, and Perry Metzger, surely you could present your thoughts&ideas so that everyone who reads the message could think that it was also relevant to them as well, addressing the subjects at hand without implications to the that trio of personalities on your list. Since you have read the FAQs on the cypherpunks and have been on the list awhile, you must be familiar with the philosophical stands taken on a number of subjects, and therefore what kind of responses you might expect from a particular attitude/discussion on any of them. Surely if you post in a civilized, serious manner on subjects which are important to yourself which could also appeal to others, you could leave the image of detweiler behind and move on to other, more important subjects. It is true that your recent postings have not brought out the best in everyone, what with the spitting, cursing, and identification with private body parts . I do think, however, that if you were to converse on a higher, more rarified intellectual level, everyone would settle down, ignore the unfortunate association with L.D., and forget the misconception they have of your pseudonymous personhood. Blanc From perry at bacon.imsi.com Wed Apr 6 17:18:16 1994 From: perry at bacon.imsi.com (Perry E. Metzger) Date: Wed, 6 Apr 94 17:18:16 PDT Subject: tmp@netcom.com Message-ID: <9404070018.AA18566@bacon.imsi.com> If tmp at netcom.com isn't Detweiler, then he is invited to inform us who he is. I admit that this is unfair. However, who said life was fair? Perry From phantom at u.washington.edu Wed Apr 6 17:40:05 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Wed, 6 Apr 94 17:40:05 PDT Subject: RSA tutoring Message-ID: I need just a bit of help on RSA, if someone who has a good grasp of it (it _isn't_ that hard, I just want to compare numbers, etc) could drop me a line..? I'd like to exchange a bit of email in the next few days and see if I can't iron out some of my problems. :) mt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From grady at netcom.com Wed Apr 6 11:02:04 1994 From: grady at netcom.com (Grady Ward) Date: Wed, 6 Apr 1994 18:02:04 GMT Subject: NSA employee's security manual Message-ID: From: Phrack Magazine issue #45 30 March 94 Editor: Chris Goggans (aka Erik Bloodaxe) 603 W. 13th #1A-278 Austin, TX 78701 erikb at mindvox.phantom.com (This reputedly is from the NSA new employee security manual) posted to Usenet talk.politics.crypto and alt.politics.org.nsa Phrack is archived at Len Rose's anonymous ft site ftp.netsys.com Security Guidelines This handbook is designed to introduce you to some of the basic security principles and procedures with which all NSA employees must comply. It highlights some of your security responsibilities, and provides guidelines for answering questions you may be asked concerning your association with this Agency. Although you will be busy during the forthcoming weeks learning your job, meeting co-workers, and becoming accustomed to a new work environment, you are urged to become familiar with the security information contained in this handbook. Please note that a listing of telephone numbers is provided at the end of this handbook should you have any questions or concerns. Introduction In joining NSA you have been given an opportunity to participate in the activities of one of the most important intelligence organizations of the United States Government. At the same time, you have also assumed a trust which carries with it a most important individual responsibility--the safeguarding of sensitive information vital to the security of our nation. While it is impossible to estimate in actual dollars and cents the value of the work being conducted by this Agency, the information to which you will have access at NSA is without question critically important to the defense of the United States. Since this information may be useful only if it is kept secret, it requires a very special measure of protection. The specific nature of this protection is set forth in various Agency security regulations and directives. The total NSA Security Program, however, extends beyond these regulations. It is based upon the concept that security begins as a state of mind. The program is designed to develop an appreciation of the need to protect information vital to the national defense, and to foster the development of a level of awareness which will make security more than routine compliance with regulations. At times, security practices and procedures cause personal inconvenience. They take time and effort and on occasion may make it necessary for you to voluntarily forego some of your usual personal perogatives. But your compensation for the inconvenience is the knowledge that the work you are accomplishing at NSA, within a framework of sound security practices, contributes significantly to the defense and continued security of the United States of America. I extend to you my very best wishes as you enter upon your chosen career or assignment with NSA. Philip T. Pease Director of Security INITIAL SECURITY RESPONSIBILITIES Anonymity Perhaps one of the first security practices with which new NSA personnel should become acquainted is the practice of anonymity. In an open society such as ours, this practice is necessary because information which is generally available to the public is available also to hostile intelligence. Therefore, the Agency mission is best accomplished apart from public attention. Basically, anonymity means that NSA personnel are encouraged not to draw attention to themselves nor to their association with this Agency. NSA personnel are also cautioned neither to confirm nor deny any specific questions about NSA activities directed to them by individuals not affiliated with the Agency. The ramifications of the practice of anonymity are rather far reaching, and its success depends on the cooperation of all Agency personnel. Described below you will find some examples of situations that you may encounter concerning your employment and how you should cope with them. Beyond the situations cited, your judgement and discretion will become the deciding factors in how you respond to questions about your employment. Answering Questions About Your Employment Certainly, you may tell your family and friends that you are employed at or assigned to the National Security Agency. There is no valid reason to deny them this information. However, you may not disclose to them any information concerning specific aspects of the Agency's mission, activities, and organization. You should also ask them not to publicize your association with NSA. Should strangers or casual acquaintances question you about your place of employment, an appropriate reply would be that you work for the Department of Defense. If questioned further as to where you are employed within the Department of Defense, you may reply, "NSA." When you inform someone that you work for NSA (or the Department of Defense) you may expect that the next question will be, "What do you do?" It is a good idea to anticipate this question and to formulate an appropriate answer. Do not act mysteriously about your employment, as that would only succeed in drawing more attention to yourself. If you are employed as a secretary, engineer, computer scientist, or in a clerical, administrative, technical, or other capacity identifiable by a general title which in no way indicates how your talents are being applied to the mission of the Agency, it is suggested that you state this general title. If you are employed as a linguist, you may say that you are a linguist, if necessary. However, you should not indicate the specific language(s) with which you are involved. The use of service specialty titles which tend to suggest or reveal the nature of the Agency's mission or specific aspects of their work. These professional titles, such as cryptanalyst, signals collection officer, and intelligence research analyst, if given verbatim to an outsider, would likely generate further questions which may touch upon the classified aspects of your work. Therefore, in conversation with outsiders, it is suggested that such job titles be generalized. For example, you might indicate that you are a "research analyst." You may not, however, discuss the specific nature of your analytic work. Answering Questions About Your Agency Training During your career or assignment at NSA, there is a good chance that you will receive some type of job-related training. In many instances the nature of the training is not classified. However, in some situations the specialized training you receive will relate directly to sensitive Agency functions. In such cases, the nature of this training may not be discussed with persons outside of this Agency. If your training at the Agency includes language training, your explanation for the source of your linguistic knowledge should be that you obtained it while working for the Department of Defense. You Should not draw undue attention to your language abilities, and you may not discuss how you apply your language skill at the Agency. If you are considering part-time employment which requires the use of language or technical skills similar to those required for the performance of your NSA assigned duties, you must report (in advance) the anticipated part-time work through your Staff Security Officer (SSO) to the Office of Security's Clearance Division (M55). Verifying Your Employment On occasion, personnel must provide information concerning their employment to credit institutions in connection with various types of applications for credit. In such situations you may state, if you are a civilian employee, that you are employed by NSA and indicate your pay grade or salary. Once again, generalize your job title. If any further information is desired by persons or firms with whom you may be dealing, instruct them to request such information by correspondence addressed to: Director of Civilian Personnel, National Security Agency, Fort George G. Meade, Maryland 20755-6000. Military personnel should use their support group designator and address when indicating their current assignment. If you contemplate leaving NSA for employment elsewhere, you may be required to submit a resume/job application, or to participate in extensive employment interviews. In such circumstances, you should have your resume reviewed by the Classification Advisory Officer (CAO) assigned to your organization. Your CAO will ensure that any classified operational details of your duties have been excluded and will provide you with an unclassified job description. Should you leave the Agency before preparing such a resume, you may develop one and send it by registered mail to the NSA/CSS Information Policy Division (Q43) for review. Remember, your obligation to protect sensitive Agency information extends beyond your employment at NSA. The Agency And Public News Media >From time to time you may find that the agency is the topic of reports or articles appearing in public news media--newspapers, magazines, books, radio and TV. The NSA/CSS Information Policy Division (Q43) represents the Agency in matters involving the press and other media. This office serves at the Agency's official media center and is the Director's liaison office for public relations, both in the community and with other government agencies. The Information Policy Division must approve the release of all information for and about NSA, its mission, activities, and personnel. In order to protect the aspects of Agency operations, NSA personnel must refrain from either confirming or denying any information concerning the Agency or its activities which may appear in the public media. If you are asked about the activities of NSA, the best response is "no comment." You should the notify Q43 of the attempted inquiry. For the most part, public references to NSA are based upon educated guesses. The Agency does not normally make a practice of issuing public statements about its activities. GENERAL RESPONSIBILITIES Espionage And Terrorism During your security indoctrination and throughout your NSA career you will become increasingly aware of the espionage and terrorist threat to the United States. Your vigilance is the best single defense in protecting NSA information, operations, facilities and people. Any information that comes to your attention that suggests to you the existence of, or potential for, espionage or terrorism against the U.S. or its allies must be promptly reported by you to the Office of Security. There should be no doubt in your mind about the reality of the threats. You are now affiliated with the most sensitive agency in government and are expected to exercise vigilance and common sense to protect NSA against these threats. Classification Originators of correspondence, communications, equipment, or documents within the Agency are responsible for ensuring that the proper classification, downgrading information and, when appropriate, proper caveat notations are assigned to such material. (This includes any handwritten notes which contain classified information). The three levels of classification are Confidential, Secret and Top Secret. The NSA Classification Manual should be used as guidance in determining proper classification. If after review of this document you need assistance, contact the Classification Advisory Officer (CAO) assigned to your organization, or the Information Policy Division (Q43). Need-To-Know Classified information is disseminated only on a strict "need-to-know" basis. The "need-to-know" policy means that classified information will be disseminated only to those individuals who, in addition to possessing a proper clearance, have a requirement to know this information in order to perform their official duties (need-to-know). No person is entitled to classified information solely by virtue of office, position, rank, or security clearance. All NSA personnel have the responsibility to assert the "need-to-know" policy as part of their responsibility to protect sensitive information. Determination of "need-to-know" is a supervisory responsibility. This means that if there is any doubt in your mind as to an individual's "need-to-know," you should always check with your supervisor before releasing any classified material under your control. For Official Use Only Separate from classified information is information or material marked "FOR OFFICIAL USE ONLY" (such as this handbook). This designation is used to identify that official information or material which, although unclassified, is exempt from the requirement for public disclosure of information concerning government activities and which, for a significant reason, should not be given general circulation. Each holder of "FOR OFFICAL USE ONLY" (FOUO) information or material is authorized to disclose such information or material to persons in other departments or agencies of the Executive and Judicial branches when it is determined that the information or material is required to carry our a government function. The recipient must be advised that the information or material is not to be disclosed to the general public. Material which bears the "FOR OFFICIAL USE ONLY" caveat does not come under the regulations governing the protection of classified information. The unauthorized disclosure of information marked "FOR OFFICIAL USE ONLY" does not constitute an unauthorized disclosure of classified defense information. However, Department of Defense and NSA regulations prohibit the unauthorized disclosure of information designated "FOR OFFICIAL USE ONLY." Appropriate administrative action will be taken to determine responsibility and to apply corrective and/or disciplinary measures in cases of unauthorized disclosure of information which bears the "FOR OFFICIAL USE ONLY" caveat. Reasonable care must be exercised in limiting the dissemination of "FOR OFFICIAL USE ONLY" information. While you may take this handbook home for further study, remember that is does contain "FOR OFFICIAL USE ONLY" information which should be protected. Prepublication Review All NSA personnel (employees, military assignees, and contractors) must submit for review any planned articles, books, speeches, resumes, or public statements that may contain classified, classifiable, NSA-derived, or unclassified protected information, e.g., information relating to the organization, mission, functions, or activities of NSA. Your obligation to protect this sensitive information is a lifetime one. Even when you resign, retire, or otherwise end your affiliation with NSA, you must submit this type of material for prepublication review. For additional details, contact the Information Policy Division (Q43) for an explanation of prepublication review procedures. Personnel Security Responsibilities Perhaps you an recall your initial impression upon entering an NSA facility. Like most people, you probably noticed the elaborate physical security safeguards--fences, concrete barriers, Security Protective Officers, identification badges, etc. While these measures provide a substantial degree of protection for the information housed within our buildings, they represent only a portion of the overall Agency security program. In fact, vast amounts of information leave our facilities daily in the minds of NSA personnel, and this is where our greatest vulnerability lies. Experience has indicated that because of the vital information we work with at NSA, Agency personnel may become potential targets for hostile intelligence efforts. Special safeguards are therefore necessary to protect our personnel. Accordingly, the Agency has an extensive personnel security program which establishes internal policies and guidelines governing employee conduct and activities. These policies cover a variety of topics, all of which are designed to protect both you and the sensitive information you will gain through your work at NSA. Association With Foreign Nationals As a member of the U.S. Intelligence Community and by virtue of your access to sensitive information, you are a potential target for hostile intelligence activities carried out by or on behalf of citizens of foreign countries. A policy concerning association with foreign nationals has been established by the Agency to minimize the likelihood that its personnel might become subject to undue influence or duress or targets of hostile activities through foreign relationships. As an NSA affiliate, you are prohibited from initiating or maintaining associations (regardless of the nature and degree) with citizens or officials of communist-controlled, or other countries which pose a significant threat to the security of the United States and its interests. A comprehensive list of these designated countries is available from your Staff Security Officer or the Security Awareness Division. Any contact with citizens of these countries, no matter how brief or seemingly innocuous, must be reported as soon as possible to your Staff Security Officer (SSO). (Individuals designated as Staff Security Officers are assigned to every organization; a listing of Staff Security Officers can be found at the back of this handbook). Additionally, close and continuing associations with any non-U.S. citizens which are characterized by ties of kinship, obligation, or affection are prohibited. A waiver to this policy may be granted only under the most exceptional circumstances when there is a truly compelling need for an individual's services or skills and the security risk is negligible. In particular, a waiver must be granted in advance of a marriage to or cohabitation with a foreign national in order to retain one's access to NSA information. Accordingly, any intent to cohabitate with or marry a non-U.S. citizen must be reported immediately to your Staff Security Officer. If a waiver is granted, future reassignments both at headquarters and overseas may be affected. The marriage or intended marriage of an immediate family member (parents, siblings, children) to a foreign national must also be reported through your SSO to the Clearance Division (M55). Casual social associations with foreign nationals (other than those of the designated countries mentioned above) which arise from normal living and working arrangements in the community usually do not have to be reported. During the course of these casual social associations, you are encouraged to extend the usual social amenities. Do not act mysteriously or draw attention to yourself (and possibly to NSA) by displaying an unusually wary attitude. Naturally, your affiliation with the Agency and the nature of your work should not be discussed. Again, you should be careful not to allow these associations to become close and continuing to the extent that they are characterized by ties of kinship, obligation, or affection. If at any time you feel that a "casual" association is in any way suspicious, you should report this to your Staff Security Officer immediately. Whenever any doubt exists as to whether or not a situation should be reported or made a matter of record, you should decided in favor of reporting it. In this way, the situation can be evaluated on its own merits, and you can be advised as to your future course of action. Correspondence With Foreign Nationals NSA personnel are discouraged from initiating correspondence with individuals who are citizens of foreign countries. Correspondence with citizens of communist-controlled or other designated countries is prohibited. Casual social correspondence, including the "penpal" variety, with other foreign acquaintances is acceptable and need not be reported. If, however, this correspondence should escalate in its frequency or nature, you should report that through your Staff Security Officer to the Clearance Division (M55). Embassy Visits Since a significant percentage of all espionage activity is known to be conducted through foreign embassies, consulates, etc., Agency policy discourages visits to embassies, consulates or other official establishments of a foreign government. Each case, however, must be judged on the circumstances involved. Therefore, if you plan to visit a foreign embassy for any reason (even to obtain a visa), you must consult with, and obtain the prior approval of, your immediate supervisor and the Security Awareness Division (M56). Amateur Radio Activities Amateur radio (ham radio) activities are known to be exploited by hostile intelligence services to identify individuals with access to classified information; therefore, all licensed operators are expected to be familiar with NSA/CSS Regulation 100-1, "Operation of Amateur Radio Stations" (23 October 1986). The specific limitations on contacts with operators from communist and designated countries are of particular importance. If you are an amateur radio operator you should advise the Security Awareness Division (M56) of your amateur radio activities so that detailed guidance may be furnished to you. Unofficial Foreign Travel In order to further protect sensitive information from possible compromise resulting from terrorism, coercion, interrogation or capture of Agency personnel by hostile nations and/or terrorist groups, the Agency has established certain policies and procedures concerning unofficial foreign travel. All Agency personnel (civilian employees, military assignees, and contractors) who are planning unofficial foreign travel must have that travel approved by submitting a proposed itinerary to the Security Awareness Division (M56) at least 30 working days prior to their planned departure from the United States. Your itinerary should be submitted on Form K2579 (Unofficial Foreign Travel Request). This form provides space for noting the countries to be visited, mode of travel, and dates of departure and return. Your immediate supervisor must sign this form to indicate whether or not your proposed travel poses a risk to the sensitive information, activities, or projects of which you may have knowledge due to your current assignment. After your supervisor's assessment is made, this form should be forwarded to the Security Awareness Director (M56). Your itinerary will then be reviewed in light of the existing situation in the country or countries to be visited, and a decision for approval or disapproval will be based on this assessment. The purpose of this policy is to limit the risk of travel to areas of the world where a threat may exist to you and to your knowledge of classified Agency activities. In this context, travel to communist-controlled and other hazardous activity areas is prohibited. A listing of these hazardous activity areas is prohibited. A listing of these hazardous activity areas can be found in Annex A of NSA/CSS Regulation No. 30-31, "Security Requirements for Foreign Travel" (12 June 1987). From time to time, travel may also be prohibited to certain areas where the threat from hostile intelligence services, terrorism, criminal activity or insurgency poses an unacceptable risk to Agency employees and to the sensitive information they possess. Advance travel deposits made without prior agency approval of the proposed travel may result in financial losses by the employee should the travel be disapproved, so it is important to obtain approval prior to committing yourself financially. Questions regarding which areas of the world currently pose a threat should be directed to the Security Awareness Division (M56). Unofficial foreign travel to Canada, the Bahamas, Bermuda, and Mexico does not require prior approval, however, this travel must still be reported using Form K2579. Travel to these areas may be reported after the fact. While you do not have to report your foreign travel once you have ended your affiliation with the Agency, you should be aware that the risk incurred in travelling to certain areas, from a personal safety and/or counterintelligence standpoint, remains high. The requirement to protect the classified information to which you have had access is a lifetime obligation. Membership In Organizations Within the United States there are numerous organizations with memberships ranging from a few to tens of thousands. While you may certainly participate in the activities of any reputable organization, membership in any international club or professional organization/activity with foreign members should be reported through your Staff Security Officer to the Clearance Division (M55). In most cases there are no security concerns or threats to our employees or affiliates. However, the Office of Security needs the opportunity to research the organization and to assess any possible risk to you and the information to which you have access. In addition to exercising prudence in your choice of organizational affiliations, you should endeavor to avoid participation in public activities of a conspicuously controversial nature because such activities could focus undesirable attention upon you and the Agency. NSA employees may, however, participate in bona fide public affairs such as local politics, so long as such activities do not violate the provisions of the statutes and regulations which govern the political activities of all federal employees. Additional information may be obtained from your Personnel Representative. Changes In Marital Status/Cohabitation/Names All personnel, either employed by or assigned to NSA, must advise the Office of Security of any changes in their marital status (either marriage or divorce), cohabitation arrangements, or legal name changes. Such changes should be reported by completing NSA Form G1982 (Report of Marriage/Marital Status Change/Name Change), and following the instructions printed on the form. Use And Abuse Of Drugs It is the policy of the National Security Agency to prevent and eliminate the improper use of drugs by Agency employees and other personnel associated with the Agency. The term "drugs" includes all controlled drugs or substances identified and listed in the Controlled Substances Act of 1970, as amended, which includes but is not limited to: narcotics, depressants, stimulants, cocaine, hallucinogens ad cannabis (marijuana, hashish, and hashish oil). The use of illegal drugs or the abuse of prescription drugs by persons employed by, assigned or detailed to the Agency may adversely affect the national security; may have a serious damaging effect on the safety and the safety of others; and may lead to criminal prosecution. Such use of drugs either within or outside Agency controlled facilities is prohibited. Physical Security Policies The physical security program at NSA provides protection for classified material and operations and ensures that only persons authorized access to the Agency's spaces and classified material are permitted such access. This program is concerned not only with the Agency's physical plant and facilities, but also with the internal and external procedures for safeguarding the Agency's classified material and activities. Therefore, physical security safeguards include Security Protective Officers, fences, concrete barriers, access control points, identification badges, safes, and the compartmentalization of physical spaces. While any one of these safeguards represents only a delay factor against attempts to gain unauthorized access to NSA spaces and material, the total combination of all these safeguards represents a formidable barrier against physical penetration of NSA. Working together with personnel security policies, they provide "security in depth." The physical security program depends on interlocking procedures. The responsibility for carrying out many of these procedures rests with the individual. This means you, and every person employed by, assign, or detailed to the Agency, must assume the responsibility for protecting classified material. Included in your responsibilities are: challenging visitors in operational areas; determining "need-to-know;" limiting classified conversations to approved areas; following established locking and checking procedures; properly using the secure and non-secure telephone systems; correctly wrapping and packaging classified data for transmittal; and placing classified waste in burn bags. The NSA Badge Even before you enter an NSA facility, you have a constant reminder of security--the NSA badge. Every person who enters an NSA installation is required to wear an authorized badge. To enter most NSA facilities your badge must be inserted into an Access Control Terminal at a building entrance and you must enter your Personal Identification Number (PIN) on the terminal keyboard. In the absence of an Access Control Terminal, or when passing an internal security checkpoint, the badge should be held up for viewing by a Security Protective Officer. The badge must be displayed at all times while the individual remains within any NSA installation. NSA Badges must be clipped to a beaded neck chain. If necessary for the safety of those working in the area of electrical equipment or machinery, rubber tubing may be used to insulate the badge chain. For those Agency personnel working in proximity to other machinery or equipment, the clip may be used to attach the badge to the wearer's clothing, but it must also remain attached to the chain. After you leave an NSA installation, remove your badge from public view, thus avoiding publicizing your NSA affiliation. Your badge should be kept in a safe place which is convenient enough to ensure that you will be reminded to bring it with you to work. A good rule of thumb is to afford your badge the same protection you give your wallet or your credit cards. DO NOT write your Personal Identification Number on your badge. If you plan to be away from the Agency for a period of more than 30 days, your badge should be left at the main Visitor Control Center which services your facility. Should you lose your badge, you must report the facts and circumstances immediately to the Security Operations Center (SOC) (963-3371s/688-6911b) so that your badge PIN can be deactivated in the Access Control Terminals. In the event that you forget your badge when reporting for duty, you may obtain a "non-retention" Temporary Badge at the main Visitor Control Center which serves your facility after a co-worker personally identifies your and your clearance has been verified. Your badge is to be used as identification only within NSA facilities or other government installations where the NSA badge is recognized. Your badge should never be used outside of the NSA or other government facilities for the purpose of personal identification. You should obtain a Department of Defense identification card from the Civilian Welfare Fund (CWF) if you need to identify yourself as a government employee when applying for "government discounts" offered at various commercial establishments. Your badge color indicates your particular affiliation with NSA and your level of clearance. Listed below are explanations of the badge colors you are most likely to see: Green (*) Fully cleared NSA employees and certain military assignees. Orange (*) (or Gold) Fully cleared representative of other government agencies. Black (*) Fully cleared contractors or consultants. Blue Employees who are cleared to the SECRET level while awaiting completion of their processing for full (TS/SI) clearance. These Limited Interim Clearance (LIC) employees are restricted to certain activities while inside a secure area. Red Clearance level is not specified, so assume the holder is uncleared. * - Fully cleared status means that the person has been cleared to the Top Secret (TS) level and indoctrinated for Special Intelligence (SI). All badges with solid color backgrounds (permanent badges) are kept by individuals until their NSA employment or assignment ends. Striped badges ("non-retention" badges) are generally issued to visitors and are returned to the Security Protective Officer upon departure from an NSA facility. Area Control Within NSA installations there are generally two types of areas, Administrative and Secure. An Administrative Area is one in which storage of classified information is not authorized, and in which discussions of a classified nature are forbidden. This type of area would include the corridors, restrooms, cafeterias, visitor control areas, credit union, barber shop, and drugstore. Since uncleared, non-NSA personnel are often present in these areas, all Agency personnel must ensure that no classified information is discussed in an Administrative Area. Classified information being transported within Agency facilities must be placed within envelopes, folders, briefcases, etc. to ensure that its contents or classification markings are not disclosed to unauthorized persons, or that materials are not inadvertently dropped enroute. The normal operational work spaces within an NSA facility are designated Secure Areas. These areas are approved for classified discussions and for the storage of classified material. Escorts must be provided if it is necessary for uncleared personnel (repairmen, etc.) to enter Secure Areas, an all personnel within the areas must be made aware of the presence of uncleared individuals. All unknown, unescorted visitors to Secure Areas should be immediately challenged by the personnel within the area, regardless of the visitors' clearance level (as indicated by their badge color). The corridor doors of these areas must be locked with a deadbolt and all classified information in the area must be properly secured after normal working hours or whenever the area is unoccupied. When storing classified material, the most sensitive material must be stored in the most secure containers. Deadbolt keys for doors to these areas must be returned to the key desk at the end of the workday. For further information regarding Secure Areas, consult the Physical Security Division (M51) or your staff Security Officer. Items Treated As Classified For purposes of transportation, storage and destruction, there are certain types of items which must be treated as classified even though they may not contain classified information. Such items include carbon paper, vu-graphs, punched machine processing cards, punched paper tape, magnetic tape, computer floppy disks, film, and used typewriter ribbons. This special treatment is necessary since a visual examination does not readily reveal whether the items contain classified information. Prohibited Items Because of the potential security or safety hazards, certain items are prohibited under normal circumstances from being brought into or removed from any NSA installation. These items have been groped into two general classes. Class I prohibited items are those which constitute a threat to the safety and security of NSA/CSS personnel and facilities. Items in this category include: a. Firearms and ammunition b. Explosives, incendiary substances, radioactive materials, highly volatile materials, or other hazardous materials c. Contraband or other illegal substances d. Personally owned photographic or electronic equipment including microcomputers, reproduction or recording devices, televisions or radios. Prescribed electronic medical equipment is normally not prohibited, but requires coordination with the Physical Security Division (M51) prior to being brought into any NSA building. Class II prohibited items are those owned by the government or contractors which constitute a threat to physical, technical, or TEMPEST security. Approval by designated organizational officials is required before these items can be brought into or removed from NSA facilities. Examples are: a. Transmitting and receiving equipment b. Recording equipment and media c. Telephone equipment and attachments d. Computing devices and terminals e. Photographic equipment and film A more detailed listing of examples of Prohibited Items may be obtained from your Staff Security Officer or the Physical Security Division (M51). Additionally, you may realize that other seemingly innocuous items are also restricted and should not be brought into any NSA facility. Some of these items pose a technical threat; others must be treated as restricted since a visual inspection does not readily reveal whether they are classified. These items include: a. Negatives from processed film; slides; vu-graphs b. Magnetic media such as floppy disks, cassette tapes, and VCR videotapes c. Remote control devices for telephone answering machines d. Pagers Exit Inspection As you depart NSA facilities, you will note another physical security safeguard--the inspection of the materials you are carrying. This inspection of your materials, conducted by Security Protective Officers, is designed to preclude the inadvertent removal of classified material. It is limited to any articles that you are carrying out of the facility and may include letters, briefcases, newspapers, notebooks, magazines, gym bags, and other such items. Although this practice may involve some inconvenience, it is conducted in your best interest, as well as being a sound security practice. The inconvenience can be considerably reduced if you keep to a minimum the number of personal articles that you remove from the Agency. Removal Of Material From NSA Spaces The Agency maintains strict controls regarding the removal of material from its installations, particularly in the case of classified material. Only under a very limited and official circumstances classified material be removed from Agency spaces. When deemed necessary, specific authorization is required to permit an individual to hand carry classified material out of an NSA building to another Secure Area. Depending on the material and circumstances involved, there are several ways to accomplish this. A Courier Badge authorizes the wearer, for official purposes, to transport classified material, magnetic media, or Class II prohibited items between NSA facilities. These badges, which are strictly controlled, are made available by the Physical Security Division (M51) only to those offices which have specific requirements justifying their use. An Annual Security Pass may be issued to individuals whose official duties require that they transport printed classified materials, information storage media, or Class II prohibited items to secure locations within the local area. Materials carried by an individual who displays this pass are subject to spot inspection by Security Protective Officers or other personnel from the Office of Security. It is not permissible to use an Annual Security Pass for personal convenience to circumvent inspection of your personal property by perimeter Security Protective Officers. If you do not have access to a Courier Badge and you have not been issued an Annual Security Pass, you may obtain a One-Time Security Pass to remove classified materials/magnetic media or admit or remove prohibited items from an NSA installation. These passes may be obtained from designated personnel in your work element who have been given authority to issue them. The issuing official must also contact the Security Operations Center (SOC) to obtain approval for the admission or removal of a Class I prohibited item. When there is an official need to remove government property which is not magnetic media, or a prohibited or classified item, a One-Time Property Pass is used. This type of pass (which is not a Security Pass) may be obtained from your element custodial property officer. A Property Pass is also to be used when an individual is removing personal property which might be reasonably be mistaken for unclassified Government property. This pass is surrendered to the Security Protective Officer at the post where the material is being removed. Use of this pass does not preclude inspection of the item at the perimeter control point by the Security Protective Officer or Security professionals to ensure that the pass is being used correctly. External Protection Of Classified Information On those occasions when an individual must personally transport classified material between locations outside of NSA facilities, the individual who is acting as the courier must ensure that the material receives adequate protection. Protective measures must include double wrapping and packaging of classified information, keeping the material under constant control, ensuring the presence of a second appropriately cleared person when necessary, and delivering the material to authorized persons only. If you are designated as a courier outside the local area, contact the Security Awareness Division (M56) for your courier briefing. Even more basic than these procedures is the individual security responsibility to confine classified conversations to secure areas. Your home, car pool, and public places are not authorized areas to conduct classified discussions--even if everyone involved in he discussion possesses a proper clearance and "need-to-know." The possibility that a conversation could be overheard by unauthorized persons dictates the need to guard against classified discussions in non-secure areas. Classified information acquired during the course of your career or assignment to NSA may not be mentioned directly, indirectly, or by suggestion in personal diaries, records, or memoirs. Reporting Loss Or Disclosure Of Classified Information The extraordinary sensitivity of the NSA mission requires the prompt reporting of any known, suspected, or possible unauthorized disclosure of classified information, or the discovery that classified information may be lost, or is not being afforded proper protection. Any information coming to your attention concerning the loss or unauthorized disclosure of classified information should be reported immediately to your supervisor, your Staff Security Officer, or the Security Operations Center (SOC). Use Of Secure And Non-Secure Telephones Two separate telephone systems have been installed in NSA facilities for use in the conduct of official Agency business: the secure telephone system (gray telephone) and the outside, non-secure telephone system (black telephone). All NSA personnel must ensure that use of either telephone system does not jeopardize the security of classified information. The secure telephone system is authorized for discussion of classified information. Personnel receiving calls on the secure telephone may assume that the caller is authorized to use the system. However, you must ensure that the caller has a "need-to-know" the information you will be discussing. The outside telephone system is only authorized for unclassified official Agency business calls. The discussion of classified information is not permitted on this system. Do not attempt to use "double-talk" in order to discuss classified information over the non-secure telephone system. In order to guard against the inadvertent transmission of classified information over a non-secure telephone, and individual using the black telephone in an area where classified activities are being conducted must caution other personnel in the area that the non-secure telephone is in use. Likewise, you should avoid using the non-secure telephone in the vicinity of a secure telephone which is also in use. HELPFUL INFORMATION Security Resources In the fulfillment of your security responsibilities, you should be aware that there are many resources available to assist you. If you have any questions or concerns regarding security at NSA or your individual security responsibilities, your supervisor should be consulted. Additionally, Staff Security Officers are appointed to the designated Agency elements to assist these organizations in carrying out their security responsibilities. There is a Staff Security Officer assigned to each organization; their phone numbers are listed at the back of this handbook. Staff Security Officers also provide guidance to and monitor the activities of Security Coordinators and Advisors (individuals who, in addition to their operational duties within their respective elements, assist element supervisors or managers in discharging security responsibilities). Within the Office of Security, the Physical Security Division (M51) will offer you assistance in matters such as access control, security passes, clearance verification, combination locks, keys, identification badges, technical security, and the Security Protective Force. The Security Awareness Division (M56) provides security guidance and briefings regarding unofficial foreign travel, couriers, special access, TDY/PCS, and amateur radio activities. The Industrial and Field Security Division (M52) is available to provide security guidance concerning NSA contractor and field site matters. The Security Operations Center (SOC) is operated by two Security Duty Officers (SDOs), 24 hours a day, 7 days a week. The SDO, representing the Office of Security, provides a complete range of security services to include direct communications with fire and rescue personnel for all Agency area facilities. The SDO is available to handle any physical or personnel problems that may arise, and if necessary, can direct your to the appropriate security office that can assist you. After normal business hours, weekends, and holidays, the SOC is the focal point for all security matters for all Agency personnel and facilities (to include Agency field sites and contractors). The SOC is located in Room 2A0120, OPS 2A building and the phone numbers are 688-6911(b), 963-3371(s). However, keep in mind that you may contact any individual or any division within the Office of Security directly. Do not hesitate to report any information which may affect the security of the Agency's mission, information, facilities or personnel. Security-Related Services In addition to Office of Security resources, there are a number of professional, security-related services available for assistance in answering your questions or providing the services which you require. The Installations and Logistics Organization (L) maintains the system for the collection and destruction of classified waste, and is also responsible for the movement and scheduling of material via NSA couriers and the Defense Courier Service (DCS). Additionally, L monitors the proper addressing, marking, and packaging of classified material being transmitted outside of NSA; maintains records pertaining to receipt and transmission of controlled mail; and issues property passes for the removal of unclassified property. The NSA Office of Medical Services (M7) has a staff of physicians, clinical psychologists and an alcoholism counselor. All are well trained to help individuals help themselves in dealing with their problems. Counseling services, with referrals to private mental health professionals when appropriate, are all available to NSA personnel. Appointments can be obtained by contacting M7 directly. When an individual refers himself/herself, the information discussed in the counseling sessions is regarded as privileged medical information and is retained exclusively in M7 unless it pertains to the national security. Counselling interviews are conducted by the Office of Civilian Personnel (M3) with any civilian employee regarding both on and off-the-job problems. M3 is also available to assist all personnel with the personal problems seriously affecting themselves or members of their families. In cases of serious physical or emotional illness, injury, hospitalization, or other personal emergencies, M3 informs concerned Agency elements and maintains liaison with family members in order to provide possible assistance. Similar counselling services are available to military assignees through Military Personnel (M2). GUIDE TO SECURITY M51 PHYSICAL SECURITY 963-6651s/688-8293b (FMHQ) 968-8101s/859-6411b (FANX) CONFIRM and badges Prohibited Items (963-6611s/688-7411b) Locks, keys, safes and alarms SOC (963-3371s/688-6911b) Security/vehicle passes NSA facility protection and compliance Visitor Control Inspections Red/blue seal areas New Construction Pass Clearances (963-4780s/688-6759b) M52 INDUSTRIAL AND FIELD SECURITY 982-7918s/859-6255b Security at contractor field site facilities Verification of classified mailing addresses for contractor facilities M53 INVESTIGATIONS 982-7914s/859-6464b Personnel Interview Program (PIP) Reinvestigations Military Interview Program (MIP) Special investigations M54 COUNTERINTELLIGENCE 982-7832s/859-6424b Security counterintelligence analysis Security compromises M55 CLEARANCES 982-7900s/859-4747b Privacy Act Officer (For review of security files) Continued SCI access Contractor/applicant processing Military access M56 SECURITY AWARENESS 963-3273s/688-6535b Security indoctrinations/debriefings Embassy visits Associations with foreign nationals Briefings (foreign travel, Security Week ham radio, courier, Security posters, brochures, etc. LIC, PCS, TDY, special access, etc.) Foreign travel approval Military contractor orientation Special Access Office (963-5466s/688-6353b) M57 POLYGRAPH 982-7844s/859-6363b Polygraph interviews M509 MANAGEMENT AND POLICY STAFF 982-7885s/859-6350b STAFF SECURITY OFFICERS (SSOs) Element Room Secure/Non-Secure A 2A0852B 963-4650/688-7044 B 3W099 963-4559/688-7141 D/Q/J/N/U 2B8066G 963-4496/688-6614 E/M D3B17 968-8050/859-6669 G 9A195 963-5033/688-7902 K 2B5136 963-1978/688-5052 L SAB4 977-7230/688-6194 P 2W091 963-5302/688-7303 R B6B710 968-4073/859-4736 S/V/Y/C/X C2A55 972-2144/688-7549 T 2B5040 963-4543/688-7364 W 1C181 963-5970/688-7061 GUIDE TO SECURITY-RELATED SERVICES Agency Anonymity 968-8251/859-4381 Alcohol Rehabilitation Program 963-5420/688-7312 Cipher Lock Repair 963-1221/688-7119 Courier Schedules (local) 977-7197/688-7403 Defense Courier Service 977-7117/688-7826 Disposal of Classified Waste - Paper only 972-2150/688-6593 - Plastics, Metal, Film, etc 963-4103/688-7062 Locksmith 963-3585/688-7233 Mail Dissemination and Packaging 977-7117/688-7826 Medical Center (Fort Meade) 963-5429/688-7263 (FANX) 968-8960/859-6667 (Airport Square) 982-7800/859-6155 NSA/CSS Information Policy Division 963-5825/688-6527 Personnel Assistance - Civilian 982-7835/859-6577 - Air Force 963-3239/688-7980 - Army 963-3739/688-6393 - Navy 963-3439/688-7325 Property Passes (unclassified material) 977-7263/688-7800 Psychological Services 963-5429/688-7311 FREQUENTLY USED ACRONYMS/DESIGNATORS ARFCOS Armed Forces Courier Service (now known as DCS) AWOL Absent Without Leave CAO Classification Advisory Officer COB Close of Business CWF Civilian Welfare Fund DCS Defense Courier Service (formerly known as ARFCOS) DoD Department of Defense EOD Enter on Duty FOUO For Official Use Only M2 Office of Military Personnel M3 Office of Civilian Personnel M5 Office of Security M7 Office of Medical Services NCS National Cryptologic School PCS Permanent Change of Station PIN Personal Identification Number Q43 Information Policy Division SDO Security Duty Officer SOC Security Operations Center SPO Security Protective Officer SSO Staff Security Officer TDY Temporary Duty UFT Unofficial Foreign Travel A FINAL NOTE The information you have just read is designed to serve as a guide to assist you in the conduct of your security responsibilities. However, it by no means describes the extent of your obligation to protect information vital to the defense of our nation. Your knowledge of specific security regulations is part of a continuing process of education and experience. This handbook is designed to provide the foundation of this knowledge and serve as a guide to the development of an attitude of security awareness. In the final analysis, security is an individual responsibility. As a participant in the activities of the National Security Agency organization, you are urged to be always mindful of the importance of the work being accomplished by NSA and of the unique sensitivity of the Agency's operations. -- Grady Ward | | 'finger' me for information and live +1 707 826 7715 | | samples of Moby lexicons: Moby Words, (voice/24hr FAX) | 15E2ADD3D1C6F3FC | Hyphenator, Part-of-Speech, Pronunciator, grady at netcom.com | 58ACF73D4F011E2F | Thesaurus and Language; all royalty free. From sameer at soda.berkeley.edu Wed Apr 6 18:08:03 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Wed, 6 Apr 94 18:08:03 PDT Subject: your mail In-Reply-To: <199404061820.LAA29011@jobe.shell.portal.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I thought of a similar scheme a while back as well. Someone on the list said that time-expiry was a much easier way of doing things. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLaNO2Hi7eNFdXppdAQF2AgP/Qkz7numOkpGfWHzLHRv3lt3/H4cSHoAk nGlMfz9bgeD2FQRDkE4FhPmBkkU/qId/TGdnbBHX0/bC2VXgcb32kiCHEJIJ1b5v R2Uka7ij1ll58tlQaiDokjaGJ8lwv23R/JJwwy9AECuipO0Ns4VmpjtguYRvmUmB KuZleZyB8AU= =FzQT -----END PGP SIGNATURE----- From panzer at dhp.com Wed Apr 6 19:05:35 1994 From: panzer at dhp.com (Panzer Boy) Date: Wed, 6 Apr 94 19:05:35 PDT Subject: who, me?!?! In-Reply-To: Message-ID: On Wed, 6 Apr 1994, Chris Knight wrote: > On Wed, 6 Apr 1994 tmp at netcom.com wrote: > > > !?!?!?!?! detweiler this, detweiler that!!! why does everyone keep > > calling me `detweiler' when my name is `tmp at netcom.com'?!! > > The above listed information is NOT a name. You're right, it's an account, just as cknight at crl.com is just an account, and you've attached the psueonym "Chris Knight" to it. > > look, i admit i am posting pseudonymously, but your > > detweilerian witchhunt is a good reason why > > Remember the price of being anonymous... Nobody has to believe a word you > say. Price of being anonymous. You mean the price of being Obviously anonymous. As opposed to this "Chris Knight" character, who has chosen to show himself as to what looks like a real name. Ever wonder about Emanuel Goldstein? That name is as valid as "Chris Knight" > Personally, I don't care who you are. I do think you try to be an > asshole, and you love getting on people's nerves. I'm not going to touch this. After reading a few of "tmp at netcom"'s messages, I aggree that he has been posting what "appear" to be childish posts. But at the same time, there are many other posts here on this list with just as much useless information. Are cypherpunks for anonyminity? Authentication? Privacy? More than one? -Matt (Just another alias) (panzer at dhp.com) "That which can never be enforced should not be prohibited." From hfinney at shell.portal.com Wed Apr 6 19:35:29 1994 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Wed, 6 Apr 94 19:35:29 PDT Subject: Pseudonyms and Reputations Message-ID: <199404070236.TAA05451@jobe.shell.portal.com> New members of the list may not be aware of the background of some of the technologies we discuss here, such as the remailers. The purpose of these systems is not really to help people mailbomb newsgroups or send harassing letters to their fantasy girlfriends without fear of repercussions. One goal of remailer-type technology (which present systems don't meet very well) is to allow people to use pseudonyms for their electronic activities. By using a "nym" a person is able to engage in communications of various types without fear that some aspect of what they say or do will impact them negatively in "real life". There are a lot of potential forms of harm which could arise now and in the future from databases recording the various interactions a person has had in cyberspace. By preventing the linkage between his online activities and his real identity he can protect himself and his privacy. At the same time, nyms allow for continuity of identity to be maintained over a period of time. A person posting under a nym can develop an image and a reputation just like any other online personality. Most people we interact with online are just a name and an email address, plus whatever impression we have formed of them by what they say. The same thing can be true of nyms. Cryptography plays an important part in making effective use of nyms possible. The first thing it can do is to allow users to send and receive messages under the name of their nyms without anyone discovering the True Name (capitalization from Vinge's short story "True Names") behind the nym. Cryptographer David Chaum has proposed two technologies for this; the network of "Mixes", on which our own remailers are modeled; and the so-called "Dining Cryptographers' Network" (DC-Net), which allows a cooperating group to send messages in such a way that it is not possible to tell which member of the group originated each message. Cryptography can also help maintain the continuity of the nym, by allowing the user to digitally sign messages under the name of the nym. The digital signature cannot be forged, nor can it be linked to the True Name of the user. But it makes sure that nobody can send a message pretending to be another person's nym. These techniques are already in use or under development, in some form or another. But there is much more that could be done to provide privacy protection and flexibility in the use of nyms. One possibility is a digital reputation system. Presently people and nyms develop informal reputations in the minds of their readers. This could be formalized by allowing readers to create endorsements of various types for those who have worthwhile things to say. An endorsement could take the form of a digital signature by the endorser. In the simplest form, the endorser would digitally sign a message which said, in encoded form, "In my opinion, person (or nym) XXX produces high-quality messages". This endorsement would be kept by the person it was given to and shown when he enters a new cyberspatial forum to help establish an initial reputation. People who are able to bring a variety of endorsements from respected individuals or organizations will be able to have their words carry weight from the beginning. Without these, a new poster may find that not many people can even be bothered to read his messages amongst the flood of others. The endorsements can break through the barriers, the filters which people use to decide what information to receive. They represent a digital reputation which can be carried to distant regions of cyberspace. One could imagine more elaborate forms of endorsements, as well. Chaum describes a technique by which a numerical rating could be given, say on a scale from 1 to 100. Because of the mathematical structure of Chaum's approach, a person who carries such an endorsement can optionally downgrade it when he shows it. Suppose some paragon of wisdom has dozens of "100" endorsements from respected individuals. Entering a new group, he may not want to intimidate people, so he displays his endorsements as a respectable "70+". This lets him be heard without overwhelming other participants. Pseudonyms can prevent messages from being linked to True Names, but there is still a privacy problem as information accumulates about the nym itself. As more and more activities take place online, if one uses the same nym all the time, the buildup of information about that nym, his preferences, his favorite places to go in cyberspace, his political views, etc., may become burdensome. All that baggage accumulates and is easily available to others. It may become as much of a barrier to a nym's online activities as it would have been to the True Name's real-life activities. One solution is to use a nym for some purposes and the True Name for others. Then the information about the two is separate and nobody can link them up. This helps, but after a while again there is an accumulation of information about both names, which is what we wanted to avoid. A better solution is to use multiple nyms, perhaps with different nyms in different online fora. Even the True Name could be used occasionally where warranted (such as in an online relationship where physical contact occurs as well). Nyms could be changed periodically as well, preventing the buildup of information about any given nym. One problem is that the simple reputation system above does not work with multiple nyms. If you get a digital endorsement of one nym in the form described before, you will not be able to use that endorsement on your other nyms without giving away the connection between them. And when you retire that nym and replace it with a new one, the endorsement is lost. This is the problem which Chaum solves in his paper, "Showing Credentials without Identification; Transferring Signatures between Unconditionally Unlinkable Pseudonyms," from AusCrypt 90. (A newer version of this paper may be available from Chaum.) He provides a method by which various forms of "credentials", which would include the endorsements described here, can be transferred among the nyms used by an individual, without giving away information about which nyms are related. Chaum's system is complicated and requires a centralized agency which gives out all endorsement certificates, as well as an agency which validates pseudonyms. His system does allow for optional restrictions on nyms which, for example, would allow only one nym to be used in any given online forum. A user would not be able to control two different nyms in that place, although he could have different nyms in other parts of cyberspace. There might be some situations in which this duplication could be harmful (such as certain kinds of online voting systems) and Chaum's method does allow this restriction. A simpler system, though, can be created with technology very similar to the "Magic Money" digital cash system created by the nym "Pr0duct Cypher." This system does not require any centralized control and allows individuals to make endorsements without help. It is somewhat less efficient than Chaum's approach but could be put into place more easily. The basic idea uses what Chaum calls a "blind signature". Above, the endorsement certificate was described as a digital signature on a coded message which named the nym or person being endorsed, as well as some information about the type of endorsement. With a blind signature, the signer does not see the message he is signing. It is supplied to him in a "blinded" form, he signs it, and then the person who supplied the message unblinds it. What is left is a signed message whose contents are not known by the person who signed it. This technology can be used directly to create blind endorsements. Suppose nym 123, who sometimes also uses the nym 456, gets an offer to receive a "good writing" endorsement from user U. He can supply U with a blinded message which says, in effect, "nym 456 has good writing". U does not see the contents of the message when he signs it, so he does not know that nym 456 is another name for nym 123. But when 123 gets the message back from U, he unblinds it to create an endorsement from U on nym 456. In order to control the type of endorsement ("good writing", etc.), that information is not put in the text of the message, but is determined by the exponent used in the digital signature. Each user would need to publish a table mapping exponents to types of endorsements (or perhaps such a table would be standardized over all users). And since nym 123 may actually have many pseudonyms in use, he would actually need to collect a large number of blind endorsements from U. In practice he would supply U with a large block of blinded endorsements, U would sign them knowing that they were all different pseudonyms of 123's, and 123 would keep them for use as needed. 123 could even include his True Name to receive a blind endorsement, as well as other pseudonyms he hadn't used yet. All of these would be capable of being shown with U's endorsement. Even when the original nym 123 was retired, other nyms which had received that endorsement could be put into use and they would carry the same stamp of approval. This system would allow very flexible use of pseudonyms while allowing the user to show endorsements and other forms of credentials without compromising his privacy. And the technology to do this is very close to systems already in use today, at least in its cryptographic aspects. The social problems of determining when writers should receive endorsements, how much credence to give to endorsements from unknown endorsers, how to appropriately display endorsements, and how to easily validate and verify endorsements proffered by others, are harder to solve. Despite these issues, a modification to Magic Money to support this application would allow for some initial experiments with the concept, which might help show where the significant problems lie. Hal Finney hfinney at shell.portal.com From ecarp at netcom.com Wed Apr 6 20:02:04 1994 From: ecarp at netcom.com (Ed Carp) Date: Wed, 6 Apr 94 20:02:04 PDT Subject: Where is Magic Money???? Message-ID: Where is Magic Money to be found???? I looked on soda.berkeley.edu and it is not there. Does anyone know where it is? Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 an38299 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From GERSTEIN at SCSUD.CTSTATEU.EDU Wed Apr 6 20:39:18 1994 From: GERSTEIN at SCSUD.CTSTATEU.EDU (ADAM GERSTEIN, MACLAB ASSISTANT) Date: Wed, 6 Apr 94 20:39:18 PDT Subject: FOIA on Clipper key status.... Message-ID: <940406233849.202150c6@SCSUD.CTSTATEU.EDU> Hello once again... My friend and I wanted to know how that FOIA request was coming? I haven't heard anything from the list, so I thought I would ask. Also, who the hell is this Detweiler person? And why is everyone saying he's tmp at netcom.com? Thanks, Adam Gerstein GERSTEIN at SCSUC.STATEU.EDU -+-+-+-+-+-+-+-+-+- "After this, nothing will surprise me!" -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 4, 1994 From warlord at ATHENA.MIT.EDU Wed Apr 6 23:19:20 1994 From: warlord at ATHENA.MIT.EDU (Derek Atkins) Date: Wed, 6 Apr 94 23:19:20 PDT Subject: Where is Magic Money???? In-Reply-To: Message-ID: <199404070618.CAA23208@charon.MIT.EDU> Try ftp://csn.org/pub/mpj/crypto_XXXXXX (or something like that) -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord at MIT.EDU PP-ASEL N1NWH PGP key available From rjc at gnu.ai.mit.edu Thu Apr 7 00:53:51 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Thu, 7 Apr 94 00:53:51 PDT Subject: Finger/Remailer Ping server Message-ID: <9404070753.AA05711@geech.gnu.ai.mit.edu> Someone asked about having a "list of remailers" ping server available via finger. I took some code I wrote over a year ago and hacked together such a system. I need volunteers to run it. The server does the following: 1)forks off a "cron" to automatically ping remailers every X hours 2)ping's the remailers (by requesting a remail to itself) 3)any remailers which respond will have their timestamps updated 4)any change in the status of remailers (a ping received) recreates your .plan file as so copy .realplan to .plan tackon a banner for the list of remailers tackon a list of remailers and the last time a response was received (e.g. remailer at remail.com last heard from 2.3 days ago) Anyone running this perl script from their .forward file will have a list of remailers automatically embedded in their finger information. Optimum use would be for remailer operators to add a line to their maildelivery slocal configuration which catches "Subject: --PING!--" (which is one of the ways pings are detected, the body of the message is most important) and pipe it to the script. Then you could just finger any remailer for a list of remailers (assuming the remailer doesn't run from its own alias) Note: the software may or may not work. I have only superficially tested it by piping in fake pings. I have no idea whether or not it will be stable so I need someone to run it for a few nights to see if it works correctly (and if not, I can fix any fatal bugs) -Ray "Perl is the Ultimate Language" -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From eagle at deeptht.armory.com Thu Apr 7 04:21:58 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Thu, 7 Apr 94 04:21:58 PDT Subject: Well...shit Message-ID: <9404070405.aa10697@deeptht.armory.com> If whatzits at netcom.com is Detweiler, at least he's paying $20/mo to pop in here. I have Sternlight attacking me on eff.talk- that's good. He sure perceives me as a threat for a Wyoming ranch hand. That's good advice y'all have there about not feeding the animals. I've been looking at this remailer business. Well, hell. I want to go the other way. I'm Jeff Leroy Davis AKA Eagle, and lots of people know that. Ram Dass has this thing of his public self and his private self as one. In other words, he is himself, whether in public or private. I'm open about myself, and have projected my true persona into cyberspace. At least the truth about myself as I see it here now. I have no reason to create an anonymous persona, or construct some sort of personality. Now if I have to go underground in the net at some future date, that's a different story. For now, I'm quite secure in who and what I am, and endevor to let the truth of my heart shine in cyberspace. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From jims at Central.KeyWest.MPGN.COM Thu Apr 7 06:24:43 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell - KD4CKQ) Date: Thu, 7 Apr 94 06:24:43 PDT Subject: your mail Message-ID: <9404071324.AA16386@Central.KeyWest.MPGN.COM> > > Since people are talking about new remailer features, can I suggest > another one - how about single-use (or limited use) anonymous return > addressess (ARAs) ? There are quite a few situations I can envisage where > I might want to give an anonymous return address to someone that could > only be used a limited number of times, or for a limited period of > time ... digi cash example and comments deleted. Another good use of this would be to maintain anonymity. If you used the same aa382043 address over and over again people will attach an identity to that and they will remember, "Oh yes, that's the guy that said he works for a computer company and hates spinach and likes Amy and ...." and soon (assuming a long term use of the account) you will have an identity and people will be biased one way or another toward you, even though they do not know who you are in real life. A one shot id will allow people to remain truly anon and not have to go to the trouble of switching accts and putting a burden on the remailers with 1000's of accounts. From whitaker at dpair.csd.sgi.com Thu Apr 7 06:56:51 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Thu, 7 Apr 94 06:56:51 PDT Subject: your mail In-Reply-To: <9404071324.AA16386@Central.KeyWest.MPGN.COM> Message-ID: <9404070653.ZM3717@dpair.csd.sgi.com> On Apr 7, 9:24am, Jim Sewell - KD4CKQ wrote: [text elided for brevity] > > Another good use of this would be to maintain anonymity. If you used the > same aa382043 address over and over again people will attach an identity > to that and they will remember, "Oh yes, that's the guy that said he works > for a computer company and hates spinach and likes Amy and ...." and soon > (assuming a long term use of the account) you will have an identity and > people will be biased one way or another toward you, even though they do > not know who you are in real life. A one shot id will allow people to > remain truly anon and not have to go to the trouble of switching accts > and putting a burden on the remailers with 1000's of accounts. > [Apologies for not adding much more text in a reply than that in the original text.] Jim has brought up a very interesting subject, which isn't discussed enough in most of the places I look for such discussion: data inferencing. A one-shot anonymous ID, besides having the certain immediately obvious advantages - useful for preserving user anonymity, trouble in the event of State seizure of the remailer, and lower sysadmin accounting load - makes traffic analysis a somewhat more difficult affair. Of course, one-shot anonymous user handles are of little use to the detweilers of the net, who seem to return to the same places, again and again. It doesn't take much acuity to notice things like the use of, oh, say, TeX-format quote marks in body text, as mentioned in a previous post by Tim May. I shall, of course, refrain from using smilies to indicate humor. I dislike them, and would never use such an unsubtle mechanism to convey wry amusement. I prefer textual encoding. Text is rich. > >-- End of excerpt from Jim Sewell - KD4CKQ -- Russell, who cares not that he may - or may not - have just had himself added to Detweiler's "Enemies List" Medusa does not have tentacles. They're snakes. Snakes, I say! -- Russell Earl Whitaker whitaker at sgi.com Silicon Graphics Inc. Technical Assistance Center, Mountain View CA ================================================================ #include From lstanton at lehman.com Thu Apr 7 07:36:39 1994 From: lstanton at lehman.com (Linn Stanton) Date: Thu, 7 Apr 94 07:36:39 PDT Subject: New ID technique: warning of things to come Message-ID: <9404071436.AA22142@sten.lehman.com> This is a little off-topic, but it does apply to authentication... I have been abroad for the past few weeks. In the course of my travels, I was given some data about a new program that the US Dept. of State/Customs and Immigration people are moving into limited testing at JFK and LAX. They want to implement a "fast, positive identification system to speed processing of entrants to the United States by use of biometric data." The system works by use of a handprint scanner, and a smart card. Participants would go through an initial hand scan, and then be issued a smartcard. Upon subsequent entries to the US, instead of going through the normal passport check, you would place your hand on a scanner and insert your card in the slot. The system would then positively identify you, and clear you for entry. I have no details about the format/security of the card data, and the INS guy I spoke to made no statements about privacy, security or other uses of their ID database. If this takes off, the risks of it spreading to a national ID card, or to the 'healthcare card' are obvious. Linn H. Stanton The above opinions are exclusively my own. If anyone else wants them, they can buy them from me. Easy terms can be arranged. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQBNAitK8+EAAAECALzK83DH79m7DLKBmZA2h9U33fBE80EwT4xRY05K7WRfxpO3 BmhPVBmes9h97odVZ0RxAFvinOl4wZGOb8pDclMABRG0IUxpbm4gSC4gU3RhbnRv biA8c3RhbnRvbkBhY20ub3JnPrQnTGlubiBILiBTdGFudG9uIDxsc3RhbnRvbkBz aGVhcnNvbi5jb20+ =oCru -----END PGP PUBLIC KEY BLOCK----- From tmp at netcom.com Thu Apr 7 08:21:02 1994 From: tmp at netcom.com (tmp at netcom.com) Date: Thu, 7 Apr 94 08:21:02 PDT Subject: Pseudonyms and Reputations In-Reply-To: <199404070236.TAA05451@jobe.shell.portal.com> Message-ID: <199404071522.IAA26656@netcom9.netcom.com> hal finney: >Chaum's system is complicated and requires a centralized agency which >gives out all endorsement certificates, as well as an agency which >validates pseudonyms. His system does allow for optional restrictions >on nyms which, for example, would allow only one nym to be used in any >given online forum. A user would not be able to control two different >nyms in that place, although he could have different nyms in other >parts of cyberspace. There might be some situations in which this >duplication could be harmful (such as certain kinds of online voting >systems) and Chaum's method does allow this restriction. these identification systems ultimately fall back on `real world' identification systems such as birth certificates, social security numbers etc. which all can be readily subverted by a determined adversary. i wonder if in general, you `cpunks' feel that e.g. voting systems that restict pseudonymity (i.e., multiple votes by a single person) are `fair' or `judicious'. >The social problems of determining when writers should receive >endorsements, how much credence to give to endorsements from unknown >endorsers, how to appropriately display endorsements, and how to easily >validate and verify endorsements proffered by others, are harder to >solve. what, specifically, is problematic about these? does chaum just ignore them? does he describe them in greater detail? as for `endorsements for unknown endorsers', it seems to me the reputation system you refer to is a sort of `reputation web' not unlike the pgp `web of trust' model. a pseudonymous credential has as much weight as the pseudonym originating the certification. i.e., if `a' signs `b's pseudonym, that `edge' in the `reputation graph' has as much weight as `a' has reputation. that is, it should not be possible to create a whole bunch of new pseudonyms, have them all sign each other, and then increase your reputation. this brings up an interesting idea. future cyberspatial citizens may develop an elaborate netiquette that describes how to maximize one's advantage through the use of pseudonyms. all kinds of strategies will ensue. is it better to have a few good pseudonyms, without diluting reputation, or a whole bunch of pseudonyms but a bit more diluted reputation? one of the problems with a positive reputation system is that it would workd for `d-type people' whose reputation is primarily negative. a whole lot of people would like to put a negative credential on `d' so that they would limit his influence in all forums he visits, similar to the way that one could globally encourage someone else through `accreditation'. `d' would simply not propagate any negative signatures to his pseudonyms. could such a negative signature system be constructed? it seems possible with a centralized `trusted' server, but this is not an ideal solution; ideally one would like the system to be possible from the independent interactions of people who trust only themselves. this of course is the ideal cryptographic model, and the very best and finest algorithms (e.g. rsa) conform to it. the problem is similar to preventing double spending in a cash system. how do you enforce that a person `spends' a certain amount of information? there are no `laws of the conservation of information' as their are of e.g. mass as with a paper currency. in fact maybe the double-spending preventative techniques for cash systems could be translated to get a negative reputation and prevent people from not displaying credentials, even negative ones, they have accrued (just in the way people are forced to reveal if they are `printing money', i.e. spending spent money) personally i like chaum's emphasis (or recognition) that forums exist such that restricting pseudonymity in them is natural, fair, and rational, i.e. a desirable design goal. it seems to me that even beyond this, people should be able to construct forums where they demand (or comply, or agree, or whatever) that identity be known, or that it be totally ignored. given all this inquisitional witchhunting of my `true identity' (whatever the !@#$%^&* that is), obviously this forum is in the former category what do you think, cpunks, should you have the right to ignore people regardless of the pseudonyms they use? again, i ask if it is possible to construct a system that protects anonymity but at the same time allows someone to filter all pseudonyms associated with another person. it seems that we have reached an impasse -- these are two very useful design criteria but they appear to be contradictory. on one hand we would like to censor all the `d-type' pseudonyms, but on the other hand we would want a `clean slate' for all of our own. it seems to me that is the purpose of developing a moral code or etiquette in cyberspace-- almost by definition that these codes apply to people who agree that an individual is ultimately responsible for their own actions, regardless of presence or lack of punishment, and agrees to a set of guidelines because s/he believes it constitutes civil behavior, not because `if i don't, i will get caught'. ideally we can develop moral codes where our algorithms fail us. or maybe not pseudonymously yours, --tmp From mpj at netcom.com Thu Apr 7 08:33:06 1994 From: mpj at netcom.com (Michael Paul Johnson) Date: Thu, 7 Apr 94 08:33:06 PDT Subject: Where is Magic Money???? In-Reply-To: <199404070618.CAA23208@charon.MIT.EDU> Message-ID: <199404071533.IAA22909@mail.netcom.com> > Try ftp://csn.org/pub/mpj/crypto_XXXXXX (or something like that) Actually, ftp:csn.org//mpj/I_will_not_export/crypto_???????/pgp_tools See ftp:csn.org//mpj/README.MPJ for the ??????? and an export warning. Get the PGP Tools .ZIP file, too, since Magic Money uses it. Peace to you. ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp:csn.org//mpj/README.MPJ for crypto stuff | | |||/ /_\ | aka mpj at netcom.com mpjohnson at ieee.org mikej at exabyte.com | | |||\ ( | m.p.johnso at nyx.cs.du.edu CIS 71331,2332 PGP key by finger | | ||| \ \_/ |___________________________________________________________| From mg5n+ at andrew.cmu.edu Thu Apr 7 08:59:32 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 7 Apr 94 08:59:32 PDT Subject: Remailers Message-ID: For all the newbies who keep asking for info on the remailers, the address is: mg5n+remailers at andrew.cmu.edu You can get an anonymous address from mg5n+getid at andrew.cmu.edu Each time you request an anon address, you get a different one. You can get as many as you like. The addresses don't expire, however, so maybe it's not the ideal 'one-shot' system, but it allows replies without connecting you to your 'real name/address' or to any of your other posts/nyms. From blancw at microsoft.com Thu Apr 7 09:27:19 1994 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 7 Apr 94 09:27:19 PDT Subject: Pseudonyms and Reputations Message-ID: <9404071628.AA29114@netmail2.microsoft.com> From: hfinney "One possibility is a digital reputation system. Presently people and nyms develop informal reputations in the minds of their readers. This could be formalized by allowing readers to create endorsements of various types for those who have worthwhile things to say. " Could I really allow myself to be so prejudiced by what a number of others have determined is (or is not) a worthwhile contributor to a list? My interest in reading a message has first to do with the subject of attention, then second the one who has something to say. There are many types of commentary which someone could introduce at any time; sometimes in humor or sarcasm, sometimes with great insight, more or less successfully. I think whoever attends to messages on a list should consider their motives - whether they just want company, a sounding board, or whether they want to read about a particular subject of interest. The opportunity to interact with others in abstract conversation is also the opportunity to develop and refine the ability to communicate, to improve upon the formulation of a thought and express it with greater ability. I might not like the style or manner of what someone has said in the past, yet accept what they have to say some other time. But this would be my own judgement at work, not a conclusion derived from the aggregate opinion of others. I myself wouldn't pay excessive attention to a reputation system, outside of its entertainment value. Blanc From blancw at microsoft.com Thu Apr 7 09:30:53 1994 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 7 Apr 94 09:30:53 PDT Subject: Pseudonyms and Reputations Message-ID: <9404071632.AA29220@netmail2.microsoft.com> >From tmp: "what do you think, cpunks, should you have the right to ignore people regardless of the pseudonyms they use?" How could a person prevent someone from ignoring another? on the net? "i ask if it is possible to construct a system that protects anonymity but at the same time allows someone to filter all pseudonyms associated with another person." Code it, and they will come. " ideally we can develop moral codes where our algorithms fail us. " Ideally, you would be able to enforce these moral codes. Ideally, they would reflect not only what is possible in reality, but what is truly desireable. Blanc From tmp at netcom.com Thu Apr 7 09:33:47 1994 From: tmp at netcom.com (tmp at netcom.com) Date: Thu, 7 Apr 94 09:33:47 PDT Subject: nsa digital cash? In-Reply-To: <199404062116.AA13470@access3.digex.net> Message-ID: <199404071634.JAA05501@netcom9.netcom.com> tmp: > so? what's your point? my point was that the nsa was a prime candidate > agency for trying to *expand* the current federal role in the cash > system. are you saying the federal government already has a `digital > cash system'? well, yes, i guess in some sense. unicorn: >Why do you think BCCI was so popular with intelligence agencies? The KEY >effort in any agency is money laundering. This is by definition the >primary function of intelligence agencies, to bring funds to bear >properly and quietly on projects and goals that don't sit well in >public. yikes, hold on a sec. i was talking about the nsa. if you are for a minute suggesting the nsa is involved in money laundering i think you are *utterly* mistaken. also, i very sincerely doubt that money laundering is a major, minor, or even existing part of any u.s. intelligence services. there is a gray area where sometimes an agency is associated with money launderers, because they may be informants or whatever, but try to point to any u.s. intelligence operation that involved money laundering? and just try to pretend that the nsa was involved-- i reiterate my point: designing a secure digital cash system would be a key area that the nsa would be interested in. in fact, i think it is highly likely that they have already designed significant parts of the existing u.s. transaction infrastructure at certain levels. (they vetted DES, right?!) (references? would be appreciated) that is essentially what clipper is intended to do. >> are you saying you don't expect the federal government to expand their >> role in cash systems? or that it is already as large as it can get? > >Lumping the Federal system in with intelligence agencies in this >context betrays significant ignorance in the structure of modern government. the point of the nsa is that there is `no structure' to a government bureaucracy that senses its own impending extinction. clipper is a grasp at an area that virtually all analysts agree is not a historical precedent for them, and that dangerously impedes on *domestic* and *commercial* affairs, something they have never been authorized to do. (cpsr foia requests posted to various newsgroups are strong on this point) >Between this and your misconception of the Federal financial structure >that Eric was so quick to point out, I think you should keep your day job >Det, or is this it? sigh. fine. smear me with some more `det' insults. what was my misconception? neither you or erik have yet to specify what it is exactly. i admit that i don't have a close grasp on e.g. the check clearing system and what elements are in federal hands. but instead of yelling at and insulting me, maybe erik could explain exactly how this system works. i doubt i am the only one who is not aware of the precise structure. anyway, my basic point has nothing to do with the existing infrastructure. as for my `day job', parry meztger asked about this too. well, pick one of the following 1) bored millionaire with nothing better to do than go to drug parties and hang out in cyberspace, using all kinds of infantile pranks with pseudonyms... 2) shearson-lehman brokerage agent, dealing with computerized trading strategies, sometimes `libertarian lecturer', with a real jekyll-and-hyde cyberpersonality 3) working with Ted Nelson on the Xanadoodoo project as a consultant, building a `digital bank' on the internet at a glacialy slow pace. 4) entrepreneur starting a new internet company specializing in mailing lists, pseudonyms, etc. 5) GIS consultant working on database design for power companies >> we have to fight off these encroaches onto private territory wherever >> they happen. clipper was *not* a surprise given the past nsa history. >Clipper is a HUGE surprise considering the NSA history. > >Two words: >Too Public. no, i think you can look at their past and see that they were proposing subsystems for computers with `tappability' built in long before clipper. some of the real old veterans here might be able to confirm this (cyberspace has a very short memory) yes, clipper was the most public nsa program ever devised. but remember that the nsa has *never* (that i know of) acknowledged building it in official press releases. instead, it is portrayed as an NIST invention built based on presidential directive and the help of `several key agencies' (hee hee, love that phrase) >I attribute the public outing of the NSA to an [unnamed] high administration >official with no concept of the proper application of intelligence >agencies except as a tool to support his dwindling programs. i have no idea what you are tallking about. `public outing'? the nsa cannot accomplish their goal with clipper *without* going public, namely to create a tappable worldwide cryptographic standard. yes, there is a lot of `save our butts' mentality along with the creation of it. or are you just talking about the nsa having a higher profile because someone thinks they can advance by touting it? i think you are wrong there. the people in the nsa have the attitude, almost, that even talking about the existence of the agency to outsiders is a crime. and what does anyone outside the agency have to benefit by promoting it publicly? they would lose favor with those inside it. >The fact that the NSA is publicly supporting clipper betrays fear by the >administration, the improper use of the agency, and a great deal of >ignorance in intelligence in general. I might add that in my personal >opinion it is a perversion. it appears the executive branch was not fully involved in the clipper decisions. this is really patently obvious. clipper was developed more or less independently by the nsa and then passed off as a `presidential directive'. i agree it is a perversion. but the overwhelming evidence is that it originated inside the agency, not outside it. >> it would *not* be surprising if the nsa got into the digital cash >> design area in the future, or expanded its role in the current one. > >Yes it would. This is not the function of the NSA. The NSA either >performs communications and signal intelligence or functions as an >appropriations agency for secure communications channels for government. oh, i see, and how is the nation's cash system not a `secure communication channel for the government'? what do you think it means on your bills where it says, `this is legal tender for all debts, public or private'? cash is the *embodiment* of an official government `secure' channel. the fact that it is paper-based is merely a coincidence. you refuse to even ponder my basic point: the nsa has a history of trying to glom onto new areas of conquest. a cash system would be something they eye very greedily. what prevents it? *nothing*. ask anyone several months before clipper came out, and they would be saying >This is not the function of the NSA. The NSA either >performs communications and signal intelligence or functions as an >appropriations agency for secure communications channels for government. ... >The contemporary trend to use the agency for anything from public >relations and government regulations is a mistake of application by the >current administration. The NSA is enjoying its moment in the spotlight >for the time, but at the core this is a secret agency. yes, but they are finding that trying to be secret and accomplish the goal of limiting cryptography are mutually exlusive goals. and this has *nothing* to do with the `current administration'. clipper originated long before the clintons. > One of two >things will happen (and I would argue one of these already has) > >1> The responsibility for the darker activities the NSA is (was) >responsible for will be switched. what `darker activities'? money laundering?! hee, hee, you better go reread your bamford. >2> The NSA will grow tired of its moments in the limelight and realize >that serious business needs to be attended to. what business?! i repeat, no one in the NSA wants to `be in the limelight' and clipper is no such attempt to do so. do you think clipper is dead now? if so, you are wrong. public outcry means *nothing* against government obstinacy. >The NSA is always better off when no one is talking about the NSA. this sounds like a trite cliche from someone in the agency. i agree, but where does that leave clipper? how is it you can write so much about the nsa without using that word? do you think they will abandon it? that is the only way they can stop being the object of widespread public ridicule. the nsa has two basic agendas: 1) intercept/restrict/control cryptography 2) do so secretly these two goals are fundamentally incompatible in 21st century cyberspace. in fact, i would argue they are both fundamentally impossible. die, nsa, die. >An NSA that participates in the public restructuring of a basic financial >system on any level beyond the development of the technology is just >not in line with an agency that has better security on the local power >stations than the President has in general. `local power stations'?!?! what the !@#$%^&* are you talking about? if you think the nsa cares what the presidents thinks, you are mostly mistaken. the nsa cares about how to get the president to think what they want him to think. >> (erik hughes's OTHER testicle ) >> > >I don't think so. >Eric's testicles are surely much larger than you. really? how big were they last time you checked? btw, someone said that `testicle' is a pun of `tentacle'. could someone tell me what a `tentacle' is? how does this relate to the d-stuff? just curious. uh, maybe nevermind From lake at evansville.edu Thu Apr 7 10:18:25 1994 From: lake at evansville.edu (Adam Lake) Date: Thu, 7 Apr 94 10:18:25 PDT Subject: Survey Message-ID: I am thinking of composing an essay for my WC203 course. I was wondering if anyone who has a second could send me a message with their cumulative GPA. If you have already graduated, what was your GPA? If you have never attended school, lucky you. Please send it with the subject: GPA. Thanks. lake at uenics.evansville.edu ---------------------------------------------------------------------------- Remember the last time you called her, she forgets Pray to her, she will remember that she will remember that ---------------------------------------------------------------------------- From exabyte!smtplink!mikej at uunet.UU.NET Thu Apr 7 10:42:58 1994 From: exabyte!smtplink!mikej at uunet.UU.NET (exabyte!smtplink!mikej at uunet.UU.NET) Date: Thu, 7 Apr 94 10:42:58 PDT Subject: ftp distribution of strong crypto in the USA. Message-ID: <9403077657.AA765739897@smtplink.exabyte.com> -----BEGIN PGP SIGNED MESSAGE----- Here is how to set up an ITAR compliant (I think) ftp site that you can place crypto files up for distribution within the USA and Canada. The exact details will vary depending on your Internet service provider. I think the method is sound, because it is pretty much what rsa.com does, and they have lots of lawyers to figure this stuff out. You should take a look at their site and make sure that the README file you put up is close to what they have. 1. Send a message to support at netcom.com to ask them to set up an ftp area for you (read the faq on it, first). 2. Create an alias in your home directory to point to the ftp directory (something like ln -s ~ftp/name ftp) 3. Create a directory in your ftp directory called (exactly) I_will_not_export. Set its permissions with chmod 711 I_will_not_export. 4. Create a directory under I_will_not_export called crypto_xxxxxxx, and set its permissions to 755 (chmod 755 crypto_xxxxxxx). Under that directory, place files and/or directories for USA consumption only. 5. Set the base ftp directory permissions to 755 cd cd ftp chmod 755 . 6. Get the files gate and newdir from my ftp directory and copy them to your base ftp directory. 7. Set the permissions on the above files to allow execution chmod 700 gate newdir 8. Copy crypto_dir from my ftp directory to your home directory and set its permissions to allow execution. cd cp ~ftp/mpj/crypto_dir . chmod 700 crypto_dir 9. Add the command crypto_dir to your .login script with an editor tool. 10. Copy my README file to your base ftp directory, and edit to taste, but make sure the line with the crypto directory name is unedited. Set the README file permissions to allow reading by the world (chmod 644 README). Make sure the legal requirements to ftp are clear to the average jury. 11. Set up .message files with appropriate messages for your directories. The crypto directory name should be changed and README updated every time you log in. Any questions? ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp csn.org \mpj\README.MPJ for access info.| | |||/ /_\ | aka mpjohnso at nyx.cs.du.edu mikej at exabyte.com | | |||\ ( | m.p.johnson at ieee.org CIS 71331,2332 VPGP key by finger | | ||| \ \_/ |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLaQveT9nBjyFM+vFAQHU8QP+M2VGQmw5Vj6zF9i7pc+15wiwDsmdKqZj LNXOiOQFKP51LYd+WxilU01lcLAKjqFhuCcG4iB4GCXM/4Lz3tdBRG5SB7k3BrBz BpsOi8kjlQKsTlbR8aI8S9TbeGABB5DKvVwtxr8767Wrt6LjoQnWowSeV0q9B+Kr +aM96+RaBEE= =bTs8 -----END PGP SIGNATURE----- From jdblair at nextsrv.cas.muohio.EDU Thu Apr 7 10:58:05 1994 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Thu, 7 Apr 94 10:58:05 PDT Subject: 1984 NSA T-Shirt Available! Message-ID: <9404071800.AA10397@ nextsrv.cas.muohio.EDU > I've come up with a design for the 1984 NSA t-shirt idea which I am finally happy with. To check it out, fire up Mosaic and jump to: http://phoenix.aps.muohio.edu/users/jdblair/t-shirt.html The design is approximately: 1984 +---+ |eye| +---+ "We're Behind Schedule" National Security Agency The text is EuroStyle, a very imposing, modern looking sans serif font. The eye will be printed in a coarse grained half-tone, which should silk-screen pretty well. The back is the Cyber Rights Now! Logo from Wired Magazine. I think it will look best in white ink on a dark color shirt, like black, dark blue, maroon, or dark green. I like black best, but that's just me. I will check with the t-shirt printers about flexibility with colors. I figure I'll be asking $15 for the shirt, same as the Cypherpunk Criminal shirt. I welcome comments, criticisms, suggestions. If anybody knows the name, and preferably, address, of the guy from the NSA who inspired the design at CFP, could you pass it my way? I've forgotten his name. I would like to thank him, and send him one free of charge. If you don't have access to a mosaic client, e-mail me and I'll mail you a uuencoded gif. later, -john. -------------------------------------------------------------------------- John Blair: voice: (513) 529-4877 PGP public key available upon request. KILL YOUR Privacy in the information age is a right, not a privilage. TELEVISION Information = Power = Control. Fight the centralization of information. From mech at eff.org Thu Apr 7 11:11:33 1994 From: mech at eff.org (Stanton McCandlish) Date: Thu, 7 Apr 94 11:11:33 PDT Subject: Baltimore 2600 meeting, DC meetings, cpunx meetings Message-ID: <199404071811.OAA02172@eff.org> These kind of meetings (DC 2600 meeting at Pentagon City Mall, 1st Fri. of every month in the food court, about 5-7pm or so) might be good places for local cypherpunks gatherings as well. I'm sure there are a lot of other such meetings, but the DC and Baltimore ones are the ones I know of. Forwarded message: From: an77310 at anon.penet.fi (Desert Eagle) Date: Sat, 2 Apr 1994 10:24:07 UTC Subject: Baltimore 2600 Meeting in May First Baltimore 2600 Meeting!!!!! When: Friday May 6, 1994 7:00PM Where: Baltimore Inner Harbor, Harborplace Food Court, Second Floor by the large newsstand Any questions, mail me! Hope to see all of you there! Desert Eagle ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From mech at eff.org Thu Apr 7 11:18:41 1994 From: mech at eff.org (Stanton McCandlish) Date: Thu, 7 Apr 94 11:18:41 PDT Subject: CORRECTION! Baltimore 2600 Message-ID: <199404071818.OAA02381@eff.org> Oops Forwarded message: From: an77310 at anon.penet.fi (Desert Eagle) Date: Sat, 2 Apr 1994 10:48:09 UTC Subject: CORRRECTION! Baltimore 2600 Baltimore 2600 Correction!!!!!! time will be 6:00 PM EST not 7:00 Desert Eagle ________ end ___________ -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From whitaker at dpair.csd.sgi.com Thu Apr 7 11:48:06 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Thu, 7 Apr 94 11:48:06 PDT Subject: Xmosaic to pgp key server Message-ID: <9404071144.ZM4641@dpair.csd.sgi.com> Thanks, Warlord. Those of you who use xmosaic, add this URL to your hotlist: http://martigny.ai.mit.edu/~bal/pks-commands.html This is a PGP keyserver in Zurich. Happy trails. -- Russell Earl Whitaker whitaker at sgi.com Silicon Graphics Inc. Technical Assistance Center, Mountain View CA ================================================================ #include From warlord at MIT.EDU Thu Apr 7 11:59:01 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 7 Apr 94 11:59:01 PDT Subject: Xmosaic to pgp key server In-Reply-To: <9404071144.ZM4641@dpair.csd.sgi.com> Message-ID: <9404071858.AA29116@toxicwaste.media.mit.edu> > Thanks, Warlord. Those of you who use xmosaic, add this URL to your hotlist: No problem. > http://martigny.ai.mit.edu/~bal/pks-commands.html > > This is a PGP keyserver in Zurich. In Zurich? What are you talking about??? -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord at MIT.EDU PP-ASEL N1NWH PGP key available From whitaker at dpair.csd.sgi.com Thu Apr 7 12:02:32 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Thu, 7 Apr 94 12:02:32 PDT Subject: Xmosaic to pgp key server In-Reply-To: <9404071858.AA29116@toxicwaste.media.mit.edu> Message-ID: <9404071200.ZM4678@dpair.csd.sgi.com> On Apr 7, 2:58pm, Derek Atkins wrote: > > http://martigny.ai.mit.edu/~bal/pks-commands.html > > > > This is a PGP keyserver in Zurich. > > In Zurich? What are you talking about??? > Yikes! Well, uh, I *did* get _mine_ through the "Switzerland home page". Um, yeah, that's it... ... OK, now that I bother to *read* the URL descriptor... Russell - who still have too much blood in his caffeine system this morning. > -derek > > Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory > Member, MIT Student Information Processing Board (SIPB) > Home page: http://www.mit.edu:8001/people/warlord/home_page.html > warlord at MIT.EDU PP-ASEL N1NWH PGP key available > >-- End of excerpt from Derek Atkins -- Russell Earl Whitaker whitaker at sgi.com Silicon Graphics Inc. Technical Assistance Center, Mountain View CA ================================================================ #include From jim at bilbo.suite.com Thu Apr 7 12:05:32 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 7 Apr 94 12:05:32 PDT Subject: I'm a little surprised Message-ID: <9404071858.AA09784@bilbo.suite.com> A couple of days ago I posted that Headline News displayed a "factoid" that stated US residents value privacy over police ability to wiretap. With all the excitement the Time/CNN poll generated, I expected people on this would say hurray or something. Nobody said anything. What's the deal? Jim_Miller at suite.com From m5 at vail.tivoli.com Thu Apr 7 12:27:30 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Thu, 7 Apr 94 12:27:30 PDT Subject: I'm a little surprised In-Reply-To: <9404071858.AA09784@bilbo.suite.com> Message-ID: <9404071927.AA04957@vail.tivoli.com> Jim Miller writes: > What's the deal? Hurray!!! -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From wak at next11.math.pitt.edu Thu Apr 7 12:30:34 1994 From: wak at next11.math.pitt.edu (walter kehowski) Date: Thu, 7 Apr 94 12:30:34 PDT Subject: Zimmerman in REASON Message-ID: <9404071930.AA28830@next11.math.pitt.edu> Cypherpunks and Extropians, There's an article "Code Blues" by Ronald Bailey in the recent REASON magazine [May 1994] on Phil Zimmerman, PGP, and Clipper. Walter A. Kehowski !FREE MINDS AND FREE MARKETS! From hughes at ah.com Thu Apr 7 12:38:25 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 7 Apr 94 12:38:25 PDT Subject: nsa digital cash? In-Reply-To: <199404071634.JAA05501@netcom9.netcom.com> Message-ID: <9404071926.AA13709@ah.com> >i admit that >i don't have a close grasp on e.g. the check clearing system and what >elements are in federal hands. but instead of yelling at and insulting me, >maybe erik could explain exactly how this system works. I have no interest in discussion with those who make strident claims in reckless ignorance, who then expect other people to correct them, and, worse yet, who finally insist on bickering over the accuracy of anything one might say. Use a library. That's a place with lots of paper periodicals and paper books. Library materials not online, mostly, but it is still where most of the world's encoded knowledge is stored. If you don't like paper, tough. That's the way the world is right now. If you like, I _will_ explain to you offline some resources available in libraries about these topics, but only after I've seen some evidence of a good faith effort to visit a library, such as, say, some interesting story in a recent _American Banker_. Eric From hughes at ah.com Thu Apr 7 12:41:18 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 7 Apr 94 12:41:18 PDT Subject: nsa digital cash? In-Reply-To: <199404071634.JAA05501@netcom9.netcom.com> Message-ID: <9404071929.AA13721@ah.com> >also, i very sincerely doubt that money laundering is a major, >minor, or even existing part of any u.s. intelligence services. _Cocaine Politics_, by Peter Dale Scott and Jonathan Marshall. Read up. Eric From cfrye at ciis.mitre.org Thu Apr 7 12:42:47 1994 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Thu, 7 Apr 94 12:42:47 PDT Subject: I'm a little surprised Message-ID: <9404071951.AA28308@ciis.mitre.org> >Jim Miller writes: > > What's the deal? I guess all the publicity from the Time article, which cited the same survey as CNN (by Yanklevich Partners), deadened the response. I've begun to see reps of Yanklevich interviewed about public opinion on CNN quite a bit recently. -- Best regards, Curtis D. Frye cfrye at ciis.mitre.org or cfrye at mason1.gmu.edu "Here today, gone ?????^H^H^H^H^HFriday, April 8th" From tcmay at netcom.com Thu Apr 7 12:46:35 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 7 Apr 94 12:46:35 PDT Subject: I'm a little surprised In-Reply-To: <9404071858.AA09784@bilbo.suite.com> Message-ID: <199404071946.MAA00373@mail.netcom.com> > A couple of days ago I posted that Headline News displayed a > "factoid" that stated US residents value privacy over police ability > to wiretap. With all the excitement the Time/CNN poll generated, I > expected people on this would say hurray or something. Nobody said > anything. What's the deal? > > Jim_Miller at suite.com First, it was discussed and commented upon when the "Time" article came out. I remember several people forwarding the entire article or portions of it. Second, the relevant quote is already being included in some people's sig blocks. For example: "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." Philip Elmer-Dewitt, "Who Should Keep the Keys", Time, Mar. 4, 1994. I think it's gotten a _lot_ of attention. You just must be skipping a lot of messages (understandable, given the volume). --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jim at bilbo.suite.com Thu Apr 7 12:55:45 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 7 Apr 94 12:55:45 PDT Subject: I'm a little surprised Message-ID: <9404071949.AA10783@bilbo.suite.com> Eric Hughes writes: >It was the same poll Ah. That explains it. Tim May writes: > Second, the relevant quote is already being included in > some people's sig blocks. For example: > [..] > I think it's gotten a _lot_ of attention. You just must be > skipping a lot of messages (understandable, given the > volume). > Nope. I read almost all of them. I just didn't pay enough attention to the original article of the sig notice that the Time/CNN pool was conducted by Yankelovich Partners. When I saw the Factoid I thought it was a different poll. Jim_Miller at suite.com From pcw at access.digex.net Thu Apr 7 13:02:27 1994 From: pcw at access.digex.net (Peter Wayner) Date: Thu, 7 Apr 94 13:02:27 PDT Subject: I found this a very interesting use of anonymous mail. I am sending itnot to advertise the ad but the process Message-ID: <199404072002.AA02206@access1.digex.net> Yes, this is a very good example of _real_, legitimate uses of anonymity. Headhunters usually provide anonymity as one of their "features. Another good example are the personal ads. -Peter >Posted-Date: Thu, 7 Apr 1994 05:23:26 -0400 >To: com-priv at psi.com >From: an32949 at anon.penet.fi >X-Anonymously-To: com-priv at psi.com >Organization: Anonymous contact service >Reply-To: an32949 at anon.penet.fi >Date: Thu, 7 Apr 1994 05:29:48 UTC >Subject: Well known net business seeks COO to grow (S.F. Bay Area) > >One of the few well established companies doing business on >the internet has decided it wishes to hire a chief operating >officer to manage the growth and operations of the company. > >The company is under $5 million in sales and the president >and founder wishes to focus his skills on the products while >a new skilled manager oversees company operations, finance, >sales, marketing, staffing and growth. > >The ideal candidate has solid experience in senior high-tech >growth company management and a desire to work building >an internet related business. Because the company is >still small, this is a hands-on management position. >Perhaps the ideal person is one who was planning to start >his or her own internet related company but might also be >excited to take the helm of an established one. > >If you're the right candidate you'll be offered a competitive >salary and health benefits, but most importantly an option >plan that will give you significant equity in the firm. > >You'll also need to live in, or wish to move to Silicon >Valley. > > Note > >This is an anonymous message, posted that way because we >don't wish to advertise our future executive hiring plans to the >world. We'll naturally reveal ourselves to any serious candidate. >This anon message server works on a double-blind principle. If you >reply to this message, We'll get it anonymously from you. >You'll be assigned an ID from the server. You can of course >give your real identity in the message. You can also take >the reply ID above and change the "an" to "na" (ie. >na32949 at anon.penet.fi) to respond non-anonymously. >You can send an ASCII resume or find out contact info for >other resume media. >------------------------------------------------------------------------- >To find out more about the anon service, send mail to help at anon.penet.fi. >Due to the double-blind, any mail replies to this message will be anonymized, >and an anonymous id will be allocated automatically. You have been warned. >Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From hanson at hss.caltech.edu Thu Apr 7 13:03:19 1994 From: hanson at hss.caltech.edu (Robin Hanson) Date: Thu, 7 Apr 94 13:03:19 PDT Subject: Pseudonyms and Reputations In-Reply-To: <199404070236.TAA05451@jobe.shell.portal.com> Message-ID: <199404072003.NAA19838@hss.caltech.edu> Hal Finney writes: >One possibility is a digital reputation system. Presently people and >nyms develop informal reputations in the minds of their readers. This >could be formalized by allowing readers to create endorsements of >various types for those who have worthwhile things to say. ... >People who are able to bring a variety of endorsements from respected >individuals or organizations will be able to have their words carry >weight from the beginning. ... > >The social problems of determining when writers should receive >endorsements, how much credence to give to endorsements from unknown >endorsers, how to appropriately display endorsements, and how to easily >validate and verify endorsements proffered by others, are harder to >solve. Despite these issues, a modification to Magic Money to support >this application would allow for some initial experiments with the >concept, which might help show where the significant problems lie. Years ago, I worked on "hypertext publishing", a vision of electronic publishing that often included the image of readers choosing what to read based on automated personal filters, filters which merged evaluations from previous readers, and which weighted those readers according to explicit "reputations", which were to be some sort of merging of evaluations of that reader. I eventually came to believe that the social aspects of this vision were the least well thought out, and needed the most attention. But the Xanadu software techies I worked preferred to focus on concrete software problems, though they acknowledged the importance of social issues. As I thought more about social issues, I drifted from the Xanadu group and toward thinking about other problems, which eventually led to my new career as a designer of social institutions. Anyway, the point of my story is to agree with Hal that there are big issues yet to be dealt with regarding decentralized reader filtering based on explicit author endorsements. And I want to remind folks that these issues are pretty much independent of cryptography; they have been around for a while, waiting for someone with the relevant social expertize to give them serious attention. So, yes, experiments would be useful, though they needn't be tied to a cryptographic system. But some just plain careful thinking would be perhaps more useful. I fear, however, that these issues may remain largely undealt with for some time to come, since the techies most interested in them may again prefer to focus on familiar software and math problems, rather than invest the time needed to develop expertize on social issues. I hope you prove me wrong though. :-) Robin Hanson From tcmay at netcom.com Thu Apr 7 13:14:08 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 7 Apr 94 13:14:08 PDT Subject: Dave Emory lecture Saturday, Bay Area In-Reply-To: <9404071929.AA13721@ah.com> Message-ID: <199404072014.NAA05598@mail.netcom.com> Proposal: Dave Emory, radio broadcaster, will be speaking Saturday night. Details below. I suggest some of us meet there after the physical meeting of the Cyperpunks in Mountain View. Eric Hughes wrote, quoting Detweiler: > >also, i very sincerely doubt that money laundering is a major, > >minor, or even existing part of any u.s. intelligence services. > > _Cocaine Politics_, by Peter Dale Scott and Jonathan Marshall. > > Read up. > > Eric Indeed. Many fine books cover this area. Another is "The Politics of Heroin in Southeast Asia," by Alfred McCoy. In fact, there are so many citations to support the links mentioned that I hardly know where to begin. Coincidentally, my favorite radio commentator, Dave Emory, will give a 3-hour lecture on "Drugs and Fascism" (or a similar title) on Saturday evening, 7-10 p.m., at Foothill Community College, Room F-12. Foothill is in Los Altos Hills, visible from Highway 280. I believe the cost will be $10. I've seen Dave speak twice before, on other topics. He can speak for hours without notes and with captivating presentation. Whether you agree with all his points or not, this three hours will surely be enjoyable and may even change your outlook on things. Dave has a radio talk show on Sunday nights from 7-11 p.m., on KFJC, 89.7. Some of this is rebroadcast Monday night, 9-10:30 on KKUP, 91.5. I can't get the KFJC broadcast here in Santa Cruz, but I religiously listen to the KKUP broadcast on Monday nights. I understand that radio stations around the country, at least a handful of them, rebroadcast his tapes. His theme is the national security state, the role of the State in suppressing freedom, the various "conspiracies" of Inslaw, Casolaro, P-2, Gehlen, NSA, Contras, Cabazon, Nazis, etc. (If these words mean something to you, then you know what Dave talks about. If these words mean nothing to you, then you owe it to yourself to at least spend a few hours listening.) Dave is generally left of center, but I find him refreshing and tolerable. He even supports gun rights....and wears an "NRA" cap to his talks! ("To freak out the politically correct," he once quipped.) I've called in to his radio show a couple of time and have updated him and his audience on the Clipper chip, the links between the NSA and the Witness Security Program, the murder of several NSA employees because of their ties to journalist Danny Casolaro, and the general threat of the surveillance state. Emory was very knoweldgeable about the NSA and plans to do more on it in the future. I plan to attend this lecture after the physical Cypherpunks meeting in Mountain View on this coming Saturday. I suggest we make it an "outing." (If $10 is too much, scrimp on dinner that evening and instead go to the lecture.) (Sometime schedules for such things change. If anyone has heard of any cancellations, or can confirm the date, place, and lecture title, please mail me, or post here.) Hope to see you there! --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jims at Central.KeyWest.MPGN.COM Thu Apr 7 13:32:25 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell - KD4CKQ) Date: Thu, 7 Apr 94 13:32:25 PDT Subject: Letter to the Government Message-ID: <9404072031.AA20284@Central.KeyWest.MPGN.COM> FYI folks, I just sent this electronically and would like to urge you to express your feelings to the government officials as well. Don't copy my letter, express your own thoughts, but please do let them know how you feel about it even if you disagree with me :) Jim Sent electronically to: Representative Maria Cantwell, D-Washington - cantwell at eff.org Representative Lee Hamilton, D-Indiana - hamilton at eff.org Chair of the House Committee on Foreign Affairs The President of the United States - president at whitehouse.gov The Vice President of the United States - vice.president at whitehouse.gov The Cypherpunk mailing list of Internet - cypherpunks at toad.com Greetings, I wish to express my concerns about a current issue that has drawn a lot of attention from the computing world. The issue is that of encryption and the Clipper chip. We Americans pride ourselves with the freedoms guaranteed us by the Constitution and it is freedom upon which this entire country is based. The Clipper chip threatens this freedom in an unprecedented way. I, as a professional computer programmer, am frightened by the desire of some of our Congress members to eliminate all forms of encryption except special government approved devices such as Clipper. Although I do not disapprove of the chip, nor of the ability to break it with the proper search warants, I do disapprove of what the success of this chip will bring. If Clipper succeeds then it will promote the wholesale outlawing of any encryption method. This will be undesirable for four reasons: 1. Right to privacy will be compromised if the citizens of the United States can not take steps to keep information such as financial transactions and personal data from prying eyes. 2. By requiring ONE and only one means of encryption you would be making it easier for those who wish to do harm to decypher our information. A cryptoanalyist would have a much easier time if he is guaranteed to know the form of encryption used. 3. The Clipper chip will do nothing to deter crime. A criminal smart enough to use encryption will be smart enough to use a safe code and not stupid enough to use the Clipper chip that he knows the governent can decode. The gangsters of the early to mid 20th century used nothing that could be called encryption and yet talked freely about taking packages for delivery and erasing people. The same would be true today. In fact, there are programs that exist TODAY and are readily available that will hide an encrypted message in an otherwise innocent picture. This method of hiding information is nearly undetectable. Considering this, criminals would still use cyphers if they so desired and only law-abiding citizens would be forced to make their private information vulnerable. 4. The only thing worse than having no means of privacy is to give the people a device they trust implicitly which is, in reality, not secure. Imagine a classified document from the millitary that is encrypted by the Clipper chip falling into the hands of an enemy who can decrypt it. In answer to those who say breaking the Clipper code is not practical I'd ask "Why was Clipper designed for non- classified information?" The answer is, of course, that Clipper is not secure enough to trust to protect our most sacred documents. I want to thank those of you who are working to block the "slaughter" of freedom and the elimination of American's rights to use encryption as they see fit and to implore anyone whose eyes fall upon this document to support it as well. Thank you for your time and consideration. Respectfully Jim Sewell 1209 Virginia Street Key West, Florida 33040 -- Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com Key West, FL 33041 CIS: 71061,1027 (305) 293-8100 "We keep coding and coding and coding..." From dmandl at lehman.com Thu Apr 7 13:33:53 1994 From: dmandl at lehman.com (David Mandl) Date: Thu, 7 Apr 94 13:33:53 PDT Subject: Dave Emory lecture Saturday, Bay Area Message-ID: <9404072033.AA22814@disvnm2.lehman.com> For those of you in the NYC area, we've been broadcasting Dave's tapes on WFMU (E. Orange, NJ, 91.1 FM) every Tuesday evening from 6-7 p.m. --Dave. > From: tcmay at netcom.com (Timothy C. May) > > Coincidentally, my favorite radio commentator, Dave Emory, will give a > 3-hour lecture on "Drugs and Fascism" (or a similar title) on Saturday > evening, 7-10 p.m., at Foothill Community College, Room F-12. Foothill > is in Los Altos Hills, visible from Highway 280. I believe the cost > will be $10. > > I've seen Dave speak twice before, on other topics. He can speak for > hours without notes and with captivating presentation. Whether you > agree with all his points or not, this three hours will surely be > enjoyable and may even change your outlook on things. > > Dave has a radio talk show on Sunday nights from 7-11 p.m., on KFJC, > 89.7. Some of this is rebroadcast Monday night, 9-10:30 on KKUP, 91.5. > I can't get the KFJC broadcast here in Santa Cruz, but I religiously > listen to the KKUP broadcast on Monday nights. > > I understand that radio stations around the country, at least a > handful of them, rebroadcast his tapes. > > His theme is the national security state, the role of the State in > suppressing freedom, the various "conspiracies" of Inslaw, Casolaro, > P-2, Gehlen, NSA, Contras, Cabazon, Nazis, etc. (If these words mean > something to you, then you know what Dave talks about. If these words > mean nothing to you, then you owe it to yourself to at least spend a > few hours listening.) From unicorn at access.digex.net Thu Apr 7 14:55:59 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 7 Apr 94 14:55:59 PDT Subject: nsa digital cash? In-Reply-To: <199404071634.JAA05501@netcom9.netcom.com> Message-ID: <199404072155.AA10615@access1.digex.net> > > > tmp: > > so? what's your point? my point was that the nsa was a prime candidate > > agency for trying to *expand* the current federal role in the cash > > system. are you saying the federal government already has a `digital > > cash system'? well, yes, i guess in some sense. > > unicorn: > > >Why do you think BCCI was so popular with intelligence agencies? The KEY > >effort in any agency is money laundering. This is by definition the > >primary function of intelligence agencies, to bring funds to bear > >properly and quietly on projects and goals that don't sit well in > >public. > > yikes, hold on a sec. i was talking about the nsa. if you are for a minute > suggesting the nsa is involved in money laundering i think you are *utterly* > mistaken. Then we have a difference of opinion. I'm not going to try and convince a subborn fanatic, nor educate one on the operation and methods of intelligence agencies. If you are not convinced that intelligence agencies create and use front companies, agents of influence in financial institutions, bribery, blind political support funds and transactions in general, you are not worth discussing the topic with until you read or do some intelligence work. > also, i very sincerely doubt that money laundering is a major, > minor, or even existing part of any u.s. intelligence services I repeat the above. Money laundering is essential to any intelligence operation, foreign based or U.S. based. This is important not only to hide activities from the scrutiny of the public and hostile intelligence, but also to hide the source from the recipient. Many political movements the U.S. would support, wouldn't be interested in the support if they knew it came from the U.S., or worse, U.S. intelligence. > there is > a gray area where sometimes an agency is associated with money launderers, > because they may be informants or whatever, but try to point to any > u.s. intelligence operation that involved money laundering? and just > try to pretend that the nsa was involved-- Radio free America. Radio free Europe (Set up by a "Private" company) Radio Liberty. U.S. Listening posts in Great Britain. Cuban resistance movements. The Schoenfeld tunnel. Support for the American Federation of Labor Support for anti-Communist American Students abroad in the 50's-60's. Civil Air Transport (takeover) Air America and the partner Southern Air Transport. Airdale (the holding corp for the above) How many do you want? Asserting that U.S. intelligence does not and has no need of money laundering is silly. Asserting that the NSA is never involved is also silly. Regardless, your assertion that the NSA will become involved in the control of Federal Transactions because it will give government more control is flawed even by your own accepted factors. > i reiterate my point: designing a secure digital cash system would be > a key area that the nsa would be interested in. This was not your point, your point was that the NSA would control such a system. This point is also flawed. The NSA may create the technical means, but logistics are not in the cards. in fact, i think it is > highly likely that they have already designed significant parts of the > existing u.s. transaction infrastructure at certain levels. (they > vetted DES, right?!) This is a point entirely separate from the above. This is what the NSA does, it does not create institutions for public use. > (references? would be appreciated) that is essentially what clipper > is intended to do. Wrong. Clipper is intended to maintain the COMINT/SIGINT ability domestically. This has nothing to do with finances and digital cash except in so far as the same hardware might be use to implement same BY PRIVATE ENTITIES. This is of course assuming the private development of these systems is not sufficient, a premise which grows weaker by the day. Intelligence would never risk overt control of domestic financial institutions that were not dedicated for use. A silent involvement with a foreign bank through a front is much more efficient. > >> are you saying you don't expect the federal government to expand their > >> role in cash systems? or that it is already as large as it can get? > > > >Lumping the Federal system in with intelligence agencies in this > >context betrays significant ignorance in the structure of modern government. > > the point of the nsa is that there is `no structure' to a government > bureaucracy that senses its own impending extinction. Where do you get this from? The NSA is perhaps the most structured intelligence agency in the United States. They certainly know their bounds better than the other collection arms, and I won't even mention the HUMINT people. > clipper is a grasp > at an area that virtually all analysts agree is not a historical precedent > for them, It's easy to spout "virtually all analysts." Want to tell us who and when? As for historical precedent, when has the NSA come out public supporting a POLICY decision and not a technological development? Clipper is not a grasp by intelligence, it is a utilization by executive authority of intelligence to support a centralist program. If you cannot understand the distinction, you need to stay out of politics, and political analysis. > and that dangerously impedes on *domestic* and *commercial* affairs, > something they have never been authorized to do. (cpsr foia requests > posted to various newsgroups are strong on this point) Which CPSR requests? How is this an intelligence operation that impedes on domestic affairs? I repeat the above, this is program from the EXECUTIVE branch. > >Between this and your misconception of the Federal financial structure > >that Eric was so quick to point out, I think you should keep your day job > >Det, or is this it? > > sigh. fine. smear me with some more `det' insults. what was my misconception? > neither you or erik have yet to specify what it is exactly. i admit that > i don't have a close grasp on e.g. the check clearing system and what > elements are in federal hands. but instead of yelling at and insulting me, > maybe erik could explain exactly how this system works. i doubt i am > the only one who is not aware of the precise structure. anyway, my basic > point has nothing to do with the existing infrastructure. Asserting that the FED had as much influence on retail financial transactions as you would have was your mistake. Again, you make bald assertions that have no basis in fact, but merely seem to you to fit your argument, facts you already assume to be true and thus are convenient for you to adopt. Try the reverse, come up with the facts first THEN move to the premise. > as for my `day job', parry meztger asked about this too. well, pick one > of the following > > 1) bored millionaire with nothing better to do than go to drug parties > and hang out in cyberspace, using all kinds of infantile pranks with > pseudonyms... You're far to narrow to be rich. > 2) shearson-lehman brokerage agent, dealing with computerized trading > strategies, sometimes `libertarian lecturer', with a real jekyll-and-hyde > cyberpersonality If you understood financial structure, this might have more credibility than it does. (Still limited regardless) > 3) working with Ted Nelson on the Xanadoodoo project as a consultant, > building a `digital bank' on the internet at a glacialy slow pace. Again, the financial ignorance. > 4) entrepreneur starting a new internet company specializing in mailing > lists, pseudonyms, etc. "Self Employed." I think this is closer. > 5) GIS consultant working on database design for power companies Better get to work and off the net, you might get fired if your boss walks into the cubical you spend the day in and sees you wasting his paid time smearing cheese puffs on the keyboard while goofing off on the net. > >> we have to fight off these encroaches onto private territory wherever > >> they happen. clipper was *not* a surprise given the past nsa history. > >Clipper is a HUGE surprise considering the NSA history. > > > >Two words: > >Too Public. > > no, i think you can look at their past and see that they were proposing > subsystems for computers with `tappability' built in long before clipper. > some of the real old veterans here might be able to confirm this (cyberspace > has a very short memory) I'll leave it up to you to decide how the above differs from Clipper and the NSA's involvement. Your failure to identify the distinction just adds to my assessment that you have no background in intelligence or financial institutions and thus have no business at all making this argument which requires no knowledge but in these two areas. > yes, clipper was the most public nsa program > ever devised. but remember that the nsa has *never* (that i know of) > acknowledged building it in official press releases. > instead, it is portrayed as an NIST > invention built based on presidential directive and the help of `several > key agencies' (hee hee, love that phrase) Ok, let's assume your correct, a dubious position. I'll call this the "NIST" front theory. In some ways it makes sense in that agencies are usually created as an insulator the to executive. > >I attribute the public outing of the NSA to an [unnamed] high administration > >official with no concept of the proper application of intelligence > >agencies except as a tool to support his dwindling programs. > > i have no idea what you are tallking about. I don't doubt it. > `public outing'? the nsa > cannot accomplish their goal with clipper *without* going public, namely > to create a tappable worldwide cryptographic standard. yes, there is > a lot of `save our butts' mentality along with the creation of it. Now let's go back to your "NIST" front theory. If the policy is already in the open and attributed to NIST, why must the NSA be publically involved? Surely the NIST front was created to mask involvement in some way yes? If this is so, as your reading of the "several key agencies" clause seems to suggest, why is the NSA talking publicly? Why is a NSA public relations official straight out of Q43 going to conferences? How is the NIST front acting to insulate the President here? A "ClusterFuck" even by your definition. Mr. Sternlight, care to comment here? > or are you just talking about the nsa having a higher profile because > someone thinks they can advance by touting it? i think you are wrong > there. the people in the nsa have the attitude, almost, that even > talking about the existence of the agency to outsiders is a crime. > and what does anyone outside the agency have to benefit by promoting > it publicly? they would lose favor with those inside it. Did you even read my message? The NSA is being used here. How can you reconcile the attitude and culture the NSA has with your insistence that the NSA must go public when even you admit a public front has already be established and the NSA need not be involved? I think you forget what the last paragraph in your idea was before writing the next. My whole point is that the NSA is being manipulated as a public relations tool and this is silly and betrays a total lack of intelligence experience by whoever is directing them. Gee, I wonder, who's program is it now that the NSA is supporting? Who might stand to gain from having that program succeed? Who is probably then directing the NSA to support the program in public? You really don't know anything about intelligence do you? > >The fact that the NSA is publicly supporting clipper betrays fear by the > >administration, the improper use of the agency, and a great deal of > >ignorance in intelligence in general. I might add that in my personal > >opinion it is a perversion. > > it appears the executive branch was not fully involved in the > clipper decisions. this is really patently obvious. Patently obvious? You only support it with your assumptions which I will now challenge, hardly obvious. > clipper was > developed more or less independently by the nsa and then passed off > as a `presidential directive'. i agree it is a perversion. but the overwhelming > evidence is that it originated inside the agency, not outside it. Clipper was an offshoot of the public key technology. The effort on Clipper strings back to the Bush/Reagan era. NSA is not a policy agency. They came up with the technology because that's what they are paid to do. Applications for the technology are suggested, but it's up to other authority to apply it in practice. It's called the take care clause. Suggesting that Clipper, including the policy decisions, is an NSA creation is ignorant. The technology might be an NSA invention, or theft, the Clipper program is not. > >> it would *not* be surprising if the nsa got into the digital cash > >> design area in the future, or expanded its role in the current one. > > > >Yes it would. This is not the function of the NSA. The NSA either > >performs communications and signal intelligence or functions as an > >appropriations agency for secure communications channels for government. > > oh, i see, and how is the nation's cash system not a `secure communication > channel for the government'? what do you think it means on your bills > where it says, `this is legal tender for all debts, public or private'? > cash is the *embodiment* of an official government `secure' channel. > the fact that it is paper-based is merely a coincidence. You do babble don't you. Your theory that the NSA seeks to control federal financial transactions and to develop a digital cash system to further that goal has nothing to do with the text on a bill. You think the NSA established the ATM network outside of the DES derivative it may use? That alone disqualifies you as an authority on the point. > you refuse to even ponder my basic point: the nsa has a history > of trying to glom onto new areas of conquest. a cash system would be > something they eye very greedily. what prevents it? *nothing*. I refuse to ponder your point because it implodes when touched. You treat the intelligence agencies as a separate policy making arm of the government not as a tool of the executive. > ask > anyone several months before clipper came out, and they would be saying > >This is not the function of the NSA. The NSA either > >performs communications and signal intelligence or functions as an > >appropriations agency for secure communications channels for government. > ... > > >The contemporary trend to use the agency for anything from public > >relations and government regulations is a mistake of application by the > >current administration. The NSA is enjoying its moment in the spotlight > >for the time, but at the core this is a secret agency. > > yes, but they are finding that trying to be secret and accomplish the > goal of limiting cryptography are mutually exlusive goals. and this > has *nothing* to do with the `current administration'. clipper originated > long before the clintons. "They" as in the NSA? (Sigh) Do you hear nothing? The NSA may have suggested that certain technologies were going to loosen their grip on domestic COMINT/SIGINT. How this makes the NSA a policy arm is beyond me, and I think even you. I might add that limiting cryptography is hardly a goal mutually exclusive with secrecy. You illuminated this yourself when you mentioned the "NIST" front theory. The NSA does not HAVE to be involved here. You have yet to show me otherwise. > > One of two > >things will happen (and I would argue one of these already has) > > > >1> The responsibility for the darker activities the NSA is (was) > >responsible for will be switched. > > what `darker activities'? money laundering?! hee, hee, you better go > reread your bamford. See above for money laundering discussion. See above for suggestions on topics to read up on. > >2> The NSA will grow tired of its moments in the limelight and realize > >that serious business needs to be attended to. > > what business?! i repeat, no one in the NSA wants to `be in the limelight' > and clipper is no such attempt to do so. do you think clipper is dead now? > if so, you are wrong. public outcry means *nothing* against government > obstinacy. You seem to have switched your position pretty quickly. Compare: > yes, but they are finding that trying to be secret and accomplish the > goal of limiting cryptography are mutually exlusive goals. With: >i repeat, no one in the NSA wants to `be in the limelight' > and clipper is no such attempt to do so ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It is left to the reader to harmonize these two. > >The NSA is always better off when no one is talking about the NSA. > > this sounds like a trite cliche from someone in the agency. i agree, but where > does that leave clipper? how is it you can write so much about the nsa without > using that word? It leaves Clipper in trouble. Never involve an intelligence agency in public affairs that might attract press and public opinion. Silly. Who might be responsible for this? What a clod. But I do have a great deal of respect for the Office of the Presidency. > do you think they will abandon it? that is the only way > they can stop being the object of widespread public ridicule. Which is why, in part, that the publicity was a mistake. the > nsa has two basic agendas: > > 1) intercept/restrict/control cryptography > 2) do so secretly Wrong. 1) Provide for government communications security. 2) Provide and insure continued SIGINT/COMINT ability. > > these two goals are fundamentally incompatible in 21st century cyberspace. > in fact, i would argue they are both fundamentally impossible. die, nsa, die. You mean, you would tell us that your going to argue this point, but then not support it. These goals are not incompatible even if they were the goals of the NSA. > >An NSA that participates in the public restructuring of a basic financial > >system on any level beyond the development of the technology is just > >not in line with an agency that has better security on the local power > >stations than the President has in general. > > `local power stations'?!?! what the !@#$%^&* are you talking about? I guess you've never been to Fort Meade, Maryland. My mistake. > if > you think the nsa cares what the presidents [sic] thinks, you are mostly mistaken. > the nsa cares about how to get the president to think what they want him to > think. Who do you suppose directs the appointment of NSA? Are you arguing that the NSA is unaccountable? Study political science as well as Financial Institutions and Intelligence. > >> (erik hughes's OTHER testicle ) > >> > > > >I don't think so. > >Eric's testicles are surely much larger than you. > > really? how big were they last time you checked? Eric has more balls than you ever will my friend. > btw, someone said that `testicle' is a pun of `tentacle'. could someone > tell me what a `tentacle' is? how does this relate to the d-stuff? > just curious. uh, maybe nevermind > -uni- (Dark) From tcmay at netcom.com Thu Apr 7 15:45:02 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 7 Apr 94 15:45:02 PDT Subject: "Open Sesame"--MacNeil-Lehrer Report on Clipper Message-ID: <199404072245.PAA22034@mail.netcom.com> I just finished watching--and videotaping--the 11.5 minute report by Philip Elmer-Dewitt on Clipper and related topics. The MacNeil-Lehrer Newshour should be in your area several more times today...around the dinner period, later, etc. Here in Bay Area, it comes on at 5, at 6, and as late as 10 and 11. "Check your local listings." An even-handed report, with brief statements from Marc Rotenberg, Lynn McNulty, Dave Banisar, Dorothy Denning, Whit Diffie, Jerry Berman, and a Dept. of Justice guy. "A bad idea" vs. ""Folly to let intercept capabilities be lost." Some nice aerial shots of Fort Meade, NSA. A demo of AT&T's SecurePhone 3600. A brief explanation of Clipper. I won't type in the quotes from the folks above. See the report for yourself. No major surprises. Except perhaps Marc Rotenberg's clear statement that after Clipper and Digital Telephony will come "restrictions on noncomplying cryptography." (Surprising in that it's a bold prediction. One we all have suspected is the case, but a public statement--which the report did not have a refutation of--all the same.) Tim-Bob says "Check it out!" -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From grady at netcom.com Thu Apr 7 15:45:06 1994 From: grady at netcom.com (Grady Ward) Date: Thu, 7 Apr 94 15:45:06 PDT Subject: NSA security manual Message-ID: <199404072245.PAA18582@netcom9.netcom.com> I got a call from SDO10 at (301) 688 6911 [NSA Security Duty Officer] this morning asking me where I got the following: From norm at netcom.com Thu Apr 7 16:11:53 1994 From: norm at netcom.com (Norman Hardy) Date: Thu, 7 Apr 94 16:11:53 PDT Subject: Pseudonyms and Reputations Message-ID: <199404072312.QAA26366@mail.netcom.com> At 9:22 4/7/94 -0700, Blanc Weber wrote: ... >Could I really allow myself to be so prejudiced by what a number of >others have determined is (or is not) a worthwhile contributor to a list? Only those others whose reputation for taste in giving endorsements you have come to trust. ... From afabbro at umich.edu Thu Apr 7 16:36:53 1994 From: afabbro at umich.edu (This Space For Rent) Date: Thu, 7 Apr 94 16:36:53 PDT Subject: NSA security manual In-Reply-To: <199404072245.PAA18582@netcom9.netcom.com> Message-ID: > I got a call from SDO10 at (301) 688 6911 [NSA Security Duty Officer] > this morning asking me where I got the following: "Why...I got it from the Russian translation a Comnist friend of mine gave me!" Make sure to send a copy to president at whitehouse.gov. Andrew Fabbro If laws are outlawed, weltschmerz at umich.edu only outlaws will University of Michigan have laws. Fnord. _____________________________________________________________ Finger afabbro at churchst.ccs.itd.umich.edu for PGP public key. PGPprint: 87 41 65 E0 C2 51 9F E5 A9 44 ED A6 6B 16 76 9E NSA bait: assassinate uranium dreamland CIA p.o.e. zimmerman From hh at cicada.berkeley.edu Thu Apr 7 17:22:13 1994 From: hh at cicada.berkeley.edu (Eric Hollander) Date: Thu, 7 Apr 94 17:22:13 PDT Subject: the hh remailer on soda Message-ID: <9404080017.AA11450@cicada.berkeley.edu> the remailer, hh at soda.berkeley.edu, has moved slightly, and is now remailer at soda.berkeley.edu. everything will work the same way, and an alias pointing from hh to remailer will exist indefinitely. expect another change some time in a few months: soda itself will move from soda.berkeley.edu to soda.csua.berkeley.edu, and the remailer will move to another machine, perhaps ftp.csua.berkeley.edu or something like that. personal mail to me on soda can be sent to cat at soda. a note to list maintainers: please leave me on the cypherpunks list as hh at soda, not cat at soda. i would like to thank ERic (melhaff at soda) and matt (seidl at soda) and the rest of the soda staff and the csua for creating the dedicated remailer account and for being supportive of the remailer project. as an aside, i am actively working on an encrypted alias remailer, which is currently in testing, and will come on line for public use soon. e From tmp at netcom.com Thu Apr 7 17:37:48 1994 From: tmp at netcom.com (tmp at netcom.com) Date: Thu, 7 Apr 94 17:37:48 PDT Subject: nsa digital cash? In-Reply-To: <199404072155.AA10615@access1.digex.net> Message-ID: <199404080038.RAA22910@mail.netcom.com> unicorn at access.digex.net makes several claims about the nsa, clipper, and money laundering that i find patently absurd. my source for nsa information is mostly bamford. no where in the book is any mention made of money laundering. i find preposterous the claim that the nsa is involved in money laundering. unicorn's argument is entirely by analogy-- the nsa is an intelligence organization, money laundering is highly useful to intelligence organizations, therefore the nsa is laundering money. >> i reiterate my point: designing a secure digital cash system would be >> a key area that the nsa would be interested in. > >This was not your point, your point was that the NSA would control such a >system. This point is also flawed. The NSA may create the technical >means, but logistics are not in the cards. how are the logistics different than the technical means? if the nsa designs key parts of a digital cash infrastructure, don't you think that counts as `the logistics'? >> in fact, i think it is >> highly likely that they have already designed significant parts of the >> existing u.s. transaction infrastructure at certain levels. (they >> vetted DES, right?!) > >This is a point entirely separate from the above. >This is what the NSA does, it does not create institutions for public use. what is clipper? it is designed to become institutionalized wiretapping, wouldn't you say? >> (references? would be appreciated) that is essentially what clipper >> is intended to do. > >Wrong. >Clipper is intended to maintain the COMINT/SIGINT ability domestically. wrong. nsa has no authority to do comint and sigint domestically and there is no evidence they do so. some leaks into the vacuum cleaner but there is no design to capture it specifically. >Intelligence would never risk overt control of domestic financial >institutions that were not dedicated for use. A silent involvement with >a foreign bank through a front is much more efficient. this amounts to flimsy psychoanalysis of the nsa. i am not claiming the nsa is going to start a covert money laundering campaign in the u.s. i am saying that the design of a digital cash infrastructure would be immensely appealing for them to study, and i will bet you anything that there are parts of it dedicated to exactly that purpose. maybe they are in a very preliminary stage, but the trends in the nsa suggest this is another thing they would be overjoyed to glom onto. [`nsa is unstructured so it can expand influence'] >Where do you get this from? The NSA is perhaps the most structured >intelligence agency in the United States. They certainly know their bounds >better than the other collection arms, and I won't even mention the HUMINT >people. ridiculous assertion. if they `knew their bounds' why did they come up with clipper? why do we have the domestic surveillance abuses of the 60's and 70's? i am beginning to think you are purposely writing so stupidly as to make my arguments so patently superior, that you may be my own `straight man' or `puppet' (hee, hee) [clipper] >I repeat the above, this is program from the >EXECUTIVE branch. this is just so far out of touch with reality that i can't even touch it. first, consider that this program originated with bush-- if the nsa were doing it only for the president, why shouldn't they stop now that he is out of office? secondly, vice president gore is quoted as saying that some of the nsa decisions, i.e. on key escrow agencies, were `not properly vetted' (he was quite upset, ask stanton mccandlish). moreover, you are implying that the clinton administration is driving its development now. what have you heard from clinton about clipper? personally i haven't heard him say too much about it. >I'll leave it up to you to decide how the above differs from Clipper and >the NSA's involvement. Your failure to identify the distinction just adds >to my assessment that you have no background in intelligence or financial >institutions and thus have no business at all making this argument which >requires no knowledge but in these two areas. you're right. i'm totally ignorant of all historical facts and the nsa. the poor nsa was suckered into clipper and public relations by that nasty grinch bush. if it weren't for him, all would be well. in fact, probably the skipjack algorithm itself was invented by bush. i bet he came up with the idea of key escrow too. how could we all have been so blind?!! (btw, you don't seem to state that you have even read bamford) >Now let's go back to your "NIST" front theory. If the policy is already >in the open and attributed to NIST, why must the NSA be publically >involved? Surely the NIST front was created to mask involvement in some >way yes? If this is so, as your reading of the "several key agencies" >clause seems to suggest, why is the NSA talking publicly? they are not `talking publicly' in a basic sense. they are using the NIST as a mouthpiece. >Why is a NSA >public relations official straight out of Q43 going to conferences? because the NSA invented clipper, and as much as they hate it, they know that PR is basic to its potential acceptance (hee, hee, as if such a thing is possible) >Mr. Sternlight, care to comment here? i will not stoop to your barnyard tactics. >The NSA is being used here. How can you reconcile the attitude and >culture the NSA has with your insistence that the NSA must go public when >even you admit a public front has already be established and the NSA >need not be involved? oh yes, it is that evil wolf Bush that is manipulating the poor old NSA red-riding hood. the NSA wouldn't touch clipper with a ten foot pole but they are being forced too. he threatened to take away their pensions and their decoder rings. >My whole point is that the NSA is being manipulated as a public relations >tool and this is silly and betrays a total lack of intelligence >experience by whoever is directing them. Gee, I wonder, who's program is >it now that the NSA is supporting? Who might stand to gain from having >that program succeed? Who is probably then directing the NSA to support >the program in public? you seem to have more faith in the NSA than some people have in God. your premise is (1) clipper is a lousy idea (2) clipper involves PR (3) the NSA is one of those *superb* and *way cool* intelligence agencies that would never do anything stupid (4) therefore the nsa is having its arm twisted into inventing clipper. oooh, what a stark tragedy. someone call shakespeare so we can immortalize this drama. >Suggesting that Clipper, including the policy decisions, is an NSA >creation is ignorant. The technology might be an NSA invention, or >theft, the Clipper program is not. what planet are you from? allright, it is an interesting theory, but it just doesn't stand up to scrutiny. are you claiming that bush was the person that prodded the nsa into doing clipper? why are they then still plugging away at it? what `unnamed government official' outside of the NSA has anything to gain from clipper? clipper reeks of the NSA. the skipjack algorithm, the key escrow, etc. all the central components of the idea just *scream* NSA. the NSA has tried to do this type of thing in the past with computers. >Your theory that the NSA seeks to control federal financial transactions >and to develop a digital cash system to further that goal has nothing to >do with the text on a bill. You think the NSA established the ATM >network outside of the DES derivative it may use? no, but i think it is likely that parts of the federal funds transfer system use technology ultimately due to NSA. also, if they get to design the algorithm (DES) what more could they want? you seem to conflate *building an infrastructure for digital cash* with *controlling banks*. the nsa could easily do the former without the latter. another `voluntary' system. (hee, hee) >You treat the intelligence agencies as a separate policy making arm of >the government not as a tool of the executive. to use your own claim-- you say that intelligence agencies use money laundering as a systematic part of their existence. now, tell me how many presidents approve of that. the same argument you use about money laundering -- that intelligence agencies need an untraceable fund source -- can be made to say that they are operating independently of presidential (executive) control. >The NSA may have suggested that certain technologies were going to loosen >their grip on domestic COMINT/SIGINT. How this makes the NSA a policy >arm is beyond me, and I think even you. `suggested'? i think clipper amounts to much more than a `suggestion'. and it is clearly an nsa-originating policy. >I might add that limiting cryptography is hardly a goal mutually >exclusive with secrecy. for the nsa it is. if they have policies that limit export of cryptography, and that impedes software manufacturing in this country, they have taken a controversial stand that is going to be subjected to the limelight. if they propose `you must use our algorithm with a trapdoor' they are inviting ridicule. what kind of sternlight are you, anyway?!!! Compare: > yes, but they are finding that trying to be secret and accomplish the > goal of limiting cryptography are mutually exlusive goals. With: >i repeat, no one in the NSA wants to `be in the limelight' > and clipper is no such attempt to do so ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ right. clipper is a contradiction in design goals: (1) continue the nsa mission of secrecy and oversight of cryptography (2) promote an algorithm to the public. >It leaves Clipper in trouble. Never involve an intelligence agency in >public affairs that might attract press and public opinion. Silly. Who >might be responsible for this? What a clod. the nsa is the world's greatest collection of clods. >But I do have a great deal of respect for the Office of the Presidency. uhm, the bush or clinton one? you are clearly not an atheist, you believe in the great Intelligence and Executive Gods. >> do you think they will abandon it? that is the only way >> they can stop being the object of widespread public ridicule. > >Which is why, in part, that the publicity was a mistake. oh right. how are they going to get private companies to use their algorithms without `publicity'? i suppose they could start a plan of having a secret corps of spooks sneak into offices after hours and swap CPUs or something... >> if >> you think the nsa cares what the presidents [sic] thinks, you are mostly >mistaken. >> the nsa cares about how to get the president to think what they want him to >> think. > >Are you arguing that the NSA is unaccountable? essentially, yes. bamford has entire sections dedicated to this observation. it is their fundamental attitude exemplified in quotes all the way up to the directors. >Eric has more balls than you ever will my friend. really? i have two. if he has more than that, i'd call it a mutation. ^^^^ oops, accidentally narrowed my identity to 50% of the population.... uni, thanks for playing my cyberspatial straight man, but i really have to stop this detweilerish sillyness. if i say anything more to you, people will begin to get suspicious. it doesn't help at all that you are posting pseudonymously ... pseudonymously yours, ---tmp From bdolan at well.sf.ca.us Thu Apr 7 18:05:10 1994 From: bdolan at well.sf.ca.us (Brad Dolan) Date: Thu, 7 Apr 94 18:05:10 PDT Subject: They can't stop themselves Message-ID: <199404080104.SAA17300@well.sf.ca.us> DRUG DEALERS EXPORT BILLIONS OF DOLLARS TO EVADE LAWS ON CURRENCY REPORTING - Wall Street Journal 4/7/94 Washington - Drug smugglers are evading U.S. currency-reporting laws by shipping billions of dollars out of the country, according to a report released by the Senate's Permanent Subcommittee on Investigations. One of the most reliable methods used by the smugglers, according to the report, is the U.S. mail. Over 25 criminal organizations have been found mailing cash through a single, unidentified East Cost airpor. U.S. Customs officials have been wrangling with the U.S. Postal Service for almost two years on ways to get at the money by changing the law so outgoing packages can be randomly inspected. But the issue remains unresolved. [...] ^^^^^^^^^^^^^^^^^^ The report states that a recent, more agressive search experiment by Customs, using dogs trained to sniff cash and other methods, more than ^^^^^^^^^^^^^ doubled the amount of cash seized during a five month period. [...] "At the very least, the report's findings suggest it is time for all law-enforecement agencies to work together to plan and execute a coordinated, long-range approach to address the money-laundering problem," concluded Sen. Nunn. The report was prepared for his subcommittee by the General Accounting Office. --------------------------------------------------------------------- (1) I don't need to comment on the trend toward random monitoring of all activities of all citizen-units. (2) Re. "other methods" Has anybody tried gamma or neutron activation analysis of currency? bdolan at well.sf.ca.us From kadie at eff.org Thu Apr 7 18:23:27 1994 From: kadie at eff.org (Carl M. Kadie) Date: Thu, 7 Apr 94 18:23:27 PDT Subject: Private video on demand Message-ID: <2o2bm8$d0f@eff.org> At a "Computers, Freedom, and Privacy" '94 informal meeting, I heard a quick overview of a video-on-demand protocol that would ensure privacy. Does anyone know the details? Here is what I recall (I think): Three parties: A - the information provider has a list of movies (or other material) with prices B - a middleman/net owner C - a customer Some how, C gets her movie, A gets the money, and A doesn't know who her customer was, and B doesn't know which movie C is seeing. Details anyone? - Carl ANNOTATED REFERENCES (All these documents are available on-line. Access information follows.) ================= library/confidentiality.2.ala ================= * Confidentiality -- 2 (ALA) The American Library Association's "Statement Concerning Confidentiality of Personally Identifiable Information about Library Users" ================= ================= If you have gopher, you can browse the CAF archive with the command gopher gopher.eff.org These document(s) are also available by anonymous ftp (the preferred method) and by email. To get the file(s) via ftp, do an anonymous ftp to ftp.eff.org (192.77.172.4), and then: cd /pub/CAF/library get confidentiality.2.ala To get the file(s) by email, send email to ftpmail at decwrl.dec.com Include the line(s): connect ftp.eff.org cd /pub/CAF/library get confidentiality.2.ala -- Carl Kadie -- I do not represent EFF; this is just me. =kadie at eff.org, kadie at cs.uiuc.edu = From mike at EGFABT.ORG Thu Apr 7 19:05:43 1994 From: mike at EGFABT.ORG (Mike Sherwood) Date: Thu, 7 Apr 94 19:05:43 PDT Subject: problems with key escrow? Message-ID: I was thinking about the problems that people have with escrowed keys and was wondering a few things. For one, things like the clipper chip would not give law enforcement agencies any new abilities or powers - they are currently allowed to tap a phone conversation iff they have a court order to do so. escrowed clipper keys would only be revealed if a court had decided that there was enough evidence against someone to justify a wiretap (and the accompanying keys). so these could only be revealed in the case of criminal activity (or reasonable suspicion thereof), which means that most people wouldn't have anything to worry about. now, is the real problem that the key escrow agency is the weakest link in the chain of security? that people don't trust the government having these things since they could quietly copy the database to the nsa? what about the possibility of having some organization like, but not necessarily the eff hold onto keys so that they would reveal them, or better, decrypt only in the case of a court order, but they would also make it publicly known if the nsa tried to claim they had an inherent right to all of the info. I haven't really thought too much about this one way or the other, but I thought it would be worthwhile to get some others' opinions. -Mike -- Mike Sherwood internet: mike at EGFABT.ORG uucp: ...!sgiblab!egfabt!mike From bugs at netsys.com Thu Apr 7 19:25:48 1994 From: bugs at netsys.com (Mark Hittinger) Date: Thu, 7 Apr 94 19:25:48 PDT Subject: problems with key escrow Message-ID: <199404080228.AA26639@netsys.com> > Mike Sherwood writes: >I was thinking about the problems that people have with escrowed keys and >was wondering a few things. For one, things like the clipper chip would >not give law enforcement agencies any new abilities or powers - they are >currently allowed to tap a phone conversation iff they have a court order >to do so. escrowed clipper keys would only be revealed if a court had >decided that there was enough evidence against someone to justify a >wiretap (and the accompanying keys). so these could only be revealed in >the case of criminal activity (or reasonable suspicion thereof), which >means that most people wouldn't have anything to worry about. I suppose the most serious issue is the internal abuse of power by government employees. We all know that california DMV operators sell drivers records to anybody for small amounts of cash. We all know that social security people sell employment history on any social security number to anybody for small amounts of cash. We've seen political power blocks abuse their authority by investigating opposition groups. We all know the "posse" would have everybody's keys on a brown bag full of DAT tapes within weeks of going live. Look at what bozo 9-X did with everybody's PIN number in their latest phone card mailing!! They printed people's PIN numbers on the *OUTSIDE* of the envelope!!! Why make it easy for them? Moral: Thou shalt not give power unto the gestapo or the bozo - or thou shalt be sorry in the long run. -------- His system was just roadkill along the information superhighway. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz4FWMAAAEEALBCb7HZS7V4gbsp9yJ7Yty49jQ9wcgRhkLjNNgdyJbrJZCq 5/sv4Ljy/4AhVhjlJyZS8L3owS8l0ClZVzWw4/kO3KN7MPz4YPPR7+qIlPQVM0yv gWpJ43EZZ8b8cvAkE9HATCKWktY2ReRSX5DLnScDH/n5jivw+MD/UO8fURCVAAUR tCBNYXJrIEhpdHRpbmdlciA8YnVnc0BuZXRzeXMuY29tPg== =VbKi -----END PGP PUBLIC KEY BLOCK----- From andy at autodesk.com Thu Apr 7 19:45:31 1994 From: andy at autodesk.com (Andrew Purshottam) Date: Thu, 7 Apr 94 19:45:31 PDT Subject: problems with key escrow? In-Reply-To: Message-ID: <199404080235.TAA02395@meefun.autodesk.com> Do you accept the claim that clipper is only for telephone conversations? I certainly don't believe that once a digital encryption algorithm is conveniently present in my digital network (clipper would need a digital audio hookup and modem to work with analog phone lines) I am going to abstain from using it for all my _other_ digital traffic, like email and data. Especially if everyone I want to talk uses this standard too, and there is some sort of key-exchange protocol we all use that just happens to use clipper as well. Now anyone with my escrowed key can automatically scan all my mail, bills, library requests, software purchases, video checkouts, database inquires, work that I telecomute on, etc (think about all info that flows into or out of your house!). This is considerably more that can be done now, and at a much lower than can be done today. I consider this to be the greatest lie in the Denning / Slick Willy party line on clipper. Most non-computer people do not appreciate the power of standardization to coerce users to inferior or otherwise undesirable standards, because everyone and every machine one needs to interoperate with follows the standard, foul though it is. (As a DOS developer, I am quite aware of this ;-) I wish the press would figure this out, and challenge the SW's spokespeople on this. Andy (andy at autodesk.com) speaking for self. From unicorn at access.digex.net Thu Apr 7 20:18:15 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 7 Apr 94 20:18:15 PDT Subject: nsa digital cash? In-Reply-To: <199404080038.RAA22910@mail.netcom.com> Message-ID: <199404080317.AA27531@access1.digex.net> > > > unicorn at access.digex.net > makes several claims about the nsa, clipper, and money laundering > that i find patently absurd. my source for nsa information is mostly > bamford. Your sources are mostly limited. > no where in the book is any mention made of money laundering. Therefore none exists. > i find preposterous the claim that the nsa is involved in money > laundering. unicorn's argument is entirely by analogy-- the nsa is an > intelligence organization, money laundering is highly useful to > intelligence organizations, therefore the nsa is laundering money. I provided several examples of how money laundering is applied to COMINT/SIGINT operations. You chose to ignore them. > >> i reiterate my point: designing a secure digital cash system would be > >> a key area that the nsa would be interested in. > > > >This was not your point, your point was that the NSA would control such a > >system. This point is also flawed. The NSA may create the technical > >means, but logistics are not in the cards. > > how are the logistics different than the technical means? if the nsa > designs key parts of a digital cash infrastructure, don't you think that > counts as `the logistics'? No, it does not. The logistics are an executive function. How to implement the program, how to introduce it to the public etc. If the NSA was behind this, you will be able to explain why the press release was done through the White House. > >> in fact, i think it is > >> highly likely that they have already designed significant parts of the > >> existing u.s. transaction infrastructure at certain levels. (they > >> vetted DES, right?!) > > > >This is a point entirely separate from the above. > >This is what the NSA does, it does not create institutions for public use. > > what is clipper? it is designed to become institutionalized wiretapping, > wouldn't you say? No I would not. I would say that it is designed to maintain the COMINT/SIGINT ability domestically and abroad. Wiretapping is a law enforcement concern handled by the FBI. You'll be looking for the Digital Telephony Bill. > >> (references? would be appreciated) that is essentially what clipper > >> is intended to do. > > > >Wrong. > >Clipper is intended to maintain the COMINT/SIGINT ability domestically. > > wrong. nsa has no authority to do comint and sigint domestically and > there is no evidence they do so. some leaks into the vacuum cleaner but > there is no design to capture it specifically. You source for this factually flawed information? > >Intelligence would never risk overt control of domestic financial > >institutions that were not dedicated for use. A silent involvement with > >a foreign bank through a front is much more efficient. > > this amounts to flimsy psychoanalysis of the nsa. i am not claiming the > nsa is going to start a covert money laundering campaign in the u.s. > i am saying that the design of a digital cash infrastructure would be > immensely appealing for them to study, and i will bet you anything that > there are parts of it dedicated to exactly that purpose. maybe they > are in a very preliminary stage, but the trends in the nsa suggest > this is another thing they would be overjoyed to glom onto. You now resort to Sternlight type tactics. Change your assertion to fit the mood. If anything the NSA may design technologies or integrate existing technologies that may have Digital Cash applications. Asserting that they will be the institution primarily responsible for implementing nationwide digital cash flies in the face of history and theory. > [`nsa is unstructured so it can expand influence'] > >Where do you get this from? The NSA is perhaps the most structured > >intelligence agency in the United States. They certainly know their bounds > >better than the other collection arms, and I won't even mention the HUMINT > >people. > > ridiculous assertion. if they `knew their bounds' why did they come up with > clipper? why do we have the domestic surveillance abuses of the 60's and > 70's? i am beginning to think you are purposely writing so stupidly as to > make my arguments so patently superior, that you may be my own `straight > man' or `puppet' (hee, hee) Clipper and the design thereof is entirely within the bounds of the NSA mission. I have outlined it for you three times. You refer to domestic surveillance abuses here and seem to forget that four paragraphs ago you were asserting there is no evidence of such activity. Take your Lithium please. > [clipper] > >I repeat the above, this is program from the > >EXECUTIVE branch. > > this is just so far out of touch with reality that i can't even touch it. > first, consider that this program originated with bush-- if the nsa were > doing it only for the president, why shouldn't they stop now that he is > out of office? You seem to propose that all ongoing projects are scrapped in intelligence agencies when a new administration takes the reigns. > secondly, vice president gore is quoted as saying that > some of the nsa decisions, i.e. on key escrow agencies, were `not properly > vetted' (he was quite upset, ask stanton mccandlish). moreover, you are > implying that the clinton administration is driving its development now. > what have you heard from clinton about clipper? personally i haven't > heard him say too much about it. Delegating the public relations to the vice president is an insulating tactic. Again, read some Political Science, then return. > >I'll leave it up to you to decide how the above differs from Clipper and > >the NSA's involvement. Your failure to identify the distinction just adds > >to my assessment that you have no background in intelligence or financial > >institutions and thus have no business at all making this argument which > >requires no knowledge but in these two areas. > > you're right. i'm totally ignorant of all historical facts and the nsa. The first step in getting cured is admitting you have a problem. > the poor nsa was suckered into clipper and public relations by that > nasty grinch bush. if it weren't for him, all would be well. in fact, > probably the skipjack algorithm itself was invented by bush. i bet he > came up with the idea of key escrow too. how could we all have been > so blind?!! More like: The NSA announced some new technology and potential applications. The Bush administration directed further work to be done, and some general guidelines, the Clinton administration continued the work and fast tracked the program in conjunction with the current frenzy over Superhighways. > (btw, you don't seem to state that you have even read bamford) Your reliance on a single source is your downfall. > >Now let's go back to your "NIST" front theory. If the policy is already > >in the open and attributed to NIST, why must the NSA be publically > >involved? Surely the NIST front was created to mask involvement in some > >way yes? If this is so, as your reading of the "several key agencies" > >clause seems to suggest, why is the NSA talking publicly? > > they are not `talking publicly' in a basic sense. > they are using the NIST as a mouthpiece. You will explain the NSA presence at conventions and debates how? > >Why is a NSA > >public relations official straight out of Q43 going to conferences? > > because the NSA invented clipper, and as much as they hate it, they know > that PR is basic to its potential acceptance (hee, hee, as if such a > thing is possible) Funny, I thought NIST was the mouthpiece? > >Mr. Sternlight, care to comment here? > > i will not stoop to your barnyard tactics. > > >The NSA is being used here. How can you reconcile the attitude and > >culture the NSA has with your insistence that the NSA must go public when > >even you admit a public front has already be established and the NSA > >need not be involved? > > oh yes, it is that evil wolf Bush that is manipulating the poor old NSA > red-riding hood. the NSA wouldn't touch clipper with a ten foot pole > but they are being forced too. he threatened to take away their pensions > and their decoder rings. No it is the current administration using the NSA to support a program that they feel is dying. It is the current administration that has no idea how to properly utilize intelligence agencies. Anyone who has studied or practiced intelligence will tell you that one of the major problems in the field is getting the leadership to listen. Asserting the intelligence is in control of the situation is out of hand. > >My whole point is that the NSA is being manipulated as a public relations > >tool and this is silly and betrays a total lack of intelligence > >experience by whoever is directing them. Gee, I wonder, who's program is > >it now that the NSA is supporting? Who might stand to gain from having > >that program succeed? Who is probably then directing the NSA to support > >the program in public? > > you seem to have more faith in the NSA than some people have in God. > your premise is (1) clipper is a lousy idea (2) clipper involves PR > (3) the NSA is one of those *superb* and *way cool* intelligence agencies > that would never do anything stupid (4) therefore the nsa is having its > arm twisted into inventing clipper. oooh, what a stark tragedy. someone > call shakespeare so we can immortalize this drama. I have a great deal of faith in the NSA. I state this without concern. I also have a great deal of respect for intelligence in general and I am of a real belief that intelligence has a place in modern society. Intelligence is always doing stupid things, no question about it, but usually it is because POLITICS tries to manipulate intelligence and push square pegs through round holes. The NSA is having it's arm twisted to play public relations on this. > >Suggesting that Clipper, including the policy decisions, is an NSA > >creation is ignorant. The technology might be an NSA invention, or > >theft, the Clipper program is not. > > what planet are you from? allright, it is an interesting theory, but > it just doesn't stand up to scrutiny. are you claiming that bush > was the person that prodded the nsa into doing clipper? See above analysis of the potential timeline. >why are they > then still plugging away at it? what `unnamed government official' > outside of the NSA has anything to gain from clipper? You really have no clue do you? > clipper reeks > of the NSA. the skipjack algorithm, the key escrow, etc. all the central > components of the idea just *scream* NSA. the NSA has tried to do this > type of thing in the past with computers. No argument here. > >Your theory that the NSA seeks to control federal financial transactions > >and to develop a digital cash system to further that goal has nothing to > >do with the text on a bill. You think the NSA established the ATM > >network outside of the DES derivative it may use? > > no, but i think it is likely that parts of the federal funds transfer system > use technology ultimately due to NSA. also, if they get to design the > algorithm (DES) what more could they want? you seem to conflate > *building an infrastructure for digital cash* with *controlling banks*. > the nsa could easily do the former without the latter. another `voluntary' > system. (hee, hee) Again, this is a stark departure from your original assertion. You seem to attribute to the NSA a desire for active regulation. > >You treat the intelligence agencies as a separate policy making arm of > >the government not as a tool of the executive. > > to use your own claim-- you say that intelligence agencies use money > laundering as a systematic part of their existence. now, tell me how > many presidents approve of that. All of them. Any President who uses intelligence knows that money has to be laundered. You think the bay of pigs was done through the U.S. Treasury? Have I mared the image of your liberal hero President of the era because I suggest he might have known about money laundering by the intelligence agencies? Wake up and smell the coffee. Open your door and look around. > the same argument you use about money laundering -- that intelligence > agencies need an untraceable fund source -- can be made to say that they > are operating independently of presidential (executive) control. Takes money to make money tmp. This wont last long if the executive takes away funding. Are you asserting the NSA and the CIA and Military intelligence operate without the authority of the President on such a large scale as to include the development of secure cash systems for domestic use? > >The NSA may have suggested that certain technologies were going to loosen > >their grip on domestic COMINT/SIGINT. How this makes the NSA a policy > >arm is beyond me, and I think even you. > > `suggested'? i think clipper amounts to much more than a `suggestion'. > and it is clearly an nsa-originating policy. I refuse to argue this point any longer. NSA does not make policy. > >I might add that limiting cryptography is hardly a goal mutually > >exclusive with secrecy. > > for the nsa it is. if they have policies that limit export of cryptography, > and that impedes software manufacturing in this country, they have taken > a controversial stand that is going to be subjected to the limelight. > if they propose `you must use our algorithm with a trapdoor' they are > inviting ridicule. what kind of sternlight are you, anyway?!!! The NSA does not make export policy, only adds to the list of restricted items. How many time must I repeat this? I suppose I'm not a very good Sternlight. > > Compare: > > yes, but they are finding that trying to be secret and accomplish the > > goal of limiting cryptography are mutually exlusive goals. > > With: > >i repeat, no one in the NSA wants to `be in the limelight' > > and clipper is no such attempt to do so > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > right. clipper is a contradiction in design goals: (1) continue the nsa > mission of secrecy and oversight of cryptography (2) promote an algorithm > to the public. These are not the goals, neither are they contradictory. > >It leaves Clipper in trouble. Never involve an intelligence agency in > >public affairs that might attract press and public opinion. Silly. Who > >might be responsible for this? What a clod. > > the nsa is the world's greatest collection of clods. No, that would be the individuals involved in the policy decisions. But I do have a great deal of respect for the Office of the Presidency. > >But I do have a great deal of respect for the Office of the Presidency. > > uhm, the bush or clinton one? you are clearly not an atheist, you believe > in the great Intelligence and Executive Gods. Yes, I do believe in the ability of the intelligence agencies under the direction of a well organized and knowing executive to accomplish much good. Such is not the case today. > >> do you think they will abandon it? that is the only way > >> they can stop being the object of widespread public ridicule. > > > >Which is why, in part, that the publicity was a mistake. > > oh right. how are they going to get private companies to use their algorithms > without `publicity'? i suppose they could start a plan of having a secret > corps of spooks sneak into offices after hours and swap CPUs or something... Again, it should not be the NSA who is involved in the publicity. Were this done correctly it would have been handled such: (Assuming the administration was so bold as to attempt such an operation in the domestic sphere which is part of the reason the initiative is such a clusterfuck) 1> Establish front technology research company. 2> Announce breakthrough development through company (Clipper) 3> Pass down NSA approval of the process and discuss NSA involvement in the TECHNOLOGY development without fanfare, and with minimal connection to NSA. 4> Create administrative agency to insulate President and Congress from repercussions (NIST) 5> Implement Clipper with NIST and no further NSA involvement. Unfortunately the executive branch got it wrong in planning to use the NSA as a PR entity. > >> if > >> you think the nsa cares what the presidents [sic] thinks, you are mostly > >mistaken. > >> the nsa cares about how to get the president to think what they want him to > >> think. > > > >Are you arguing that the NSA is unaccountable? > > essentially, yes. bamford has entire sections dedicated to this > observation. it is their fundamental attitude exemplified in quotes > all the way up to the directors. I rest my case here. > >Eric has more balls than you ever will my friend. > > really? i have two. if he has more than that, i'd call it a mutation. > > ^^^^ oops, accidentally narrowed my identity to 50% of the population.... > > uni, thanks for playing my cyberspatial straight man, but i really have to > stop this detweilerish sillyness. if i say anything more to you, people > will begin to get suspicious. it doesn't help at all that you are > posting pseudonymously ... > > pseudonymously yours, > ---tmp > > tmp: You betray your ignorance yet again. You battle over the same small points, argue details, and contradict yourself in theory repeatedly in your messages. You cite one source and refuse to provide any real backup or any theoretical basis for your assertions that will survive a raindrop. It is clear that your experience in both intelligence and finance is limited if existent. It is clear that you have convinced yourself of an outcome and will continue to create facts and theory from whole cloth to support them. It is clear that you are not open to intellectual discussion. Therefore I refuse to continue. Considering the lack of intellectual content in your last post, this response was a gift. Don't expect another one. You have extracted quite enough education at my expense. I suggest you read up on intelligence agencies. Consider taking some undergraduate level classes in intelligence and then moving to the graduate level. Most of all, I suggest that you, in future, open your mind. -uni- (Dark) From tcmay at netcom.com Thu Apr 7 20:18:47 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 7 Apr 94 20:18:47 PDT Subject: problems with key escrow? In-Reply-To: Message-ID: <199404080319.UAA26189@mail.netcom.com> Mike Sherwood writes: > I was thinking about the problems that people have with escrowed keys and > was wondering a few things. For one, things like the clipper chip would > not give law enforcement agencies any new abilities or powers - they are > currently allowed to tap a phone conversation iff they have a court order > to do so. escrowed clipper keys would only be revealed if a court had New Capability #1: Centralization of the whole process (in connection with Digital Telephony) so that the process is much more automated, much easier to do. (Recall that the Foreign Intelligence Surveillance court--or a name similar to that--has never turned down a wiretap request....have any of you _not_ sent something in e-mail to a foreign national?) > decided that there was enough evidence against someone to justify a > wiretap (and the accompanying keys). so these could only be revealed in > the case of criminal activity (or reasonable suspicion thereof), which > means that most people wouldn't have anything to worry about. now, is New Capability #2: Easier tracking of who calls whom, and who is called by whom. The Clipper system makes "pen registers" automatic. Great for tracking down contacts the perps make. > the real problem that the key escrow agency is the weakest link in the > chain of security? that people don't trust the government having these > things since they could quietly copy the database to the nsa? what about Well, left unsaid in the Clipper debate has been just this point: what access will NSA and other intelligence agencies have to the key escrow databases? It is hard to imagine that they will not have the databases, one way or another. (And innumerable other issues: How and where are backups kept? What happens when a Clipper key is given to law enforcement and then the investigation is over....will they buy the alleged perp a new Clipper system? What will foreign countries think? Are they part of the deal?) > I haven't really thought too much about this one way or the other, but I > thought it would be worthwhile to get some others' opinions. > -Mike New Capability #3: By making non-Clipper systems essentially impossible to get export permits for, and by "greasing the skids" for Clipper, the government essentially becomes the Phone Company. It specifies the hardware, it forces competitors out of markets, and it ends up using its power to crush alternatives. New Capability #4: When Clipper inevitably fails to solve all kidnapping and child porn cases, not to mention the downing of an airliner with CIA-supplied Stinger missiles, the way will be paved for the outlawing of non-escrowed key systems. (Alternate version: Once a couple of high-profile cases _are_ solved because of Clipper, look for the same outlawing of non-escrowed crypto.) So, here are several "new capabilities" which Clipper and its ilk portent. Reason enough for all lovers of freedom and individual dignity to reject it out of hand. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From frissell at panix.com Thu Apr 7 20:57:37 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 7 Apr 94 20:57:37 PDT Subject: MacNeil/Lehrer Clipper Transcript Message-ID: MacNeil-Lehrer - Clipper Segment - Thurs 07APR94 OPEN SESAME MacN: Next tonight, law enforcement vs privacy on the information highway. A tiny piece of silicon, the clipper chip, has raised questions about how to balance individual privacy rights with the needs of law enforcement agencies in the computer age. Time Magazine technology editor, Philip Elmer-Dewitt, reports. PE-D: Today's high tech information highway has a major drawback. For some people it's not private enough. Many of the routine transactions conducted by computer and over phone lines leave a trail of digital fingerprints, messages recording the time and date and nature of the transaction. These are stored on computer disks and can be easily traced. Some consumers simply need absolute security, the assurance that confidential phone calls, faxes, or financial transactions cannot be intercepted. [Two AT&T employees using an AT&T Secure Phone] [Woman] "Good morning, AT&T." [Man] "Good morning, Miss Bishop, this is Mr. McGovern." PE-D: "To keep transactions private, computer experts advise people to talk in code, as these representatives from AT&T demonstrate." [Man] "I'd like to go secure, if we could, please. I'll come to you." PE-D: "They're scrambling their telephone call, just like spies do." [LCD screen on man's set displays, 'secure dE05'] [Man] "Would you please give me the first two numbers, and I will give you the second two." [Woman] "OK, the first two numbers are 'dE'." [Man] "Fine, we're secure now. And now I'd like to discuss some company information with you." [Nerd at keyboard, clicking check box labeled 'DES Encrypt' on screen labeled 'DSS Options Menu']: "OK. I can choose this option to do both signature and encryption." PE-D: "Cryptography is the science of making and breaking codes, of turning plain text into coded text, or cipher. Nerd: "OK. This is our old 1040 form." PE-D: "Like taking this 1040 tax form and changing it into unreadable ciphertext." Nerd: "This is your actual encrypted text of the 1040 form." [Ciphertext scrolls up screen.] Marc Rotenberg [of CPSR] 'Computer Privacy Advocate': "Cryptography is the way you make communication networks secure. It's the way you protect privacy. It's the way you make it possible for banks to send financial information, for businesses to send trade secrets, for individuals to send personal records, medical records, financial data. All of this happens because cryptography is the basic technology of privacy." PE-D: "All modern encryption systems are variations on the secret codes school children use to jumble words. The simplest kind of code is a straight forward letter for letter substitution, for example where A stands for D, B stands for E, C stands for F, and so forth down the alphabet." [WFW screen showing the simple ROT3 substitution cipher mentioned.] "These simple codes have evolved into mathematical formulas of such extraordinary complexity that they're virtually unbreakable. [Scene of a hand pushing a card into a Datakey reader.] In the past few years, a new generation of very powerful encryption tools have entered the marketplace. They are easy to use and easy to get by just about anybody. And they are a matter of concern to law enforcement and national security experts who rely on information gathered from wire taps to do their jobs. [Scene of technician wiring a phone board.] Geoffrey Greiveldinger is Special Counsel for the Justice Department." GG: "There has become available, and there has certainly become available in larger numbers and greater variety, very effective, very user friendly, very high voice quality encryption. And suddenly the prospect of encryption being used regularly in the private sector is one that law enforcement recognizes that it's going to have to grapple with. That really is what brought us up short." PE-D: "Lynn McNulty is with the National Institute of Standards and Technology." LMcN: "Encryption is a double-edged sword. It can be used to protect law abiding citizens and it can also be used to shield criminal activities and also activities that can affect the security of this country." [Aerial shot of Ft. Meade on a workday --- acres and acres of employees' cars.] PE-D: "Secret codes and national security are the bailiwick of the NSA, the top secret branch of government that sucks up international communications traffic like a giant vacuum cleaner in the sky, using the most powerful decryption technology available to tease out its secrets." [Shots of NSA sign and main building entrance.] [Interior shot of NSA museum, with Enigma Machine and Cray in background.] "Cryptographers used to use mechanical devices like this World War II era Enigma Machine, to make and break secret codes. Now they use supercomputers, like this Cray XMP. A cipher from one of these [Enigma] machines could be broken in a matter of minutes. Supercomputers can design secret codes so complex that it would take another supercomputer centuries to crack it. And that's a problem for the National Security Agency which gathers foreign intelligence for the US and runs this cryptologic museum in Ft. Meade, Maryland. The NSA has never met a secret code it couldn't crack. And it wants to keep it that way." [Hand holding Clipper Chip.] "So the NSA developed a new code called 'Skipjack' and put it in this silicon chip, smaller than a fingernail. This is the Clipper Chip, the focus of a fierce technological policy debate among privacy advocates, law enforcement, and the business community. The Clipper Chip [graphic of chip labeled 'MYK78A'] combines a powerful encryption scheme with a back door [skeleton keyhole appears on Clipper graphic], a master key that unlocks the code [Yale key slides into skeleton keyhole] and lets authorized law enforcement agents intercept --- and understand --- coded messages. The NSA wants the National Institute of Standards & Technology and all other government agencies to use Clipper, and only Clipper, when they want to be sure that their phone calls, faxes, and electronic mail can't be intercepted. To encourage its use in business, the US guarantees that the Clipper code is uncrackable and that the master keys that can unlock it are safely stored away. In a plan devised by the NSA and approved by the White House, that master key will be split into two pieces, one held in safe keeping at the Commerce Department, the other at Treasury [the Yale key splits in two on either side of the Clipper Chip]. Law enforcement agencies will need a court order before they can get access to the keys. Unauthorized use of Clipper keys will be a felony, punishable by up to 5 years in jail. LMcN: "There will be no vulnerability there that can be exploited by, say, a rogue law enforcement agency or by a hostile outsider, to compromise the keys that will be ... that will allow authorized people to unlock the key escrow encryption cryptography." PE-D: "But privacy advocates aren't so sure. Like Marc Rotenberg of Computer Scientists [sic] for Social Responsibility, they see Clipper as an attempt by the NSA to block people from using cryptography to keep their affairs to themselves. They're asking people to register their objections by computer." [Screen displaying graph with sharply increasing number of responses (c.38k).] MR: "Here we have on the screen a letter to the President. And we ask them to simply send a message with the words 'I oppose Clipper.'" "Basically, it's a proposal for surveillance. It's a way to make it easier to wiretap the network. And the reason it's such a bad idea is what we need right now is privacy protection. We need more secure networks, not more vulnerable networks." PE-D: "On these networks, people are logging on to argue the pros and cons of the Clipper proposal. David Banisar, one of Rotenberg's colleagues, has been tracking that debate. DB, 'Computer Privacy Advocate': "On the Internet, which is the international network of computers, there's been an incredible amount of discussion. There's been thousands of messages posted, hundreds per day. And it goes on almost forever. [Screen showing message list of alt.privacy.clipper.] The public is going to reject this because, basically, we want a national information infrastructure where people can communicate. We don't want a national surveillance infrastructure, where the main purpose is for the government to be able to control and watch over what we're doing all the time." PE-D: "It may sound like spies vs nerds. But at the heart of the Clipper debate is a fundamental question of Constitutional rights. One side thinks that people have a basic right to use the most powerful encryption tools they can get their hands on to keep their affairs private. The other thinks that that right must be superseded by the legitimate needs of law enforcement. There are cryptographers on both sides of the debate." Dorothy Denning, Georgetown University: "I think it would be folly to let the capability to do electronic surveillance be completely overridden by technology, so that we couldn't do that. I think it's a much safer bet to put it into the system so that we can do it, to make sure that we have good procedural checks and laws and so on to govern the use of that so it's checked. And if it's misused, to make sure that it's properly dealt with." Whitfield Diffie, Sun Microsystems: "If you say to people that they, as a matter of fact, can't protect their conversations, and in particular their political conversations, I think you take a long step toward making a transition from a free society to a totalitarian society." PE-D: "Meanwhile, the Clipper Chip is moving full speed ahead." [Shot of three prototype Clipper chips: (1) (white patch on black) MYK78A MYKOTRONX, INC. #100004A (2) (gold) VLSI 9745TS 383511 VM06222-6 MYKO-MYK78PROTO PROTO A USA (3) (black) VLSI 9312AS401944 VM05413-1 MYKOTRONX MYK78A PROTO ] PE-D: "A company called Mykotronx is making the chips and AT&T is selling a variety of telephones with the chips built in, including this device which it is producing for the government to protect the privacy of phone calls within the Justice Department [shot of AT&T Surity Telephone Device 3600 (crypto brick)]. But it's not at all clear that the devices will find a market outside the government. Some of Clipper's most vocal opponents are the very computer and telecommunications firms the government hopes will adopt it. [The following Logos appear: Apple, IBM, Microsoft, Prodigy, Sun, HP, Digital, Lotus, Oracle]. Their gripe centers on the US export laws that make it illegal to sell encryption systems abroad. To encourage US companies to use the government's system, the administration has lifted those export controls for Clipper, but only for Clipper." Jerry Berman, Electronic Frontier Foundation: "You're going to thwart our foreign markets, because no foreign country and no foreign person is going to use a device that's made by NSA and where the keys are held by a US government agency." PE-D: "As the lines are strung to carry the traffic of the emerging information highway, the greatest fear of privacy advocates is that Clipper may be only the first step down a path that leads to more and more government snooping. They point to a new bill the Administration is circulating on Capitol Hill --- the so-called 'Digital Telephony Bill' --- that would require phone and cable companies to provide the government with systemwide access to even more information." MR: "It is absolutely clear, if you look over the last three to four years of the FBI's proposals and the proposals from the National Security Agency, that there is a plan --- in steps --- to restrict the use of cryptography in the United States. There's a plan to ensure that communication networks are designed to facilitate wire surveillance. And there's every reason to believe after Clipper goes forward, after the Digital Telephony proposal goes forward, that the next step will be to restrict non-compliant cryptography." PE-D: "In real life --- or 'RL', as computer buffs call it --- it's often not clear where to draw the line between the rights of the individual and the needs of society. [Telephoto sidewalk shot showing masses of humanity.] It's no different in cyberspace --- that world of interconnected computers, where messages fly back and forth on video screens [Screens showing US West Community Link Service, Minitel, Medline, American Interactive Technologies, PC Flowers, and Arcade]. Experts say that the new information super highway will have to have some rules of the road. The hard part is deciding where and how to draw them." Dat, dah, de-la, dat, dah! ----- Transcribed by Lois & Duncan Frissell From hfinney at shell.portal.com Thu Apr 7 22:19:42 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 7 Apr 94 22:19:42 PDT Subject: Pseudonyms and Reputations Message-ID: <199404080520.WAA26732@jobe.shell.portal.com> From: tmp at netcom.com > these identification systems ultimately fall back on `real world' > identification systems such as birth certificates, social security > numbers etc. which all can be readily subverted by a determined > adversary. I believe RSA requires a notarized statement, where you have presented the notaries with three forms of ID. I would imagine that notaries have some experience with false ID, but no doubt they can be fooled with sufficient effort. Still, for the kinds of applications we are talking about here (chatting on the net) this is probably adequate. For more security you could require a thumbprint which is compared with others on file. > what, specifically, is problematic about these? does chaum just ignore > them? does he describe them in greater detail? Chaum was writing more about financial relationships with creditors, businesses, etc. My translation of his ideas into the cyberspace author- ship arena was not something he discussed directly. > as for `endorsements for unknown endorsers', it seems to me the reputation > system you refer to is a sort of `reputation web' not unlike the pgp > `web of trust' model. a pseudonymous credential has as much weight as > the pseudonym originating the certification. i.e., if `a' signs `b's > pseudonym, that `edge' in the `reputation graph' has as much weight as > `a' has reputation. that is, it should not be possible to create a whole > bunch of new pseudonyms, have them all sign each other, and then increase > your reputation. In one way it is easier than with pgp. With pgp we are trying to guess whether a person is really who he says he is. This has all sorts of real- world implications, and as tmp points out these are hard to verify. With reputation systems what you really want to know is whether a person's endorsements are valuable. Over time you can basically decide this for yourself, by judging whether those authors recommended by a given person are ones which you consider good. Those endorsers whose opinions match your own would be the ones you pay the most attention to. > this brings up an interesting idea. future cyberspatial citizens may > develop an elaborate netiquette that describes how to maximize one's > advantage through the use of pseudonyms. all kinds of strategies will > ensue. is it better to have a few good pseudonyms, without diluting > reputation, or a whole bunch of pseudonyms but a bit more diluted > reputation? With Chaum's system it should not necessarily dilute your reputation to use a lot of pseudonyms. OTOH, you are right that informal reputations will not carry over, and in practice these will be important. > one of the problems with a positive reputation system is that it would > workd for `d-type people' whose reputation is primarily negative. > a whole lot of people would like to put a negative credential on `d' > so that they would limit his influence in all forums he visits, similar > to the way that one could globally encourage someone else through > `accreditation'. `d' would simply not propagate any negative signatures > to his pseudonyms. Negative endorsements, and negative credentials in general, are difficult to achieve. Chaum's paper has some discussion of these but it is hard to follow. The simple blinded signature model provides a pretty simple way to allow only one pseudonym per True Name in a given forum, if you assume there is some way to distinguish people in the real world. Suppose Cypherwonks wanted only one person per nym. And suppose there was an agency which was able to distinguish people, that is, it could tell when it had seen the same person twice. Now, Cypherwonks asks this agency to give a single blinded signature of a type (exponent) which is unique to that list, to anyone who wants it, but such that nobody gets more than one. To be accepted on the Cypherwonks list, then, somebody would have to show a signature of this particular type, different from everyone else's. Each person could only get one such token, which Chaum has called an is-a-person credential (again, this is a simplification of his idea, I think). Now tmp has what he wants, the ability for a list to have only one nym per person. And in such a situation, negative reputations are important, because you only get one chance and can't start over with a new nym. > could such a negative signature system be constructed? it seems possible > with a centralized `trusted' server, but this is not an ideal solution; > ideally one would like the system to be possible from the independent > interactions of people who trust only themselves. this of course is the > ideal cryptographic model, and the very best and finest algorithms > (e.g. rsa) conform to it. Well, you have to trust that the agency which is verifying uniqueness of identity doesn't cheat. But note that the agency does not get any great privacy-infringing power, as they don't have to know the True Names or identities of the people they are endorsing, and they don't know their pseudonyms (since those are blinded when they are signed). > the problem is similar to preventing double > spending in a cash system. how do you enforce that a person `spends' > a certain amount of information? there are no `laws of the conservation > of information' as their are of e.g. mass as with a paper currency. in > fact maybe the double-spending preventative techniques for cash systems > could be translated to get a negative reputation and prevent people from > not displaying credentials, even negative ones, they have accrued (just > in the way people are forced to reveal if they are `printing money', i.e. > spending spent money) Chaum did, as I said, have some concept about revealing negative credentials, perhaps along the lines you are suggesting. As I followed his ideas (which wasn't very well), you would have to submit an "I'm not a jerk" credential with each posting, and the only way to get another such token would be to get back a response from your posting saying, "OK, you're still not a jerk." But if you posted some trash ("Death to BlackNet") then you wouldn't get back that "OK" token and you'd have lost your "not a jerk" token for good. This would work best in a situation where there was one nym per person, otherwise he could use his other nyms to endorse his worthless trash. (I posted a variation on this idea a couple of weeks ago as a way of handling anonymous remailer complaints without breaking the anonymity of the remailer user. A similar token-and-response system was used, also based closely on the blinded signature system in Magic Money.) > personally i like chaum's emphasis (or recognition) that forums exist > such that restricting pseudonymity in them is natural, fair, > and rational, i.e. a desirable design goal. it seems to me that even > beyond this, people should be able to construct forums where they demand > (or comply, or agree, or whatever) that identity be known, or that it > be totally ignored. given all this inquisitional witchhunting of my > `true identity' (whatever the !@#$%^&* that is), obviously this forum > is in the former category Well, Larry, you have to realize that you caused us enormous hassle several months ago, so it's natural that people will be somewhat hostile. Other pseudonymous posters have not stirred nearly so much interest (with the possible exception of Xenon, who had some of your own tendencies to rant at length). However, in your new incarnation I find your postings much more interesting. > what do you think, cpunks, should you have the right to ignore people > regardless of the pseudonyms they use? again, i ask if it is possible > to construct a system that protects anonymity but at the same time allows > someone to filter all pseudonyms associated with another person. it seems > that we have reached an impasse -- these are two very useful design > criteria but they appear to be contradictory. on one hand we would like > to censor all the `d-type' pseudonyms, but on the other hand we would > want a `clean slate' for all of our own. Chaum has some discussion about how you can go to library A and borrow a book, proving that you have no overdue books at libraries B, C, D, ..., without compromising your anonymity. This sounds analogous to proving that you have no negative credentials from other cyberspace forums. Unfortunately, this is a part of his paper I need to read more times to understand. Hal From jdblair at nextsrv.cas.muohio.EDU Thu Apr 7 22:21:34 1994 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Thu, 7 Apr 94 22:21:34 PDT Subject: possible FTP site volunteer? Message-ID: <9404080524.AA26879@ nextsrv.cas.muohio.EDU > This may be a lot to ask, would anyone be willing to volunteer a little space on an ftp site for the 1984 NSA t-shirt gifs? While its easy for me to set up an http page here, its not so easy for me to get the gif onto an anonymous ftp site. The response has been considerably greater than I imagined, and it would be a lot simpler just to get it on an ftp site somewhere, and will provide more prompt turn-around time, than for me to mail it out. You'd get a complimentary shirt out of the deal :) -john. -------------------------------------------------------------------------- John Blair: voice: (513) 529-4877 PGP public key available upon request. KILL YOUR Privacy in the information age is a right, not a privilage. TELEVISION Information = Power = Control. Fight the centralization of information. From sameer at soda.berkeley.edu Fri Apr 8 00:05:46 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Fri, 8 Apr 94 00:05:46 PDT Subject: remailer@soda.berkeley.edu supports Ray's pinger Message-ID: I have put Ray's pinger onto remailer at soda.berkeley.edu. finger remailer at soda.berkeley.edu and the list of active remailers will be at the end of the remailer instructions. If there are other remailers that I should add to the list of tested remailers please tell me. From greg at ideath.goldenbear.com Fri Apr 8 00:48:28 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Fri, 8 Apr 94 00:48:28 PDT Subject: Pseudonyms and Reputations Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hal Finney writes: > The simple blinded signature model provides a pretty simple way to allow > only one pseudonym per True Name in a given forum, if you assume there is > some way to distinguish people in the real world. Suppose Cypherwonks > wanted only one person per nym. And suppose there was an agency which > was able to distinguish people, that is, it could tell when it had seen the > same person twice. Now, Cypherwonks asks this agency to give a single > blinded signature of a type (exponent) which is unique to that list, to > anyone who wants it, but such that nobody gets more than one. > To be accepted on the Cypherwonks list, then, somebody would have to show > a signature of this particular type, different from everyone else's. Each > person could only get one such token, which Chaum has called an is-a-person > credential (again, this is a simplification of his idea, I think). Real-world application of this protocol still depends on folks not using the credentials of friends/family/dead people, especially where "real name" <-> credential mapping isn't available. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLaT/gH3YhjZY3fMNAQFIjwQArXybGzGZnHUugI6mcOn8CwhamKC9KxK7 LmWo0lzEsrK8Iq4n17JB9fLKb8Cb3UYYinvBk1Fadr9OcAOANC1bqjDoJ3Dsvyz3 9/AFY8CfiaH9JqhRK1jAMdg2kuAFdtFBENhhXE9f6v6sedeQvclfwea1u5vMaErJ 0aq5KRAQKH4= =MFNH -----END PGP SIGNATURE----- From jdblair at nextsrv.cas.muohio.EDU Fri Apr 8 01:03:57 1994 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Fri, 8 Apr 94 01:03:57 PDT Subject: 1984 NSA T-Shirt Access for Lynx Users! Message-ID: <9404080806.AA27889@ nextsrv.cas.muohio.EDU > To all users w/ access to Lynx, but not Mosaic: I have reconfigured t-shirt.html to support Lynx. Obviously, the gif cannot be displayed on-screen directly by Lynx, but can now be downloaded to your disk by Lynx. At this point, you can use the gif viewer of your choice to look at the images. The URL is the same: http://phoenix.aps.muohio.edu/users/jdblair/t-shirt.html (learning more and more about html) -john. -------------------------------------------------------------------------- John Blair: voice: (513) 529-4877 PGP public key available upon request. KILL YOUR Privacy in the information age is a right, not a privilage. TELEVISION Information = Power = Control. Fight the centralization of information. From jdwilson at gold.chem.hawaii.edu Fri Apr 8 01:07:58 1994 From: jdwilson at gold.chem.hawaii.edu (Jim Wilson (VA)) Date: Fri, 8 Apr 94 01:07:58 PDT Subject: tmp@netcom.com In-Reply-To: <9404070018.AA18566@bacon.imsi.com> Message-ID: Mr. TMP: You can easily settle this by attending or meeting with a CP in your area who can sign your public key based on your Drivers License etc. While it might not be fair, it would put an end to the debate... IMHO -Jim -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQBNAi2Ig+EAAAECALImsR18LE9I6NKICf8TVhbV6yJgF95ynGHnWnNo1ERfdqzk Zl3Icl2N5klNM3KQ9zM3uN/z55smi2QOiD3hL80ABRO0L0phbWVzIEQuIFdpbHNv biA8amR3aWxzb25AZ29sZC5jaGVtLmhhd2FpaS5lZHU+ =JTj1 -----END PGP PUBLIC KEY BLOCK----- ................................ . == = = James D. Wilson. . " " " P. O. Box 15432............................. . " " /\ " Honolulu, HI 96830-5432......Fr. Excelsior........ . \" "/ \" jdwilson at gold.chem.hawaii.edu.FRC/FAM/AASR/GWB/OTO. ................................................................... On Wed, 6 Apr 1994, Perry E. Metzger wrote: > If tmp at netcom.com isn't Detweiler, then he is invited to inform us who > he is. I admit that this is unfair. However, who said life was fair? > > Perry > From wcs at anchor.ho.att.com Fri Apr 8 01:14:55 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Fri, 8 Apr 94 01:14:55 PDT Subject: New ID technique: warning of things to come Message-ID: <9404080814.AA05552@anchor.ho.att.com> > > I have been abroad for the past few weeks. In the course of my travels, I > was given some data about a new program that the US Dept. of State/Customs > and Immigration people are moving into limited testing at JFK and LAX. > > They want to implement a "fast, positive identification system to speed > processing of entrants to the United States by use of biometric data." > The system works by use of a handprint scanner, and a smart card. > Participants would go through an initial hand scan, and then be issued > a smartcard. Upon subsequent entries to the US, instead of going through > the normal passport check, you would place your hand on a scanner and insert > your card in the slot. The system would then positively identify you, and > clear you for entry. This was mentioned in the press a while back; it's not intended for everyone, but frequent travellers, including US subjects and non-US-subjects, would be able to get them to speed going through the border police. Don't know implementation timeframe, and as Lyle said, they weren't real explicit about what they planned to do with the data they collect. Paper passports and border police are already offensive; I've got no plans to get more people-control technology applied to me. # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465 From tcmay at netcom.com Fri Apr 8 01:24:47 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 8 Apr 94 01:24:47 PDT Subject: New ID technique: warning of things to come In-Reply-To: <9404080814.AA05552@anchor.ho.att.com> Message-ID: <199404080825.BAA06780@netcom12.netcom.com> Bill Stewart, about that new ID system for passport control: > This was mentioned in the press a while back; it's not intended for everyone, > but frequent travellers, including US subjects and non-US-subjects, > would be able to get them to speed going through the border police. > Don't know implementation timeframe, and as Lyle said, > they weren't real explicit about what they planned to do with the > data they collect. Paper passports and border police are already offensive; > I've got no plans to get more people-control technology applied to me. Yes, this whole trend is disturbing for reasons similar to why Clipper is disturbing: the government is getting into the business of endorsing and supporting certain systems. I realize the governments of the world must actually _use_ products, systems, etc., and that this perforce helps to "standardize" these things, whatever they are. But, as with Clipper, when the government endorses a security or ID technology that involves having folks carry around special papers or tokens, then the pressures can be applied, eventually, to make these systems universal. With Clipper, the government is also using its considerable powers to control technology export to make Clipper competitors nonviable (not saying Clipper is viable, but the Clipper competitors look to face a regulatory uphill battle). So, I worry about any national ID system, even if done for "efficiency." But maybe it'll make the planes run on time. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From E.Switalski at bnr.co.uk Fri Apr 8 02:52:17 1994 From: E.Switalski at bnr.co.uk (Ed Switalski) Date: Fri, 8 Apr 94 02:52:17 PDT Subject: safety in Numbers ? Message-ID: <199404080951.22060@bnsgs200.bnr.co.uk> Hi, a recent c-punx posting raised an implicit question about the amount of RSA in use already. Obviously the larger and more international the user base is less likely that Uncle Sam & sidekicks etc can palm off compromised crypto and signature schemes on the rest of us. Two quotes below from the pem-dev (PEM developers) list at tis.com give grounds for optimism. I have blinded the names, as a first line of defence, (those already subscribed to the list can find the original postings by date. Note that: The Public Key scheme mentioned in message 2 may not be full RSA, but indicates the possibilities if slot-in crypto modules were available for interface to standard PC/Mac office software packages PGP has a high profile right now, but needs more users to really damange Clipper. --- Quote 1 --- Date: Thu, 31 Mar 1994 02:43:27 EST Just a data point. There are currently roughly 3,620 PGP keys on the PGP key servers --- despite the fact that use of PGP generally entails violation of RSA DSI's patents. (Note that this number only includes those people who have published their keys; others, due to the patent issue, may not have published their keys on the key servers, and so would not be counted in this figure.) There are also people using RIPEM as well. Meanwhile, we haven't even been able to get our act together to generate a PEM root key; my understanding is that this at least partially related to the liability involved in running a root which *everyone* has to trust, although there may be other show stoppers as well. So there definitely is at least some amount of demand for secure electronic mail using RSA. It's just that by and large, people just aren't using PEM to satisfy their needs. --- end of Quote 1 --- *** Come on PEM-people get yourself a root key ! Then organizations *** ill send more RSA-authenticated mail. --- Quote 2 --- Date: Thu, 17 Mar 1994 12:20:22 EST Recent discussions with a very large software company that I won't name at this time indicates that they have on the order of 750,000 users that are already using an older form of public key cryptography. They are preparing their next release, currently plan to make it PEM compatible (although they are also looking carefully at the Apple AOCE varient), and expect that as many as 1.5 million users might be on this system within a year. This system includes a proprietary directory, and they are also planning to interface that directory to X.500. --- end of Quote 2 --- *** Thinks: the number of retrievals to date of PD crypto would be . useful to know For we are many and our name is Legion .... Regards, Ed Switalski From eagle at deeptht.armory.com Fri Apr 8 03:56:54 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Fri, 8 Apr 94 03:56:54 PDT Subject: RMorality and Ethics (was Pseudonym's and Reputation) Message-ID: <9404080356.aa28160@deeptht.armory.com> From: Blanc Weber To: cypherpunks at toad.com Subject: Re: Pseudonyms and Reputations Quoting Detwieler(?) " ideally we can develop moral codes where our algorithms fail us. " >Ideally, you would be able to enforce these moral codes. >Ideally, they would reflect not only what is possible in reality, but >what is truly desireable. --------- McCandlish and I discussed morality and ethics early during our initial "handshake". Stanton said there is no morality, only ethics- what do you think? (substantial paraphrase I think serves the purpose of discussion) Here's my reply, and agree that the difference is semantic: *** Morality is the ablility to differentiate between right and wrong, without denotation. Thus, each situation defines an eidetic decision and implementation which would be the application of an ethical standard based on past experience. Therefore, endogenous morality is quite tangible, while exogenous morality is most likely unethical, and detrimental to the purity of being. *** Jeff Leroy Davis -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From eagle at deeptht.armory.com Fri Apr 8 04:20:15 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Fri, 8 Apr 94 04:20:15 PDT Subject: NSA security manual Message-ID: <9404080420.aa28511@deeptht.armory.com> Well Grady, You already know it's authentic. I'd love to call some of those secure phone #'s and see if my voice print still works. It would be a scream if it did >;) If any of you have tried one of the secure numbers out of curiosity, (and I've been out of the loop since 18 February 1983), you'll get a ring and a pause, then a rapid busy signal. This also lends credibility to my Psychological Warfare Primer, albeit subtely. I stated that the heavyweights in intelligence were the DIA, NSA, and the CIA, in that order. If *green* clearances are mere TS/IS, the DIA feeds them as well on a need-to-know basis. My analysis of the NSA mission is cryptography, (thanks for the hot tip, eh?), and interception. When AT&T broke up, it became possible to intercept transmissions that were previously protected by the monopoly. NSA is privy to all sorts of stuff, open long distance phone calls they can snag off the satellites without a warrent. They're pretty much public domain if one has the technology. Another thing I noticed was the Drug Policy. You note that they leave "authorized" drug use open. Amphetimines are SOP in some combat and combat simulation exercises. Christ, you want to laugh til tears roll down your cheeks, read the FOIA stuff released on the CIA's human experimentation with LSD. True keystone cop stuff. John Barlow and I were drinking some cokes and shooting the breeze here in Laramie a little over a year ago. He predicted an "opening" of the intelligence agencies after Clinton was elected- (This was the second to last weekend in October to be precise). NOW I see what he means. Thanks Grady! So THAT'S what the DoD pogues do. Can't wait to see a Field Manual for DIA intelligence officers. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From Tomaz.Borstnar at arnes.si Fri Apr 8 05:07:32 1994 From: Tomaz.Borstnar at arnes.si (Tomaz Borstnar) Date: Fri, 8 Apr 94 05:07:32 PDT Subject: possible FTP site volunteer? In-Reply-To: <9404080524.AA26879@ nextsrv.cas.muohio.EDU > Message-ID: <9404081207.AA07582@toad.com> In-reply-to: Your message dated: Fri, 08 Apr 1994 01:33:56 EDT > This may be a lot to ask, would anyone be willing to volunteer a little > space on an ftp site for the 1984 NSA t-shirt gifs? While its easy for Me, me, me! :) > me to mail it out. You'd get a complimentary shirt out of the deal :) Great! ;) I'm taking care of ftp.arnes.si. From werner at mc.ab.com Fri Apr 8 05:23:02 1994 From: werner at mc.ab.com (tim werner) Date: Fri, 8 Apr 94 05:23:02 PDT Subject: 1984 NSA T-Shirt Available! Message-ID: <199404081222.IAA21486@sparcserver.mc.ab.com> >From: jdblair at nextsrv.cas.muohio.EDU >Date: Thu, 7 Apr 1994 14:10:20 -0400 (EDT) > >I've come up with a design for the 1984 NSA t-shirt idea which I am >finally happy with. To check it out, fire up Mosaic and jump to: > >The back is the Cyber Rights Now! Logo from Wired Magazine. > I'd be interested in a T-shirt with the "safety in large numbers" design that was on the back of the cypherpunks criminal shirt, but I didn't get that shirt because of the "CRIMINAL!!" bit. It seemed a little too shrill. I was a criminal for years. Lately, I've been relatively law-abiding. How about putting the lightning bolts over the large numbers? tw From eagle at deeptht.armory.com Fri Apr 8 06:30:52 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Fri, 8 Apr 94 06:30:52 PDT Subject: Grady's NSA Manual Message-ID: <9404080624.aa01064@deeptht.armory.com> I don't know about you guys, but if the FBI comes through the front door over this NSA manual, this piece of shit I use for a UNIX terminal goes out the back door and off the roof into the alley >;) We're stripped down to the bare minimum for combat here at Outlaws on the Electronic Frontier. My personal secretary has full run of my accounts- (he writes the shell scripts), but he doesn't know my private key pass phrase. I guess that makes me impossible to impersonate, eh? -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From perry at snark.imsi.com Fri Apr 8 06:35:34 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Fri, 8 Apr 94 06:35:34 PDT Subject: Grady's NSA Manual In-Reply-To: <9404080624.aa01064@deeptht.armory.com> Message-ID: <9404081335.AA17739@snark.imsi.com> For a while now I've been trying to decide if you are interesting or a complete fruitcake. Would you mind telling me what the hell you are talking about here so I can add a datapoint to my decision? Perry Jeff Davis says: > I don't know about you guys, but if the FBI comes through the front door > over this NSA manual, this piece of shit I use for a UNIX terminal goes > out the back door and off the roof into the alley >;) > > We're stripped down to the bare minimum for combat here at Outlaws on the > Electronic Frontier. My personal secretary has full run of my accounts- > (he writes the shell scripts), but he doesn't know my private key pass > phrase. I guess that makes me impossible to impersonate, eh? From anonymous at extropia.wimsey.com Fri Apr 8 06:51:21 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Fri, 8 Apr 94 06:51:21 PDT Subject: No Subject Message-ID: <199404081343.AA19068@xtropia> Subject: NSA Security Manual You realize, of course, that by posting the manual verbatim you have allowed them to discover where the leak was. They have the ability to change the wording slightly on every document, so that when you quote the document they can discover who gave it to you. That is why newspapers no longer report quotes from documents that they have, or never show pictures of secret documents. Then again, for something as simple as a manual, they may not bother to change each one. But the capability exists. user at host.domain.site From ecarp at netcom.com Fri Apr 8 07:05:44 1994 From: ecarp at netcom.com (Ed Carp) Date: Fri, 8 Apr 94 07:05:44 PDT Subject: your mail In-Reply-To: <199404081343.AA19068@xtropia> Message-ID: On Fri, 8 Apr 1994 anonymous at extropia.wimsey.com wrote: > Subject: NSA Security Manual > > You realize, of course, that by posting the manual verbatim you have allowed > them to discover where the leak was. They have the ability to change the > wording slightly on every document, so that when you quote the document they > can discover who gave it to you. That is why newspapers no longer report > quotes from documents that they have, or never show pictures of secret > documents. Then again, for something as simple as a manual, they may not > bother to change each one. But the capability exists. That only works for sensitive information that is likely to be leaked. The NSA doesn't do that for every FOUO and classified document it has - if it did, it'd never get anything else done, it'd be so busy doing that stuff. Even with software to do the synonym sonkey-work, it'd take a massive amount of work to print different copies of every single document the NSA has. I did find one interesting thing about FOUO documents mentioned, though - how can FOUO documents be exempt from the FOIA? That doesn't make sense, unless it was either a deliberate evasion on the part of the NSA to attempt to mislead the innocent and naive. Either a document is classified (and therefore subject to the standard classified document review process) or it isn't. Sorry, but they can't have their cake and eat it, too. Of course, I could be wrong. Their SPOs carry guns, too... From satan at ccwf.cc.utexas.edu Fri Apr 8 07:07:46 1994 From: satan at ccwf.cc.utexas.edu (satan) Date: Fri, 8 Apr 94 07:07:46 PDT Subject: request Message-ID: <199404081407.JAA06848@dopey.cc.utexas.edu> satan at ccwf.cc.utexas.edu request for mailing list From cort at ecn.purdue.edu Fri Apr 8 07:13:46 1994 From: cort at ecn.purdue.edu (cort) Date: Fri, 8 Apr 94 07:13:46 PDT Subject: disposable cash VISA Message-ID: <199404081413.JAA13997@en.ecn.purdue.edu> ... along the lines of anonymous cash (and contrary to the AntiCash!) ... What does it take to _issue_ bank cards? Can any bank or credit union issue bank cards? What does it take to get the VISA or MasterCard name? It _seems_ that it should be so simple to set up anonymous credit cards. Here is one simple scenario: Mr. Credit Union gets VISA's approval to issue "secure" (prepaid) VISA cards. Mr. Credit Union has a _good_ reputation, and this reputation is important to his business. Mr. Credit Union sets up 1000 accounts with $500 in each account. A bank card is associated with each account. The name on the front of the card is something like "Joe Cash". Miss Customer walks into Mr. Credit Union's place of business and buys one of these cards for cash (the green, paper kind). She chooses one from a fish bowl full of them (ensuring a random acct #). The card would cost something like $505. No exchange of names, no SS #s, no credit checks. Miss Customer uses the card like any other VISA. When the $500 is gone, she "discards". It would be easy for Mr. Credit Union to cheat. Therefore, the reputation is important. Why not? Why can't _I_ sell these sorts of credit cards? Does this truly provide additional privacy? Cort. From hfinney at shell.portal.com Fri Apr 8 07:58:07 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 8 Apr 94 07:58:07 PDT Subject: tmp@netcom.com Message-ID: <199404081459.HAA27420@jobe.shell.portal.com> > Mr. TMP: > > You can easily settle this by attending or meeting with a CP in your area > who can sign your public key based on your Drivers License etc. > > While it might not be fair, it would put an end to the debate... Another way would be for people to get a *blind* signature from someone else saying "I am not Detweiler" (if that is all people care about). Sup- pose some nym were able to exhibit such a signature from a respected list member, ideally one who has given out a great many such signatures. No one would be able to link the nym to his True Name; all anyone would know is that at one time the True Name corresponding to this nym received a blinded signature making this assertion. This allows a nym to keep his anonymity while still responding to accusations like these, if he wishes. Hal From hfinney at shell.portal.com Fri Apr 8 08:03:31 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 8 Apr 94 08:03:31 PDT Subject: Pseudonyms and Reputations Message-ID: <199404081504.IAA28300@jobe.shell.portal.com> From: greg at ideath.goldenbear.com (Greg Broiles) > Hal Finney writes: > > > The simple blinded signature model provides a pretty simple way to allow > > only one pseudonym per True Name in a given forum, if you assume there is > > some way to distinguish people in the real world. > [...] > Real-world application of this protocol still depends on folks not > using the credentials of friends/family/dead people, especially where > "real name" <-> credential mapping isn't available. This is true, but the main purpose of this technology is to prevent users from creating large numbers of pseudonymous accounts. No technology can stop people from cooperating in an on-line forum, and the use of friends' or family members' accounts is also very hard to prevent. So collusion at some limited level will always be possible. But at least it should be possible to prevent the massive use of nyms. Hal From dichro at tartarus.uwa.edu.au Fri Apr 8 08:09:34 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Fri, 8 Apr 94 08:09:34 PDT Subject: your mail In-Reply-To: <199404081343.AA19068@xtropia> Message-ID: <199404081509.XAA12341@lethe.uwa.edu.au> > > Subject: NSA Security Manual > > You realize, of course, that by posting the manual verbatim you have allowed > them to discover where the leak was. They have the ability to change the > wording slightly on every document, so that when you quote the document they > can discover who gave it to you. That is why newspapers no longer report > quotes from documents that they have, or never show pictures of secret > documents. Then again, for something as simple as a manual, they may not > bother to change each one. But the capability exists. > > user at host.domain.site > > Been reading a bit of Tom Clancy, have we? This ability is undoubtedly possible, however, as (presumably) each individual employee has their own (individualized) copy, they should realize that some creative editing has been done by just comparing notes. BTW - this was posted in phreak-45 - so the damage was done quite a while ago - look in the papers for mysterious car crashes. MJH * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "Life begins at '040." PGP Public key available by finger * "Spaghetti code means job security!" From frissell at panix.com Fri Apr 8 08:14:14 1994 From: frissell at panix.com (Duncan Frissell) Date: Fri, 8 Apr 94 08:14:14 PDT Subject: disposable cash VISA In-Reply-To: <199404081413.JAA13997@en.ecn.purdue.edu> Message-ID: On Fri, 8 Apr 1994, cort wrote: > It _seems_ that it should be so simple to set up anonymous credit > cards. Here is one simple scenario: (Details of secured credit card system elided) > Why not? Why can't _I_ sell these sorts of credit cards? Does this > truly provide additional privacy? > > Cort. The Feds agree which is why they outlawed such transactions. "Banks" have to comply with "know your customer" rules. Civilians may not realize it but a VISA account is just a bank account like any other save that it usually has a debit balance rather than a credit balance. Issuers have to obtain taxpayer ID numbers from their customers and identification information "similar to what a bank would require to cash a check". This rule has been extended throughout the OECD countries by recent treaty. Even outside the OECD, card issuers have to be conservative because many VISA merchants are not online and one could run up a lot of little transactions if one were interested in card fraud. The issuer would be stuck. Once all transactions can be verified online, this may improve. It is not easy to get permission to issue VISA cards. That being said, *individuals* can use the secured card system to obtain credit cards in names of convenience. It is just hard to do this on an institutional basis. Duncan Frissell "The problem of governance in the 21st Century -- How to regulate thousands of annual transactions carried out by the billions of buyers and sellers in Market Earth." From hfinney at shell.portal.com Fri Apr 8 08:14:37 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 8 Apr 94 08:14:37 PDT Subject: Pseudonyms and Reputations Message-ID: <199404081515.IAA28879@jobe.shell.portal.com> A (semi) real-world application of the is-a-person technology was suggested to me a year ago by someone whom I think is now a list member. To protect his privacy I will change the story slightly. He wanted to set up an online game which would be ongoing for some time, and which new people could join periodically. New members would be given a certain amount of resources (fuel, money, etc.) to start with, and then they would compete with others in the game to try to get more. At any given time standings would be available to show who had done the best in terms of getting the most resources. The problem was that based on the rules of the game it was hard to prevent people from colluding to transfer resources among themselves. This would allow someone who was doing poorly to create a bunch of pseudonymous accounts, enter them in the game as new users, and then to transfer their initial resources to his main account. The result would be that the standings would reflect skill at creating pseudonyms more than the abilities which the game was supposed to test. He asked whether there would be some way to ensure that only one account per person was playing the game. Basically, he was asking for an "is-a-person" credential. One solution would simply be to get a name, address, and phone number from each participant, but he didn't want to violate his players' privacy to that extent. Without an infrastructure supporting this kind of credential, he decided not to go ahead with his plans for the game. This is too bad because the game was actually going to test some very interesting economic and political theories and it would have been good to see it in action. Hal From jdblair at nextsrv.cas.muohio.EDU Fri Apr 8 09:45:02 1994 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Fri, 8 Apr 94 09:45:02 PDT Subject: 1984 Shirt Ordering Info Message-ID: <9404081647.AA29709@ nextsrv.cas.muohio.EDU > 1984 NSA T-shirt ordering information: The shirt will be printed in white ink on a dark colored shirt. The shirts are 100% Cotton. Available sizes are L, XL, and XXL, and available colors are black, navy, dark green, and maroon. The price is $15, which includes postage and handling. Make your check or money order out to "John Blair" and send it to: 1984 T-Shirt John Blair 210 Mary Lyon Oxford, OH 45056 Be sure to include the requested size and color, as well as an e-mail address for confirmation of the order, and a snail-mail address to send the shirt to. Students: be sure you include an address you will be at after May 14. I must recieve your order by Wed., April 27. It is possible that there will be extra shirts avaiable to people after this date, or a second printing run for late orders, but I can only guarentee shirts to orders recieved by this day. Assuming all goes well, I will have the shirts in the mail by Sat., May 14. Thanks to all who have offered suggestions while I was refining the design, and for all the un-expected interest. A reminder: The shirt is available for viewing at http://phoenix.aps.muohio.edu/users/jdblair/t-shirt.html This is accesable by Mosaic or Lynx. Lynx will download gifs of the design to your own disk. It will be available soon via anonymous ftp. I will post the address when that is confirmed. Thanks again, -john. -------------------------------------------------------------------------- John Blair: voice: (513) 529-4877 PGP public key available upon request. KILL YOUR Privacy in the information age is a right, not a privilage. TELEVISION Information = Power = Control. Fight the centralization of information. From nobody at shell.portal.com Fri Apr 8 09:51:22 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Fri, 8 Apr 94 09:51:22 PDT Subject: Today cryptography, tomorrow ?? Message-ID: <199404081652.JAA04604@jobe.shell.portal.com> AP 4/8/94: A federal grand jury indicted an MIT student Thursday on charges he ran a computer bulletin board that allowed people to copy more than $1 million worth of copyrighted software for free. [...] The bulletin board, named Cynosure, allowed people on MIT's computer network to copy business and entertainment software, the indictment said. [...] Internet users also were able to illegally copy the software, Stern said.[..] Many of the Cynosure users hid their identities by using an Internet address in Finland that provided an anonymous forwarding service for the pirated programs, according to the indictment. .... Like to include more but ..uh.. "fair use" and all that .... Wonder how come he didn't encrypt? From mech at eff.org Fri Apr 8 10:02:11 1994 From: mech at eff.org (Stanton McCandlish) Date: Fri, 8 Apr 94 10:02:11 PDT Subject: password matrix thing for Windows: Message-ID: <199404081702.NAA04154@eff.org> This was uploaded to us. I'm wondering 2 things: 1) is it worth archiving - that is, is it a good idea, or a security risk for anyone that used it, and 2) would it qualify as an ITAR export-controlled crypto product. I have my own ideas about this, but am interested in 2nd opinions. Here's the readme for it (the package is psswrd30.zip) Password Matrix 3.0 Written by Thomas Hassler This Windows utility was written for my personal use and I then decided that it might be marketable. The basic concept of this program is fairly simple: It was created to be used in conjunction with an encryption utility like that of Norton Utilities and other shareware versions around. This program allows people in a group to pass encrypted files around with the password embedded in the filename. Let me explain. This utility uses a matrix (you get to make your own) to encode a filename from a password. This would be incredibly complex if one used any old characters... so I used only numbers in my matrix. this simplifies things and still allows a HUGE number of possible matrices. Version 3.0 will generate a random password and its corresponding filename, decode a filename, or encode a filename to or from a password. Once you see it in action you will see exactly what I mean. In the fully registered version ($10) there is a functioning filefinder (directory tree) that you can double-click on a filename and it decodes the password instantly. If you use this program consistently, please register and you will have full benefits. Future versions (registered users get prior notice) may contain: Random matrix generation Drag and drop (file to program and decrypts) Multiple user defined matrices Thank you for supportin Hossware! _________ end _________ From tcmay at netcom.com Fri Apr 8 10:37:09 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 8 Apr 94 10:37:09 PDT Subject: 1984 Shirt--Entrepreneurs Wanted! In-Reply-To: <9404081647.AA29709@ nextsrv.cas.muohio.EDU > Message-ID: <199404081737.KAA12539@mail.netcom.com> John Blair wrote: > 1984 NSA T-shirt ordering information: > > The shirt will be printed in white ink on a dark colored shirt. The > shirts are 100% Cotton. Available sizes are L, XL, and XXL, and available > colors are black, navy, dark green, and maroon. > > The price is $15, which includes postage and handling. Make your check or > money order out to "John Blair" and send it to: Speaking of such things, what I'd love to see is some entrepreneur out there buying and selling "Cypherpunks 1994 World Tour" t-shirts, decals, coffee mugs, secret decoder rings, etc. I neglected to order one of the "Big Brother Inside" t-shirts, or one of the "Cypherpunk Criminal" shirts, so now all I've got is my EFF t-shirt. (Hey, maybe that's another t-shirt idea: "The other Cypherpunks went to federal prison for encrypting and all I got was this lousy EFF t-shirt.") Here's my serious point: An entrepreneur can buy up some number of these items (3 t-shirts now, stickers) and then sell them at a markup to folks like me, who forget or neglect to place their orders at the right time. Capitalism at its finest. It also spreads the word at EFF events, Libertarian Party events (or whatever your politics are), those "rave" things Crunch is always talking about, and so on. Sort of a Cypherpunks Store. P.S. If anybody has any of those previously done t-shirts they want to sell, I'm interested. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From nates at netcom.com Fri Apr 8 10:57:29 1994 From: nates at netcom.com (Nate Sammons) Date: Fri, 8 Apr 94 10:57:29 PDT Subject: bumperstickers Message-ID: <199404081758.KAA10728@netcom12.netcom.com> I have found a source for paper to print bumper stickers on. It's a thin plastic that is *very* sticky on one side, and made to go through laser printers. I have been tossing around some ideas for stickers to make, and I have come up with a few... what so you think? The WIRED ist icon, with and without text "CYPHERPUNK CRIMINAL" the "Warning: Strong Crypto" logo from the Tshirts "1984: We're behind schedule, NSA" and others. Who would be interested, and does anyone have more ideas. I would be selling individual stikers for between $0.50 and $1.00 each, depending on their size (some may be 3" square, some may be "8x3", etc...) -nate -- +--------- | Nate Sammons PGP Key and fingerprint via finger. | Clipper == Big Brother Inside. Question Authority. Encrypt everything. +--------- From hayden at krypton.mankato.msus.edu Fri Apr 8 11:41:03 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 8 Apr 94 11:41:03 PDT Subject: bumperstickers In-Reply-To: <199404081758.KAA10728@netcom12.netcom.com> Message-ID: They can have my crypto when they pry it from my cold, dead, keyboard. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From tcmay at netcom.com Fri Apr 8 11:51:16 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 8 Apr 94 11:51:16 PDT Subject: (fwd) Re: RSA Broken by the Russians? Message-ID: <199404081851.LAA23176@mail.netcom.com> That April Fool's Day joke I did about RSA being broken by the Russians has generated 25 responses on sci.crypt and sci.math (where I posted it after sending it out to this list). (Someone added soc.culture.soviet to the dist list.) Here's a recent one, which indicates I guessed fairly accurately that Kolmogorov was involved, or his methods were. The Wolfram hypothesis, noted to me by Eric Hughes and confirmed by Wolfram, is also supported. --Tim Newsgroups: sci.crypt,sci.math,soc.culture.soviet Subject: Re: RSA Broken by the Russians? Message-ID: <1994Apr7.163939.31350 at husc14.harvard.edu> From: verbit at coolidge.harvard.edu (Misha Verbitsky) Date: 7 Apr 94 16:39:38 EDT Distribution: world Organization: Sozialistisches Patienten Kollektiv In article gene at insti.physics.sunysb.edu (Eugene Tyurin) writes: >>>> "MV" == Misha Verbitsky writes: > >MV> This secret city probably exists, but the mathematical quality of >MV> Soviet secret cryptography is extremely low. First of all, KGB >MV> did not try to recruit graduates of Universities (at least as far >MV> as I know). >Well, may be I'm awfully wrong, but in the Moscow University there was >a special "Department of Structural Linguistics" (or something like >this) which was rumoured to be a KGB crypto-college. I remember (from >the time I was studying for the admission exams) that their math tests >were as hard as the ones for Math, Physics departments. I can guess >from this that the quality of students was the same. Well, dept. of Structural Linguistic was a section of philology department. It was organized by the famous logicist V. A. Uspensky who was friendly with Tartu (and Moscow) school of structural linguistic. The intent was, Lotman and Co. used (or believed they use) Kolmogorov's notions of entropy and complexity in philology, so philologists who wanted to study structuralism needed to learn some mathematics. For a while, MSU Str. Ling. dept. was the best philology school in the country. Now, after a serie of pogroms it still remains one of the best school (mostly because after those pogroms all MSU philology department went awry). Since I was friendly with some of Uspensky's students I know the situation firsthand. The students of Str. Ling. dept. were 80% girls, they did't know (or like) math, and most of the math lecturers (after Uspensky) were Jews and/or dissidents. I doubt strongly KGB would use many people connected with Str. Ling. dept., though I know some whom they offered cooperation. Anyway, Str. Ling. dept. have had no classified courses, unlike most of other MSU depts. The funny sci.math related detail: Uspensky read calculus on Str. Ling. dept. for years. After a while he became bored and instead of usual calculus program offered the non-standard analysis course. Poor girls, who naturally hated mathematics, were completely distressed, because now they could not even make they boyfriends to do their problem sets. Misha. P. S. I apologise for Vulis reposting every second article that I post to sci.math. I hope you stay amused. There is no way to make Vulis stop this practice, as far as I understand. I think he developed a crash on my net.personality. From blancw at microsoft.com Fri Apr 8 12:20:45 1994 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 8 Apr 94 12:20:45 PDT Subject: RMorality and Ethics (was Pseudonym's and Reputation) Message-ID: <9404081921.AA13042@netmail2.microsoft.com> From: Jeff Davis "McCandlish and I discussed morality and ethics early during our initial "handshake". Stanton said there is no morality, only ethics- what do you think?" I think one is the study of the subject and the other is the application of it, according to one's personal interpretation. *** Morality is the ablility to differentiate between right and wrong, without denotation. Thus, each situation defines an eidetic decision and implementation which would be the application of an ethical standard based on past experience. Therefore, endogenous morality is quite tangible, while exogenous morality is most likely unethical, and detrimental to the purity of being. *** I couldn't understand this paragraph very well, as it is too cryptic. Blanc From mpd at netcom.com Fri Apr 8 12:25:02 1994 From: mpd at netcom.com (Mike Duvos) Date: Fri, 8 Apr 94 12:25:02 PDT Subject: Today cryptography, tomorrow ?? In-Reply-To: <199404081652.JAA04604@jobe.shell.portal.com> Message-ID: <199404081925.MAA13449@mail.netcom.com> > Many of the Cynosure users hid their identities by using an > Internet address in Finland that provided an anonymous forwarding > service for the pirated programs, according to the indictment. Does this mean we will soon be seeing Julf in chains on the evening news with his coat over his head? After all, the United States long ago awarded itself kidnapping priveleges against anyone it claims has violated US law, with no concern for the laws of the country in which the person resides. Just ask Manuel Noriega. -- Mike Duvos $ PGP 2.3a Public Key available $ mpd at netcom.com $ via Finger. $ From corbet at stout.atd.ucar.EDU Fri Apr 8 12:25:10 1994 From: corbet at stout.atd.ucar.EDU (Jonathan Corbet) Date: Fri, 8 Apr 94 12:25:10 PDT Subject: NSA T-shirt FTP site In-Reply-To: <9404081920.AA01624@ nextsrv.cas.muohio.EDU > Message-ID: <199404081924.NAA10664@stout.atd.ucar.EDU> OK, the NSA T-shirt gifs are on ftp.atd.ucar.edu in pub/Crypto -- help yourselves. "Don't forget to use binary mode to fetch them." Jonathan Corbet National Center for Atmospheric Research, Atmospheric Technology Division corbet at stout.atd.ucar.edu http://www.atd.ucar.edu/rdp/jmc.html From corbet at stout.atd.ucar.EDU Fri Apr 8 12:27:12 1994 From: corbet at stout.atd.ucar.EDU (Jonathan Corbet) Date: Fri, 8 Apr 94 12:27:12 PDT Subject: NSA T-shirt FTP site Message-ID: <199404081927.NAA10745@stout.atd.ucar.EDU> OK, the NSA T-shirt gifs are on ftp.atd.ucar.edu in pub/Crypto -- help yourselves. "Don't forget to use binary mode to fetch them." Jonathan Corbet National Center for Atmospheric Research, Atmospheric Technology Division corbet at stout.atd.ucar.edu http://www.atd.ucar.edu/rdp/jmc.html From unicorn at access.digex.net Fri Apr 8 12:31:16 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 8 Apr 94 12:31:16 PDT Subject: NSA Security Manual Message-ID: <199404081930.AA18842@access3.digex.net> You realize, of course, that by posting the manual verbatim you have allowed them to discover where the leak was. They have the ability to change the wording slightly on every document, so that when you quote the document they can discover who gave it to you. That is why newspapers no longer report quotes from documents that they have, or never show pictures of secret documents. Then again, for something as simple as a manual, they may not bother to change each one. But the capability exists. user at host.domain.site <- This sort of manual is never seeded. I'm sure the NSA will fuss because there has been a technical violation, but in the grand scheme of things this is not a major concern except the the extent it shows that an individual has the moral ability to release the stuff to the public. The information itself is not damning but law enforcement tends to frown on the CONCEPT of such releases. If it were seeded, Grady never would have been called. ./ -uni- (Dark) From cfrye at ciis.mitre.org Fri Apr 8 12:54:08 1994 From: cfrye at ciis.mitre.org (Curtis D. Frye) Date: Fri, 8 Apr 94 12:54:08 PDT Subject: RMorality and Ethics (was Pseudonym's and Reputation) Message-ID: <9404082002.AA07718@ciis.mitre.org> Blanc Weber says: > >>*** Morality is the ablility to differentiate between right and wrong, >>without denotation. Thus, each situation defines an eidetic decision >>and implementation which would be the application of an ethical standard >>based on past experience. Therefore, endogenous morality is quite tangible, >>while exogenous morality is most likely unethical, and detrimental to the >>purity of being. *** > >I couldn't understand this paragraph very well, as it is too cryptic. > Attempted translation: Morality is both individual and situational, and must not be externally imposed as the imposition would violate individual sovereignty. -- Best regards, Curtis D. Frye cfrye at ciis.mitre.org or cfrye at mason1.gmu.edu "Here today, gone ?????^H^H^H^H^HFriday, April 8th" From unicorn at access.digex.net Fri Apr 8 13:16:26 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 8 Apr 94 13:16:26 PDT Subject: remailers GONE! Message-ID: <199404082015.AA15096@access1.digex.net> ------------------------------------------------------------------------------ List of Running Remailers Last Response ------------------------------------------------------------------------------ 0 remailers listed. <- OH NO! From gtoal at an-teallach.com Fri Apr 8 13:17:02 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 8 Apr 94 13:17:02 PDT Subject: NSA Security Manual Message-ID: <199404082012.VAA09860@an-teallach.com> The information itself is not damning but law enforcement tends to frown on the CONCEPT of such releases. If it were seeded, Grady never would have been called. What I found interesting was that it was published in Phrack about a week ago, and nothing happened, but when Grady reposted it, suddenly phone-calls come aflying. Either this means that the NSA read Grady's posts more diligently than everyone else's, or Grady went out of his way to tell them that he'd posted it, which wouldn't surprise me... G From ag588 at hela.INS.CWRU.Edu Fri Apr 8 13:48:06 1994 From: ag588 at hela.INS.CWRU.Edu (John C. Brice) Date: Fri, 8 Apr 94 13:48:06 PDT Subject: Rejected mail Message-ID: <199404082047.QAA04623@hela.INS.CWRU.Edu> ag588 is rejecting mail from you From grady at netcom.com Fri Apr 8 13:56:03 1994 From: grady at netcom.com (Grady Ward) Date: Fri, 8 Apr 94 13:56:03 PDT Subject: NSA Security Manual Message-ID: <199404082056.NAA01082@netcom12.netcom.com> When I spoke to the NSA Security Officer for NSA he was very interested in Phrack (not having heard of it before). I gave him subscription information, etc. If you are listening Erik, I want a cut of the take. :-) Actually I speculate that someone who saw my reposting helpfully phoned the NSA about the security breach. But SDO10 didn't give me that information... Grady From markh at wimsey.com Fri Apr 8 14:01:57 1994 From: markh at wimsey.com (Mark C. Henderson) Date: Fri, 8 Apr 94 14:01:57 PDT Subject: 1984 Shirt Ordering Info In-Reply-To: <9404081647.AA29709@ nextsrv.cas.muohio.EDU > Message-ID: > > 1984 NSA T-shirt ordering information: > A reminder: The shirt is available for viewing at > http://phoenix.aps.muohio.edu/users/jdblair/t-shirt.html >... > It will be available soon via anonymous ftp. I will post the address > when that is confirmed. available from ftp.wimsey.bc.ca:/pub/crypto/shirt From gtoal at an-teallach.com Fri Apr 8 14:11:25 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 8 Apr 94 14:11:25 PDT Subject: NSA T-shirt FTP site Message-ID: <199404082108.WAA11101@an-teallach.com> OK, the NSA T-shirt gifs are on ftp.atd.ucar.edu in pub/Crypto -- help yourselves. "Don't forget to use binary mode to fetch them." Whoever designed these hasn't done a t-shirt before I suspect. The white on black may look pretty on your screen, but it's the worst thing for printing. The best thing to supply would be the graphic, trimmed to its border, as a single file, and the text as a postscript file. Ditto the reverse side should be postscript too. Gifs don't scale well for printing so the larger the original of the graphic, the better. G From sasha at cs.umb.edu Fri Apr 8 14:27:59 1994 From: sasha at cs.umb.edu (Alexander Chislenko) Date: Fri, 8 Apr 94 14:27:59 PDT Subject: MIT sysop faces piracy charges. Message-ID: <199404082127.AA21641@eris.cs.umb.edu> Today's Boston Globe has an article on a 20yo MIT student David LaMacchia who 'enabled Internet users around the globe to pirate more than a million dollars worth of copyrigthed software'. David 'faces a possible jail term and fines of up to $250,000'. David's scheme involved usage of anonymous remailers [?] in Finland. The article starts on the front page with a big color picture of David in his computer room. Here's a repsonse to the case I found oncomp.org.eff.talk: From loofbour at cis.ohio-state.edu Fri Apr 8 14:29:05 1994 From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow) Date: Fri, 8 Apr 94 14:29:05 PDT Subject: Pseudonyms and Reputations In-Reply-To: <199404081515.IAA28879@jobe.shell.portal.com> Message-ID: <199404082128.RAA08893@styracosaur.cis.ohio-state.edu> Hal writes: > He wanted to set up an online game which would be ongoing for some > time, and which new people could join periodically. New members > would be given a certain amount of resources (fuel, money, etc.) to > start with, and then they would compete with others in the game to > try to get more. At any given time standings would be available to > show who had done the best in terms of getting the most resources. > > The problem was that based on the rules of the game it was hard to > prevent people from colluding to transfer resources among > themselves. This would allow someone who was doing poorly to > create a bunch of pseudonymous accounts, enter them in the game as > new users, and then to transfer their initial resources to his main > account. The result would be that the standings would reflect skill > at creating pseudonyms more than the abilities which the game was > supposed to test. Perhaps this is only reflective of the Real World, where he who gets to the scarce resources first wins. Either you put a cap on the total resource (meaning some must starve, unless they can trade something else of worth), or you must allow limitless expansion. You could impose an annoyance factor on the distribution of initial resources (a week's wait, perhaps), or on unlikely transfers (you can't give away the resource except in exchange for some other form of goods... an Objectivist's paradise, perhaps?) Finally, there's always forced socialism: A high tax rate or inflation rate should keep folks from accumulating ill-gotten wealth for long. Without delving too deeply into the details of the simulation, isn't the liquidity of the value of the resource a hedge against people attempting to stockpile same through polynymity? nathan From ravage at bga.com Fri Apr 8 14:35:35 1994 From: ravage at bga.com (Jim choate) Date: Fri, 8 Apr 94 14:35:35 PDT Subject: Rejected mail In-Reply-To: <199404082047.QAA04623@hela.INS.CWRU.Edu> Message-ID: <199404082135.AA28555@zoom.bga.com> > > ag588 is rejecting mail from you > Touch and closed minded...:( From blancw at microsoft.com Fri Apr 8 14:39:15 1994 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 8 Apr 94 14:39:15 PDT Subject: RMorality and Ethics (was Pseudonym's and Reputation) Message-ID: <9404082139.AA19192@netmail2.microsoft.com> From: Curtis D. Frye Attempted translation: Morality is both individual and situational, and must not be externally imposed as the imposition would violate individual sovereignty. Thanks, Curtis. For some reason, I kept reading the first sentence as: "Morality is the ablility to differentiate between right and wrong, without detonation." Which, I guess, would be another good translation. Blanc From mg5n+ at andrew.cmu.edu Fri Apr 8 14:40:44 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Fri, 8 Apr 94 14:40:44 PDT Subject: REMAIL: pseudo-account remailer @andrew gains anonymous feature Message-ID: I added an anonymous feature to my remailer. If you have an address of the form mg5n+eaxxx at andrew.cmu.edu, anonymous mail can be sent to that address by changing it to the format: mg5n+anxxx at andrew.cmu.edu An encrypted reply address is created for the sender of the anonymous message. You can get an anonymous address by sending mail to mg5n+getid at andrew.cmu.edu P.S. For what it's worth, the address mg5n+anz3ajg8o1yxicqzt6v6qgpg3tkhddpqw3jl at andrew.cmu.edu will forward anonymously to cypherpunks at toad.com. If your mail software supports mail aliases, a mail alias to that address might be an easy way to post anon to the list (and get replies ;-) As before, anyone who wants the source is welcome to it, however there is nil documentation, and some of my recent hacks to it have increased the code sloppiness factor by several orders of magnitude. It does now support 3DES encryption, much thanks to Phil Karn and Jim Gillogly's PD code. From unicorn at access.digex.net Fri Apr 8 14:53:06 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 8 Apr 94 14:53:06 PDT Subject: NSA Security Manual Message-ID: <199404082152.AA22315@access1.digex.net> Mr. Toal said : What I found interesting was that it was published in Phrack about a week ago, and nothing happened, but when Grady reposted it, suddenly phone-calls come aflying. Either this means that the NSA read Grady's posts more diligently than everyone else's, or Grady went out of his way to tell them that he'd posted it, which wouldn't surprise me... G <- This is partly up to Grady to verify, but I suspect the answer lies in the different frequency and lag time between examination of the net and examination of Phrack. Grady's probably just got noticed first. From unicorn at access.digex.net Fri Apr 8 14:55:54 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 8 Apr 94 14:55:54 PDT Subject: NSA manual. Message-ID: <199404082155.AA22492@access1.digex.net> Grady says: Actually I speculate that someone who saw my reposting helpfully phoned the NSA about the security breach. But SDO10 didn't give me that information... Grady <- Sorry for the bandwidth, this sounds more reasonable than any active scanning. -uni- (Dark) From mimir at illuminati.io.com Fri Apr 8 15:15:09 1994 From: mimir at illuminati.io.com (Al Billings) Date: Fri, 8 Apr 94 15:15:09 PDT Subject: NSA Security Manual In-Reply-To: <199404081930.AA18842@access3.digex.net> Message-ID: On Fri, 8 Apr 1994, Black Unicorn wrote: > You realize, of course, that by posting the manual verbatim you have allowed > them to discover where the leak was. They have the ability to change the > wording slightly on every document, so that when you quote the document they > can discover who gave it to you. That is why newspapers no longer report > quotes from documents that they have, or never show pictures of secret > documents. Then again, for something as simple as a manual, they may not > bother to change each one. But the capability exists. Could someone e-mail the manual to me. I accidentally deleted the posting of it. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Al Billings aka Grendel Grettisson | Internet: mimir at illuminati.io.com | | Nerd-Alberich - Lord of the Nerd-Alfar | Sysop of The Sacred Grove | | Admin for Troth, the Asatru E-mail List| (206)322-5450 | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From joshua at cae.retix.com Fri Apr 8 15:30:20 1994 From: joshua at cae.retix.com (joshua geller) Date: Fri, 8 Apr 94 15:30:20 PDT Subject: Today cryptography, tomorrow ?? Message-ID: <199404082229.PAA03504@sleepy.retix.com> > > Many of the Cynosure users hid their identities by using an > > Internet address in Finland that provided an anonymous forwarding > > service for the pirated programs, according to the indictment. > Does this mean we will soon be seeing Julf in chains on the evening news > with his coat over his head? > After all, the United States long ago awarded itself kidnapping > priveleges against anyone it claims has violated US law, with no concern > for the laws of the country in which the person resides. Just ask Manuel > Noriega. or timothy leary. josh From nawaz921 at raven.csrv.uidaho.edu Fri Apr 8 15:44:41 1994 From: nawaz921 at raven.csrv.uidaho.edu (Faried Nawaz) Date: Fri, 8 Apr 94 15:44:41 PDT Subject: NSA Security Manual In-Reply-To: Message-ID: <9404082244.AA13433@toad.com> Could someone e-mail the manual to me. I accidentally deleted the posting of it. I think you can get it off phrack45 -- ftp to ftp.netcom.com:/pub/phrack. If you are a gov/mil/corp person, you have to subscribe -- mail phrack at netcom.com for info. From Isaac.Norby at f217.n125.z1.FIDONET.ORG Fri Apr 8 15:54:30 1994 From: Isaac.Norby at f217.n125.z1.FIDONET.ORG (Isaac Norby) Date: Fri, 8 Apr 94 15:54:30 PDT Subject: Soda remailer tampering? Message-ID: <10488.2DA5D5B8@shelter.FIDONET.ORG> |To: hh at soda.berkeley.edu Seems your remailer (or you personally) is playing games with messages posted via the Post-To: function. Note indicated additions: Isaac Norby - via FidoNet node 1:125/1 UUCP: ...!uunet!kumr!shelter!217!Isaac.Norby INTERNET: Isaac.Norby at f217.n125.z1.FIDONET.ORG >>enriched uranium ak-47 >>chile columbia -------- For more information about this anonymous posting service, please send mail to hh at soda.berkeley.edu with Subject: remailer-info. Eric Hollander takes no responsibility for the contents of this post. Please, don't throw Isaac Norby - via FidoNet node 1:125/1 UUCP: ...!uunet!kumr!shelter!217!Isaac.Norby INTERNET: Isaac.Norby at f217.n125.z1.FIDONET.ORG >>ira shipment of cocaine >>explosives detonate -------- For more information about this anonymous posting service, please send mail to hh at soda.berkeley.edu with Subject: remailer-info. Eric Hollander takes no responsibility for the contents of this post. Please, don't throw I don't have a sense of humor about this and want an explanation, now. Cc: to cypherpunks at toad.com IN -- Isaac Norby - via FidoNet node 1:125/1 UUCP: ...!uunet!kumr!shelter!217!Isaac.Norby INTERNET: Isaac.Norby at f217.n125.z1.FIDONET.ORG From sameer at soda.berkeley.edu Fri Apr 8 16:35:30 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Fri, 8 Apr 94 16:35:30 PDT Subject: remailers GONE! In-Reply-To: <199404082015.AA15096@access1.digex.net> Message-ID: Black Unicorn spake: > > > ------------------------------------------------------------------------------ > List of Running Remailers Last Response > ------------------------------------------------------------------------------ > > 0 remailers listed. > <- > > > OH NO! > I would say that this is more of a problem of faulty pinger software than all the remailers being dead. I'll look into it. From unicorn at access.digex.net Fri Apr 8 16:55:53 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 8 Apr 94 16:55:53 PDT Subject: Nsa Manual distribution Message-ID: <199404082355.AA28818@access1.digex.net> -> From: Al Billings Subject: Re: NSA Security Manual To: cypherpunks at toad.com On Fri, 8 Apr 1994, Black Unicorn wrote: > You realize, of course, that by posting the manual verbatim you have allowed > them to discover where the leak was. They have the ability to change the > wording slightly on every document, so that when you quote the document they > can discover who gave it to you. That is why newspapers no longer report > quotes from documents that they have, or never show pictures of secret > documents. Then again, for something as simple as a manual, they may not > bother to change each one. But the capability exists. Could someone e-mail the manual to me. I accidentally deleted the posting of it. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Al Billings aka Grendel Grettisson | Internet: mimir at illuminati.io.com | | Nerd-Alberich - Lord of the Nerd-Alfar | Sysop of The Sacred Grove | | Admin for Troth, the Asatru E-mail List| (206)322-5450 | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- <- Watch your attributation, this was not my quote. I personally would counsel people to be quite cautious about distributing the document in question actively. There is a case to be made if you know the material is restricted and you send it out anyhow. I don't think this applies to Grady, who seems to have forwarded the material as a "is this real" project. Now that he has indicated the material is of some interest to NSA, anyone sending the document back and forth should really be cautious. For the less paranoid: Most of the information in the document, as I indicated before, is not damning by itself. It is the distribution that is offensive to the powers that be. The question is how obnoxious and picky the enforcement side wants to be and what the background of the leak is. If this is material put out by someone who might otherwise be in trouble it might get nasty out there. I don't think I'd want it on my ftp site, let me put it that way. The FOIA exemption for administrative materials is what worries me most. -uni- (Dark) From mg5n+ at andrew.cmu.edu Fri Apr 8 18:42:19 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Fri, 8 Apr 94 18:42:19 PDT Subject: remailers GONE! In-Reply-To: Message-ID: > catalyst at netcom.com 0.025 days > "Supports PGP encryption" Does it? I don't have the public key... > remailer at entropy.linet.org Never > "Supports PGP encryption" I thought this one was gone. And now a quote from finger remailer at soda.berkeley.edu for Issac Norby: > = A note about keywords > > This remailer inserts keywords into the headers and tailers of all posts > and remails. These headers contain phrases which would probably > trigger automated net monitoring programs, rendering them less > effective. This insertion is completely automatic and certainly does > not constitute a statement of intent by anyone (especially the remailer > operator) to do anything. From sonny at netcom.com Fri Apr 8 18:43:55 1994 From: sonny at netcom.com (James Hicks) Date: Fri, 8 Apr 94 18:43:55 PDT Subject: Soda remailer tampering? In-Reply-To: <10488.2DA5D5B8@shelter.FIDONET.ORG> Message-ID: <199404090144.SAA11220@mail.netcom.com> Isaac Norby writes: > For more information about this anonymous posting service, please send mail > to hh at soda.berkeley.edu with Subject: remailer-info. Eric Hollander takes > no responsibility for the contents of this post. Please, don't throw > [...deleted stuff...] > INTERNET: Isaac.Norby at f217.n125.z1.FIDONET.ORG > >>ira shipment of cocaine > >>explosives detonate > -------- [...deleted stuff...] > > I don't have a sense of humor about this and want an explanation, now. > I sent mail to hh at soda.berkeley.edu with Subject: remailer-info. I got some info back that included: > = A note about keywords > > This remailer inserts keywords into the headers and tailers of all posts and > remails. These headers contain phrases which would probably trigger > automated net monitoring programs, rendering them less effective. This > insertion is completely automatic and certainly does not constitute a > statement of intent by anyone (especially the remailer operator) to do > anything. I think it's the "keywords" that you noticed. >James< From shipley at merde.dis.org Fri Apr 8 18:56:15 1994 From: shipley at merde.dis.org (Evil Pete) Date: Fri, 8 Apr 94 18:56:15 PDT Subject: NSA Security Manual In-Reply-To: Message-ID: <199404090155.SAA14225@merde.dis.org> >On Fri, 8 Apr 1994, Black Unicorn wrote: > >> You realize, of course, that by posting the manual verbatim you have allowed >> them to discover where the leak was. They have the ability to change the >> wording slightly on every document, so that when you quote the document they >> can discover who gave it to you. That is why newspapers no longer report >> quotes from documents that they have, or never show pictures of secret >> documents. Then again, for something as simple as a manual, they may not >> bother to change each one. But the capability exists. > >Could someone e-mail the manual to me. I accidentally deleted the posting >of it. > It would be nice if it was avalible for ftp (I deleted mine when cleaning up my backlog of Cypherpunks email... -Pete From sameer at soda.berkeley.edu Fri Apr 8 19:13:24 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Fri, 8 Apr 94 19:13:24 PDT Subject: remailers GONE! In-Reply-To: Message-ID: Matthew J Ghio spake: > > > catalyst at netcom.com 0.025 days > > "Supports PGP encryption" > > Does it? I don't have the public key... That's what Karl's posting said. > > > remailer at entropy.linet.org Never > > "Supports PGP encryption" > > I thought this one was gone. Oh yeah. I'll fix that. From markh at wimsey.com Fri Apr 8 20:10:32 1994 From: markh at wimsey.com (Mark C. Henderson) Date: Fri, 8 Apr 94 20:10:32 PDT Subject: NSA Security Manual In-Reply-To: <199404090155.SAA14225@merde.dis.org> Message-ID: > It would be nice if it was avalible for ftp (I deleted mine when cleaning > up my backlog of Cypherpunks email... ftp.wimsey.bc.ca:/pub/crypto/Doc/nsa/nsa_security_manual.gz From hfinney at shell.portal.com Fri Apr 8 20:20:32 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 8 Apr 94 20:20:32 PDT Subject: Pseudonyms and Reputations Message-ID: <199404082258.PAA26912@jobe.shell.portal.com> Nathan Loofbourrow writes, regarding the on-line game: > > You could impose an annoyance factor on the distribution of initial > resources (a week's wait, perhaps), or on unlikely transfers (you > can't give away the resource except in exchange for some other form of > goods... an Objectivist's paradise, perhaps?) Some kinds of play-by-mail games have had a similar situation, but they have generally not faced the problem in this form because they charge money to enter. This puts a cap on how many entries a person is willing to make. With a large number of participants, controlling two or three players instead of one does not increase the average person's chance of winning enough to make it worthwhile. This does suggest an alternative form of "is-a-person" credentialling, though. Rather than trying to verify identity at a distance, one could simply have a "he paid me $10" credential. You would give these out (probably just one per customer rather than multiple ones) as blinded signatures for anybody who sent you the cash. These could be substitute is-probably-a-person credentials on the theory that most people wouldn't be able to waste a lot of money purchasing a great many of these. OTOH, it's not clear that anyone would be willing to pay this much for a credential unless it had some real, tangible benefit (otherwise it serves as an "I'm a sucker" credential), and if the benefits are great enough perhaps it would be worthwhile to buy multiples. Hal From eagle at deeptht.armory.com Sat Apr 9 00:15:52 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Sat, 9 Apr 94 00:15:52 PDT Subject: NSA Manual and Media Message-ID: <9404090015.aa24998@deeptht.armory.com> Well Sports Fans, I just mailed the NSA manual to every media source with an email adress listed in Adam's _Big_Dummies_Guide_ - It took 6 aliases to get them all. Scuuuze me! I'm headed back to the Buckhorn Bar and all those drunk undergraduate fillies. This will do for a nights work >;) -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From eagle at deeptht.armory.com Sat Apr 9 06:22:03 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Sat, 9 Apr 94 06:22:03 PDT Subject: Shot 'Round the World Message-ID: <9404090621.aa01366@deeptht.armory.com> Well, my personal secretary compiled every single media email adress in the _Big_Dummies_Guide_ into 6 alias'. Then I emailed it to every one of them. If the FBI comes to the front door, this piece of shit XT clone I use for a UNIX terminal goes out the back door and off the sun deck into the alley. I suppose the fucking phone will ring off the hook in Ft. Meade for a while. By God! It's a good day for the Revolution!!! *** Here's the follow up *** To whom it may concern, You have been emailed an authentic National Security Agency Employee's Manual. I as an Electronic Frontier Foundation member, acting purely on my own initiative, and solely accountable for my actions, have emailed this information, as well as John Gilmore's FOIA attack on the current Clipper Chip proposal for key escrowed encryption, to every media source with an email adress listed in EFF's _Big_Dummies_Guide_to_the_Internet_ on the entire planet. You may authenicate the NSA manual via confirmation by the phone numbers listed in it. Consider this the shot heard round the world in the Electronic Revolution. Sincerely, Jeff Leroy Davis, AKA Eagle EFF Member # 2176 Attached is my PGP public key by which you may verify that I am indeed who I say I am. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi1yIUsAAAEEANIDU/e6qt77IAX+zDqCLMpj6tjYZBOd7HhAmNlIOapgd926 J029AapszLkDqASgVU/Zzs0QpgQ1GAOerlJj1wDPdSMZ03mEqo94ztPI8uNliJTe /CRKqMrkVpe/zOj13QS3HOk2sH//EM73OrlfftxJucLUf2Y30V/ScHuGXWgVAAUR tCtKZWZmIExlcm95IERhdmlzIDxlYWdsZUBkZWVwdGh0LmFybW9yeS5jb20+iQCV AgUQLY8mOTZAgYw09MRxAQFABgP+NJ0TWTUXL/NSvErHP/9zYe+DU8r7ox4k9upd wQ0DKpBEJIg0UNN1DoztLHLr3V3HehvLACGCP/InJPUXTuEFrKyg08t5AFpYpY2b 1+TF1lne0Q0snASd+D2HrIzJQYw0U5siDUe70l6V/dFNCF/9OclNmeMU66j77nW4 zZ16BjaJAJUCBRAtjyXWmEsctw8gOSUBAc9nBACyTl0EhoakGWLJNHOrL1HO+Rf7 RSR0mmdnAn97hzNkC+/O6pAalL3Lp+7fTooYgE35qjItavvdPCcUz2Q6iATXAH6e JnIY2/Jn/oS6TZgksSDcczcwok1C+H6oXp17IqxVCmlV+6wO5jRv2qNJ1Re0QnYy rdFOHVb5YFmtNUwt34kAlQIFEC2OBTgOhDSHLufvWQEBRdoD+gKDZ/xfrDiL3iUU KCWB4g0jjJT8/0JT+9W+I/P5hH2A8XIlFdXVjBUlCSjEjBiXEEzkYCg7xUiCgARP NqGbEu9uIEOIoU5hlhWs7hvVfDTFqpcyBvJ12HXvZMtPswwyR9mWQ8sSd18Bz+dZ vzX4fV8jB+ZayS55j2ZD1jMymMYt =cyXF -----END PGP PUBLIC KEY BLOCK----- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From bdolan at well.sf.ca.us Sat Apr 9 07:58:41 1994 From: bdolan at well.sf.ca.us (Brad Dolan) Date: Sat, 9 Apr 94 07:58:41 PDT Subject: Jeff Davis/Eagle pokes his thumb in big bro's eye Message-ID: <199404091458.HAA27924@well.sf.ca.us> HA HA HA HA HA HA HA! Ya done good! Brad bdolan at well.sf.ca.us From sommerfeld at orchard.medford.ma.us Sat Apr 9 10:31:01 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Sat, 9 Apr 94 10:31:01 PDT Subject: MIT sysop faces piracy charges. In-Reply-To: <199404082127.AA21641@eris.cs.umb.edu> Message-ID: <199404091716.NAA00577@orchard.medford.ma.us> For those of you with WWW access, there is an article with much more technical detail available from http://the-tech.mit.edu in the April 8th issue of The Tech; they also have press releases from the DA, MIT, as well as the indictment and the response which was posted. If the messages in the indictment, do in fact, come from the accused, then he's got a bunch of explaining to do... - Bill From klbarrus at owlnet.rice.edu Sat Apr 9 10:44:14 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Sat, 9 Apr 94 10:44:14 PDT Subject: MAIL: catalyst and entropy In-Reply-To: Message-ID: <9404091743.AA14447@arcadien.owlnet.rice.edu> Matthew J Ghio wrote: > > catalyst at netcom.com 0.025 days > > "Supports PGP encryption" >Does it? I don't have the public key... Yes, it does! You can find the public key for this remailer at the gopher site (gopher chaos.bsu.edu in "Anonymous Mail"/"Public Keys"). Argh, I've fallen a bit behind and may not have upload the latest stuff to the soda.berkeley.edu. I'll do that soon. > > remailer at entropy.linet.org Never > > "Supports PGP encryption" >I thought this one was gone. Yes, I think it is. I got it to work a few times recently, but very erratically. Just a few days ago there was a message sent to the list by the admin of linet.org saying entropy hadn't polled in quite a while... so I guess it is down. -- Karl L. Barrus: klbarrus at owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories From mpj at csn.org Sat Apr 9 11:10:39 1994 From: mpj at csn.org (Michael Johnson) Date: Sat, 9 Apr 94 11:10:39 PDT Subject: Data Lock 271.82 dollar contest Message-ID: <199404091810.AA19475@teal.csn.org> -----BEGIN PGP SIGNED MESSAGE----- __ / \ New Cryptographic Freeware Available: Data Lock /____\ \ / * Uses the Diamond Encryption Algorithm (slight variation on MPJ2) \ / * Includes complete source code \/ * No patent infringement problems * Includes source code library for Diamond & Diamond Lite * Can be strong enough to protect very valuable data (see below) * Can be weakened enough to be exportable in executable form only * Ciphertext doesn't advertise its algorithm or key (stealth) Documentation only (exportable): ftp:csn.org//mpj/public/dlockdoc.zip or dlockdoc.tar.gz ftp:ftp.netcom.com//pub/mpj/public/dlockdoc.zip or dlockdoc.tar.gz Full package (including all source code & executable file): ftp:csn.org//mpj/I_will_not_export/crypto_???????/mpj/dlock.zip or dlock.tar.gz ?????? and anti-export warning given in ftp:csn.org//mpj/README.MPJ ftp:ftp.netcom.com//pub/mpj/I_will_not_export/crypto_???????/mpj/dlock.zip or dlock.tar.gz ?????? and anti-export plea given in ftp:ftp.netcom.com//pub/mpj/README.MPJ Colorado Catacombs BBS 303-938-9654 DLOCK.ZIP Data Lock itself may be useful, but its greater value lies in the fact that it is written more to be used as a function library for people who want to incorporate encryption into other applications. The only change from MPJ2 to the Diamond Encryption Algorithm is that the key expansion mechanism now distinguishes between keys of different lengths. For example, the keys "aaaaaaaa" and "aaaaaaaaaaaa" would have been equivalent in MPJ2, but are not in Diamond. Diamond Lite is just the logical contraction of Diamond from a 16 byte (128 bit) block to an 8 byte (64 bit) block. Even though "Lite" is in the name, it yields better security for small numbers of rounds because of the faster avalanche effect (1 bit to 64 in just 2 rounds instead of 1 bit to 128 in 5 rounds). MPJ2 and Diamond are derived from the MPJ encryption algorithm, invented in 1989, but use an improved key scheduling algorithm that eliminates the slight bias in the way the substitution arrays were filled. The following is a comparison of some of the symmetrical key ciphers available to the general public today. Included is a (somewhat subjective) strength comparison to give a general idea of how Diamond and Diamond Lite compare: ALGORITHM BLOCK KEY ROYALTY ECB RELATIVE APPROXIMATE WORK FACTOR NAME SIZE SIZE FREE? MODE SPEED TO BREAK log base 2 of BITS BITS OK? number of operations DES 64 56 YES YES MEDIUM 43 3DES 64 112-168 YES YES SLOW 64-168 DIAMOND 128 variable YES YES MEDIUM 128-key size DIAMOND LITE 64 variable YES YES VERY FAST 64-key size BLOWFISH 64 variable YES YES VERY FAST 64-key size? SHA-CFB 160 variable YES NO VERY FAST 80-160 MD5-CFB 128 variable YES NO VERY FAST 64-128 REDOC II 80 160 NO YES FAST 80-key size REDOC III 64 variable NO YES VERY FAST 64-key size KHUFU 64 512 NO YES ? 64-512 IDEA 64 128 NO YES FAST 64-128 MMB 128 128 ? YES FAST 128? The "work factor to break" column is somewhat subjective, and is based on the best attacks that I have knowledge of (hardly an exhaustive list), combined with a GUESS at what attacks might succeed. They also assume that the key length is at least as long as the numbers indicated when the key length is variable. You should decide for yourself what you will believe. Don't put all your eggs in one basket. Besides those things listed above, some distinguishing characteristics of Diamond and Diamond Lite include: * They can easily and securely take a pass phrase directly as a key. * They can be extremely fast when implemented in hardware. * They allow you to perform some security vs. speed and size tradeoffs. * Key setup is designed to make brute force attacks very costly. OK, this is where I put my money where my keyboard is. If you are the first one to correctly decipher my challenge text (CHALLENG.ENC in DLOCK.ZIP), enciphered with DLOCK.EXE, before midnight UTC, 29 April 1997, and follow the redemption instructions contained within the challenge text, then I will send you US$271.82 of my hard-earned money. You must (1) reveal to me how you did this, and (2) not break any laws in the process to collect the prize. I know that this isn't enough to justify much serious cryptanalysis, but it should demonstrate that such a challenge is beyond the reach of the average hacker. ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp:csn.org//mpj/README.MPJ for crypto stuff | | |||/ /_\ | aka mpj at netcom.com mpjohnson at ieee.org mikej at exabyte.com | | |||\ ( | m.p.johnso at nyx.cs.du.edu CIS 71331,2332 PGP key by finger | | ||| \ \_/ |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLaDz1j9nBjyFM+vFAQHJ8QP/UgnrRX0u5AAnEoOIuNPi1Y8yRPrY7U3R BWTb04eyi1hqSuWnVQaAkINp84R5d/PhyS7wa5xEEoq+UmhISEoGHoSVc6e2QWr+ xsSR5vjvUQpc5zkPIdkFOpVb94aCUCDHh5Zv4bU6WsVoKI+zAXSrRDL7o4zhwfxp +H6ov+NPI1M= =9Ul1 -----END PGP SIGNATURE----- From wex at media.mit.edu Sat Apr 9 11:21:07 1994 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Sat, 9 Apr 94 11:21:07 PDT Subject: MIT Talk on randomness/key management Message-ID: <9404091820.AA17899@media.mit.edu> [I have no more information than is contained in the announcement --AW] > Friday, April 15, 1994 > Refreshments at 1:45pm, Talk at 2:00pm in NE43-518 > >``Regaining Pseudorandomness by Cooperation with Applications to Key > Management'' > by Amir Herzberg, IBM Watson > > ABSTRACT > >Consider a multiparty system where parties may be occasionally >``infected'' by malicious agents, called {\sf viruses.} The viruses >are controlled by an adversary. Once a party is infected the entire >contents of its memory is revealed and possibly modified. After some >time the virus is expelled and the party wishes to regain its >security. Since the leaving virus knows the entire contents of the >infected party's memory, a source of ``fresh'' randomness, >unpredictable by the adversary, seems essential for full recovery >(e.g., for selecting new keys). However, such an ``on-line'' source >of randomness may not be always readily available, or beneficial to use. > >We describe a scheme in which the parties, being given access to >randomness only at the onset of the computation, jointly generate a >sequence of numbers that are pseudorandom from the point of view of >the adversary (a different generated number for the use of each party >at each round). Thus, these pseudorandom numbers can be used just as >``fresh'' randomness in the design of protocols (e.g., for regaining >security). These properties of our scheme hold as long as in each >round there is at least {\em one} non-infected party. > >We describe an important application of our scheme to >practical key-management systems, such as Kerberos and \NetSP. > >Joint with Ran Canetti, Weizmann Institute > >Host: Nancy Lynch From nates at netcom.com Sat Apr 9 14:07:14 1994 From: nates at netcom.com (Nate Sammons) Date: Sat, 9 Apr 94 14:07:14 PDT Subject: bumpersticker source Message-ID: <199404092100.OAA10202@netcom12.netcom.com> Lots of people have been asking about where to get the sticker paper, so I'll just tell everyone. I think it may be easier to just let everyone make their own instead of bothering with making them myself. Here's the info: The stuff is called "stickyback" Saga Division of DADE, Inc. Interchange Office Park 400 Highway 169 South Minneapolis, MN 55426-1199 Pricing: Size: Qty 1-3 4-11 12+ --------------------------------------- 8.5" x 11.0" 10 7.35 6.60 5.95 8.5" x 11.0" 50 31.50 28.50 25.60 11" x 17" 50 63.00 57.00 51.20 It's available in either white (opaque) or clear. -nate -- +--------- | Nate Sammons PGP Key and fingerprint via finger. | Clipper == Big Brother Inside. Question Authority. Encrypt everything. +--------- From nates at netcom.com Sat Apr 9 14:10:33 1994 From: nates at netcom.com (Nate Sammons) Date: Sat, 9 Apr 94 14:10:33 PDT Subject: bumpersticker source In-Reply-To: <199404092100.OAA10202@netcom12.netcom.com> Message-ID: <199404092111.OAA10632@netcom12.netcom.com> Oh, yeah, 1-800-328-0727 -nate -- +--------- | Nate Sammons PGP Key and fingerprint via finger. | Clipper == Big Brother Inside. Question Authority. Encrypt everything. +--------- From bruce at phantom.com Sat Apr 9 14:55:09 1994 From: bruce at phantom.com (Bruce Fancher) Date: Sat, 9 Apr 94 14:55:09 PDT Subject: Today cryptography, tomorrow ?? In-Reply-To: <199404082229.PAA03504@sleepy.retix.com> Message-ID: <9404092153.AA25649@mindvox.phantom.com> > > Many of the Cynosure users hid their identities by using an > > Internet address in Finland that provided an anonymous forwarding > > service for the pirated programs, according to the indictment. > > Does this mean we will soon be seeing Julf in chains on the evening news > with his coat over his head? > > After all, the United States long ago awarded itself kidnapping > priveleges against anyone it claims has violated US law, with no concern > for the laws of the country in which the person resides. Just ask Manuel > Noriega. Good point. It's not widely known but in fact the US Military-Industrial complex is controlled by seven Freemasons who operate from a hidden control center in the British Virigin Islands*. The group of seven have been planning World Domination for the past thirty years. The military action which resulted in the overthrow of Manuel Noreiga and the ruthless installation of a democratically-elected government in Panama was just a precedent to the next step which is to slam the Voyager I and II probes into jupiter and ignite their on-board hydrogen bombs. This will create a nucleur reaction in Jupiter's core turning it into a new Sun and bringing about the environmental catastrophe They** will use to enslave Earth's population. And that's the _REAL_ reason They're worried about anonymous remailers. *Refer to page 73 or the "Protocols of the Elder's of Zion" ** Also known as THEM and THOSE PEOPLE From mg5n+earkal52bqguftr3ovqadsh3i93flqludqtd3wq1v8 at andrew.cmu.edu Sat Apr 9 16:09:49 1994 From: mg5n+earkal52bqguftr3ovqadsh3i93flqludqtd3wq1v8 at andrew.cmu.edu (Anonymous) Date: Sat, 9 Apr 94 16:09:49 PDT Subject: MIT Student Indicted on Piracy Charges Message-ID: http://the-tech.mit.edu/V114/N19/piracy.19n.html Student Indicted on Piracy Charges By Josh Hartmann Contributing Editor A federal grand jury charged an MIT student yesterday on a felony charge for allegedly allowing the piracy of over $1 million in business and entertainment software using Athena workstations. David M. LaMacchia '95 was indicted on one count of conspiring to commit wire fraud, according to a statement from the U.S. Attorney's office in Boston. LaMacchia allegedly allowed the duplication of hundreds of copyrighted software packages between Nov. 21, 1993, and Jan. 5, 1994, using workstations on the Athena Computing Environment. "We became aware sometime in December that a computer was being used to distribute software," said Kenneth D. Campbell, director of the news office. "That information was turned over to Campus Police and the FBI. MIT personnel cooperated with the FBI in the investigation." The incident was discovered when an Athena-user in the Student Center cluster noticed that an unattended workstation next to him was behaving abnormally, making frequent disk accesses, according to James D. Bruce ScD '60, vice president for Information Systems. The user apparently reported the abnormal behavior to members of the Student Information Processing Board, who then proceeded to investigate the matter, according to a source familiar with the investigation. The SIPB members saw the status of the workstation and reported the incident to the Information Systems staff, the source said. SIPB itself was not part of the investigation, according to Jessie Stickgold-Sarah '96, the SIPB chairman. Attorneys for LaMacchia issued a swift denial of the charges late yesterday, saying LaMacchia was merely the provider of a service which others used to place and remove files. The statement called the indictment a test case to "decide whether current criminal law would penalize a [systems operator] who neither controls what is placed on the system nor profits one cent from any copyrighted software that others upload to and download from the system that he and others create and operate." Many of the people who accessed the pirated files over the Internet concealed their location by using an anonymous service in Finland, Bruce said. The Associated Press reported yesterday that LaMacchia advertised the server strictly by word-of-mouth to avoid detection. The AP quoted the indictment as saying that as many as 180 users accessed the server in one 16-hour period. Disciplinary process underway Within MIT, "there was a disciplinary action filed against [LaMacchia] sometime in January," Bruce said. These proceedings have been halted, he added. Another anonymous source said that the Office of the Dean for Undergraduate Education and Student Affairs had received a complaint in January, but had not decided whether the disciplinary action would be forwarded to the Committee on Discipline, handled by the Dean's Office, or dismissed outright. Dean for Undergraduate Education and Student Affairs Arthur C. Smith said last night that Institute disciplinary procedures are usually suspended when a student is charged with such a crime. However, Smith would not comment on the status of any disciplinary case underway. If LaMacchia were convicted, he would still be subject to the normal disciplinary measures within the Institute, Smith said. Losses over $1 million Losses from the illegal software duplication are expected to surpass $1 million, according to the statement from the U.S. Attorney's office. "The pirating of business and entertainment software through clandestine computer bulletin boards is tremendously costly to software companies, and by extension to their employees and to the economy," said U.S. Attorney Donald K. Stern. "We need to respond to the culture that no one is hurt by these thefts and that there is nothing wrong with pirating software." A list obtained by The Tech revealed that MS-DOS games dominated the server. Among the business software, however, were Aldus Pagemaker 5.0 for Windows, Microsoft Word for Windows 6.0, a beta (pre-release) copy of a forthcoming operating system by Microsoft code-named Chicago, WordPerfect 6.0 for both DOS and Windows, a beta copy of Microsoft 5.0, and Aldus PhotoStyler 2.0. If found guilty LaMacchia could conceivably be the subject of a civil suit by the software vendors, Bruce said. "It would be entirely possible for a vendor to make a case that it suffered monetary damages," he said. "I would think there is some reason [LaMacchia] could be sued." Bruce said he thought the Institute's liability would be limited because of Athena rules prohibiting duplication of copyrighted software. LaMacchia did not return telephone calls last night. Copyright 1994 by The Tech. All rights reserved. This story was published on Friday, April 8, 1994. Volume 114, Number 19 The story began on page 1 and jumped to page 13. This article may be freely distributed electronically, provided it is distributed in its entirety and includes this notice, but may not be reprinted without the express written permission of The Tech. Write to archive at the-tech.mit.edu for additional details. From mg5n+ at andrew.cmu.edu Sat Apr 9 17:32:13 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sat, 9 Apr 94 17:32:13 PDT Subject: MIT sysop faces piracy charges In-Reply-To: <199404081652.JAA04604@jobe.shell.portal.com> Message-ID: nobody at shell.portal.com wrote: > Many of the Cynosure users hid their identities by using an > Internet address in Finland that provided an anonymous forwarding > service for the pirated programs, according to the indictment. Although mentioned in the indictment, appearantly Julf's server really played no part in the software piracy distribution. Cynosure was an FSP server run on an unattended workstation at MIT (which David LaMacchia did not own and did not have permission to use as an FSP server). It was not a mail server, and there is no mention of any pirated software being sent through anon.penet.fi. Instead, the feds just wanted to use the indictment as a soap box to badmouth Julf's anon-server. The indictment is on http://the-tech.mit.edu They list some twenty charges against LaMacchia. Interestingly, one of the charges was that LaMacchia created an anonymous mail pool for PGP messages on his FSP server. It looks like the government folks have found themselves a test case with which to make a statement against piracy, and, more importantly, to try to criminalize PGP and the anonymous remailers. This is bad news. :( From ub075 at freenet.victoria.bc.ca Sat Apr 9 17:51:51 1994 From: ub075 at freenet.victoria.bc.ca (Ryan A. Perkins) Date: Sat, 9 Apr 94 17:51:51 PDT Subject: REMAIL: pseudo-account remailer @andrew gains anonymous feature Message-ID: <9404100057.AA14037@freenet.victoria.bc.ca> > >I added an anonymous feature to my remailer. > >If you have an address of the form mg5n+eaxxx at andrew.cmu.edu, >anonymous mail can be sent to that address by changing it to the format: >mg5n+anxxx at andrew.cmu.edu >An encrypted reply address is created for the sender of the anonymous message. What happens if I already have an encrypted reply address? What happens if I already have SIX encrypted reply addresses? Which one is used? Or is *another* one created? -- Ryan Perkins - 1:340/13 | I feel that suicide jumpers see a glimpse of ub075 at freenet.victoria.bc.ca | sanity as they throw themselves from the ledge. Ask for PGP 2.3 public key | That's why they scream all the way down. 8C5357 : 9F FF BA 93 54 D5 18 78 4B 1E DA GC E3 4E From CCGARY at MIZZOU1.missouri.edu Sat Apr 9 18:04:28 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Sat, 9 Apr 94 18:04:28 PDT Subject: THE ANTI-CLIPper Message-ID: <9404100104.AA26868@toad.com> An excerpt from the THE SPOTLIGHT newspaper April 11, 1994 from its TECHNOLOGY & LIBERTY column. "TV THAT WATCHES YOU" "In a little-noticed agreement reported in Washington Technology Week Bell Atlantic, General Instruments Corporation, & the National Institute of Science & Technology(NIST) have agree to build Clipper chips into future General Instruments cable-TV boxes." "It's a landmark agreement, & the mainstream media has been virtually silent on the subject. But what does the agreement mean?" "For starters, it means your high-tech cable box of the future will have all the "privacy protection" of your Clinton Clipper telephone. It is designed to snitch on you." "For example, you'll soon be able to order merchandise through your high-tech cable TV. And the Clipper chip implanted in your cable box wil flag every purchase as yours. Maybe you contribute to church causes? Use your cable box for tithes & it could be "profiled". Do you watch pay- per-view movies? Big Brother could soon be critiquing your viewing habits." "Starting to get the picture? The Clipper chip is designed to auto- matically identify every cable TV transaction you make. It can report your favorite programs & films. It can mark your buying habits." "And since Clipper's actual capabilities are still top-secret, it could theoretically be even more sinister. It could even contain logic to encrypt signals from monitoring equipment built into your cable box, such as a miniature video camera or infrared sensor (like the cameras & sensors already built into experimental cable boxes used by the Arbitron & Nielson rating services to monitor who is in the room with the TV on)." "General Instruments Corporation (GI) has a near-monopoly on the production of home cable-TV receivers. As a result, the "quiet" Clipper agreement virtually assures that Clipper chips will be insin- uated into the cable boxes of almost 90% of American's cable sub- scribers, all of whom have GI's cable equipment." This looks like really bad news to me! Maybe the free market could help? How about "CLIPPER FREE" labels on small companies cable_TV receivers. If the company could get away with it, it might really help their sales. Maybe foreign companies could come in with Clipper-frees? They could scream trade- war if the feds tried to stop them. American companies could then claim unfair restrictions were keeping them from being competitive. An even better possibility presents itself! How about the poss- ibility of a pirate cottage industry in disabling Clipper chips. Would the TV work with a broken Clipper. How about jumping around the Clipper chip? If that doesn't work, then an anti-clipper chip that goes in parallel or in series with the Clipper or replaces it? I don't know much about electronics. There has been for years a small in- dustry in producing "pirate" cable boxes. Imagine the possibilities with the anti-chip business. Electronic hackers working their way though college by installing off-shore produced anti-Clipper chips. Also individuals making a living from this or a good moonlighting job. If the feds outlaw this - THEN EVEN BETTER! An off the books, non-taxed business employing skilled technical people & habituating the population to engaging in federally unlawful activities! I predict that in coming years, the productive general population is going to become boldly contemptful of the big state. In this atmosphere, anti-Clipper activity will be well received & popularly endorsed. We will see a booming underground electronic privacy industry. What would the new chip's name be? THE ANTI-CLIPper? THE FREEDOM CHIP? THE WACO? THE WEAVER FAMILY? THE ANARCHIST CHIP? THE EQUALIZER CHIP? THE CYPHERPUNK CHIP? THE PRIVACY CHIP? THE YOU'LL-MIND-YOUR-OWN-DAM'D-BUSINESS CHIP? THE NEUROMANCER CHIP? THE ANTI-STATE CHIP? THE REVOLT CHIP? THE CLIP CLIPPER CHIP? THE NO-FEDS CHIP? THE CLIPPER CLIPPER CHIP? Yours Truly, Gary Jeffers PUSH EM BACK! PUSH EM BACK! WWWWAAAYYYY BBAAACCCKKK! BBBEEEAAATTTT STATE! From mg5n+ at andrew.cmu.edu Sat Apr 9 18:18:32 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sat, 9 Apr 94 18:18:32 PDT Subject: REMAIL: pseudo-account remailer @andrew gains anonymous feature In-Reply-To: <9404100057.AA14037@freenet.victoria.bc.ca> Message-ID: Ryan A. Perkins wrote: > >An encrypted reply address is created for the sender of the anonymous message. > > What happens if I already have an encrypted reply address? What happens > if I already have SIX encrypted reply addresses? Which one is used? > Or is *another* one created? Another one is created, since no records are kept of what addresses you already have. I am somewhat unsure of what to do in this situation. As I have it set up now, it will always create the same address for replies (but you can still get as many different ones as you like from mg5n+getid at andrew...) so if you send two messages to mg5n+anxxx... addresses, they will both have the same reply address. I could change this and have it create different ones each time, which would preserve anonymnity better, but this could lead to confusion when replying to messages, because it'd be difficult to tell if two messages came from the same person or not. I suppose a more complicated system could be set up where the users would specify which reply address they wanted to use, or where replying to a certain address would always allocate the same reply-id. Any suggestions? From snyderra at dunx1.ocs.drexel.edu Sat Apr 9 19:14:35 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Sat, 9 Apr 94 19:14:35 PDT Subject: Shot 'Round the World Message-ID: <199404100213.WAA22776@dunx1.ocs.drexel.edu> At 6:21 AM 4/9/94 -0700, Jeff Davis wrote: >*** Here's the follow up *** > >To whom it may concern, > >You have been emailed an authentic National Security Agency Employee's >Manual. I as an Electronic Frontier Foundation member, acting purely >on my own initiative, and solely accountable for my actions, have emailed >this information, as well as John Gilmore's FOIA attack on the current >Clipper Chip proposal for key escrowed encryption, to every media source >with an email adress listed in EFF's _Big_Dummies_Guide_to_the_Internet_ >on the entire planet. > >You may authenicate the NSA manual via confirmation by the phone numbers >listed in it. Consider this the shot heard round the world in the >Electronic Revolution. Well, this certainly helped the "cause." If I were a media person recieving this mail, I'd get a good laugh, then hit delete. I don't see anything nifty, wonderful, or unusual in the manual. I've held a Secret clearance doing work as a Defense contractor, and the requirements aren't abnormal. They're stricter, but given that the clearance level is higher and it's in the intelligence community, it's not unusual. I would seriously doubt the manual is of much interest to the media. If you want to help, mail the media about privacy, and what Clipper is going to do to it. This kind of mail just makes the online community look like fanatical crackpots. Bob (I'm an EFF member as well. What does that have to do with your message?) -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From ecarp at netcom.com Sat Apr 9 19:45:05 1994 From: ecarp at netcom.com (Ed Carp) Date: Sat, 9 Apr 94 19:45:05 PDT Subject: REMAIL: pseudo-account remailer @andrew gains anonymous feature In-Reply-To: Message-ID: On Sat, 9 Apr 1994, Matthew J Ghio wrote: > Ryan A. Perkins wrote: > > > >An encrypted reply address is created for the sender of the anonymous > message. > > > > What happens if I already have an encrypted reply address? What happens > > if I already have SIX encrypted reply addresses? Which one is used? > > Or is *another* one created? > > Another one is created, since no records are kept of what addresses you > already have. > > I am somewhat unsure of what to do in this situation. As I have it set > up now, it will always create the same address for replies (but you can > still get as many different ones as you like from mg5n+getid at andrew...) > so if you send two messages to mg5n+anxxx... addresses, they will both > have the same reply address. I could change this and have it create > different ones each time, which would preserve anonymnity better, but > this could lead to confusion when replying to messages, because it'd be > difficult to tell if two messages came from the same person or not. I > suppose a more complicated system could be set up where the users would > specify which reply address they wanted to use, or where replying to a > certain address would always allocate the same reply-id. Any > suggestions? How about generating a secure hash and using that as an index into a table? If there's an address already there, use that - otherwise, generate one. Generate the hash from the incoming address, of course. That way, you don't need to keep track of anon-id-to-real-id mappings, yet guarantee that each user has one and only one anon address. Of course, folks coming in from different hosts will have different anon ID's. Or have I missed some blindingly obvious technical point thaqt would make this impossible? From unicorn at access.digex.net Sat Apr 9 20:12:11 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 9 Apr 94 20:12:11 PDT Subject: Shot 'Round the World Message-ID: <199404100311.AA21001@access1.digex.net> Mr Davis: >You may authenicate the NSA manual via confirmation by the phone numbers >listed in it. Consider this the shot heard round the world in the >Electronic Revolution. Well, this certainly helped the "cause." If I were a media person recieving this mail, I'd get a good laugh, then hit delete. I don't see anything nifty, wonderful, or unusual in the manual. I've held a Secret clearance doing work as a Defense contractor, and the requirements aren't abnormal. They're stricter, but given that the clearance level is higher and it's in the intelligence community, it's not unusual. I would seriously doubt the manual is of much interest to the media. If you want to help, mail the media about privacy, and what Clipper is going to do to it. This kind of mail just makes the online community look like fanatical crackpots. Bob (I'm an EFF member as well. What does that have to do with your message?) -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. <- I tend to side with Mr. Snyder here. I would add that Mr. Davis has probably attracted a good deal of attention to himself for little gain. Distributing the manual anonymously would have made more sense, and in the event that the manual becomes an issue of contention or a torch for a witchhunt, Mr. Davis would be an interesting martyr in the quest to test the security of remailers and anonymous distribution. I fail to see how this is an important step for the cause. The manual was already in active distribution, the media will probably be the first to jump on the "electronic risks" bandwagon by noting how easy it would have been for an individual to spread a much more damning document. This brings up a curious point. If the cause is thawarting intelligence agencies, the next Clipper will be much less open, perhaps even black. My take on the point of cyberpunks was to make the technology available, organize the positive societal impacts, and prevent the government regulation of information and technology. How can the reckless distribution of (admittedly moderate) intelligence information serve these goals? As much of an anti-estlablishment movement as cypherpunks might associate themselves with, since when has treason been on the agenda? (Obviously I don't label Mr. Davis a traitor, but I'm not in authority in this matter.) Even Mr. May, who I most respectfully place on the heavy side of anti- estlablishment, has often noted that the goal is to allow society to evolve into the technology that is available. Freedom of information, and nil transaction cost in anonymous settings is key in empowering the individual and securing individual rights. Obviously the goal will conflict with modern intelligence agencies that seek to attempt domestic monitoring, but I think everyone here needs to address the role of such agencies in the grand scheme of things. Is the cypherpunk position a lawless one, or one promoting the evolution of law? I will be the first to assert that the manual was basically non-damning, I did in fact assert so some days ago. But consider, what if it had indeed been a revelation in the security methods and practices of the intelligence agency? That would be a significant compromise, and cost mass sums of money in modified security efforts by the agency. Not to mention the fact that it stands to endanger lives. Consider the recent attack on the CIA. I doubt that even this would have prevented the wild distribution of the manual however, prompting me to wonder about the place of responsibility and restraint in the realm of freedom of information. Who would be the bidders on BlackNet for such information? No one who wanted to know simply for academic purposes I'll wager. Issues like this seem to add to the Pro-Clipper arguements. The current pathalogical obsession with anti-crime measures can only be fueled with incidents like this and the MIT piracy case. If anon.penet.fi was not really used in this case, we see how the media will capitolize on these events to feed the headlines, and in this case that means anti-crime positions. Most media people will pass up the manual, just as someone suggested they might. What concerns me is the radical right reporter who asks, "Just who is this guy and why does he have this manual?" -uni- (Dark) From samman at CS.YALE.EDU Sat Apr 9 23:06:08 1994 From: samman at CS.YALE.EDU (Senator Bedfellow) Date: Sat, 9 Apr 94 23:06:08 PDT Subject: CPSR petition to oppose Clipper Message-ID: Does anyone know how many signatures this eventually got? Thanks Ben. ____ Renegade academician. They're a dangerous breed when they go feral. -James P. Blaylock in "Lord Kelvin's Machine" From bart at netcom.com Sun Apr 10 02:04:01 1994 From: bart at netcom.com (Harry Bartholomew) Date: Sun, 10 Apr 94 02:04:01 PDT Subject: 'mostly for crypto and stuff' Message-ID: <199404100905.CAA29584@mail.netcom.com> I know c'punks strays, on occasion but hows this: From: nick.konidaris at accbbs.com (Nick Konidaris) Newsgroups: sci.crypt Subject: Hydrogen Fuel Cells Date: 3 Apr 94 23:14:00 GMT Distribution: world Organization: Advanced Computer Concepts BBS, New Rochelle, NY 914-654-1981 I know this conference is mostly for cryptography & stuff but I want to know if there is anyone out there who knows about the Hydrogen Fuel Cell. I think that I understand how the Cell works yet, I find that something does not make sense. My basic question is: 1. Is a salt/ion bridge required? 2. If so what crosses the salt bridge? [ie. H2 and O2 protons, electrons, what?] 3. What is the best way to make a working fuel cell? Thanx -Nicholas Konidaris II From cat at soda.berkeley.edu Sun Apr 10 03:47:40 1994 From: cat at soda.berkeley.edu (Erich von Hollander) Date: Sun, 10 Apr 94 03:47:40 PDT Subject: keywords Message-ID: <199404101047.DAA01158@soda.berkeley.edu> yes, my remailer does insert keywords, and you can expect that i will continue refinining the keyword insertion system so that it will be harder to automatically filter out. some people have said that keywords should be an option, not a default. i rejected this idea, because keywords are useless unless they are widely used. there is safety in large numbers. from the cypherpunk perspective, ideally, all or most net communications would consist of encrypted text, with the only plaintext being keywords, i think. if the keywords really do bother you, you can use some other remailer. also, if you have good keywords lists, please send them to me. i might have missed something. e From fhalper at pilot.njin.net Sun Apr 10 08:58:10 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Sun, 10 Apr 94 08:58:10 PDT Subject: Key Servers Message-ID: <9404101558.AA24322@pilot.njin.net> Could someone send me a list of the keyservers or which ever one is the largest. Thanks, Reuben Halper -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi16KosAAAEEAMUwRni4a9+GbuAhHDLcBWK60hCJUYxhr2hYokpELAhx0ejp 2fq61Tu9Hjn051CN8Xy5nu6sv2ODfG/t59l4DJSb5pirQaII3zaX0rMX0ydwGDoW YakL4ow1lNY+d/k14KpIuUW404+fNuNhIGSkdVLQIfbOgh0preK7/P44AKvdABEB AAG0JlJldWJlbiBIYWxwZXIgPGZoYWxwZXJAcGlsb3Qubmppbi5uZXQ+iQCVAgUQ LXorceK7/P44AKvdAQEUxwQAoffTibRlwE5tNQVGvrulh1OQgXNhTRec9vUaUwPy U64FIZ+KnmdfYgiJYXtcItA90EB9MDexazKeqJzMOPShVNOfyiwy2yUlnQs425f8 DxBvM//zuvj6s4/mXDTPUZtG9PP0HVaEGTJY15JdfRqtj/w+HHnsHlgCnj0NnIhX TW8= =D9UX -----END PGP PUBLIC KEY BLOCK----- From mg5n+eartdjp7xy633zeul7cwkz3c6zly7n1l98k233yemu0 at andrew.cmu.edu Sun Apr 10 09:31:55 1994 From: mg5n+eartdjp7xy633zeul7cwkz3c6zly7n1l98k233yemu0 at andrew.cmu.edu (Anonymous) Date: Sun, 10 Apr 94 09:31:55 PDT Subject: ILF: Encryption Plan Gets Gov't Nod Message-ID: Brought to you by the Information Liberation Front Reproduced without permission from Communications Week Encryption Plan Gets Gov't Nod By Sharon Fisher WASHINGTON Encryption users and industry observers have said they are unhappy with the Clinton administration's endorsement of a comprehensive interagency review of cryptographic technology. The review was initiated last April and overseen by the Na- tional Security Council. It was scheduled to have been complet- ed by mid-October of last year. As part of the Feb. 4 release of the report, the administration said it has approved the Escrowed Encryption Standard (EES) as a voluntary Federal In- formation Processing Standard. The EES, known as both the Clipper proposal and Skipjack, was announced last April. The administration also said that the National Institute of Stan- dards and Technology and the Automated Services Division of the Treasury Department would be charged with storing the escrowed keys. The procedures for gaining access to the keys were also announced. The ESS proposal has been heavily citicized because of the escrow proposal, which gives law enforcement agencies access to the encryption keys via a warrantmuch like a wiretap. Industry observers have said an algoithm with such keys is inherently insecure. They voiced concern at the government's plans to keep the algorithm classified (Comm Week, Jan. 3). Critics said the ESS is a first step toward outlawing other forms of cryptog raphy, but the administration reiterated at the announcement that it had no such intention. Industry groups such as the Computer Professionals for Social Responsibility and the Electronic Frontier Foundation, both based here, immediately launched grassroots protests against the announcements. Both groups have citicized the proposal since it was first announced. - From mg5n+eartdjp7xy633zeul7cwkz3c6zly7n1l98k233yemu0 at andrew.cmu.edu Sun Apr 10 09:33:54 1994 From: mg5n+eartdjp7xy633zeul7cwkz3c6zly7n1l98k233yemu0 at andrew.cmu.edu (Anonymous) Date: Sun, 10 Apr 94 09:33:54 PDT Subject: ILF: What 4th Amendment? Here Comes the Clipper Encryption Plan Message-ID: Brought to you by the Information Liberation Front Reproduced without permission from Communications Week WHAT 4TH AMENDMENT? HERE COMES THE CLIPPER ENCRYPTION PLAN YOU'RE A CRIMINAL. That person sitting next to you is a criminal, too. All of the people you work with are criminals. How do I know this? I get it straight from the federal government. In fact, the federal government is so certain you're a criminal that the executive branch has just announced a new way to pry into your affairs, steal your correspondence, read your electronic mail, and listen in on your most private conversations. Not only that, but the Clinton administration wants you to pay for the privilege of having the government keep tabs on you. The administration claims that it's doing all of this as a way to fight crime, and since you're the one its targeting, apparently the Clinton administration has decided you're a criminal. By now, of course, you probably know what I'm writing about, but in case you've been in a cave for a couple of weeks, here's a summary. Earlier this month, the administration announced that the government was going ahead with its plans to start using the infamous Clipper chip -- that's the one that encrypts information, but includes a government-sponsored backdoor -- for the Justice and Defense departments. You're going to pay about $2,000 for each of the initial 50,000 or so Clipper-encrypted phones and similar terminal devices the government buys. Once the government starts using Clipper equipment, the plan is for these agencies to require anyone dealing with them to use it also. Meanwhile, you must provide a way for the government to listen in to your telephone system. You get to pay for the new or modified equipment. Finally, sources tell us, the adminis- tration plans to outlaw any form of encryption other than that approved by the government. You get to pay for any changes these new systems require, too. No doubt you're thinking that the Fourth Amendment to the U.S. Constitution is supposed to prevent your papers and effects, among other things, from un- reasonable search and seizure. Is it reasonable to be required to hand over materials in a form the government wishes so that it can search you conveniently? It's not unlike being required to carry on your phone conversations in English for the convenience of government listeners who may not understand, say, pig latin. I suppose we shouldn't be surprised. In his debate on the ratifiation of the Constitution, Patrick Henry predicted that the gov- ernment'may, unless the general government be restrained by a Bill of Rights ". . . go into your cellars and rooms, and search, ran sack and measure everything you eat, drink and wear. They ought to be restrained." Of course, Henry didn't know computers would exist, but he knew of their analogue at the time-a person's papers and effects and that's why he fought successfully for an amendment to restrain the government. Now it appears that the government would slip its restraints. Apparently, in this new world of technology and digital communications, prying into one's affairs has become difficult. It's inconvenient to search an office, after all. It requires work. Instead, the government wants to read your electronic papers and effects, and it wants you to pay for it. The Bill of Rights? I guess that's become inconvenient, too. ------------- Wayne Rash Jr. is a Washington-based networking systems integrator. He can be reached on MCI Mail as WRASH on CompuServe at 72205,221 and on the Internet at rash at access.digex.com. The opinions expressed are his own. From mg5n+eartdjp7xy633zeul7cwkz3c6zly7n1l98k233yemu0 at andrew.cmu.edu Sun Apr 10 09:35:22 1994 From: mg5n+eartdjp7xy633zeul7cwkz3c6zly7n1l98k233yemu0 at andrew.cmu.edu (Anonymous) Date: Sun, 10 Apr 94 09:35:22 PDT Subject: ILF: E-Mail Destination - Black Hole, White House Message-ID: Brought to you by the Information Liberation Front Reproduced without permission from Communications Week Editor's View E-MAIL DESTINATION: BLACK HOLE, WHITE HOUSE Is the Clinton adminisration really an ally of the communications and networking community, or are the politicians only jerking our strings? The answer to this imortant question seems to vary day to day. A few weeks ago I received four elecronic-mail communiques from the White House Office of Media Affairs. This caught my attention for several reasons. First, the administration is not in the habit of communicat- ing with the trade press so I was impressed with this outreach. (Cool move, guys.) Next, the messages were targeted at key journalists using the preferred medium du jour: electronic mail. (Very cool!) Finally, all four messages were dispatched the same day. I was most interested in a message detailing the administration's efforts to communicate over electronic networks. The Clinton administration's Electronc Public Access Project has achieved some important milestones during its first year. According to the project's press release: lt has received over 100,000 E-mail messages to the president and the vice president since it started on June 1, 1993; It established Internet addresses and accepts E-mail from the public; It has electronically processed over 220,000 requests for information since September 1, 1993; 1,600 public documents were published electronically last year; It established forums on America Online, CompuServe, GEnie and MCI Mail. The project plans this year to publish the national budget and other public documents on CD-ROM. It also plans to refine existing electronic com munications techniques via the Internet. I applaud the administration for these innovations. But I also have some reservations. For one, it's looks great on the surface that the administration has set up so many channels for communication. Yet this is the key question: Is anyone really listening? E-mail questions do not get electronic replies from administration officials. Questioners (if they are lucky) get back a letter -- via the U.S. Postal Service. This sounds more like a black hoel than a viable communications process. The president did respond at least once via E-mail -- to a group of fifth-graders in Oxford, Ohio, last spring. At best the opinions of communications and networking experts seem to be ignored; at worst they have been rejected by the president. An example is the president's recent adoption of the socalled "Clipper Chip." This encoding/decoding scheme was devloped by the National Security Agency to assist government agencies to evesdrop on digital communications. Virtually every major computer and communications company, opinion maker, and civil rights group opposes the use of this technology. apparently, however, the president doesn't care what we think. This action has jilted our enthusiasm for the administration's avowed embrace of communications technology. It's beginning to look more like a charade to keep techies playing with their toys instead of a mature partnership in molding our technological future. Send reactions to 542-9851 at mcimail.com on MCI Mail or the Internet, or by fax, 516-562-5055 From aburt at nyx10.cs.du.edu Sun Apr 10 11:16:35 1994 From: aburt at nyx10.cs.du.edu (Andrew Burt) Date: Sun, 10 Apr 94 11:16:35 PDT Subject: MIT sysop faces piracy charges Message-ID: <9404101814.AA03374@nyx10.cs.du.edu> Or more likely the news media had no clue about the relationship of anonymous mail to anonymous ftp/fsp. Sigh. Andrew From samman at CS.YALE.EDU Sun Apr 10 11:40:52 1994 From: samman at CS.YALE.EDU (Senator Bedfellow) Date: Sun, 10 Apr 94 11:40:52 PDT Subject: Export Restrictions of Crypto Message-ID: Does anyone have the cite for the restrictions on the export of crypto, where crypto is classified as munitions for export purposes? I know ITAR says absolutely nothing about crypto, so its a US goverment thingee. Thanks Ben. ____ Renegade academician. They're a dangerous breed when they go feral. -James P. Blaylock in "Lord Kelvin's Machine" From mg5n+ at andrew.cmu.edu Sun Apr 10 11:44:14 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sun, 10 Apr 94 11:44:14 PDT Subject: REMAIL: pseudo-account remailer @andrew gains anonymous feature In-Reply-To: Message-ID: Ed Carp wrote: > How about generating a secure hash and using that as an index > into a table? If there's an address already there, use that - > otherwise, generate one. > > Generate the hash from the incoming address, of course. That way, > you don't need to keep track of anon-id-to-real-id mappings, yet > guarantee that each user has one and only one anon address. Of > course, folks coming in from different hosts will have different > anon ID's. > > Or have I missed some blindingly obvious technical point thaqt > would make this impossible? I don't see how this would prevent me from having to keep track of anon-id-to-real-id mappings. It could work for sending mail, but I'd still have to have some way of keeping track of the real ids for the replies. From sameer at soda.berkeley.edu Sun Apr 10 11:59:17 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Sun, 10 Apr 94 11:59:17 PDT Subject: "Crypto-Data" gif Message-ID: Where can I find a GIF of the "crypto-data" stickers? The diagnol "warning sign"-type sticker with the floppy and 1s and 0s in the back. Thanks. From tcmay at netcom.com Sun Apr 10 12:26:36 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 10 Apr 94 12:26:36 PDT Subject: Zero Knowledge, Hamiltonian Cycles, and Passwords Message-ID: <199404101927.MAA07698@mail.netcom.com> Matt Thomlinson asked me in private e-mail about some of my old posts on zero knowledge interactive proof systems (ZKIPS), especially with regard to finding Hamiltonian cycles in graphs. (A graph is a set of nodes with some set of links between the nodes. Like a bunch of cities connected in some way with highways. A Hamiltonian cycle is a path (subgraph) that visits each node once and only once. Try a few examples with n = 5, say, and you'll see that not all graphs have Hamiltonian cycles, and that finding them is done by exhaustively drawing all possible paths until a Hamiltonian cycle is found. Try increasing n to 10 and you'll see the problem get real hard, real fast. By the time n is 100, no computer that will ever be built will ever solve this, assuming "P" is not equal to "NP" (what Steve Smale has called the most important math and computer science problem of the past 50 years, the P =? NP problem). The Hamiltonian cycle problem for a general graph is NP-complete. (For any specific graph, it is of course solvable, by exhaustion. Not necessarily practical to solve, but solvable). Zero knowledge interactive proof systems were invented in the mid-80s (notably by Goldwasser, Rackhoff, Micali, etc.). They allow the paradoxical-seeming ability to *prove one has knowledge of something without showing what one knows*. That is, Alice can establish with arbitrarily high confidence level (to her skeptics or doubter) that she knows some proof, or some fact, without actually giving them any knowledge of the proof or fact! And it was proved in 1988, at the very Crypto Conference I attended, that anything provable in "ordinary" logic (FOL) is provable in a ZKIPS logic system. (I can't find my Crypto-88 Proceedings this minute, so this informal statement will have to do for now.) A potential use for such systems is for passwords--one can prove one has the knowledge without actually producing it (by typing in a password, for example). I don't know that anyone is actually exploring this application, yet, but I expect it'll come. The Hamiltonian cycle problem is a good example of this. Alice claims she knows the Hamiltonian cycle of a graph. But instead of producing it--which would of course "use up" her further use of this--she goes through a process of proving she "almost certainly" knows a Hamiltonian cycle without actually producing it. If this whets your appetite, I can dig up and post my article to this list (first posted to the Extropians list) that I did about a year and half ago. In this article I explain the "cut and choose" probabalistic algorithm central to ZKIPS. Anyway, here is some more stuff I wrote to Matt this morning. I've deleted his questions and comments, as it was private mail, so this answer picks up after he'd asked some questions about the process: As they say, "anything provable in first order logic is provable in a ZKIPS system." I'm not sure what it means to "prove" you know a method of factoring numbers (faster than the "normal" methods, presumably) except by actually factoring them. And factoring a 5,000-digit number is 17 milliseconds would certainly show something significant. And, trivially, it would presumably give zero knowledge about the method used, so in that sense it is trivially zero knowledge. [Matt asks about "construction" of the Hamiltonian cycle] Give a graph, to find a Hamiltonian cycle is generally "hard." With 5 nodes, easy, by exhaustion--can be done on a napkin. With 15 nodes, much harder. With 25 nodes, almost impossible. With 50 nodes, intractable. And yet suppose Alice shows you one. In a textbook, for example. How did she "find" it? She likely didn't. Rather, she took 50 nodes, drew a path visiting each node once, stored this as her 'Hamiltonian cycle' and then proceeded to draw in 50 or 70 or whatever "other links," which are "ringers," as it were (that is, they are never part of the Hamiltonian she "constructed"). The resulting complete graph--50 nodes with maybe 100 or 500 or whatever links--only she knows a valid Hamiltonian cycle for (there may be others, which neither she nor anyone else will ever find). She can use this as her "password," saying: "This is my graph and I know a Hamiltonian cycle for it." Others are skeptical, since nobody knows how to find a H. for such a large graph, but she proves who she is by producing the H. cycle. (The idea is that Alice "registers" or "publishes" the graph....nobody has yet done this, to my knowledge, so the mechanics of "graph servers" are not worked out.) Of course, by producing her Hamiltonian cycle, she's just used up her only chance to use it, since she's shown others, and they can now claim to be her. The trick is for her to show she knows the H.C. without actually producing it. And that's where the "cut and choose" probabalistic algorithm comes in. The one I described in those old postings you are presumably looking at. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From frissell at panix.com Sun Apr 10 12:30:24 1994 From: frissell at panix.com (Duncan Frissell) Date: Sun, 10 Apr 94 12:30:24 PDT Subject: It's the Government Message-ID: Ziggy's graffiti from the Sunday funny papers: It's the government, *stupid!* DCF From blancw at microsoft.com Sun Apr 10 12:54:45 1994 From: blancw at microsoft.com (Blanc Weber) Date: Sun, 10 Apr 94 12:54:45 PDT Subject: FW: Shot 'Round the World Message-ID: <9404101955.AA10580@netmail2.microsoft.com> >From -uni- (Dark): Freedom of information, and nil transaction cost in anonymous settings is key in empowering the individual and securing individual rights. Obviously the goal will conflict with modern intelligence agencies that seek to attempt domestic monitoring, but I think everyone here needs to address the role of such agencies in the grand scheme of things. Is the cypherpunk position a lawless one, or one promoting the evolution of law? .................................................... 1. What if the cypherpunk position was one or the other; what effect would it have on the subscribers, or upon the law itself? How much do those on the list allow themselves to be affected by other's positioning, and how much could anyone with influence in the law really care? 2. Jeff Davis has mentioned in a past message that the electronic war against the "enemies of freedom" (intelligence agencies) would be mostly a psychological war (or something to that effect). I am concluding that he must have been attempting to accomplish something like this by his act of sending out that NSA manual to all. On the subject of psychological warfare as a method in this privacy effort, I was pondering: . the effectiveness of the tactic employed . the character of the intended recipient of the message . how it will be interpreted by them . predicting whether they will care, in the same way as the sender, about the purpose & content of the message Since the communication is mostly words framing thoughts and philosophical arguments, the effects that one can aim for will be either cognitive or psychological (hopefully achieving both). To aim for a psychological effect only, is to propose that you know so much about psychology, that you know precisely what to aim for - in the minds of all of the recipients, and to expect predictable results. However: . people will often sense when they are being targeted . if they do, they will be resentful at being the object of someone's attack . they may respond in an unpredictable manner different from what was intended, if the total factors involved are more than are known or can be successfully controlled by the attacker . if the intent is only to involve others as elements in the attempt, they can also become angry for being enmeshed in crossfire for a purpose which is not of their own choosing (i.e. being used) and be unconducive to the success of the intent. In the attempt to persuade, convince, convert others from their position which is offensive to one's own, the methods employed are typically negative: pointing out the adverse consequences, pointing out what is wrong with what is being done, pointing out how bad/lousy/wrong/mistaken the offending party is, etc. But it has occurred to me that part of the problem with the effort to defend the dignity of one's "rights" is that there is so much more negativity than positiveness brought into play in the proffered arguments. What impresses me as lacking in the vision of the offending parties is a picture of 'normality'; they're suffering from visions of abnormal motivations. ( I mean normality in the sense of having a "sense of life" which allows for the expectations of normal activity & thought in the average person.) To present only negative insights about the problem to those who propose the disagreeable methods by which they seek to solve it, is to only push the imagination further into the black hole of deficiency. What is lacking in the mind of that type of psychological target is a perspective on what is normal to a regular human being. So how could positive indicators to the rest of life be given; how could a vision of what else is true about real people be created, so that the perspective of those targeted individuals or agencies is offered something better to think about than the problems created by a few out-of-control types; so that their outlook on the subjects of their attention (in this case, the citizens of the US) is not composed only of visions of delinquency and aberrant behavior? It is a challenge to "maintain one's head while all about one, others are losing theirs". Yet not only is that what is needed, but the agencies supposedly charged with our welfare could also use some help in maintaining *their* rationality. They apparently need some support to the end of acquiring confidence in our judgement (the rest of us who are not members of the elite, the chosen few). They are alarmed by the potential threat of destruction of a system which they prize as the means to social stability. What would reduce their felt need to cover the world with wiretraps in order to make sure that they don't miss any loose cannons out in the mists of the wild electronic atmosphere? What could provide that sort of reassurance, that everyone is not going to begin using their liberties in wanton, uninhibited, juvenile ways against the system or against each other. What could provide evidence contrary to the agencies' conclusion that non-government employees do not have what it takes to make rational decisions about the toys & tools and other devices which they create for their own amusement. Considering also: agencies do not by themselves create the man, but vice versa. That is, just because an agency exists, because it has been created for a particular purpose, it does not follow that the people hired to function within it no longer have a recognizable human nature similar to everyone else's [that's part of the problem :>) ]. They also must bring their own personality and character to what they do, however unlikely it seems that they would have the opportunity to do so. If this were not so, then there would be no reason to think that one could argue with them at all. It would be better to give up the effort of communicating with them or attempting to affect them psychologically, since they could not be expected to understand anyway; it would be better instead to think of other methods for achieving the preferred manner of existence. There would be a great benefit to a psychological type of warfare, if it could achieve points for the potential to normality which exists in everyone; if it could present evidence to counter the argument that the individual cannot be trusted, that we need to be saved from each other (by the intelligence agencies). What could bolster their lack of confidence in the judgement of the general population, such that the conclusion made to use the services of these agencies would be proved unnecessary? This would be demonstrated by the kinds of actions taken by individuals in response to the threats against their privacy. To wage a psychological war is to assume a great responsibility for the impressions made upon those who will be judging the behavior of their "charges". The psychological warriors would be taking part in the creation of a picture of the population, the effects of which would be a determining factor in the decisions made for future policies. It is very easy to take exceptional cases and use them as examples upon which to base techniques implemented for the cause of safety. It could hardly be expected that a limited few would have the resources to accomplish the goal for everyone, of saving the image of the individual against the one-dimensional cyclops (within our own lifetime); it is questionable whether any individual should associate themselves with the burden of such a responsibility. Blanc From dwomack at runner.utsa.edu Sun Apr 10 13:23:24 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Sun, 10 Apr 94 13:23:24 PDT Subject: Export Restricitons of Crypto Message-ID: <9404102023.AA07232@runner.utsa.edu> >Message 4/14 From Senator Bedfellow Apr 10, 94 02:39:14 pm -0400 >Return-Path: >Date: Sun, 10 Apr 1994 14:39:14 -0400 (EDT) >Subject: Export Restrictions of Crypto >To: cypherpunks at toad.com >Does anyone have the cite for the restrictions on the export of crypto, >where crypto is classified as munitions for export purposes? >I know ITAR says absolutely nothing about crypto, so its a US goverment >thingee. >Thanks >Ben. Take a look in International Traffic in Arms Regulations (ITAR) (22 CFR 120-130), Department of State, Office of Munitions Control, November, 1989. See Part 121 - The United States Munitions List, Category XIII - Auxiliary Military Equipment, paragraph (b), quoted as follows: (b) Speech scramblers, privacy devices, cryptographic devices and software (encoding and decoding), and components specifically designed or modified therefore, ancillary equipment, and protective apparatus specifically designed or modi- fied for such devices, components, and equip- ment. Regards, Dave From ecarp at netcom.com Sun Apr 10 13:33:22 1994 From: ecarp at netcom.com (Ed Carp) Date: Sun, 10 Apr 94 13:33:22 PDT Subject: REMAIL: pseudo-account remailer @andrew gains anonymous feature In-Reply-To: Message-ID: On Sun, 10 Apr 1994, Matthew J Ghio wrote: > Ed Carp wrote: > > > How about generating a secure hash and using that as an index > > into a table? If there's an address already there, use that - > > otherwise, generate one. > > > > Generate the hash from the incoming address, of course. That way, > > you don't need to keep track of anon-id-to-real-id mappings, yet > > guarantee that each user has one and only one anon address. Of > > course, folks coming in from different hosts will have different > > anon ID's. > > > > Or have I missed some blindingly obvious technical point thaqt > > would make this impossible? > > I don't see how this would prevent me from having to keep track of > anon-id-to-real-id mappings. It could work for sending mail, but I'd > still have to have some way of keeping track of the real ids for the > replies. Ah, yes, I *knew* I had missed something obvious... Thanks. From blancw at microsoft.com Sun Apr 10 13:36:50 1994 From: blancw at microsoft.com (Blanc Weber) Date: Sun, 10 Apr 94 13:36:50 PDT Subject: Pseudonyms and Reputations Message-ID: <9404102037.AA10761@netmail2.microsoft.com> >From Hal: This does suggest an alternative form of "is-a-person" credentialling, though. Rather than trying to verify identity at a distance, . . . . . ................................................... I'm sure I don't understand, said Alice in Wonderland: cryptology is to create anonymity sufficient to prevent the identification of a person; however, it is desireable to have a method/means of verifying identity such that in games or digicash or whatnot, someone cannot take advantage of that ability to obfuscate precise references to themselves. How could these two opposing needs be simultaneously satisfied? It sounds like a self-defeating proposition. Blanc From banisar at washofc.cpsr.org Sun Apr 10 13:57:14 1994 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Sun, 10 Apr 94 13:57:14 PDT Subject: Export Restrictions of Crypto Message-ID: <9404101657.AA45475@Hacker2.cpsr.digex.net> You can get a copy of the ITAR regulations from cpsr.org /cpsr/privacy/crypto/export_controls dave > Date: Sun, 10 Apr 1994 14:39:14 -0400 (EDT) > From: Senator Bedfellow > Subject: Export Restrictions of Crypto > To: cypherpunks at toad.com > Message-Id: edu> Mime-Version: 1.0 > Content-Type: TEXT/PLAIN; charset=US-ASCII > Sender: owner-cypherpunks at toad.com > Precedence: bulk > > Does anyone have the cite for the restrictions on the export of crypto, > where crypto is classified as munitions for export purposes? > > I know ITAR says absolutely nothing about crypto, so its a US goverment > thingee. > > Thanks > > Ben. > > > ____ > Renegade academician. They're a dangerous breed when they go feral. > -James P. Blaylock in "Lord Kelvin's Machine" > > > > From fhalper at pilot.njin.net Sun Apr 10 14:46:07 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Sun, 10 Apr 94 14:46:07 PDT Subject: MacPGP and AOL Message-ID: <9404102145.AA02362@pilot.njin.net> AOL will not allow me to upload MacPGP on the basis that there is a court case pending against the author, and therefore it should not be allowed. My question is since the court case is pending why can't they allow it on until a verdict has been reached? Is this common for commercial online services or ftp sites to ban it? ThAnks, Reuben Halper Montclair High -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi16KosAAAEEAMUwRni4a9+GbuAhHDLcBWK60hCJUYxhr2hYokpELAhx0ejp 2fq61Tu9Hjn051CN8Xy5nu6sv2ODfG/t59l4DJSb5pirQaII3zaX0rMX0ydwGDoW YakL4ow1lNY+d/k14KpIuUW404+fNuNhIGSkdVLQIfbOgh0preK7/P44AKvdABEB AAG0JlJldWJlbiBIYWxwZXIgPGZoYWxwZXJAcGlsb3Qubmppbi5uZXQ+iQCVAgUQ LXorceK7/P44AKvdAQEUxwQAoffTibRlwE5tNQVGvrulh1OQgXNhTRec9vUaUwPy U64FIZ+KnmdfYgiJYXtcItA90EB9MDexazKeqJzMOPShVNOfyiwy2yUlnQs425f8 DxBvM//zuvj6s4/mXDTPUZtG9PP0HVaEGTJY15JdfRqtj/w+HHnsHlgCnj0NnIhX TW8= =D9UX -----END PGP PUBLIC KEY BLOCK----- From pfarrell at netcom.com Sun Apr 10 15:27:01 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Sun, 10 Apr 94 15:27:01 PDT Subject: MacPGP and AOL Message-ID: <66259.pfarrell@netcom.com> > AOL will not allow me to upload MacPGP on the basis that there is > a court case pending against the author, and therefore it should not be > allowed. My question is since the court case is pending why can't they > allow it on until a verdict has been reached? Is this common for > commercial online services or ftp sites to ban it? Jim Bodzos of RSA has a simple plan that goes roughly like this: if you make money off of RSA, he makes money. CompuServ pulled PGP a long time ago, way before PRZ's lawsuit, because they were the only ones making money off PGP in the country -- all those $$ for download fees. EFF had it in their forum, as did several others, all were pulled. Pat Pat Farrell Grad Student pfarrell at gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From mg5n+eabm226579fzrzhm4evs3zzce7h9zk at andrew.cmu.edu Sun Apr 10 16:00:36 1994 From: mg5n+eabm226579fzrzhm4evs3zzce7h9zk at andrew.cmu.edu (Anonymous) Date: Sun, 10 Apr 94 16:00:36 PDT Subject: MacPGP and AOL Message-ID: Reuben Halper sez: > AOL will not allow me to upload MacPGP on the basis that there is a > court case pending against the author, and therefore it should not be > allowed. My question is since the court case is pending why can't they > allow it on until a verdict has been reached? Is this common for > commercial online services or ftp sites to ban it? Sadly, yes. We've been through similiar situations with other online services. But maybe this opens up some stego possibilities. What if some public-spirited cypherpunks were to write some non-crypto-related software, say a simple PD game, hide PGP in it, and put it up on all the online services. The program could have a hidden bit of code, that when given the proper password, would desteg and decrypt PGP. Something with lots of graphic images, large mazes, or other large files would work well. It'd probably take a while before the net.cops figured out what was going on, and by the time anyone tried to squish it, the program would (hopefully) have been handed down enough times that it'd be impossible to trace it back to the original author. Plus you'd have thousands of people uploading it all over without even realizing what they had. Any takers? :) From norm at netcom.com Sun Apr 10 16:03:04 1994 From: norm at netcom.com (Norman Hardy) Date: Sun, 10 Apr 94 16:03:04 PDT Subject: Zero Knowledge, Hamiltonian Cycles, and Passwords Message-ID: <199404102304.QAA06610@mail.netcom.com> Page 85 in Schneier's "Applied Cryptography" begins a good introduction to zero knowledge proofs and such. From tmp at netcom.com Sun Apr 10 16:06:17 1994 From: tmp at netcom.com (tmp at netcom.com) Date: Sun, 10 Apr 94 16:06:17 PDT Subject: Pseudonyms and Reputations In-Reply-To: <199404080520.WAA26732@jobe.shell.portal.com> Message-ID: <199404102307.QAA27119@netcom9.netcom.com> hal finney had very interesting comments about pseudonyms and reputations. one of the most important notes about the chaumian systems he indicates is that it would be possible to have forums where pseudonymity is limited (one pseudonym per user) but at the same time the anonymity of participants is protected. this seems like a reasonable compromise between the extreme on one hand, `no one should be accountable for anything in cyberspace' and on the other hand `people should be accountable for everything in cyberspace'. it does appear that in a completely unaccountable system, i.e. where pseudonyms are cheaply obtained and accrue bad reptation without any consequence, `cryptochaos' can ensue. it is quite possible to have the equivalent of `floodbots' to mailing lists, and i'm really quite astonished that the only solution that anyone has developed so far is completly untechnological and IMHO backward: yelling at a site administrator. in fact, it seems to me the mechanisms for social interaction are most rapidly evolving on IRC, where there are all kinds of sophisticated rules regarding operators who have control over channels, to boot out participants, `ban' them, and the way that people `ignore' each other, etc.-- isn't it rather remarkable that no widely distributed mailing list software has any of these very basic mechanisms? i was just on IRC and i don't know how many people have noticed that (forgive me if it has been pointed out before) but a very interesting early incarnation of a positive and negative reputation has already been implemented by somebody's `commbot' program. it functions as a database of reputations of IRC nyms. here are some of the rules (ugh, can't they come up with a less offensive term for negative reputation?) anyway, i will be very interested to watch the evolution of reputation systems on the internet. =CommBot= =CommBot= Levels are used to determine which users can make me do what. =CommBot= The most important use of the levels are: =CommBot= userlevel >= 50 : user will be made channel operator by me =CommBot= userlevel >= 100 : user may modify user/shit/prot lists =CommBot= userlevel >= 125 : The user may use certain "special" commands. =CommBot= userlevel >= 150 : user may use all my functions =CommBot= shitlevel >= 50 : user won't be opped, and cannot modify =CommBot= : the various list, regardless of the userlevel. =CommBot= : I also will not allow this user to be opped by =CommBot= : someone else =CommBot= shitlevel >= 100 : user will be kicked and banned when the =CommBot= : channel is joined =CommBot= protlevel == 100 : I will not massdeop or masskick these users. =CommBot= : if a user with level 100 is deopped, I will reop +him/her =CommBot= =CommBot= SEE ALSO: WHOAMI, WHOIS, NWHOIS, USERADD, =CommBot= SHITADD, PROTADD, getting_access =CommBot= From pkm at maths.uq.oz.au Sun Apr 10 16:08:28 1994 From: pkm at maths.uq.oz.au (Peter Murphy) Date: Sun, 10 Apr 94 16:08:28 PDT Subject: No Subject Message-ID: <9404102308.AA04678@axiom.maths.uq.oz.au> I found Timothy May's post on Hamiltonian cycles in graphs very in- teresting. However, my main reason is due to the relevance between this subject and the P - NP problem. Although I am familiar with the practical aspect of this terminology (through my numerical mathematics subjects), I am a bit hazy on the "pure", theoretical side. Does anyone have any references on this matter. I am especially interested in the "P=NP?" problem. Thanks. Peter Murphy. From hfinney at shell.portal.com Sun Apr 10 16:25:04 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 10 Apr 94 16:25:04 PDT Subject: Pseudonyms and Reputations Message-ID: <199404102325.QAA05548@jobe.shell.portal.com> From: Blanc Weber > I'm sure I don't understand, said Alice in Wonderland: cryptology is > to create anonymity sufficient to prevent the identification of a > person; however, it is desireable to have a method/means of verifying > identity such that in games or digicash or whatnot, someone cannot take > advantage of that ability to obfuscate precise references to themselves. > > How could these two opposing needs be simultaneously satisfied? It > sounds like a self-defeating proposition. > > Blanc You don't try to satisfy these simultaneously. Rather, one or the other goal is achieved by the participants voluntarily participating in a protocol. In some contexts, absolute anonymity is desired and achieved. In others, the participants agree to some restrictions on their anonymity in order to allow various kinds of agreements. I may not be willing to loan you money if you are totally anonymous; on the other hand, I might be able to loan it to you if your anonymity would be broken only if you didn't pay it back, for example. If you didn't want to take the chance on breaking your anony- mity, you wouldn't have to. You would just choose not to play my game. The point of a lot of this work with pseudonyms and credentials and such is to create a lot of different possible options along the scale between perfect anonymity and perfect identification. That way people will be able to trade off their various requirements and come as close as possible to their ideal position. Hal From hfinney at shell.portal.com Sun Apr 10 16:31:52 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 10 Apr 94 16:31:52 PDT Subject: Zero Knowledge, Hamiltonian Cycles, and Passwords Message-ID: <199404102332.QAA06039@jobe.shell.portal.com> From: tcmay at netcom.com (Timothy C. May) > And yet suppose Alice shows you one. In a textbook, for example. How > did she "find" it? She likely didn't. Rather, she took 50 nodes, drew > a path visiting each node once, stored this as her 'Hamiltonian cycle' > and then proceeded to draw in 50 or 70 or whatever "other links," > which are "ringers," as it were (that is, they are never part of the > Hamiltonian she "constructed"). > > The resulting complete graph--50 nodes with maybe 100 or 500 or whatever > links--only she knows a valid Hamiltonian cycle for (there may be > others, which neither she nor anyone else will ever find). I think something like this may be the idea behind "obfuscated computing," which Mike Duvos was writing about here a little while back. The idea is that you do this trick not just with a graph, but with a boolean circuit composed of and, or, not gates, etc. Take your algorithm and express it as such a circuit, then obfuscate it by drawing in extra gates, connections, etc. The resulting circuit has your original circuit embedded in it, but figuring out what the total circuit does can be computationally intractable. Someone could build or emulate this circuit and get a result, but they would not be able to figure out exactly what formula they were computing. I'm not 100% certain that this technique is used, but Tim's posting reminded me that I had read something about this several years ago, and this is how I remember it. Hal From tmp at netcom.com Sun Apr 10 17:36:33 1994 From: tmp at netcom.com (tmp at netcom.com) Date: Sun, 10 Apr 94 17:36:33 PDT Subject: identity, privacy, & anonymity in cyberspace Message-ID: <199404110037.RAA07344@netcom9.netcom.com> hal finney recently wrote an interesting message taking the position that cypherpunk aims are not so much to pursue total anonymity but to promote systems with a variety of degrees in identity and pseudonymity so that the appropriate level can be achieved in various settings. (for example, borrowing money seems to require that one sacrifice some degree of anonymity and privacy). below is a message i have taken to represent the cypherpunk position from hal finney. this came from chaos.bsu.edu, a fun gopher server with a lot of cypherpunk position papers (i assume they are representative). in it, hal argues against identifying anonymous messages, saying that it would mark them with a `scarlet a' and relegate them to the `ghetto'. his recent comments seem more accommodating and less extremist. >The level of anarchy will >inevitably increase as larger numbers of people acquire net access. it seems to me that the cypherpunks already have a name for the kind of anarchy that can happen when somebody uses pseudonyms to harass and cause trouble. that word is `detweiler'. do you really know what `anarchy' is, cypherpunks? as the old parable goes, be careful what you wish for, you might get it. hal argues below that `you already know nothing about the people you interact with on the net' and that `anonymous remailers introduce no more problems than are already present on the net'. these seem to me to be flawed arguments. here's why. first of all, everyone has the experience of going to a party and knowing nobody there. but the fun of the party is learning about the people who are there! do we really want an online environment where identity is as transitory as a nym on IRC? it seems that what everyone is craving behind the banging on the keyboard is what has been called active, human `interconnection' to contrast it to `interaction' with a computer alone (still generally considered an inanimate object). if we want communities, the places we like to live in, it seems that identity is intrinsic to them. next, `anonymous remailers do not introduce any problems beyond those that already exist'-- aren't we trying to *solve* the problems associated with building an online community, our civilizations in cyberspace? it seems to me that if cypherpunks want the rest of the world to adhere to their ideas, they have to show how they are *superior* to those already present, and how they *solve* nagging problems. yes, remailers solve the problem of trying to post messages without identity, but are we sure this is a `problem' we want to `solve'? for example, hal notes that some system operators completely ignore complaints on the net. but do we really want a community of system operators that simply throw any feedback to /dev/null? what about when someone is mailbombing Usenet from a site? isn't what we *really* want a more basic definition of what is allowed and what is not? besides, under the cypherpunk vision, operators would never censor a user for postings-- but is it the case that all cypherpunks can say they have never tried to censor anyone by notes to sysadmins, i.e. of detweiler? regarding the pseudonymity issue, it seems to me a more basic, fundamental design goal might be this: we wish to make sure that people do not use sensitive private information against us. it is not a problem for our friends to know this information-- in fact it is critical that they do (friendship is based on identity!). the cypherpunk vision seems to split the world into two groups: those people i trust (my friends) and everyone else (whom i completely distrust with intense paranoia). this is a very xenophobic and chauvinistic philosophy at heart. hal argues below that there is `no line dividing the clean from the unclean' (real name vs. pseudonymous vs. anonymous etc.). to the contrary it seems to me to be the case that either `i know who you are' or i don't. what does it mean for me to `know who you are'? i admit there is no basic definition, but it does seem to me that should not prevent us from trying to find one. for example, it seems to me you cypherpunks have a very important agenda, but you seem to be extremists. the important goal is `defining what privacy really means' and cypherpunks seem to take the position, `it means that nobody knows anything about me'. our society simply cannot function under this constraint. if i wish to `interconnect', identity is necessary to minimize risk to the people i `interconnect' with. so what the cypherpunks might consider is a less extremist elucidation of what `privacy' means. for example, cypherpunks, what information should a bank be allowed to have on you when you go in to request a loan? what should companies be allowed to do with credit histories, and what rights does the individual have to influence them? if you continue to insist that `nobody should know who i am' i fear you will be bypassed by more sophisticated groups that have a less polarized view of issues of identity and privacy. and it will ultimately be the least controversial proposals that will shape the future we live in. the recent hal finney message as well as recent considerations of `morality' on the list (albeit quizzical) suggest to me you might be open to a more conciliatory, less dogmatic position on these immensely important issues. i am going to sign off for awhile in an attempt to advance some new meaningful projects (such as set up a gopher server), but i thank you for your stimulating conversations and email, and i apologize to anyone i have ever offended (send me mail if you feel i have personally left something unresolved). hal finney's message follows. pseudonymously yours, --tmp -----BEGIN PGP SIGNED MESSAGE----- I sent mail to Cypherpunks on this a couple of days ago, but it never appeared. There is a problem with the notion that all "anonymous" remailers and news-posting services should label their messages as anonymous so that users can decide whether to read them or not. This approach abandons one of the strongest arguments in favor of anonymous remailers, which is that the net is inherently an anonymous environment. Especially as more public access Unix systems, BBS systems, and so on become part of the net, we are going to see less and less of the strict controls on identity which were possible when the net was restricted to a few government labs and large universities. The level of anarchy will inevitably increase as larger numbers of people acquire net access. Unless massive and universal authentication efforts are undertaken, it is going to be more and more the case that you will know little about the true identity of a poster. Because of this, those who object to having to read the words of an "anonymous" poster are taking an untenable position. They are already reading words of people about whom they know no more than they would about an anonymous poster. And the argument that "non-anonymous" posters are subject to a form of discipline not available to anonymous posters - messages to the system operator - is clearly falsified by the existance of many sysops who care nothing about complaints. As more and more people run their own machines with net access, these cases will only increase. In short, we anonymous remailer operators have every right to be part of the net. We introduce no more problems than are already happening and will continue to occur as the net grows and becomes more universal. The resistance we've seen is from old-time sysops who are unable to adjust to a changing network environment. Rather than placating obsolete beliefs about network identity by agreeing to mark our messages with the scarlett letter A for anonymity, by accepting that we deserve to be in a ghetto set aside for inferior posts, I feel that we should challenge the net with messages that blur the distinction between anonymous and authenticated posts. The sooner people realize that there is no line that divides the clean from the unclean, the sooner anonymity will be widely accepted on the net. Hal Finney 74076.1041 at compuserve.com -----BEGIN PGP SIGNATURE----- Version: 2.1 iQCVAgUBK7S2oqgTA69YIUw3AQEfagP8DlzINcvUDn7jc351S+hHTBz5NtB3RbRC l+0rgltFcn6QxWaE0GsWFcOa6RcPOe1DOTlwiJejiT6MbnfuDopbUoS98bCiIzLE 0Q2ZVhtsfLs5zFdUj08bRzzU7zyuzSmNoSsCx01O6OiGZB/zs0PEnx/0XqRtXFD2 RM1YTCPIF7Y= =0zw5 -----END PGP SIGNATURE----- From frissell at panix.com Sun Apr 10 17:38:52 1994 From: frissell at panix.com (Duncan Frissell) Date: Sun, 10 Apr 94 17:38:52 PDT Subject: MacPGP and AOL In-Reply-To: <9404102145.AA02362@pilot.njin.net> Message-ID: On Sun, 10 Apr 1994, Frederic Halper wrote: > AOL will not allow me to upload MacPGP on the basis that there is a > court case pending against the author, and therefore it should not be allowed. There is no "court case pending against Phil Zimmerman." Neither he nor his legal counsel have been notified of any action against him. He has not been named publically in any official papers. He has not been subpoenaed. There *is* an insvestigation of how PGP was exported (nothing about its *creation*). Two firms have testified before a Grand Jury. DCF From tcmay at netcom.com Sun Apr 10 18:10:09 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 10 Apr 94 18:10:09 PDT Subject: Zero Knowledge, Hamiltonian Cycles, and Passwords In-Reply-To: <199404102332.QAA06039@jobe.shell.portal.com> Message-ID: <199404110111.SAA24584@mail.netcom.com> Hal Finney writes: > I think something like this may be the idea behind "obfuscated computing," > which Mike Duvos was writing about here a little while back. The idea is > that you do this trick not just with a graph, but with a boolean circuit > composed of and, or, not gates, etc. Take your algorithm and express it as > such a circuit, then obfuscate it by drawing in extra gates, connections, ... > I'm not 100% certain that this technique is used, but Tim's posting reminded > me that I had read something about this several years ago, and this is how > I remember it. Yeah, sounds like a possibility, but we never got a fuller explanation from Mike, so it's hard to tell. I'm a bit skeptical, but it could just be that I haven't worked things out to my own satisfaction. Compared to the Hamiltonian cycle, at least. But a wide class of problems are essentially equivalent to the Hamiltonian cycle problem, as Hal and many others are well aware of (that's what "NP-complete" means...solve one of 'em and you've basically solved 'em _all_). Circuits, satisfiability of constraints, etc., are one such NP-complete problem, so it's _conceivable_ the "obfuscation compiler" works this way, if it is not urban legend. Someone asked where to read more on this stuff. As Norm Hardy noted, Bruce Schneier's book has a section on it. On NP-completeness in general, Garey and Johnson's "Computers and Intractability: A Guide to the Theory of NP-Completeness," 1979, is the standard reference. More readable accounts may be found elsewhere. I especially like Harel's "Algorithmics: The Spirit of Computing." Also, a few folks have asked me to send them my article on zero knowledge I posted in 1992 to this List. I will dig this (or maybe "these") up from my mail archives and post them here. In my not-so-humble opinion, the "juicy" stuff is sometimes not discussed here very often because too few folks are reading the background material enough to contribute. (I'm guilty of this, too, so I'm not throwing stones...). We end up in banal--and repetitive--debates about the NSA, about TEMPEST (it's about time for a new thread on this :-} ), and about things like that. Ray Cromwell wrote a very long, detailed, and important artcle on remailers which has not been discussed nearly enough. Black Unicorn wrote a long piece on legal and social implications, which has also been discussed little. And of course Hal Finney has written many long pieces on important topics. I urge you all to become knowledgeable about some aspect of our many-fold interests and then to write articles educating the rest of us. And respond to what others have written. Off my soapbox now. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From upham at cs.ubc.ca Sun Apr 10 18:16:13 1994 From: upham at cs.ubc.ca (Derek Upham) Date: Sun, 10 Apr 94 18:16:13 PDT Subject: Zero Knowledge, Hamiltonian Cycles, and Passwords Message-ID: <199404110115.AA23628@grolsch.cs.ubc.ca> > A potential use for such systems is for passwords--one can prove one > has the knowledge without actually producing it (by typing in a > password, for example). I don't know that anyone is actually > exploring this application, yet, but I expect it'll come. Look at "Strongbox: A System for Self-Securing Programs" by J. D. Tygar and B. S. Yee in the "CMU Computer Science 25th Anniversary Commemorative" proceedings (from 1991). As the paper describes: ``Strongbox uses an authentication protocol derived from Rabin's observation about the square root operation: if one can extract square roots modulo n where n=p*q , p and q primes, then one can factor n . [That should be `if and only if', i.e., finding the square roots is too hard unless you created n in the first place.] Both our protocol and FFS are *zero-knowledge authentication protocols_* [. . .] And in contrast to Needham and Schroeder's authentication protocol, zero-knowledge authentication protocols require no central authentication server and thus there is no single point of failure that would cripple the entire system.'' In addition to zero-knowledge authentication, the paper provides an algorithm for the secure exchange of sessional symmetric encryption keys, and ways of combining authentication and key-exchange steps. I managed to get the key-exchange working some months back (in C++, using GMP to handle the number-crunching), but it was hampered by my incredibly slow 386 on one side and odd bugs in the Sun4 environment on the other. Contact me if you want to hack around on it. I also know where to find unreleased GMP 1.9 sources for some additional, probably more reliable, functions for calculating the Legendre symbol (which the whole system depends upon). Derek From cfrye at mason1.gmu.edu Sun Apr 10 18:16:45 1994 From: cfrye at mason1.gmu.edu (Curtis D Frye) Date: Sun, 10 Apr 94 18:16:45 PDT Subject: Zero Knowledge, Hamiltonian Cycles, and Passwords Message-ID: <9404110116.AA04293@mason1.gmu.edu> Tim- I'd be interested in seeing your previous posts on this subject. Curt From cheney at hurricane.seas.ucla.edu Sun Apr 10 18:26:42 1994 From: cheney at hurricane.seas.ucla.edu (cheney at hurricane.seas.ucla.edu) Date: Sun, 10 Apr 94 18:26:42 PDT Subject: talk encryption Message-ID: <9404110126.AA05655@hurricane.seas.ucla.edu> Hi. I was told I could ask you about an encryption system for the unix "talk". Do you know where I might find one? Thanks in advance, -mike From unicorn at access.digex.net Sun Apr 10 18:26:53 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 10 Apr 94 18:26:53 PDT Subject: Day-One trailer Message-ID: <199404110126.AA29801@access1.digex.net> Monday the 11th on Day One: Have we taken a wrong turn on the information superhighway? Looks like they are going to look into porn on the nets with a real bias media eye. I don't give day one much credit either.... -uni- (Dark) From 68954 at brahms.udel.edu Sun Apr 10 18:34:37 1994 From: 68954 at brahms.udel.edu (Grand Epopt Feotus) Date: Sun, 10 Apr 94 18:34:37 PDT Subject: fermats theorem. possible urban legend Message-ID: While ona BBS someone brought up something about Fermat's Last THerorem being proven and that renders all crypto broken. After trying to figure out what the hell this person was talking about I figured that he apparently believes that all encyptian schemes are based on large numbers, and since Fermats Theoremn is something like proving that youca find the solution for a^n + b^n = c^n that all of the codes are broken. Now please dont mistake me for someone who has fallen for this, but I am just wondering what the hell this guy is talking about? You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary---- From wcs at anchor.ho.att.com Sun Apr 10 18:35:11 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 10 Apr 94 18:35:11 PDT Subject: bumperstickers Message-ID: <9404110134.AA06484@anchor.ho.att.com> > They can have my crypto when they pry it from my cold, dead, keyboard. Or when they listen to the electromagnetic emanations from your live non-TEMPEST keyboard :-) From jeremy at crl.com Sun Apr 10 18:46:40 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Sun, 10 Apr 94 18:46:40 PDT Subject: Prime Numbers Message-ID: I found something interesting that I have not proven, but it has not failed yet: The integer N is prime if: 2^N - 2 --------- N is an integer. Don't ask how I found it, I was just fooling around. Now: Is there some way to reverse the formula so we can insert and integer and get a prime number out? Let me know, I am over excited. _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From phantom at u.washington.edu Sun Apr 10 18:47:39 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Sun, 10 Apr 94 18:47:39 PDT Subject: TCMay's posting on zero knowledge, last year Message-ID: Here's what I grabbed from the list last time this came up.. By the way, this is one of the documents I have up for viewing via www (see .sig). mt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu Date: Wed Apr 7 21:42:08 1993 From: tcmay at netcom.com (Timothy C. May) Subject: MATH: Zero Knowledge Proofs [Since this should also be of interest to the Cypherpunks list, which Ray is/was subscribed to, I am posting this essay to that list.] Ray Cromwell writes: > Could someone explain zero knowledge proofs and give me an example. I >have taken number theory and abstract algebra so feel free to use equations. > >(I know that zero knowledge proofs are a way of certifying something without >revealing the information you are certifying, but I want to know how they >work mathematically) Zero knowledge interactive proof systems ("ZKIPS") are sometimes called "minimum disclosure proofs" (with some subtle differences) and are exciting and mysterious (at first) methods that lie at the heart of modern cryptology. Here's a simple explanation. Too bad we don't have a blackboard! ALICE AND BOB (some people call them Peggy the Prover and Vic the Verifier) Alice wishes to prove to Bob that she knows some item of knowledge without actually giving Bob any of that knowledge. Let us first imagine that Alice claims she knows a "Hamiltonian cycle" on a particular graph. (For a given set of nodes and arcs linking some of those nodes, a Hamiltonian cycle is one which passes through each node once and only once. You might want to draw some graphs on a sheet of paper and try to find a Hamiltonian cycle for the graphs, to get a feel for the problem.) The particular graph may be "registered" somewhere with Alice's claim that she--and only she, for reasons I'll discuss at the end--knows a Hamiltonian cycle for the graph. In a sense, this is her "proof of identity." To make this example concrete, Alice is using this piece of knowledge as her *password* to get into some system. She presents a map of 50 cities and some set of highways interconnecting them and says "I am who I say I am if and only if I know a Hamiltonian cycle for this graph." The conventional (non zero knowledge) way to convey this knowledge is for Alice to simply *show* the Hamiltonian cycle to Bob. This is how passwords are currently handled. Bob, and anybody else who is spying on the exchange, then knows the "secret," which isn't a secret anymore. (Anybody who saw the exchange, including Sysadmin Bob, could then impersonate her.) ENTER ZERO KNOWLEDGE Alice, instead of showing Bob the Hamiltonian cycle, takes the cities and covers them with something, say, coins. (On a computer, this is all done in software, using the cryptographic protocol called "bit commitment.") Alice scrambles the position of the cities (covered by coins) so as not to allow positional cues. (Most of the 50 cities should have about the same number, ideally exactly the same number, of links to other cities, to ensure that some cities are not "marked" by having some unique number of links. A detail.) Needless to say, she scrambles the cities out of sight of Bob, so he can't figure out which cities are which. However, once she's done with the scrambling, she displays the cities in such a way that she can't *later change*..i.e., she "commits" to the values, using well-known cryptographic methods for this. (If this sounds mysterious, read up on it. It's how "mental poker" and other crypto protocols are handled.) Bob sees 50 cities with links to other cities, but he doesn't have any way of knowing which of the covered cities are which. Nor, I should add, are the links labelled in any way--it wouldn't do to have some links permanently labelled "Route 66" or "Highway 101"! She says to Bob: "Pick one choice. Either you can see a Hamiltonian cycle for this set of covered cities and links, or you can see the cities uncovered." In other words, "Alice cuts, Bob chooses." Bob tosses a coin or chooses randomly somehow and says: "Show me the cities." Alice uncovers all the cities and Bob examines the graph. He sees that Akron is indeed connected to Boise, to Chicago, to Denver, not to Erie, and so on. In short, he confirms that Alice has shown him the original graph. No substitution of another graph was made. Bob, who is suspicious that this person is really who she claims to be, says to Alice: "Ok, big deal! So you anticipated I was going to ask you to show me the cities. Anybody could have gotten Alice's publicly registered graph and just shown it to me. You had a 50-50 chance of guessing which choice I'd make." Alice smugly says to him: "Fine, let's do it again." She scrambles the cities (which are covered) and displays the graph to Bob...50 covered cities and various links between them. She tells Bob to choose again. This time Bob says: "Show me the Hamiltonian cycle." Without uncovering the cities (which would give the secret away, of course), Alice connects the cities together in a legal Hamiltonian cycle. Bob says, "OK, so this time you figured I was going to ask you the opposite of what I did last time and you just substituted some other graph that you happened to know the Hamiltonian cycle of. I have no guarantee the graphs are really the same." Alice, who knows this is just the beginning, says: "Let's do the next round." ...and so it goes.... After 30 rounds, Alice has either produced a legal Hamiltonian cycle or a graph that is the same as (isomorphic to...same cities linked to same other cities) the registered graph in each and every one of the rounds. There are two possibilities: 1. She's an imposter and has guessed correctly *each time* which choice Bob will make, thus allowing her to substitute either another graph altogether (for when Bob wants to see the Hamiltonian cycle) or just the original graph (for when Bob asks to see the cities uncovered to confirm it's the real graph). Remember, if Alice guesses wrong even once, she's caught red-handed. 2. She really is who she claims to be and she really does know a Hamiltonian cycle of the specified graph. The odds of #1 being true drop rapidly as the number of rounds are increased, and after 30 rounds, are only 1 in 2^30, or 1 in a billion. Bob choose to believe that Alice knows the solution. Alice has conveyed to Bob proof that she is in possession of some knowledge without actually revealing any knowledge at all! The proof is "probabilistic." This is the essence of a zero knowledge proof. There's more to it than just this example, of course, but this is the basic idea. SOME DETAILS 1. Could someone else discover the Hamiltonian cycle of Alice's graph? Exhaustive search is the only way to guarantee a solution will be found--the Hamiltonian cycle problem is a famous "NP-complete" combinatorial problem. This is intractable for reasonable numbers of nodes. 50 nodes is intractable. 2. If finding a Hamiltonian cycle is intractable, how the hell did Alice ever find one? She didn't *have* to find one! She started with 50 cities, quickly connected them so that the path went through each city only once and then wrote this path down as her "secret" solution. Then she went back and added the other randomly chosen interconnects to make the complete graph. For this graph, she obviously knows a Hamiltonian cycle, *by construction*. 3. Can Bob reconstruct what the Hamilonian cycle must be by asking for enough rounds to be done? Not generally. Read the papers for details on this, which gets deeply into under what circumstance partial knowledge of the solution gives away the complete solution. 4. Are there other problems that can be used in this same way? Yes, there are many forms. I find the Hamiltonian cycle explanation quite easy to explain to people. (Though usually I can draw pictures, which helps a lot.) 5. How general is the "zero knowledge interactive proof" approach? Anything provable in formal logic is provable in zero knowledge, saith the mathematicians and crypto gurus. Check out the various "Crypto Conference" Proceedings. Hope this helps. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From rarachel at prism.poly.edu Sun Apr 10 19:03:09 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 10 Apr 94 19:03:09 PDT Subject: New stego prog was "A possibility" Message-ID: <9404110151.AA19349@prism.poly.edu> Hey guys, I'm in the final throes of applying some cleaning up on a bit of code I wrote a couple of years ago. I'm wondering what would be some good sites to FTP this to? (I'd like to just post it up on here, but since there are non-USA residents on this list, I don't need the NSA to come on knocking on my door as I've bigger things to worry about (like bills, graduating, etc.) Anyhow, a bit about this code: This is a program called White Noise Storm which I wrote out of an inspiration flash (and subsequently the reason I joined this list.) I had left this project to rot until recently when my school finally offered a crypto class, and decided on making this my project. Unfortunatly disaster struck and I had lost the final version of this program a few months ago, having only a buggy, unfinished backup. Suffice to say, I spent all last night infront of my 486 and resurected WNSTORM from the dead, and in doing so added some features which make it a useful program. Someone from MicroSoft had a similar idea, so I thought I'd go public with it before WNSTORM vanished totally. :-) So Ophir Ronen (Rho) , here it comes. :-) A brief description of this program is basically an cypher box that takes in a password, a stream of random numbers, a plaintext file, and a window size specification (more on this later.) The program takes in one byte of plaintext, several bytes of random numbers (called a window) of varying size, and then takes an encrypted copy of the plaintext byte and spreads its bits across the random number window. The actual bits and bytes that get replaced in this window depends on the passkey and the previous window. The great and obvious disadvantage to WNSTORM is that the size of the cypher text is several times larger than the plaintext. Another is that this is a private key system, but that's not quite as large a sore point. However, by replacing the random number stream with the low bits of a sound, picture, movie or other noisy data, inserting the plaintext into this noise with WNSTORM, and re-injecting the low bits back into the picture gives us the possibility of an excellent stego system! WNSTORM will also try and statistically fix the bits it changes so that the outgoing cyphertext matches the incoming random noise stream statistically, making a stego sniffer's job much harder... Anyhow since I'll need to clean up both source code and documentation, I thought I'd take this opportunity and announce the program. Oh and Tim, this is what I was talking to you about a long time ago and kept secret. :-) From banisar at washofc.cpsr.org Sun Apr 10 19:36:45 1994 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Sun, 10 Apr 94 19:36:45 PDT Subject: Another Anti-Clipper Resolution Message-ID: <9404102237.AA23487@Hacker2.cpsr.digex.net> I found this on the Public_Keys forum on Fidonet.. -dave Subject: Clipper/Telephony Big Bro Resolution To: All From: David Treibs Date: 3/26/94 6:07:02 PM ------------------------------------------- The following was passed as a resolution for the Republican convention in Senatorial District 19 of Uvalde county, Texas. I will attempt to get it adopted at the state level also. ENCRYPTION/GOVERNMENT MONITORING (BIG BROTHER IS WATCHING YOU) Whereas, government is increasingly intruding into the private matters of its citizens, And, an example of this intrusion is Clinton's Clipper/Skipjack encryption chip, which would allow the government easy access to all private and corporate electronic communications by telephone, computer, etc., And, a further example is the government's push to force all communications providers to leave a "back door" through which the government could easily monitor all communications, And, it is a trait only of despotic governments to scrutinize the private communications of its citizens, Resolved, we urge that the Clipper/Skipjack scheme be dropped and the Digital Telephony Act killed, that private communications and encryption be allowed to flourish without government "back doors," and we urge our government to give up the idea that we the people are guilty of something and must be monitored. --- Maximus/2 2.01wb * Origin: Frank's Station (1:19/148) From jim at bilbo.suite.com Sun Apr 10 19:49:27 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Sun, 10 Apr 94 19:49:27 PDT Subject: identity, privacy, & anonymity in cyberspace Message-ID: <9404110242.AA04774@bilbo.suite.com> tmp at netcom.com writes/asks: > yes, remailers solve the problem of trying to post > messages without identity, but are we sure this is a > `problem' we want to `solve'? If this problem is not solved then all posts must contain a reference to the poster's true identity. Is that what you want, tmp at netcom.com? How would it be enforced? Government approved public-key pairs issued at birth? Random identity checkpoints on the Infobahn? A ban on all un-approved cryptography? Peer pressure? > hal argues below that there is `no line dividing the clean > from the unclean' (real name vs. pseudonymous vs. > anonymous etc.). to the contrary it seems to me to be the > case that either `i know who you are' or i don't. what does > it mean for me to `know who you are'? i admit there is no > basic definition, but it does seem to me that should not > prevent us from trying to find one. Instead of asking "who are you?", ask "what are you like?". I don't usually need to know who you are, but in certain contexts it is important to know what you are like. Further, I don't need to know what you are like in all contexts. Identity-based systems approach the "what are you like" question by demanding to know "who you are", and then determining "what you are like" by accessing various and sundry databases. These various and sundry databases are rapidly condensing into a few logical mega-databases. The problem with identity-based systems in which everyone has only a single identity is that it soon becomes very easy for someone to learn more about you than is necessary or desirable. Cross-referencing is the root of all evil! :-) I think much of the technology advocated on this mailing list can enable people to answer the important "what are you like" questions without creating systems that can also be used to pry into your entire life history. > the important goal is `defining what privacy really > means' I agree it is an important goal. > and cypherpunks seem to take the position, `it > means that nobody knows anything about me'. I disagree. I think cypherpunks want to retain (or re-acquire) the ability to control who knows what about them and when and under what contexts. This is a bit different from "nobody knows anything about me". However, I can't speak for all cypherpunks. > our society simply cannot function under this constraint. If by "our society" you mean the society in which we currently live, I'd have to agree. That does *not* mean I believe all possible societies become impossible under this constraint. Actually, I believe "under this constraint" is a strawman (see previous paragraph). > if you continue to insist that `nobody should know who i > am' i fear you will be bypassed by more sophisticated [?] > groups that have a less polarized view of issues of > identity and privacy. and it will ultimately be the least > controversial proposals that will shape the future we > live in. Being a pessimist, I'll have to agree with you here, although for slightly different reasons. I believe that as long as there are income and property taxes, the government will find ways to justify prying into our personal lives. Jim_Miller at suite.com From rjc at gnu.ai.mit.edu Sun Apr 10 19:53:56 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Sun, 10 Apr 94 19:53:56 PDT Subject: Prime Numbers Message-ID: <9404110253.AA12284@geech.gnu.ai.mit.edu> Jeremy Cooper writes: > I found something interesting that I have not proven, but it has not > failed yet: > The integer N is prime if: > 2^N - 2 > --------- > N is an integer. This is fermat's little theorem. What you have written basically says 2^N - 2 = 0 (mod N) or 2^(N-1) = 1 (mod N). Note, the converse doesn't apply. If (2^N-2)/N is an integer, N isn't neccessarily prime. For example, take N=561=(3*11*37) For extra credit, prove your hypothesis. ;-) -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From karn at qualcomm.com Sun Apr 10 20:37:23 1994 From: karn at qualcomm.com (Phil Karn) Date: Sun, 10 Apr 94 20:37:23 PDT Subject: Prime Numbers In-Reply-To: Message-ID: <199404110337.UAA02462@servo.qualcomm.com> >I found something interesting that I have not proven, but it has not >failed yet: >The integer N is prime if: > 2^N - 2 > --------- > N is an integer. You seem to have rediscovered Fermat's Little Theorem, or something very much like it. See page 203 of Schneier, which says: If m is a prime, and a is not a multiple of m, then Fermat's Little Theorem says a^(m-1) [is congruent to] 1 (mod m) This seems to be the basis of most of the primality testing algorithms I've been studying lately. For example, the FermatTest() function in RSAREF computes 2^a mod a and compares the result to 2. This is done only if the candidate prime has already been verified not to be a multiple of 3, 5, 7 or 11. PGP works a little harder. After verifying that the candidate prime is not divisible by primes up into the 4-digit range (using a lookup table the size of which is a compile-time option), it computes Fermat's formula up to four times using the values 2, 3, 5 and 7 for 'a'. The PGP source contains a comment that the Fermat test is much more than 50% effective at detecting composites, but gives no actual figures. Can anyone comment on this? I'm currently interested in prime generation because I'm working on a Diffie-Hellman based IP security protocol (using RSAREF). As long as the DH modulus is well chosen it can be relatively static and shared by many people. Therefore I don't mind spending quite a bit of CPU time on this if necessary to do a good job. As I understand Brian LaMacchia's 1991 results on the discrete log problem (see http://martigny.ai.mit.edu/~bal/field.ps), the prime modulus p used with Diffie-Hellman should be well above 512 bits long (I'm currently planning 1024) and (p-1)/2 should also be prime. Anybody know of any more recent results? Phil From cvoid at netcom.com Sun Apr 10 20:54:51 1994 From: cvoid at netcom.com (Christian Void) Date: Sun, 10 Apr 94 20:54:51 PDT Subject: T-Shirt Shipping Status Message-ID: Most of the shirts have shipped, with the exception of orders containing sizes over XXL. There was a probably with the larger sizes, which has been resolved. Those orders (the last remaining) will be shipped out sometime this week. I apologize for any delays, and the time it took to get this together. It turned out to be a bigger project than originally anticipated. It's too bad I can script a packaging algorithm to handle this, but that's real-life for you. :) If anyone has any questions, comments, gripes, flames, etc, mail me. Christian Void /T71 | "I don't like it, and I'm sorry I | V/M/Research, Inc. cvoid at netcom.com | ever had anything to do with it." | P.O. Box 170213 Tel. 1+415-998-0774 | -Erwin Schrodinger (1887-1961) | SF, CA 94117-0213 * PGP v2.3a Public Key Available Via Finger * From hayden at krypton.mankato.msus.edu Sun Apr 10 21:05:15 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sun, 10 Apr 94 21:05:15 PDT Subject: Clipper's Revenge Message-ID: Ok, this is a 'what if': What if: The government backs down on clipper, agreeing that there will be no escrowing of keys, but says that communications with the government must use Skipjack in order to establish a single encryption scheme for government communications. (this has the benefit of creating a huge userbase, thus establishing it as a standard.) What if: Skipjack, as designed, has a (secret) hole in it that will decrypt ANY communications using it. This means that anybody with the master skeleton key would be able to read Skipjack encrypted information. ========================= If you think about it, the above makes sense. The government wants to spy on the population, but the population can't know about the spying. Thus, they propose escrowing keys, which they know will raise public outrage. They put up a half-hearted fight and then back down, making hte public thinks they've won. In reality, though, Big Borther has won as they have put an compromised algorithm into general use that will allow them to do what they wanted to all along. Granted, they couldn't prosecute cases with evidence from taped Skipjack communications, but as we've seen, wiretaps are used so infrequently that it really isn't relevant. But, as long as they lay low, they can spy on any Skipjacked communications among business and other government agencies. Is the above feasible? ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From jeremy at crl.com Sun Apr 10 21:10:37 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Sun, 10 Apr 94 21:10:37 PDT Subject: Prime Numbers In-Reply-To: <9404110253.AA12284@geech.gnu.ai.mit.edu> Message-ID: I goofed, I was informed that my little formula didn't quite work so well. Partly because my calculator rounded when the numbers got large =( 2^31 for example. _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From greg at ideath.goldenbear.com Sun Apr 10 21:31:27 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sun, 10 Apr 94 21:31:27 PDT Subject: FW: Shot 'Round the World Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Blanc Weber writes: > On the subject of psychological warfare as a method in this privacy > effort, I was pondering: > . the effectiveness of the tactic employed > . the character of the intended recipient of the message > . how it will be interpreted by them > . predicting whether they will care, in the same way as the sender, > about the purpose & content of the message > Since the communication is mostly words framing thoughts and > philosophical arguments, the effects that one can aim for will be > either cognitive or psychological (hopefully achieving both). To aim > for a psychological effect only, is to propose that you know so much > about psychology, that you know precisely what to aim for - in the > minds of all of the recipients, and to expect predictable results. This goes too far; it's possible/reasonable to only suspect that an action will cause a certain effect in a useful segment of the target population. We don't insist on all-or-nothing accuracy in other forms of warfare, why expect it here? > In the attempt to persuade, convince, convert others from their > position which is offensive to one's own, the methods employed are > typically negative: pointing out the adverse consequences, pointing > out what is wrong with what is being done, pointing out how > bad/lousy/wrong/mistaken the offending party is, etc. This doesn't sound like psychological warfare to me - it sounds like some form of discussion. Psychological warfare is about manipulation and FUD (fear, uncertainty, doubt). (For all I know, it's about other stuff, too. Folks with actual training in the field are welcome to correct me.) > What is lacking in the mind of that type of psychological target is a > perspective on what is normal to a regular human being. So how could > positive indicators to the rest of life be given; how could a vision of > what else is true about real people be created, so that the perspective > of those targeted individuals or agencies is offered something better > to think about than the problems created by a few out-of-control types; > so that their outlook on the subjects of their attention (in this case, > the citizens of the US) is not composed only of visions of delinquency > and aberrant behavior? It sounds like your point is "if we're really good and eat our vegetables and clean our rooms, maybe Dad will let us stay up late to watch TV." Well, fuck that. The state is not our parent, and we don't need to demonstrate good behavior to convince it/them that we deserve or can be trusted with strong crypto or untapped phones. > It is a challenge to "maintain one's head while all about one, others > are losing theirs". Yet not only is that what is needed, but the > agencies supposedly charged with our welfare could also use some help > in maintaining *their* rationality. They apparently need some support > to the end of acquiring confidence in our judgement (the rest of us who > are not members of the elite, the chosen few). They are alarmed by the > potential threat of destruction of a system which they prize as the > means to social stability. What would reduce their felt need to cover > the world with wiretraps in order to make sure that they don't miss any > loose cannons out in the mists of the wild electronic atmosphere? What > could provide that sort of reassurance, that everyone is not going to > begin using their liberties in wanton, uninhibited, juvenile ways > against the system or against each other. What could provide evidence > contrary to the agencies' conclusion that non-government employees do > not have what it takes to make rational decisions about the toys & > tools and other devices which they create for their own amusement. No, they do not need our solicitude to bolster their flagging confidence, they need a good kick in the teeth. I suspect that good behavior will only convince them that we're up to something *really* evil that they need more tools/access to discover. [...] > There would be a great benefit to a psychological type of warfare, if > it could achieve points for the potential to normality which exists in > everyone; if it could present evidence to counter the argument that the > individual cannot be trusted, that we need to be saved from each other > (by the intelligence agencies). What could bolster their lack of > confidence in the judgement of the general population, such that the > conclusion made to use the services of these agencies would be proved > unnecessary? There is no rational argument that can force the non-trusting to trust. Attempts to formulate one frequently inspire further mistrust. > This would be demonstrated by the kinds of actions taken by individuals > in response to the threats against their privacy. So .. to demonstrate that we deserve privacy, we should ask politely for it? Bad little girls and boys are to get no dessert? Heck, my dog is smarter than that - she wants to see the treat before she does the trick. I don't even see the treat here (and am uninterested in letting the state teach me any new tricks). > To wage a psychological war is to assume a great responsibility for the > impressions made upon those who will be judging the behavior of their > "charges". Sometimes it's useful to drive opponents into such a frenzy that they're no loger capable of rational thought; it can be dangerous when the frenzied opponent will use the mechanisms of "public safety" to express its frustration. I agree that this sort of project must be undertaken with some care - but the point may be to create a state of irrationality, not a particular rational conclusion. The former is frequently easier and cheaper to create. > The psychological warriors would be taking part in the > creation of a picture of the population, the effects of which would be > a determining factor in the decisions made for future policies. It is > very easy to take exceptional cases and use them as examples upon which > to base techniques implemented for the cause of safety. It could > hardly be expected that a limited few would have the resources to > accomplish the goal for everyone, of saving the image of the individual > against the one-dimensional cyclops (within our own lifetime); it is > questionable whether any individual should associate themselves with > the burden of such a responsibility. Perhaps this discourse about "images" isn't useful, and it's time to talk about capabilities. Individuals have the capability to carry on private conversations whether the state likes it or not. Just as the forces of "public safety" can and will represent themselves as activists, terrorists, and saboteurs in order to infiltrate and influence dissident political groups, members of the public safety forces may be or may become disenchanted with the current regime or political climate and use inside information to embarass or injure the machinery of the state. I don't think Jeff Davis' action was an attempt at discourse but a shot fired across the bow of the ship of state. As such, it does indeed serve the purposes of rational discussion poorly; but it was meant to reach other goals. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLajOb33YhjZY3fMNAQGWMAQArmz5Ue8t8MCy09lM2q2w3QWARhzw1zHl vysopTCHhHh9CYtxJRaMPRsmCXWf4/b8ThEVE30dfVDYA1TeZktxYQCtDzRP7Xg+ wCPlxKGFCnpfaOdjkrq02sl/hMoZgBT89q8Y/rz5DLAcbKFBh/Ei5Pkyl2a5Kst3 mFnc0xpe/Bw= =JQNO -----END PGP SIGNATURE----- From jdblair at nextsrv.cas.muohio.EDU Sun Apr 10 21:52:11 1994 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Sun, 10 Apr 94 21:52:11 PDT Subject: ftp sites for 1984 NSA shirt Message-ID: <9404110454.AA11335@ nextsrv.cas.muohio.EDU > The NSA 1984 shirt is now available at the following ftp sites: ftp.atd.ucar.edu:/pub/Crypto ftp.wimsey.bc.ca:/pub/crypto/shirt It is still available for web surfers at: http://phoenix.aps.muohio.edu/users/jdblair/t-shirt.html Thanks to Mark Henderson and Jonathon Corbett for making the design available. Contact me at: jdblair at nextsrv.cas.muohio.edu if you would like the ordering information again. -john. -------------------------------------------------------------------------- John Blair: voice: (513) 529-4877 PGP public key available upon request. KILL YOUR Privacy in the information age is a right, not a privilage. TELEVISION Information = Power = Control. Fight the centralization of information. From josie at minerva.cis.yale.edu Sun Apr 10 22:24:42 1994 From: josie at minerva.cis.yale.edu (Josephine Sandler) Date: Sun, 10 Apr 94 22:24:42 PDT Subject: No Subject Message-ID: Please take me off your mailing list. Sincerely, josie at minverva.cis.yale.edu From mpd at netcom.com Sun Apr 10 22:40:43 1994 From: mpd at netcom.com (Mike Duvos) Date: Sun, 10 Apr 94 22:40:43 PDT Subject: TCMay's posting on zero knowledge, last year In-Reply-To: Message-ID: <199404110541.WAA27965@mail.netcom.com> Tim writes: > 5. How general is the "zero knowledge interactive proof" approach? > Anything provable in formal logic is provable in zero knowledge, saith the > mathematicians and crypto gurus. Check out the various "Crypto Conference" > Proceedings. Perhaps one could adapt this approach to demonstrate to someone that you know the factors of a certain PGP public key. You blind the factors, commit to the blinded values, and present the product to your opponent. He chooses to have you either factor the product or unblind the modulus. Do this a sufficient number of times and one can be pretty certain the key has been compromised. Of course it would probably be simpler to simply decode a message encrypted with the public key as proof that you are in possession of the factors, but this idea struck me as kind of cute. -- Mike Duvos $ PGP 2.3a Public Key available $ mpd at netcom.com $ via Finger. $ From tcmay at netcom.com Sun Apr 10 22:58:47 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 10 Apr 94 22:58:47 PDT Subject: MATH: Zero Knowledge Proofs Message-ID: <199404110559.WAA29863@mail.netcom.com> [Here is the article on zero knowledge I promised. It was posted to the Cypherpunks list a year ago, on 7 April 1993. There's a great explanation of ZKIPS in terms of "Ali Baba's Cave" that appeared in one of the Crypto Proceedings; I may try to find it and then scan it in. Also, the paper Derek Upham mentioned earlier today was co-authored by Bennett Yee, and I have seen his explanation of ZKIPS posted at least a few times to sci.crypt. Be that as it may, here is _my_ explanation, from a year ago.] Ray Cromwell writes: > Could someone explain zero knowledge proofs and give me an example. I >have taken number theory and abstract algebra so feel free to use equations. > >(I know that zero knowledge proofs are a way of certifying something without >revealing the information you are certifying, but I want to know how they >work mathematically) Zero knowledge interactive proof systems ("ZKIPS") are sometimes called "minimum disclosure proofs" (with some subtle differences) and are exciting and mysterious (at first) methods that lie at the heart of modern cryptology. Here's a simple explanation. Too bad we don't have a blackboard! ALICE AND BOB (some people call them Peggy the Prover and Vic the Verifier) Alice wishes to prove to Bob that she knows some item of knowledge without actually giving Bob any of that knowledge. Let us first imagine that Alice claims she knows a "Hamiltonian cycle" on a particular graph. (For a given set of nodes and arcs linking some of those nodes, a Hamiltonian cycle is one which passes through each node once and only once. You might want to draw some graphs on a sheet of paper and try to find a Hamiltonian cycle for the graphs, to get a feel for the problem.) The particular graph may be "registered" somewhere with Alice's claim that she--and only she, for reasons I'll discuss at the end--knows a Hamiltonian cycle for the graph. In a sense, this is her "proof of identity." To make this example concrete, Alice is using this piece of knowledge as her *password* to get into some system. She presents a map of 50 cities and some set of highways interconnecting them and says "I am who I say I am if and only if I know a Hamiltonian cycle for this graph." The conventional (non zero knowledge) way to convey this knowledge is for Alice to simply *show* the Hamiltonian cycle to Bob. This is how passwords are currently handled. Bob, and anybody else who is spying on the exchange, then knows the "secret," which isn't a secret anymore. (Anybody who saw the exchange, including Sysadmin Bob, could then impersonate her.) ENTER ZERO KNOWLEDGE Alice, instead of showing Bob the Hamiltonian cycle, takes the cities and covers them with something, say, coins. (On a computer, this is all done in software, using the cryptographic protocol called "bit commitment.") Alice scrambles the position of the cities (covered by coins) so as not to allow positional cues. (Most of the 50 cities should have about the same number, ideally exactly the same number, of links to other cities, to ensure that some cities are not "marked" by having some unique number of links. A detail.) Needless to say, she scrambles the cities out of sight of Bob, so he can't figure out which cities are which. However, once she's done with the scrambling, she displays the cities in such a way that she can't *later change*..i.e., she "commits" to the values, using well-known cryptographic methods for this. (If this sounds mysterious, read up on it. It's how "mental poker" and other crypto protocols are handled.) Bob sees 50 cities with links to other cities, but he doesn't have any way of knowing which of the covered cities are which. Nor, I should add, are the links labelled in any way--it wouldn't do to have some links permanently labelled "Route 66" or "Highway 101"! She says to Bob: "Pick one choice. Either you can see a Hamiltonian cycle for this set of covered cities and links, or you can see the cities uncovered." In other words, "Alice cuts, Bob chooses." Bob tosses a coin or chooses randomly somehow and says: "Show me the cities." Alice uncovers all the cities and Bob examines the graph. He sees that Akron is indeed connected to Boise, to Chicago, to Denver, not to Erie, and so on. In short, he confirms that Alice has shown him the original graph. No substitution of another graph was made. Bob, who is suspicious that this person is really who she claims to be, says to Alice: "Ok, big deal! So you anticipated I was going to ask you to show me the cities. Anybody could have gotten Alice's publicly registered graph and just shown it to me. You had a 50-50 chance of guessing which choice I'd make." Alice smugly says to him: "Fine, let's do it again." She scrambles the cities (which are covered) and displays the graph to Bob...50 covered cities and various links between them. She tells Bob to choose again. This time Bob says: "Show me the Hamiltonian cycle." Without uncovering the cities (which would give the secret away, of course), Alice connects the cities together in a legal Hamiltonian cycle. Bob says, "OK, so this time you figured I was going to ask you the opposite of what I did last time and you just substituted some other graph that you happened to know the Hamiltonian cycle of. I have no guarantee the graphs are really the same." Alice, who knows this is just the beginning, says: "Let's do the next round." ...and so it goes.... After 30 rounds, Alice has either produced a legal Hamiltonian cycle or a graph that is the same as (isomorphic to...same cities linked to same other cities) the registered graph in each and every one of the rounds. There are two possibilities: 1. She's an imposter and has guessed correctly *each time* which choice Bob will make, thus allowing her to substitute either another graph altogether (for when Bob wants to see the Hamiltonian cycle) or just the original graph (for when Bob asks to see the cities uncovered to confirm it's the real graph). Remember, if Alice guesses wrong even once, she's caught red-handed. 2. She really is who she claims to be and she really does know a Hamiltonian cycle of the specified graph. The odds of #1 being true drop rapidly as the number of rounds are increased, and after 30 rounds, are only 1 in 2^30, or 1 in a billion. Bob choose to believe that Alice knows the solution. Alice has conveyed to Bob proof that she is in possession of some knowledge without actually revealing any knowledge at all! The proof is "probabilistic." This is the essence of a zero knowledge proof. There's more to it than just this example, of course, but this is the basic idea. SOME DETAILS 1. Could someone else discover the Hamiltonian cycle of Alice's graph? Exhaustive search is the only way to guarantee a solution will be found--the Hamiltonian cycle problem is a famous "NP-complete" combinatorial problem. This is intractable for reasonable numbers of nodes. 50 nodes is intractable. 2. If finding a Hamiltonian cycle is intractable, how the hell did Alice ever find one? She didn't *have* to find one! She started with 50 cities, quickly connected them so that the path went through each city only once and then wrote this path down as her "secret" solution. Then she went back and added the other randomly chosen interconnects to make the complete graph. For this graph, she obviously knows a Hamiltonian cycle, *by construction*. 3. Can Bob reconstruct what the Hamilonian cycle must be by asking for enough rounds to be done? Not generally. Read the papers for details on this, which gets deeply into under what circumstance partial knowledge of the solution gives away the complete solution. 4. Are there other problems that can be used in this same way? Yes, there are many forms. I find the Hamiltonian cycle explanation quite easy to explain to people. (Though usually I can draw pictures, which helps a lot.) 5. How general is the "zero knowledge interactive proof" approach? Anything provable in formal logic is provable in zero knowledge, saith the mathematicians and crypto gurus. Check out the various "Crypto Conference" Proceedings. Hope this helps. -Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From anonymous at extropia.wimsey.com Sun Apr 10 23:06:59 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Sun, 10 Apr 94 23:06:59 PDT Subject: Code review is requested. Message-ID: <199404110553.AA00997@xtropia> Cypherpunks review code! I have written a hack to allow pgp's random.h and random.c to be used with a hardware random number generator. I have mailed this to a number of U.S. cypherpunks with the request that the hack be distributed widely in the U.S. jim.wenzel at grapevine.lrk.ar.us (Jim Wenzel) has chosen to post this hack on alt.security.pgp and it is consequently widely available. The post was titled "Questionable PGP Patch 01". jim.wenzel at grapevine.lrk.ar.us (Jim Wenzel) has suggested the possibility that my hack may contain a deliberate bug. I Quote: > >Below is a message that I received concerning a patch for PGP. As the >author did not sign the message and it is from an unknown origin I do >not recommend performing the patch. I post it here primarily so those >of interest can let those of us who are 'technoligically challenged' >know if it is legit or is someone trying to install a 'bug' into PGP. I >have omitted posting the header information in hopes that the original >author will post me. > >********************************************************************* >Forwarded message follows... >*** I DO NOT VOUCH FOR THIS PATCH >*** I DO NOT KNOW WHO THIS PATCH IS FROM >*** (it was sent via an anonymous remailer) >*** I DO NOT SUGGEST USING THIS PATCH >*** >********************************************************************* > I would like to note that this hack can only be used by those that actually have a hardware RNG. But the code is "IFDEF"ed so that it does not actually enable RNG support unless it is requested to do so by "DEFINE"s. I would like to assure everyone that I did not place any deliberate bugs in my hack. However, jim.wenzel at grapevine.lrk.ar.us (Jim Wenzel)'s point is well taken. I may sure that I did not place any deliberate bugs in the hack, but you can not be without careful code review. Also, there is the possibility of bugs caused by programmer error. To address these problems, I would like to request that code oriented Cypherpunks perform a code review of the hack. I have only tested the hack under OS/2 and the MS-DOS program loader. I have already noted the following possibilities for improvement: 1) The versions of the hack that use an operating system IO driver (RANDDRIVER) test that the driver was successfully opened. However if the hack is compiled to directly access a bus hardware RNG thru its IO port (HARDRANDOM) the hack does not do any test to assure that the RNG is actually there. I believe that if you attempt to read a port that is not supported by hardware you always get -1, which is not very random. Thus there is the problem that some one could attempt to use a version of pgp that was originally compiled for a machine with a RNG on a machine without a RNG. If they did this they could inadvertently created very breakable ciphers! Perhaps some enterprising cypherpunk could add code to do minimal randomness checks on the RNG when it is first used, to test that the RNG is actually there. 2) Stichting FREMM Alexanderkade 1 1018 CH Amsterdam The Netherlands sells a RNG that attaches directly to a serial port. Perhaps such a RNG could be used in connection with my hack using the (RANDDRIVER) option and the operating system's interface to the serial port. However I have provided no options for setting the baudrate, flow control options and other parameters that should be set when opening a connection to a serial port. I do not know the proper values for these parameters and I do not have a device to test with. Perhaps some cypherpunk will volunteer to write such code. It should be "IFDEF"ed. Also FOSSIL support for the PC world springs to mind. Such code is always highly operating system dependent. Different code could be written for each operating system supported by PGP for a hardware RNG connected to a serial port. 3) There may be other RNG's in existence which are accessed in a different way, or have different IO drivers. If you have knowledge of such RNG's please post the info to the cypherpunks mailing list. In summary, I would like to request that code oriented cypherpunks do a code review of my hack to support hardware RNG's using random.h and random.c. Results may be posted on the cypherpunks mailing list. Since the hack has been posted to alt.security.pgp, the hack is available globally. Someone outside the U.S. should uudecode the hack and place it on some FTP site somewhere where it can be publicly available. After the code has been reviewed and corrected if necessary, it could be included in the next source code release of PGP. Yours in anonymity XXX From cknight at crl.com Sun Apr 10 23:18:24 1994 From: cknight at crl.com (Chris Knight) Date: Sun, 10 Apr 94 23:18:24 PDT Subject: your mail In-Reply-To: Message-ID: So much for an Ivy-League education... Please send mailing list requests to owner-cypherpunks at toad.com On Mon, 11 Apr 1994, Josephine Sandler wrote: > > Please take me off your mailing list. > > Sincerely, > > > josie at minverva.cis.yale.edu > > > From tcmay at netcom.com Sun Apr 10 23:29:58 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 10 Apr 94 23:29:58 PDT Subject: your mail---use "majordomo" In-Reply-To: Message-ID: <199404110630.XAA11309@mail.netcom.com> > So much for an Ivy-League education... > > Please send mailing list requests to owner-cypherpunks at toad.com > > > On Mon, 11 Apr 1994, Josephine Sandler wrote: > > > > > Please take me off your mailing list. > > > > Sincerely, > > > > > > josie at minverva.cis.yale.edu Even *better*, use "majordomo" for subscribes, unsubscribes, help, etc. The Cypherpunks list is now handled by majordomo, so this is the best way to handle subscribes and unsubscribes. Send mail to "majordomo at toad.com" with a keyword in the message body. Some examples: help to get a list of commands unsubscribe cypherpunks to get off the list with the address used to send the message and my personal favorite: who to get a listing of all 700 names subscribed to the List --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Sun Apr 10 23:34:29 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 10 Apr 94 23:34:29 PDT Subject: Why the second copy of "Zero Knowledge" was sent Message-ID: <199404110635.XAA11648@mail.netcom.com> The second copy of the "Zero Knowledge" article got posted because I used an off-line mailer (my old post being buried in my Eudora mailer archives which I had to search) and uploaded the article when I downloaded my mail, thus missing Matt Thomlinson's earlier posting of my article. Normally I read mail with "elm," for promptness and because I'm online reading News anyway. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From rjc at gnu.ai.mit.edu Sun Apr 10 23:44:13 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Sun, 10 Apr 94 23:44:13 PDT Subject: Zero Knowledge Authentication and StrongBox Message-ID: <9404110643.AA14883@geech.gnu.ai.mit.edu> Derek Upham says: Look at "Strongbox: A System for Self-Securing Programs" by J. D. Tygar and B. S. Yee in the "CMU Computer Science 25th Anniversary Commemorative" proceedings (from 1991). As the paper describes: ``Strongbox uses an authentication protocol derived from Rabin's observation about the square root operation: if one can extract square roots modulo n where n=p*q , p and q primes, then one can factor n . [That should be `if and only if', i.e., finding the square roots is too hard unless you created n in the first place.] Donald Knuth sez in Seminumerical Algorithms p389: "However, the system [SQRT Box] has a fatal flaw. Anyone with access to a SQRT box can easily determine the factors of its N. This not only permits cheating by dishonest employees, or threats of extortion, it also allows people to reveal their p and q, after which they might claim that their "signature" on some transmitted document was a forgery." I don't really get Knuth's comment since the "secret key" (p and q) can be stored in the SQRT Box with a passkey just like PGP stores encrypted secret keys, unless of course Knuth means "given a SQRT box, by feeding it lots of numbers and getting the resulting SQRT, one can determine the factorization of its internal modulus." On the preceding page, Knuth describes RSA and RSA signatures but he doesn't make the same comment that "people could give our their p and q and claim signatures were forged." I usually trust Knuth, so is he wrong, or does he just have something against sqrt(x) mod N cryptosystems? -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From E.Switalski at bnr.co.uk Mon Apr 11 01:40:11 1994 From: E.Switalski at bnr.co.uk (Ed Switalski) Date: Mon, 11 Apr 94 01:40:11 PDT Subject: Fast Personal Recognition Message-ID: <199404110839.11826@bnsgs200.bnr.co.uk> Attention all Citizen-Units !! Look straight into Big Brother eyes. ------- Forwarded Message University of Cambridge Computer Laboratory SECURITY SEMINAR SPEAKER: John Daugman University of Cambridge DATE: Wednesday 20th April 1994 at 4.15pm PLACE: Babbage Lecture Theatre, New Museums Site TITLE: VISUAL RECOGNITION OF PERSONS BY FAILURE OF STATISTICAL INDEPENDENCE Samples from stochastic signals with sufficient complexity need reveal only very little agreement in order to reject the hypothesis that they arise from independent sources. The failure of a statistical test of independence can thereby serve as a basis for recognising signal sources if they possess enough degrees of freedom. Combinatorial complexity of stochastic detail can lead to similarity metrics having binomial type distributions, and this allows decisions about the identity of signal sources to be made with astronomic confidence levels. I will describe an application of these statistical pattern recognition principles in a system for biometric personal identification that analyses the random texture visible at some distance in the iris of a person's eye. There is little genetic penetrance in the phenotypic description of the iris, beyond colour, form and physiology. Since its detailed morphogenesis depends on the initial conditions in the embryonic mesoderm from which it develops, the iris texture itself is stochastic, if not chaotic. The recognition algorithm demodulates the iris texture with complex valued 2D Gabor wavelets, and coarsely quantises the resulting phasors to build a 256 byte `iris code' whose entropy is roughly 173 bits. Ergodicity and commensurability facilitate extremely rapid comparisons of entire iris codes using 32-bit XOR instructions. Recognition decisions are made by exhaustive database searches at the rate of about 10,000 persons per second. *** *** *** *** *** - ------- End of Blind-Carbon-Copy ------- End of Forwarded Message From pfarrell at netcom.com Mon Apr 11 02:59:25 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Mon, 11 Apr 94 02:59:25 PDT Subject: Code review is requested. Message-ID: <21421.pfarrell@netcom.com> anonymous at extropia.wimsey.com writes: > 3) There may be other RNG's in existence which are accessed in a > different way, or have different IO drivers. If you have knowledge of > such RNG's please post the info to the cypherpunks mailing list. In Cryptosystems Journal, published by Tony S Patti, Volume 2 Number 2 is a description, circuit board layouts, parts list, etc. for Ranger hardware RNG. It produced 6,750 bits per second into the parallel port of a standard PC. The author says that you can build a Ranger for less than $40 worth of parts. Cryptosystyems Journal P.O. Box 188 Newtown PA 18940-0188 I have not seen any reviews of this device, but it has been arround for a while, and may have been covered before I got interested in the field. Pat Pat Farrell Grad Student pfarrell at gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From bart at netcom.com Mon Apr 11 03:26:16 1994 From: bart at netcom.com (Harry Bartholomew) Date: Mon, 11 Apr 94 03:26:16 PDT Subject: A confused quotation ? Message-ID: <199404111027.DAA25296@mail.netcom.com> Is this not strange ? Date: Sun, 10 Apr 1994 20:26:23 -0400 From: E-D-U-P-A-G-E ... OPEN SECRET Instead of using mathematical codes to scramble and unscramble messages, Georgia Tech physicists are devising a way of sending a message with electronic noise generated by a flickering laser. By connecting identical lasers over fiber optics, the same random pattern of noise is generated at both the sending and receiving end, and the receiving simply subtracts the noise to uncover the message. (Atlanta Journal-Constitution 4/7/94 E2) From danisch at ira.uka.de Mon Apr 11 03:49:24 1994 From: danisch at ira.uka.de (Hadmut Danisch) Date: Mon, 11 Apr 94 03:49:24 PDT Subject: Dallas Crypt Chip ??? Message-ID: <9404111047.AA13709@deathstar.iaks.ira.uka.de> Hi, does anybody know what is the "Dallas Crypto Chip" ? Does it have anything to do with Clipper? thanks Hadmut From anonymous at extropia.wimsey.com Mon Apr 11 03:52:08 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Mon, 11 Apr 94 03:52:08 PDT Subject: Soda "Keywords" Idiocy Message-ID: <199404111036.AA01928@xtropia> Uu> Isaac Norby writes: > INTERNET: Isaac.Norby at f217.n125.z1.FIDONET.ORG > >>ira shipment of cocaine > >>explosives detonate > -------- Uu> I sent mail to hh at soda.berkeley.edu with Subject: remailer-info. I Uu> got some info back that included: > = A note about keywords [This was not in the original info-pack I got back when...] > This remailer inserts keywords into the headers and tailers of all posts and > remails. These headers contain phrases which would probably trigger > automated net monitoring programs, rendering them less effective. This > insertion is completely automatic and certainly does not constitute a > statement of intent by anyone (especially the remailer operator) to do > anything. This is simply idiotic, worse than Hollander's childish admonition not to throw knives. All "keywords" do is light up those readers who do not know what they're about, something that Hollander should explain in the footer if he continues to do this. These keywords ought to be placed WITHIN the remailer disclaimer in order to make sure that readers know where they originated and by whom. Anyway, I won't be using the Soda remailer again. IN From perry at snark.imsi.com Mon Apr 11 05:21:50 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 11 Apr 94 05:21:50 PDT Subject: Shot 'Round the World In-Reply-To: <9404090621.aa01366@deeptht.armory.com> Message-ID: <9404111221.AA21336@snark.imsi.com> No more data points needed, Jeff. I would suggest that you ask your doctor to up the Thorzine dosage a bit. Perry Jeff Davis says: > > Well, my personal secretary compiled every single media email adress in the > _Big_Dummies_Guide_ into 6 alias'. Then I emailed it to every one of them. > If the FBI comes to the front door, this piece of shit XT clone I use for a > UNIX terminal goes out the back door and off the sun deck into the alley. > > I suppose the fucking phone will ring off the hook in Ft. Meade for a while. > > By God! It's a good day for the Revolution!!! From werner at mc.ab.com Mon Apr 11 05:31:14 1994 From: werner at mc.ab.com (tim werner) Date: Mon, 11 Apr 94 05:31:14 PDT Subject: MacPGP and AOL Message-ID: <199404111231.IAA26960@sparcserver.mc.ab.com> >Date: Sun, 10 Apr 1994 20:33:48 -0400 (EDT) >From: Duncan Frissell >There is no "court case pending against Phil Zimmerman." Neither he nor >his legal counsel have been notified of any action against him. He has >not been named publically in any official papers. He has not been >subpoenaed. There *is* an insvestigation of how PGP was exported (nothing >about its *creation*). Two firms have testified before a Grand Jury. Late last year, in response to a "bulletin" from eff, I sent money to some lawyer (in Colorado, I think) for the Phil Zimmerman defense fund. Was I defrauded? How embarrassing. If I dig out the cancelled check, perhaps someone on the list can tell me more? tw From frissell at panix.com Mon Apr 11 06:08:32 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 11 Apr 94 06:08:32 PDT Subject: MacPGP and AOL In-Reply-To: <199404111231.IAA26960@sparcserver.mc.ab.com> Message-ID: On Mon, 11 Apr 1994, tim werner wrote: > Late last year, in response to a "bulletin" from eff, I sent money to some > lawyer (in Colorado, I think) for the Phil Zimmerman defense fund. Was > I defrauded? How embarrassing. > > If I dig out the cancelled check, perhaps someone on the list can tell me > more? > > tw Don't do that! Even though Phil has not been officially proceeded against in any way has has hired a lawyer and spent lots of money. I was just trying to make it clear that nothing has actually happened yet. If one may have to mount a major defense against a federal criminal prosecution, one has to prepare in advance. DCF "It's easy to see the evils of our parents, it is hard to see the evils of ourselves." From thoth+ at CMU.EDU Mon Apr 11 06:12:17 1994 From: thoth+ at CMU.EDU (Benjamin Cox) Date: Mon, 11 Apr 94 06:12:17 PDT Subject: Zero Knowledge Authentication and StrongBox In-Reply-To: <9404110643.AA14883@geech.gnu.ai.mit.edu> Message-ID: <0heIlu200iof0H1Gg0@andrew.cmu.edu> > encrypted secret keys, unless of course Knuth means "given a > SQRT box, by feeding it lots of numbers and getting the resulting > SQRT, one can determine the factorization of its internal modulus." I don't know whether that's what he means or not, but it's true. In a mod(pq) system, every number with square roots has four of them. Given two of these that don't add up to 0 (mod pq), you can find a factor of pq by GCD(pq, sqrt1+sqrt2). Example: pq = 15, a = 1. Square roots are 1, 4, 11, 14. Choose two of these: 1+11 = 12. GCD(15, 12) = 3, which is a factor of pq. This can be proved using the Chinese Remainder Theorem. __ Ben Cox thoth+ at cmu.edu, thoth at netcom.com From rarachel at photon.poly.edu Mon Apr 11 07:10:55 1994 From: rarachel at photon.poly.edu (Arsen Ray Arachelian) Date: Mon, 11 Apr 94 07:10:55 PDT Subject: WNSTORM released (new crypto/stego program) Message-ID: <9404111411.AA06528@photon.poly.edu> Hey guys, I've just uploaded the WNSTORM program I mentioned in my post last night to soda... Again, if there are any other ftp sites that I should send this to (in the USA of course) let me know. Also, if you'd like me to mail you a copy let me know. (You must be in the USA of course, or at least fool me into thinking that you are.) From eagle at deeptht.armory.com Mon Apr 11 07:19:25 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Mon, 11 Apr 94 07:19:25 PDT Subject: Paradigms of Revolution Message-ID: <9404110719.aa22962@deeptht.armory.com> Paradigms of Revolution Progressive Jeffersonian theory has researched the roots of tribal anarchy, and the personal spiritual convictions, that profoundly influenced our forefather, who's populist stand against the Federalist aristocracy, resulted in the formulation of the Bill of Rights. Pure democracy having been circumnavigated by the logistical realities of the late 18th century, a Republic government now stands on the verge of revolution by virtue of the geometric progression of global interpersonal communication at the speed of light. Informational access and dissemination of truth have become intrinsic to restructuring the very foundations of humankind's social intercourse. Informed consent is fundamental to democratic process. The acceleration of technological progress has left a well educated population behind, and the policy decisions of government are made by a rarified elite shaping the infrastructure our progenity inherit. The Jeffersonian safeguard of free press and basic reading skills via public education will serve well the coming millennium, provided that it is allowed to function in an open system available to all. Non violent revolutionary restructuring of archaic social paradigms must come from within the existing function of government. The general population has effectively lost its ability to access relative information to offer responsible and accountable consent in the Republic government process. It falls on the population to access duplex communication ability with government. It falls on government to protect its population during the transition by every principle of justice and reciprocity known to the collective experience of humankind. Prophylactic law enforcement provisions, implemented by policy decision 4 February 1994 by the current administration, contradict the fundamental principle of due process that one is innocent until proven guilty. The illusion of key escrowed encryption privacy is detrimental to the actualization of being Jefferson sought to provide through the guarantees of the Bill of Rights. Judicial review at the bequest of executive law enforcement has eroded the intrinsic Constitutional safeguards of a free society to the degree of legislating its morality. The intelligence community of government is a remnant of global warfare. The repression of free expression and restriction of information in the interest of national security no longer serves the best interest of the populous in most cases. Sovereign nation states in global community must look toward cooperation in the collective actualization of the potentials of humankind, reliquishing counter productive defensive posturing. As the current revolution was seeded by the ARPAnet, designed for secure digital communication of classified intelligence and implementation with in the defensive structure of the United States of America, so did the intelligence community seed the last revolution of liberation in the 30 year cyclic pattern of human existence. The CIA human experimentation with psychedelic consciousness triggers induced mystic experience in some subjects given sufficient dosages of lysergic acid diethylamide. Initially reported as a psychotomimetic, revised to hallucinogen, the population who chose to explore the possibilities of the synthetic alkaloid named the substance psychedelic due to its properties of consciousness expansion. The psychedelic properties of full duplex interaction on a global scale via interpersonal communication among the brightest and best of humankind are technologically analogous to the subjective explorations of the participants of the psychedelic revolution. A liberation of thinking and behaving in peaceful harmony were intrinsic to the spiritual egolessness of the psychedelic experience. Albeit, this did not resonate with the existing paradigms of established social structure. The immune response of existing government exploited the tragedies and ignored the beneficence intrinsic to the social phenomena in a despicable display of manipulation of the 4th estate. Once legal and available to virtually anyone with the initiative to seek the experience for themselves, governmental control instituted moral judgement on the population and relegated the proponents of the psychedelic revolution to abject criminality. The creator of lysergic acid diethylamide and its initial human experimenter, Dr Albert Hoffman of Sandoz Laboratories, is of the substantial expert opinion that his "problem child" be used in a controlled environment to induce mystic experience. The attempt of a government to regulate the morality of its population, by propagandic indoctrination in the guise of public education of its young, is contrary to the very precepts of foundational Jeffersonian Democracy. Faith in the innate goodness of humankind, and trust that protecting minority opinion in the interest of the pursuit of liberty, are the very precepts that Jefferson sought to ensure for posterity in the Constitution of the United States of America. If this constitution is to survive into the coming millennium, the visionary precepts of justice and reciprocity, founded in a spiritual trust of the creator of humankind Jefferson wrote into its architecture, must under go a renaissance. The National Information Infrastructure in current debate is an augury of the social structure of the next millennium. If the defensive paradigms of the intelligence community are allowed to taint its architecture for posterity, we will have failed in our mission of the salvation of humanity. The collective welfare of humankind should be paramount to mere national interest. The time has come for every American to seize the moment and demand accountability of their government. If not actively participating in the socio-technological revolution before us, we risk the developmental disability of not only our's, but the future of the posterity of humankind. Assert your right to freedom of speech, and demand your right to privacy be preserved. As always, your own future lies in your own hands. Please take individual responsibility for it. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From wak at next11.math.pitt.edu Mon Apr 11 07:21:48 1994 From: wak at next11.math.pitt.edu (walter kehowski) Date: Mon, 11 Apr 94 07:21:48 PDT Subject: Prime Numbers Message-ID: <9404111421.AA02389@next11.math.pitt.edu> Use Mathematica. The positive integers less than or equal 1000 that are not prime but (2^n - n)/n is an integer are 1; 341 = 11*31; 561 = 3*11*17; and 645 = 3*5*43. The largest less than 10,000 is 8911 = 7*19*67. However, the significant fact is that the claim (Jeremy Cooper) > The integer N is prime if: > 2^N - 2 > --------- > N is an integer. is actually fermat's little theorem as observed by Ray Cromwell. Walter A. Kehowski From dork39 at wov.com Mon Apr 11 07:32:42 1994 From: dork39 at wov.com (DORK39@WOV.COM) Date: Mon, 11 Apr 94 07:32:42 PDT Subject: Pseudonyms and Reputa Message-ID: <9404112105042054@wov.com> From: dork39 at wov.com Hf> This is true, but the main purpose of this technology is to prevent Hf> users from creating large numbers of pseudonymous accounts. No Hf> technology can stop people from cooperating in an on-line forum, and Hf> the use of friends' or family members' accounts is also very hard to Hf> prevent. So collusion at some limited level will always be possible. Hf> But at least it should be possible to prevent the massive use of nyms. Hang on a mo. I'm new here and so I don't know how this started. If you would be so kind, what is the "problem" here about "massive use of nyms?" Seems to me that is a kind of self-limiting bookkeeping job for the user of nyms: like which ones are for what. Have you guys ever tried to DO a system of nyms for any important purpose? It is NOT a whole lot of fun: much more resembling hard work. You see I think there are plenty of reasons that reasonable people would agree are valid for some people to use nyms, even large numbers of nyms. For example I know a lawyer who uses a lot of nyms (and anon PGP keys) to create "clusters" of people involved with individual legal cases. It strikes me as a very well organized system for a good purpose. The people involved in a given case can all talk to each other about it, and outsiders or people in other cases don't get to peek in, or even know what the group is about or who's in it without going to a LOT of trouble. Since Phil is going to release the story to the Wall St. Journal anyway, I guess I can mention that the encryption method of CHOICE for the valiant fighters against SLORC in Burma (who are the worst kind of bad guys by any measure) is PGP and they are, of course, ALL using "nyms" and sterilized anon keys and so on. They are by FAR the heaviest PGP users in this part of the world. Full time trainers and the works. But you can surely see how they might not want to tell the thugs where to come to get them and their families for a course in extended torture. Now you guys with "ID" fetishes are seeing this as a PROBLEM? Excuse me very much, but I think I need to see a LOT of explaining about that. Note this principle: people with a NEED for anonymity are NOT going to want to get permission from, or even talk to, some Central Authority first. There is no way that you or anyone else is going to be able to decide if any use of anonymity is "legitimate" or not. If there are "problems" with that, it seems to me that your efforts are best directed into figuring out how you can live with it, and not about how you can "control" or "prevent" it. (Hey I am ever so sorry to hear how some people used nyms to cheat in a game. But somehow my reaction was "so what?" and to bang my [Enter] key right smartly. There are people in the world without the time or inclination to play games. Perhaps sometime in the next century I might personally get enough slack and curiosity to take a look at some computer game myself--who knows? But, you know, even if I do, I kind of think I will have a real hard time working up a lot of anxiety about possible cheating.) In the meanwhile not only do I support nyms and other anonymity, but I intend to use plenty of them, and will resist any attempts to preclude that in every way I can. GENERAL ADVICE TO ALL ONLOOKERS: Since it looks like self-appointed "ID police" are working hard to prevent you from using anonymity, I suggest that if you ever think that you might ever have a NEED for anonymity at any time in the future, that you take a little time off and set up a supply for yourself of nyms and so on and embed them in the system before these guys get their prevention systems in place. Do that NOW, because this kind of thinking is a THREAT to you. [It just occurs to me that this very message has a "nym" on it. OK here is the reason: mail handling. No offense to a group like this, but it really qualifies as "recreational" in my priorities, WAY after personal mail some of which might be very urgent, business mail, some of which might be urgent, etc. But one inherent weakness of a "mailing list" like this is that if I subscribed under my regular account, 50 messages a day from this group would be all mixed in with my other mail. Kind of like a "mandatory newsgroup." I'm sorry, but that is a GIGANTIC pain in the ass and might even cause me to overlook something important in my mail. So, yes, for any such thing as these mailing lists, I will set up a "nym" or "alias" or whatever you want to call it, so I can handle that mail *separately*. I also have several separate accounts for different business reasons. Is this OK with you, ID freaks? May I have your permission to continue to do that?] From mpj at netcom.com Mon Apr 11 08:07:01 1994 From: mpj at netcom.com (Michael Paul Johnson) Date: Mon, 11 Apr 94 08:07:01 PDT Subject: MacPGP and AOL In-Reply-To: Message-ID: <199404111507.IAA09825@mail.netcom.com> > On Mon, 11 Apr 1994, tim werner wrote: > > Late last year, in response to a "bulletin" from eff, I sent money to some > > lawyer (in Colorado, I think) for the Phil Zimmerman defense fund. Was > > I defrauded? How embarrassing. Not to worry, if the check was made to Philip Dubois and marked as going to Philip Zimmermann's legal defense fund, it will be used as advertised. I have personally met both of these people, and trust them to do what they promised. Phil Zimmermann is still a free man (last I checked), but being the target of a grand jury investigation has already cost Phil more than sleep and peace of mind. He has had his lawyer interceding on his behalf as much as possible to prevent an actual indictment, and this does cost money. Peace to you. ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp:csn.org//mpj/README.MPJ for crypto stuff | | |||/ /_\ | aka mpj at netcom.com mpjohnson at ieee.org mikej at exabyte.com | | |||\ ( | m.p.johnso at nyx.cs.du.edu CIS 71331,2332 PGP key by finger | | ||| \ \_/ |___________________________________________________________| From cvoid at netcom.com Mon Apr 11 08:30:11 1994 From: cvoid at netcom.com (Christian Void) Date: Mon, 11 Apr 94 08:30:11 PDT Subject: T-Shirt Update Message-ID: A lot of people have sent me mail in regards to my last message, wanting to order shirts. At this time, we can't take any new orders. We only had enough shirts screened to fill the orders. If enough people are interested, we will be doing another run sometime in the next month or so. I will keep you updated. Until then, PLEASE, do not send me checks or orders. Christian Void /T71 | "I don't like it, and I'm sorry I | V/M/Research, Inc. cvoid at netcom.com | ever had anything to do with it." | P.O. Box 170213 Tel. 1+415-998-0774 | -Erwin Schrodinger (1887-1961) | SF, CA 94117-0213 * PGP v2.3a Public Key Available Via Finger * From werner at mc.ab.com Mon Apr 11 09:23:16 1994 From: werner at mc.ab.com (tim werner) Date: Mon, 11 Apr 94 09:23:16 PDT Subject: MacPGP and AOL Message-ID: <199404111623.MAA01179@sparcserver.mc.ab.com> >Date: Mon, 11 Apr 1994 09:03:37 -0400 (EDT) >From: Duncan Frissell >On Mon, 11 Apr 1994, tim werner wrote: > >> Late last year, in response to a "bulletin" from eff, I sent money to some >> lawyer (in Colorado, I think) for the Phil Zimmerman defense fund. Was >> I defrauded? How embarrassing. >> >> If I dig out the cancelled check, perhaps someone on the list can tell me >> more? >> >> tw > >Don't do that! > >Even though Phil has not been officially proceeded against in any way has >has hired a lawyer and spent lots of money. I was just trying to make it >clear that nothing has actually happened yet. If one may have to mount a >major defense against a federal criminal prosecution, one has to prepare >in advance. > I guess what I was thinking about was a thread in comp.org.eff.talk about some bogus eff press release that happened some time ago. My concern is that I was taken in by this. Does anyone know if there was an appeal for contributions to a legal defense fund in that bogus press release? I didn't follow the thread that closely, especially after it seemed like it turned into a flame war. Fifty bucks isn't going to break me, but I would sure feel better if I knew it went where I thought it was going. On the other hand I will certainly feel worse if I find out it didn't. Maybe ignorance is bliss. tw From blancw at microsoft.com Mon Apr 11 09:35:43 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 11 Apr 94 09:35:43 PDT Subject: Pseudonyms and Reputations Message-ID: <9404111636.AA22632@netmail2.microsoft.com> it does appear that in a completely unaccountable system, i.e. where pseudonyms are cheaply obtained and accrue bad reptation without any consequence, `cryptochaos' can ensue. in fact, it seems to me the mechanisms for social interaction are most rapidly evolving on IRC, where there are all kinds of sophisticated rules regarding operators who have control over channels, to boot out participants, `ban' them, and the way that people `ignore' each other, etc. . . . . . . . ................................................................ Why would anyone who wants to play in a virtual environment in disguise, also want to be able to keep up with the personalities created. It must be like a Walter Mitty scenario, where someone re-creates themselves (but not really) into a preferred kind of person, then "accomplishes" things (but not really) that they would otherwise not have the wherewithall to realize. There would be a vested insterest in this re-created self because it would permit the person to be something which they could not otherwise be, in an environment which makes it possible (although temporary). There would also be a vested interest in keeping up with those other false personas created, to the effect of maintaining a kind of camaraderie among them, like willing participants in a falsehood. Cryptochaos must occur when it becomes too difficult for the imagination to maintain this database of ephemereal seemingness, when the intent is to develop friendships but the friends are all fabrications and so easily changed at will. I guess at that point it would be important to have "control" over what happens in a medium where the only thing visible is type, electronic bits, and it is only the imagination which supplies credibility to the characterizations and roles.......treachery and deceit ! You changed your identity on me, fie upon you, we can no longer play ! Blanc From blancw at microsoft.com Mon Apr 11 09:41:26 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 11 Apr 94 09:41:26 PDT Subject: identity, privacy, & anonymity in cyberspace Message-ID: <9404111642.AA22972@netmail2.microsoft.com> A few more comments for tmp (hit delete if you don't want to know): " isn't what we *really* want a more basic definition of what is allowed and what is not? besides, under the cypherpunk vision, operators would never censor a user for postings-- but is it the case that all cypherpunks can say they have never tried to censor anyone by notes to sysadmins,........?" . Isn't it true that what we really want is a way to defend ourselves or find relief from a disruptive or discomfitting effect? If the capacity to do this (defending) is built into a system, and everyone involved is aware of how it can be applied, then it should be expected that it *will* be used; no one who has a means for relief can be expected to restrain themselves from employing it when they feel there is sufficient cause. At some point it becomes a matter of self-preservation. "the cypherpunk vision seems to split the world into two groups: those people i trust (my friends) and everyone else (whom i completely distrust withintense paranoia). this is a very xenophobic and chauvinistic philosophy at heart." . However, there is no mandate to subscribe to any particular attitude on the net, especially among a group of strangers who are not constrained to remain in contact. " it seems to me to be the case that either `i know who you are' or i don't. what does it mean for me to `know who you are'?" . And why, one might ask oneself, should I care? "the important goal is `defining what privacy really means' and cypherpunks seem to take the position, `it means that nobody knows anything about me'. our society simply cannot function under this constraint." . But society is barely functioning anyway, under all of the present constraints. It would function better if more of these were removed, and everyone's "true self" were allowed to manifest itself; this would also present greater opportunities to deal with underlying problems which otherwise cannot be resolved and only lead to unfriendliness & suspicion. "if i wish to `interconnect', identity is necessary to minimize risk to the people i `interconnect' with." . This is true, but it is also true that anyone who agrees to interconnect must realize that they are taking a risk, and that they cannot default on the responsibility they have assumed by participating. Blanc From eagle at deeptht.armory.com Mon Apr 11 10:25:46 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Mon, 11 Apr 94 10:25:46 PDT Subject: ? EFF Hoax/PRZ Defense (Mech) Message-ID: <9404111025.aa29288@deeptht.armory.com> Date: Mon, 11 Apr 1994 12:23:03 -0400 From: tim werner >On Mon, 11 Apr 1994, tim werner wrote: >I guess what I was thinking about was a thread in comp.org.eff.talk about >some bogus eff press release that happened some time ago. My concern is >that I was taken in by this. >Does anyone know if there was an appeal for contributions to a legal >defense fund in that bogus press release? I didn't follow the thread that >closely, especially after it seemed like it turned into a flame war. I can unequivocably assure you nothing in the *Porn Press Release Hoax* that I read mentioned anything about the Phil Zimmerman Defense Fund. If McCandlish manages to glean import from the subject of this message to the degree he reads it, I invite his comment as well. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From schneier at chinet.com Mon Apr 11 10:42:18 1994 From: schneier at chinet.com (Bruce Schneier) Date: Mon, 11 Apr 94 10:42:18 PDT Subject: Reviews of APPLIED CRYPTOGRAPHY Message-ID: ................................................................. One-Stop Cypher Shop Once and for all, there's a book that collects the history and truth about data encryption and presents it in a no-bullshit, easy- to-understand English. It's the book that the National Security Agency wanted never to be published. Author Bruce Schneier's premise is a simple one: Good encryption should be available to all. Just as people have the right to hide their letters in whatever kind of vault they wish, he reasons, so too should they have the right to protect their digital information with the most impenetrable cryptography. The federal government certainly isn't going to provide citizens with strong encryption tools (the Clipper chip fracas proves that), so Schneier felt a duty to provide a single sourcebook of useful algorithms for people who wish to keep their private business private. The first hundred pages Applied Cryptography contain the best introduction to cryptography I've ever seen. Part two teaches the techniques and tricks necessary to tell a good crypto-system from a bad one. Part three is the down-and-dirty description of each algorithm. And part covers political issues. Roughly a hundred pages of the book is devoted to source code for the most important crypto systems. Anybody seriously interested in cryptography, though, should get the two-disk set for $30 and save all that typing. Because we have a First Amendment in this country, Schneier's book can be printed and exported, despite how the National Security Agency might feel. But, incredibly, since the First Amendment doesn't cover books on floppy disks, it's a federal crime for Schneier to mail the source code on his floppies outside the US. Go figure. --Simson L. Garfinkel, Wired v 2 n 4 (Apr 94). ................................................................. Applied Cryptography Here at OpenVision's security branch (formerly Greer-Zolot Assoc.), we recently got a copy of Bruce Schneier's new book, Applied Cryptography: Protocols, Algorithms and Source Code in C. We immediately ordered two more copies, because our security jocks (me included) didn't want to share it. It is encyclopedic, quite readable, and well-informed, and it more or less picks up where Dorothy Denning's classic Cryptography and Data Security (Addison- Wesley, '82) takes off a dozen years ago. I've often wished lately that such a reference as Schneier's existed. Schneier covers those topics in data security that touch most closely on the encryption algorithms themselves. Thus, the book doesn't discuss authorization, audit, firewalls, or the recent formal logics for proving protocols correct. As far as I can tell, it does cover everything about authentication and key-distribution- -everything. Of the recent flurry of books and articles on data security that I've seen, including some by my old colleagues from Project Athena, and including a couple of others that are still in press, this one has the clearest and most accurate treatment of kerberos. The book is structured like a reference, but written like an undergraduate text. Thus, you can enter anywhere and make sense of what you find, even if you don't already know the material well. It does not include exercises or end-of-chapter summaries, but does include a bibliography of 908 references. This makes it a good place to go, before you dive into the literature on a topic like zero-knowledge proofs and protocols. Schneier also includes licensing and sourcing addresses for encryption algorithms. The index, unfortunately, is a bit weak (though it is available from the author on the net: schneier at chinet.com). This book would be a bargain at twice the price. --Donald T. Davis, ;login: v 19 n 2 (Mar/Apr 94). ................................................................. Applied Cryptography Winner: 1993 Software Development Productivity Award Cryptography may not be of interest to everyone, but this book is the definitive text on the subject. From one-way hash functions to a slew of public-key encryption algorithms, Schneier combines clear descriptions with pseudocode and fully working examples in C. --Software Development v 2 n 5 (May 94). ................................................................. Levels of Secrecy The opening sentence in the preface of Applied Cryptography says it all--I have to quote it: "There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. This book is about the latter." This is a book you can use for more than one purpose. You can read it as an introduction to the mathematics of cryptography, as a resource of course code for encryption algorithms or as a guide to how traffic on the information superhighway might remain secure even as the highway (supposedly) becomes more accessible. Cryptography isn't restricted to studying the means by which a digital document is securely encoded for purposes of transmission. It can cover activities as well�activities once carried out via the transfer of paperwork, but now carried out by transactions across a network. Take digital signatures, for example. Bank A sends a transaction to Bank B. The transaction is encoded, of course. But how can the clerk at bank B be sure that the transaction was authorized by the proper officer at bank A prior to being encoded and transmitted? This is one of the topics of perhaps my favorite section of the book: cryptographic protocols. It begins with the fundamentals (e.g., authentication and public key cryptography), builds through intermediate protocols (e.g., digital signatures and subliminal channels), and moves to more advanced protocols (e.g., blind signatures). The best material, however, appears in the concluding topic: esoteric protocols. Here, you'll find step-by-step procedures for such operations as secure elections and digital cash. Some of the protocols read like descriptions of Rube Goldberg machines. I followed in fascination the step-by-step process of Alice (a hypothetical character) could use to accomplish the audit- trail-free transfer of digital cash. Alice could send a campaign contribution to her favorite senator, and no one could trace where the money had come from. It gets worse: Alice shows up pages later using digital cash to commit a perfect kidnapping. It also gets better. In a later chapter, we're given a brief glimpse of--no kidding--"quantum cryptography." All it takes it some polarized light and a fiber-optic link; the message is encoded in the polarization angle of the light. What you get is an untappable link--since tapping would require measuring a quantum variable, which affects the outcome of any subsequent measurements. Sender and receiver can compare partial messages and verify the presence or absence of an eavesdropper. Finally, if you want code, you've got it. Not only are code fragments smattered throughout, the rear of the book contains listing after well-documented listing (all in C) of cipher routines, secure hash functions, and so forth. If you want to avoid typist's cramp, you can send $30 to the author and get the disk set that includes all the source code from the book, plus updates and new algorithms. Once more, don't let the presence of so much source code frighten you from the book. The descriptions of the exchange protocols�intricate though they may be�make good reading for anyone interested in cryptography. --Rick Grehan Byte v 19 n 6 (Jun 94). ................................................................. Applied Cryptography was also reviewed in the May 1994 issue of Dr. Dobbs Journal. It is a three-page review, so I won't reprint it all. However, here are some choice excerpts: "It is the definitive work on cryptography for computer programmers.... Although Applied Cryptography describes itself as a reference book, it also serves as a wall-to-wall tutorial on cryptography.... Applied Cryptography represents a monumental body of knowledge, particularly to the programmer. I do not know of another work that encapsulates as much information about cryptography and then supplies the computer code to implement the algorithms that it describes. Even a programmer who is only mildly interested in cryptography will find this book fascinating.... No matter how you use the book, though, Applied Cryptography is an interesting and comprehensive explanation of an enigmatic subject, and well worth the time you will spend with it." >From the Mar/Apr 1994 issue of The Cryptogram (the journal of the American Cryptogram Association): "A comprehensive review of the latest developments in practical cryptographic techniques.... It is an encyclopedic work with more than 900 references...." And from the National Computer Security Association News, Nov/Dec 93: "[A] complete guide to using cryptography to maintain data security...." And finally, from Computer Literacy Bookshops' New Book Bulletin, Spring 1994: "Unquestionably the most modern, popular and up-to-date cryptographic reference.... Highly recommended." My publisher expects to sell out of the second printing sometime in June. Bruce From bdolan at well.sf.ca.us Mon Apr 11 10:48:48 1994 From: bdolan at well.sf.ca.us (Brad Dolan) Date: Mon, 11 Apr 94 10:48:48 PDT Subject: thorazine dose Message-ID: <199404111748.KAA26795@well.sf.ca.us> um... It may be time for us to check our thorazine dosage... From tcmay at netcom.com Mon Apr 11 10:54:05 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 11 Apr 94 10:54:05 PDT Subject: Pseudonyms and Reputa In-Reply-To: <9404112105042054@wov.com> Message-ID: <199404111752.KAA03989@mail.netcom.com> dork39 writes: > Now you guys with "ID" fetishes are seeing this as a PROBLEM? > > Excuse me very much, but I think I need to see a LOT of > explaining about that. Dork, you really ought to read the List for a bit longer than the short time you say you have before throwing around insults about "fetishes" and how we have a lot of explaining to do. This applies to everyone, not just to Dork: - try to read the List for several weeks before jumping in - to see what the topics are, what's apparently been beaten to death so many times before, and so forth There are a lot of bright folks on this List, including cryptographers, mathematicians, and even journalists (!), and dismissing points of view as "fetishes" is not all that useful or welcome. If Dork sticks around, he'll understand that many of us have no problems whatsoever with multiplication of nyms, but that we are also very aware of the disruptive effects nyms can sometimes have. Many of us believe solutions to this exist, and that the governments of the world don't have to be involved. So, cool your jets, Dork39. Dork closes with: > Is this OK with you, ID freaks? May I have your permission to > continue to do that?] Oh well. *PLONK* --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From mg5n+ at andrew.cmu.edu Mon Apr 11 11:02:41 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Mon, 11 Apr 94 11:02:41 PDT Subject: Prime Numbers In-Reply-To: Message-ID: <0heN1Dq00Vp=4P4EZX@andrew.cmu.edu> Well, for the mathematically curious, here are a few other interesting prime number theroms: For any number n which is prime, (2^n)-1 is also prime (Mersenne's theorem). For any number n (2^(2^n))+1 is prime. (I might have that wrong, I don't remember exactly) For any number n, if the square root of (n!)+1 is an integer, it is also prime. (This is interesting, but rather useless in practice) From Frank.Vernaillen at rug.ac.be Mon Apr 11 11:57:27 1994 From: Frank.Vernaillen at rug.ac.be (Frank Vernaillen) Date: Mon, 11 Apr 94 11:57:27 PDT Subject: Prime Numbers In-Reply-To: <0heN1Dq00Vp=4P4EZX@andrew.cmu.edu> Message-ID: On Mon, 11 Apr 1994, Matthew J Ghio wrote: > Well, for the mathematically curious, here are a few other interesting > prime number theroms: > > For any number n which is prime, (2^n)-1 is also prime (Mersenne's theorem). > > For any number n (2^(2^n))+1 is prime. (I might have that wrong, I don't > remember exactly) > > For any number n, if the square root of (n!)+1 is an integer, it is also > prime. (This is interesting, but rather useless in practice) > This is not "quite true" 1) for (2^n)-1 to be prime, it is indeed necessary that n is prime (if n=pq then 2^p-1 divides 2^n-1) however (2^n)-1 is not prime for all prime n prime numbers of the form 2^n-1 are called Mersenne primes there are some 30 known Mersenne primes for the moment (could send interested people a list of the ones I know--see also Knuth, volume 2 for some interesting stuff about primes) 2) (2^(2^n))+1 is certainly not true for all n, though I don't know any particularly values for which it doesn't hold (I thought 2^128+1 was NOT a prime) primes numbers who happen to be of the form (2^(2^n))+1 are called Fermat primes. Some pretty large ones are known (could send a list...) 3) I don't know about the third stated formula Hope this straightens things out... Frank.Vernaillen at rug.ac.be From forsythe at fiji.oc.nps.navy.mil Mon Apr 11 11:59:08 1994 From: forsythe at fiji.oc.nps.navy.mil (Carl R. Forsythe) Date: Mon, 11 Apr 94 11:59:08 PDT Subject: Books on cryptography Message-ID: <9404111858.AA14485@fiji.oc.nps.navy.mil> Just a quick question...and painless at that. I have available to me an almost complete set of books on Cryptography from the Aegean Park Press. The question is, are these books worth reading (there are a whole bunch of them) ? If only particular ones are noteworthy, which ones are they? I guess I should have said a couple of questions... Carl -- These are my views and not those of the United States Government, The Department of Defense, The Department of the Navy or the Naval Postgraduate School. -- ******************************************************************** ** Carl R. Forsythe ** Naval Postgraduate School ** ** forsythe at oc.nps.navy.mil ** Oceanography Department ** ** ** Monterey, California ** ******************************************************************** From werner at mc.ab.com Mon Apr 11 12:12:23 1994 From: werner at mc.ab.com (tim werner) Date: Mon, 11 Apr 94 12:12:23 PDT Subject: MacPGP and AOL Message-ID: <199404111912.PAA02627@sparcserver.mc.ab.com> >From: mpj at netcom.com (Michael Paul Johnson) >Date: Mon, 11 Apr 1994 08:07:48 -0700 (PDT) >> On Mon, 11 Apr 1994, tim werner wrote: >> > Late last year, in response to a "bulletin" from eff, I sent money to some >> > lawyer (in Colorado, I think) for the Phil Zimmerman defense fund. Was >> > I defrauded? How embarrassing. > >Not to worry, if the check was made to Philip Dubois and marked as going >to Philip Zimmermann's legal defense fund, it will be used as >advertised. I have personally met both of these people, and trust them >to do what they promised. Phil Zimmermann is still a free man (last I >checked), but being the target of a grand jury investigation has already >cost Phil more than sleep and peace of mind. He has had his lawyer >interceding on his behalf as much as possible to prevent an actual >indictment, and this does cost money. Thanks! I remember now, it was Philip Dubois. I feel much better. :-) tw From collins at newton.apple.com Mon Apr 11 12:21:30 1994 From: collins at newton.apple.com (Scott Collins) Date: Mon, 11 Apr 94 12:21:30 PDT Subject: (n!+1)^(1/2) Message-ID: <9404111823.AA19530@newton.apple.com> >For any number n, if the square root of (n!)+1 is an integer, it is also >prime. (This is interesting, but rather useless in practice) For any number a, 1 Message-ID: <9404111942.AA20202@mycroft.rand.org> > I have available to me an almost complete set of books on Cryptography > from the Aegean Park Press. The question is, are these books worth > reading (there are a whole bunch of them) ? If only particular ones are Yes, a lot of them are worth reading, if you want the info in them. I especially like the Callimahos & Friedman books on Military Cryptanalytics. They're the training manuals for NSA as of about the 1950s -- four volumes: Ia, Ib, IIa, and IIb, or something like that. An FOIA has picked up bits of volume III from the mid-70's, but it's not complete and hasn't been published. If you want to learn to do traffic analysis and cryptanalysis, work through the Zendian problem... and allow a season. The British Special Intelligence handbook has some great stuff on stripping off superencipherments. Also especially lovely is the Riverbank Publications series, also by Friedman. His work on the Index of Coincidence is absolutely wondrous for deciding when you've got plaintext and for finding periods of periodic ciphers. If you're looking for modern cryptology, though, Aegean doesn't have much of relevance. For that you need conference proceedings, like Crypto '93 (just out), Eurocrypt, Asiacrypt, and so on. Jim Gillogly Mersday, 20 Astron S.R. 1994, 19:41 From paul at poboy.b17c.ingr.com Mon Apr 11 12:57:25 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Mon, 11 Apr 94 12:57:25 PDT Subject: Crypto, satellites, & China Message-ID: <199404111958.AA26473@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- A story in the 3/14/94 issue of _Aviation Week_ reports that Hughes and Martin Marietta have satisfied the State Department and will now be able to launch the Optus B3 comsat. All the quotes below are from the article; it didn't have any detail on the cryptostuff. State had held up the launch because the Optus B3 payload included a "sensitive decryption chip". The USG made trade with China subject to the Missile Technology Control Regime (MTCR) after China was suspected of selling missiles to Pakistan. Hughes agreed to remove the chip, which "guards the satellite's steering commands"; once removed, State lifted the export restriction. "By removing the chip, authority for approving the launch was shifted to the Commerce Dept. from an interagency review commission headed by the State Dept. that had far less leeway to act." I never knew that encryption fell under MTCR in addition to ITAR. Presumably any crypto hardware or software which can be used to protect missile or satellite telemetry or commanding can be restricted. If anyone has more details on the MTCR and its application, I'd love to hear it. - -Paul Robichaux - -- Paul Robichaux, KD4JZG | Out the 10Base-T port, through the router, perobich at ingr.com | over the leased line, off the bridge, past Intergraph Federal Systems | the firewall... nothing but net. Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLamroCA78To+806NAQEK0wP/SD8692ZaMl71c57dSKAG7vmYVcyvIJi5 CNuWb4u3kL7WlfEtzrZ42Dfx4avgyzcjyoIyBDE5r+7n/nSMnbBGZGYR2OyTBQ5b GaK8RrrdJQoKujEvzR8i+XhtBin2doK5hzBHTY2VpYIexMH34MLZeYNST4nA7ek9 5EGWhbZ5mxw= =avDx -----END PGP SIGNATURE----- From hughes at ah.com Mon Apr 11 12:57:57 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 11 Apr 94 12:57:57 PDT Subject: Prime Numbers In-Reply-To: <9404110253.AA12284@geech.gnu.ai.mit.edu> Message-ID: <9404111947.AA20026@ah.com> It was first claimed that if (2^n-2)/n was an integer, then n was prime. That's false. then: > This is fermat's little theorem. What you have written basically >says 2^N - 2 = 0 (mod N) or 2^(N-1) = 1 (mod N). Note, the converse >doesn't apply. If (2^N-2)/N is an integer, N isn't neccessarily >prime. For example, take N=561=(3*11*37) 561 is the first Carmichael number. If you replace 2 by any other number relatively prime to 561, then the congruence still holds. (The second Carmichael number is 1729, if I remember right.) It was recently proven that there are infinitely many Carmichael numbers, and that the density of Carmichael numbers is at least x^c, where c is about .1. Eric From mg5n+ at andrew.cmu.edu Mon Apr 11 13:16:59 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Mon, 11 Apr 94 13:16:59 PDT Subject: (n!+1)^(1/2) In-Reply-To: <9404111823.AA19530@newton.apple.com> Message-ID: collins at newton.apple.com (Scott Collins): > >For any number n, if the square root of (n!)+1 is an integer, it is also > >prime. (This is interesting, but rather useless in practice) > >For any number a, 1n!+1 is prime. Prime numbers don't have integral square roots. Well, it was quoted from memory, so it's possible that I made an error, but it seems to work as stated... For example : (4!+1)^(1/2)=5 (5!+1)^(1/2)=11 (7!+1)^(1/2)=71 I can't find a value which produces a result that is a non-prime integer. (Of course that doesn't prove that there isn't one.) From samman at CS.YALE.EDU Mon Apr 11 13:43:10 1994 From: samman at CS.YALE.EDU (Llewyln) Date: Mon, 11 Apr 94 13:43:10 PDT Subject: your mail In-Reply-To: Message-ID: > So much for an Ivy-League education... > Please send mailing list requests to owner-cypherpunks at toad.com > On Mon, 11 Apr 1994, Josephine Sandler wrote: > > > > Please take me off your mailing list. > > Sincerely, > > josie at minverva.cis.yale.edu Hey now! Don't let this skew your view of our fine institution. Some of us KNOW how to use the mailserver software. Harumph, just had to stick up for the clued in of us. Ben. Yale College '96 ____ Renegade academician. They're a dangerous breed when they go feral. -James P. Blaylock in "Lord Kelvin's Machine" From mech at eff.org Mon Apr 11 14:09:50 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 11 Apr 94 14:09:50 PDT Subject: new PGP tool - your opinion on ITAR regs? Message-ID: <199404112109.RAA04492@eff.org> Someone just sent me this, encrypted, via anon remailer yet asking for it to be distributed. Go figure. Anyway, the author thinks it may be ITAR controlled, but from the looks of it it's not crypto at all but simply an incidental utility that contains no crypto code. I'll leave it up to y'all to figure that out though. Here's the doc, and I'll pass on the binary to any US or Canada folks that want it to examine it. Don't just ask for it because you want it, wait till it shows up for ftp somewhere, eh. I have to manually send it to you, and am severely limited time-wise. Thx. _______ begin _________ This is a hack to the pgp source files random.h and random.c to support a hardware random number generator. Please distribute these file as widely as possible in the U.S. But be aware of the following problem. The U.S. governmemt is trying to say that the export of files relating to cryptography is illegal. In spite of the first ammentment to the U.S. constitution and the inalienable rights of all peoples. They might say that ranodm.h and random.c are subject to export controls in spite of the fact that they have non-croptographic applications. So be aware that if you export these file from the U.S. the govnmnt may try to prosecute, persecute or otherwise screw you! I am sure that you are aware of this problem. As a result I can not recommend that you export this file out of the U.S. The hacked files are under the GNU public licence same as the original unhacked files. This allows a program using random.h random.c to use a hardware random number generator. Thus one need not type in all those stupid keyboard timing strokes. The source files from 2.3a have been hacked. The hack has been "ifdef"ed so that the hacked files compile the same as the unhacked files unless certain "DEFINE"s have been defined. I have tested this hack under MSDOS and OS/2. I do not know about other machines compilers. RANDDRIVER This hack supports the following combinations: A hardware RNG supported by a OS drive. It is assumed that the driver can be opened as a character oriented device. Each byte read is a random byte. (Tested under OS/2) RANDHARDPORT This hack attempts to directly read random bytes directly from a bus hardware RNG. It is assumed that for each inb instruction that you do on the port you get one random byte. If necessary a spin wait can be done that enough time has passed to insure random indpandance. (RANDHARDWAIT) This has been tested under the MS-DOS program loader. RANDHARDPORT and TESTCFG same as above except that OS/2's IO driver TESTCFG$ is used to get random bytes from the port. (Tested under OS/2) HARDRANDOM is defined if you have a hardware RNG. RANDDRIVER is defined to be the filespec of the random number generator if you have a software driver. RANDHARDPORT is defined to be the port number of the random number generator if random.c is to directly access the random number generator. RANDHARDWAIT is the number of timer0 clicks that must be waited for to assure that the next random byte will be independant from the last. TESTCFG is defined is you want to use OS/2's TESTCFG driver to read a bus RNG with the port address spedified by RANDHARDPORT. UUENCODE ZIP file follows which contains the source! table !"#$%&'()*+,-./0123456789:;<=>? @ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ begin 666 0.zip [...] _________ end ___________ -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From catalyst-remailer at netcom.com Mon Apr 11 14:16:38 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Mon, 11 Apr 94 14:16:38 PDT Subject: No Subject Message-ID: <199404112117.OAA18902@mail.netcom.com> Reprinted from the Mercury News, 4/10/94 GROUP AIMS TO INTRODUCE BUSINESS TO THE INTERNET By DAVID BANK Mercury News Staff Writer FOR entrepreneurs who are seeking to create an electronic marketplace for Silicon Valley businesses to buy, sell and pursue profits, the creators of CommerceNet have a distinctly un-capitalist marketing plan for their key technology. They're giving it away. When CommerceNet, the first large-scale trial of electronic commerce over the Internet, goes on-line Tuesday, computer users finally will have a secure way to make payments, send confidential documents and verify the identity of the person or company at the other end of the e-mail message. That security system is the key to unlocking the commercial potential of the Internet, the network of computer networks that connects more than 20 million users, said Jay Tenenbaum, chairman of Enterprise Integration Technologies in Palo Alto, which is leading the CommerceNet effort. CommerceNet is working to overcome the other obstacles that have prevented the Internet from becoming an accessible, full-service network for business and the general public. These include the lack of an easy-to-use interface, high prices for the high-speed telephone lines needed, and widely varying standards and systems that make true collaboration difficult. As solutions to those problems are found, Tenenbaum predicts, CommerceNet will revolutionize the way business is done. CommerceNet's promotional literature blithely lists as one long-term impact the disintegration of vertical companies. ''This is monopoly busting,'' Tenenbaum said. ''We think there will be an immediate, demonstrable edge in competitiveness for the companies that are participating.'' In Tenenbaum's vision, large manufacturers will be able to quickly put their orders out to bid, driving down costs. Small businesses that develop a needed new service will be able to compete with industry powerhouses, because the cost of distributing their products electronically will be, essentially, zero. Participating companies, initially, include Lockheed Missiles and Space Co., Hewlett-Packard Co., Digital Equipment Corp. and National Semiconductor Corp. One new business already has been created on CommerceNet: the Internet Shopping Network, a computer buying club based in Menlo Park that will be launched at the same time CommerceNet is introduced at Santa Clara's Techmart. ''We couldn't do it without CommerceNet,'' said Randy Adams, president of the Internet Shopping Network, who estimated the cost for each sales transaction over CommerceNet at 20 cents, compared to $5 for an 800-number telephone order. ''Our costs are the lowest anywhere because of the way we leverage the Internet.'' Many companies already use private electronic networks to communicate with their suppliers or collaborate with strategic partners. But such networks are expensive, exclusive and require prior arrangements to ensure smooth interconnections. For example, Ford Motor Co. requires its suppliers to use a particular computer-aided design program for the transfer of specifications and blueprints. If the supplier also wants to sell to General Motors Corp., it may need a different system. CommerceNet's goal is to bring the capabilities of the private networks into a public network, so that any business or individual can participate in the competitive marketplace spontaneously, without prior arrangements. Unlike commercial on-line services such as America Online or Prodigy, CommerceNet is an open marketplace. Anybody with a computer ''server'' can create an electronic storefront, or ''home page,'' which will be included in CommerceNet's directory. At first the home page will be little more than an electronic brochure of a company's products or services. Then, catalogs will be added. With the ability to send and receive electronic payments, orders can be placed and filled. Soon, bids will be requested and received electronically. Services will develop to search for and compare prices in various catalogs. The need for other services, such as banking, brokerages and specialized directories will create opportunities for new businesses. But to create these opportunities, CommerceNet decided it had to seed the marketplace. Some of the work already had been done by others. For example, CommerceNet will rely on free software known as Mosaic, which gives Internet users a relatively simple ''point-and-click'' way to navigate among thousands of information providers. With its ''hypertext'' functions, Mosaic allows browsers to click on key words to receive more information. To make Mosaic secure, CommerceNet struck a deal with RSA Data Security Inc. in Redwood City for the use of RSA's ''public key'' encryption technology. In simple terms, the technology enables a sender to encode a message in a way that allows only the intended recipient to decode it. At the same time, the recipient of a message is able to verify the identity of the sender. In addition to payment, the security system enables companies to enter into legal contracts with ''digital signatures,'' to control who sees proprietary trade documents, and to use electronic letters of credit for financing purchases. ''Everybody's worried about whether the Internet can be made as secure as the phone system,'' said Allen Schiffman, the principal architect of CommerceNet. ''Well, with this, we can do much better than the telephone system.'' CommerceNet is able to give away the security system in part because it has already been paid by the government, in the form of a three-year, $6 million matching grant from the Technology Reinvestment Program, which supports projects that aid in the transition from a defense-based to a civilian economy. CommerceNet will share its lessons and technologies with other communities that are planning similar efforts, including Boston, Austin, Texas, and Champaign-Urbana, Ill. The CommerceNet team also includes BARRNet, a regional Internet provider, and Stanford's Center for Information Technology. The project is sponsored by the non-profit Smart Valley Inc., which is pushing high-speed communications networks as the way to revitalize the local economy. The state of California put in $500,000, and companies that want to participate in the governance of CommerceNet are expected to contribute $25,000 eachin cash or services. But companies that want to enter the CommerceNet marketplace need not pay anything beyond the cost of their own hardware. CommerceNet will provide starter software and technical assistance for free to those who want to engage in electronic commerce. IF YOU'RE INTERESTED For information about CommerceNet, call (415) 617-8790, or send e-mail to info at commerce.net From hughes at ah.com Mon Apr 11 14:35:56 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 11 Apr 94 14:35:56 PDT Subject: Zero Knowledge, Hamiltonian Cycles, and Passwords In-Reply-To: <199404101927.MAA07698@mail.netcom.com> Message-ID: <9404112125.AA20179@ah.com> >As they say, "anything provable in first order logic is provable in a >ZKIPS system." I'm not sure what it means to "prove" you know a method >of factoring numbers (faster than the "normal" methods, presumably) You say something like "there exists a machine M such that ...". This can be put into a first order logic statement, but it requires a proof of correctness that the machine works as advertised. I don't think it would be practical to actually _do_ such a proof yet. Eric From jeremy at crl.com Mon Apr 11 14:40:14 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Mon, 11 Apr 94 14:40:14 PDT Subject: Prime Numbers In-Reply-To: <9404111421.AA02389@next11.math.pitt.edu> Message-ID: > Use Mathematica. The positive integers less than or equal 1000 that are not > prime but (2^n - n)/n is an integer are 1; 341 = 11*31; 561 = 3*11*17; and > ;645 = 3*5*43. The largest less than 10,000 is 8911 = 7*19*67. from what I remember, 1 is not considered a prime number. From unicorn at access.digex.net Mon Apr 11 14:55:01 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 11 Apr 94 14:55:01 PDT Subject: Pseudonyms and Reputa In-Reply-To: <9404112105042054@wov.com> Message-ID: <199404112154.AA06418@access3.digex.net> > > From: dork39 at wov.com > Hf> This is true, but the main purpose of this technology is to prevent > Hf> users from creating large numbers of pseudonymous accounts. No > Hf> technology can stop people from cooperating in an on-line forum, and > Hf> the use of friends' or family members' accounts is also very hard to > Hf> prevent. So collusion at some limited level will always be possible. > Hf> But at least it should be possible to prevent the massive use of nyms. > > Hang on a mo. I'm new here and so I don't know how this > started. If you would be so kind, what is the "problem" here > about "massive use of nyms?" Seems to me that is a kind of > self-limiting bookkeeping job for the user of nyms: like which > ones are for what. Have you guys ever tried to DO a system of > nyms for any important purpose? It is NOT a whole lot of fun: > much more resembling hard work. > > You see I think there are plenty of reasons that reasonable > people would agree are valid for some people to use nyms, even > large numbers of nyms. > > For example I know a lawyer who uses a lot of nyms (and anon PGP > keys) to create "clusters" of people involved with individual > legal cases. It strikes me as a very well organized system for a > good purpose. The people involved in a given case can all talk > to each other about it, and outsiders or people in other cases > don't get to peek in, or even know what the group is about or > who's in it without going to a LOT of trouble. In a closed system such as the one you describe, the problems of free and easy access to nyms is not a concern. My read is that the only time this is in a problem in the way we are approach it is in a less private forum. Mr. Sternlight will be the first to mention that you need not participate in such a forum. I will be the first to advise you actively not to. (See below) > Since Phil is going to release the story to the Wall St. Journal > anyway, I guess I can mention that the encryption method of > CHOICE for the valiant fighters against SLORC in Burma (who are > the worst kind of bad guys by any measure) Your sentence leaves ambiguous what subject the "worst kind of bad guys" clause modifies. Interestingly enough it seems to me that for this argument to have any merit in the way you structure it, one must make a value judgement on who is a valiant guy and who is a bad guy. I think you will find that the more sophisticated of the theorists here will argue that strong encryption and anonymous channels of communication should be available to everyone regardless of what you, I, they or the state department may think of their philosophy, motives or character. > is PGP and they are, > of course, ALL using "nyms" and sterilized anon keys and so on. > They are by FAR the heaviest PGP users in this part of the > world. Full time trainers and the works. But you can surely > see how they might not want to tell the thugs where to come to > get them and their families for a course in extended torture. While the story has merit for a demonstration of legitimate USE of PGP, to hinge the support of that fact to the "goodness" or "badness" of the user is to miss the point. See above Re: your use of the word "thugs." > Now you guys with "ID" fetishes are seeing this as a PROBLEM? > > Excuse me very much, but I think I need to see a LOT of > explaining about that. I think you will find again that the more sophisticated theorists here who oppose the wide availability of anonymous channels will transcend this argument, which is again based on a value judgement of the user's motives. > Note this principle: people with a NEED for anonymity are NOT > going to want to get permission from, or even talk to, some > Central Authority first. There is no way that you or anyone > else is going to be able to decide if any use of anonymity is > "legitimate" or not. I guess you just support my point here. Note that your use of "you or anyone else" includes YOU (Dork). It follows that you have just eradicated your entire argument, which was based on the decision you (Dork) had made on the legitimacy of anonymous communication. > If there are "problems" with that, it seems to me that your > efforts are best directed into figuring out how you can live > with it, and not about how you can "control" or "prevent" it. Might makes right? The ability to create unlimited anonymous accounts overrides the basic question of order? Even if your right, I think it is you who needs to consider this line of argument, and not us. > (Hey I am ever so sorry to hear how some people used nyms to > cheat in a game. But somehow my reaction was "so what?" and to > bang my [Enter] key right smartly. This is your mistake. You'll find, I think, that cypherpunks look to the future, and for ways to solve problems rather than: "...bang[ing] [their] [Enter] key[s] right smartly." > There are people in the > world without the time or inclination to play games. Perhaps > sometime in the next century I might personally get enough slack > and curiosity to take a look at some computer game myself--who > knows? But, you know, even if I do, I kind of think I will have > a real hard time working up a lot of anxiety about possible > cheating.) Which is again, your mistake. The application of said technology tends to begin from "games." Magic money is a crude "game" of sorts with a fictitious bank, and fictitious money. But it illuminates the problems of digital cash in an important way. > In the meanwhile not only do I support nyms and other anonymity, > but I intend to use plenty of them, and will resist any attempts > to preclude that in every way I can. Reckless abandon is unwise, Dork. (As was, I might add, your nym selection. Leaves you way to open. :) ) > GENERAL ADVICE TO ALL ONLOOKERS: Since it looks like > self-appointed "ID police" are working hard to prevent you from > using anonymity, I suggest that if you ever think that you might > ever have a NEED for anonymity at any time in the future, that > you take a little time off and set up a supply for yourself of > nyms and so on and embed them in the system before these guys > get their prevention systems in place. Do that NOW, because > this kind of thinking is a THREAT to you. Try instead: GENERAL ADVICE TO ALL ONLOOKERS: Since it looks like self-appointed ["Nym Police"] are working hard to prevent you from [developing non-anonymous systems], I suggest that if you ever think that you might ever have a NEED for [a non anonymous system] at any time in the future, that you take a little time off and set up a [non-anonymous system] and so on and embed [it] before these guys get their [anonymous] systems in place. Do that NOW, because this kind of thinking is a THREAT to you. Just what is it that makes your "'ID police'" any more self-righteous than you? > [It just occurs to me that this very message has a "nym" on it. Wow, you are quick! > OK here is the reason: mail handling. No offense to a group > like this, but it really qualifies as "recreational" in my > priorities, WAY after personal mail some of which might be very > urgent, business mail, some of which might be urgent, etc. We won't be hearing from you more often? Shame. > But > one inherent weakness of a "mailing list" like this is that if I > subscribed under my regular account, 50 messages a day from this > group would be all mixed in with my other mail. Sounds like a personal failure in the sorting process to me. > Kind of like a > "mandatory newsgroup." You could always ask to be removed from the list... please? > I'm sorry, but that is a GIGANTIC pain > in the ass and might even cause me to overlook something > important in my mail. So, yes, for any such thing as these > mailing lists, I will set up a "nym" or "alias" or whatever you > want to call it, so I can handle that mail *separately*. I also > have several separate accounts for different business reasons. > Is this OK with you, ID freaks? May I have your permission to > continue to do that?] > If you're so sure nyms are ok, why are you explaining yourself to us? Some general thoughts, Dork: Your blind application of value based arguments really takes from the force of persuasion. I suggest you listen more, talk less, and finish your undergraduate education. Many of the posters here who seem to have less experience and "important mail" than you still seem to handle themselves in a much more mature way. It is clear that you are not very open to suggestion in general, as a result I suggest you stop wasting your important time and precious mail space, as well as ours and find something more selfish than a group discussion to participate in. I find that yelling at a wall is very satisfying when I don't want to be persuaded. You might try it. -uni- (Dark) From jeremy at crl.com Mon Apr 11 14:59:17 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Mon, 11 Apr 94 14:59:17 PDT Subject: your mail In-Reply-To: <199404112117.OAA18902@mail.netcom.com> Message-ID: > ''Everybody's worried about whether the Internet can be made as secure as the > phone system,'' said Allen Schiffman, the principal architect of CommerceNet. > ''Well, with this, we can do much better than the telephone system.'' hahahahahahahahahahaha From collins at newton.apple.com Mon Apr 11 14:59:54 1994 From: collins at newton.apple.com (Scott Collins) Date: Mon, 11 Apr 94 14:59:54 PDT Subject: (n!+1)^(1/2) Oops! I'm wrong. Message-ID: <9404112043.AA28093@newton.apple.com> >For any number a, 1is prime. Prime numbers don't have integral square roots. >For example : > >(4!+1)^(1/2)=5 >(5!+1)^(1/2)=11 >(7!+1)^(1/2)=71 I am completely wrong. I replied too hastily. Please accept my apologies. In fact, n!+1 is relatively prime to any a, 13, (n!+1)>(n^2) and may have factors (including an integral square root) larger than n. Oops :-) Scott Collins | "That's not fair!" -- Sarah | "You say that so often. I wonder what your basis 408.862.0540 | for comparison is." -- Goblin King ................|.................................................... BUSINESS. fax:974.6094 R254(IL5-2N) collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2D Cupertino, CA 95014 ..................................................................... PERSONAL. 408.257.1746 1024:669687 catalyst at netcom.com From catalyst-remailer at netcom.com Mon Apr 11 15:26:10 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Mon, 11 Apr 94 15:26:10 PDT Subject: number theorynumber theory Message-ID: <199404112227.PAA07925@mail2.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- All right, a number theory discussion! >The integer N is prime if: > 2^N - 2 > --------- > N is an integer. Well, this is false. The above formula is derived from Fermat's Little Theorem, or Euler's Generalization of Fermat's Little Theorem. a^(n-1) = 1 mod n, n prime, gcd(a,n) = 1 ==> a^n = n mod n a^n - n = kn, for k some integer (a^n - n)/n = k, for k some integer now sub in a = 2. However, the converse of this is not true (n isn't necessarily prime if it satifies the formula). Composities that satisfy this are called pseudoprimes. For example, for a = 2, n = 341 satisfies the relation, so 341 is a pseudoprime base 2. Now it works "most" of the time, and in fact one method of testing large integers for primality is to choose a whole bunch of a's and plug in n. If a^(n-1) mod n != 1, the number is composite and can be rejected. But, if a^(n-1) mod n == 1, you can only be 50% sure n is prime. (Roughly speaking; Phil Karn notes that the PGP docs indicate a 50%, I've seen proofs that this pseudoprime test fails 50% of the time, etc. But these are upper bounds; the real percentage seems much lower and I haven't seen a tighter bound on it). There is a "strong psuedoprime" test, in which failure occurs for at least 25% of integers in the range, thus the probability that a composite will pass is at most 25%. Even better is Lucas' test, but it runs a bit slow. However, you can be unlucky and pick a Carmichael number, which will pass the pseudoprime test for all bases relatively prime to n (for all a such that gcd(a,n) = 1). Ray Cromwell advises to choose n = 561, the smallest Carmichael number (an excellent choice!) Carmichael numbers exist, they are relatively rare, formulas exists for generating some of them... Eric Hughes mentions that 1729 is the next Carmichael number... not quite true. 1105 is the next Carmichael number. (But congrats Eric for even remembering the third one!) ;) Now, some other topics: > For any number n which is prime, (2^n)-1 is also prime (Mersenne's > theorem). Hm... some confusion here. A Mersenne prime is of this form (2^n) - 1 where n is prime, but not all number this formula generates are primes. Mersenne primes are related to perfect numbers. An example of a composite of this form: for n = 11, 2^11 - 1 = 2047 = 23 * 89 > For any number n (2^(2^n))+1 is prime. (I might have that wrong, I > don't remember exactly) Well, no. These number are Fermat numbers, and while the first 5 (n=0 to n=4) but Euler showed that the Fermat number for n=5 is composite. As an aside, Fermat numbers satisfy the pseudoprime test. > For any number n, if the square root of (n!)+1 is an integer, it is > also prime. (This is interesting, but rather useless in practice) A couple of issues here: I think you may be remembering a different theorem, a consequence of Wilson's theorem. Wilson's theorem says: for any prime p, (p-1)! = -1 mod p The theorem I think you are referring to is: if P is the product of the remainders relatively prime to m, then P = +/- 1 mod m; +/- = plus or minus The congruence is +1 except in three cases: 1) m = 4 2) m = p^b (m is a power of an odd prime) 3) m = 2p^b (m is twice the power of an odd prime) I'm still trying to either prove or disprove your claim! Two followups relating the the original formula posted: > For any number a, 1 n!+1 is prime. Prime numbers don't have integral square roots. Good analysis, except for the "n! + 1 is prime" part. The only thing you can say is n!+1 has no factors <= n. For example, n = 4, n!+1 = 25 = 5 * 5. > Well, it was quoted from memory, so it's possible that I made an > error, but it seems to work as stated... > For example : > (4!+1)^(1/2)=5 > (5!+1)^(1/2)=11 > (7!+1)^(1/2)=71 > I can't find a value which produces a result that is a non-prime > integer. (Of course that doesn't prove that there isn't one.) Still working on this... ;) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLanNNYOA7OpLWtYzAQF10wP9GExbaoloiXqFe7AtXb/UzUHXhW3VDC1b mfD0RhgK2i0Dr05RW5FCvj/9i7Jxhrd3E26hTe5g4WckvIcvp+GWhE/5fkdtVMA9 THutX1ukGO/5qCxSRT4hVCeXStAz7tunkF3fcEQjPe8pSSvKxN8tw/wIZzclRDRx JDE4HYRhAz0= =OW8h -----END PGP SIGNATURE----- From anonymous at extropia.wimsey.com Mon Apr 11 15:52:00 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Mon, 11 Apr 94 15:52:00 PDT Subject: Code review is requested Message-ID: <199404112240.AA05488@xtropia> >> 3) There may be other RNG's in existence which are accessed in a >> different way, or have different IO drivers. If you have knowledge of >> such RNG's please post the info to the cypherpunks mailing list. > >In Cryptosystems Journal, published by Tony S Patti, Volume 2 Number 2 >is a description, circuit board layouts, parts list, etc. for Ranger >hardware RNG. It produced 6,750 bits per second into the parallel port of a >standard PC. The author says that you can build a Ranger for less than $40 >worth of parts. > >Cryptosystyems Journal >P.O. Box 188 >Newtown PA 18940-0188 > >I have not seen any reviews of this device, but it has been arround for a >while, and may have been covered before I got interested in the field. > Could not the operating systems' IO driver be used for the interface to the parallel port be used as the interface to the RNG? The hack has support for a device which can be accessed thru an IO driver that returns one random byte for each byte read. (RANDDRIVER). Would this be adequate for such a device, or would special code be required? Is the IO driver for the parallel port that comes with MS-DOS OK for this purpose? Has anyone out there built such a device? Yours in anonymity XXX From gtoal at an-teallach.com Mon Apr 11 16:18:19 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 11 Apr 94 16:18:19 PDT Subject: New anon mailer idea? Message-ID: <199404112317.AAA09654@an-teallach.com> *** This message is not from the person in the headers above. *** Reply to this message as normal, but be sure to include the *** following three lines in the mail when you do: *** Remailer-Reply-To: fdwgfjghfsdvkglhfslkjghfdkjhgkjfhgkfhg *** ljdfhkjhgfkjhfgkvjhfklvgkfjhvbgjkfhgjkhfgfkjhgjkfhgjf *** jkfdhkjfhgk;hfdgklhfdlgfldjkglkjfhg;hfgkjhfhgfghfkdhg *** Your reply mail will be anonymised. :From: Matthew J Ghio :> How about generating a secure hash and using that as an index :> into a table? If there's an address already there, use that - :> otherwise, generate one. :> :> Generate the hash from the incoming address, of course. That way, :> you don't need to keep track of anon-id-to-real-id mappings, yet :> guarantee that each user has one and only one anon address. Of :> course, folks coming in from different hosts will have different :> anon ID's. :> :> Or have I missed some blindingly obvious technical point thaqt :> would make this impossible? :I don't see how this would prevent me from having to keep track of :anon-id-to-real-id mappings. It could work for sending mail, but I'd :still have to have some way of keeping track of the real ids for the :replies. Excuse me butting in to a discussion I haven't really been following (I don't have a lot of interest in remailers); I'm wondering if everyone is missing some terribly obvious point here. Without knowing too much about how the current anon/remail stuff works, tell me what you think of this way of doing things (apologies if it's what someone already does or has been discussed recently). I want to mail fred at somesite anonymously. I know fred at somesite's public key. I encrypt my message for fred, then send it to a remailer address with instructions to pass it on to fred. For a little eavesdropping security, I include an anonymous pgp key of mine in the mail to fred so that he can reply to me without the remailer operators reading his mail. You can choose your favourite syntax for how I ask the remailer to send this mail to fred - I don't care what it is. The remailer then encrypts *my reply mail address* with the remailers own key, and inserts this as a header in the mail which only it can read. It attaches a little message to this header saying 'when you reply to this message, be sure to include this opaque header I'm giving you here...' The recipient gets the mail, decodes it, reads it, and replies. (Maybe encrypted with an anonymous public key I included in the mail, maybe in cleartext - doesn't matter for the scheme) When he replies, he included the small encrypted block that the remailer gave him at the top of his message, as he was asked to do by the remailer. The reply goes to the anonymous remailer. The anonymous remailer decrypts the header block that it searches the mail for, and extracts my email address from it again. The remailer then passes the mail back to me - this time including an encrypted block with the fred at somesite's address in it. (Or some other address if fred replied from another account; or perhaps I mailed a mail to news gateway - well, my encrypted address will still work even if a dozen people reply to the news article by mailing via the remailer, and now I *don't* know who the encrypted sender is) In this way, once a conversation has been established, replies can keep going backwards and forwards without much fancy protocol at all - all you ever do is remember not to delete the encrypted block that the remailer keeps inserting at the top of your mail. And with this scheme, the remailer does not need to remember the addresses of either the initial poster or the recipient, and hence can't divulge them if the machine is hacked. So it gives you a combination of the penet-style mailer with return address, and the cypherpunk-style mailer of throw-away anonymity -- as long as you trust the remailer operator not to cheat and log stuff anyway. Of course, you then extend the scheme by the same mechanisms that the cpunk remailers already use - chaining from one remailer to the next... if done properly, the return addresses should chain too, transparently, and the whole scheme will remain easy to use. Clearly this scheme is succeptible to mass logging of comms links followed by a bust to grab the remailer's secret key, but that's about par for the current remailers anyway. This scheme is no worse, and possibly quite a bit better. So, have I just stated the obvious or is this a new idea to anyone? Regards G PS Note this scheme doesn't need Matthew's hack for "+" in usernames, which not everyone wanting to run a remailer in say a private account on netcom etc would be able to install... PPS I thought for fun I'd put a header of the kind I'm talking about on this mail. Anyone replying should note it really *will* go to me, and you *won't* be anonymized ;-) From gtoal at an-teallach.com Mon Apr 11 16:34:51 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 11 Apr 94 16:34:51 PDT Subject: your mail Message-ID: <199404112330.AAA09888@an-teallach.com> From: Chris Knight So much for an Ivy-League education... Please send mailing list requests to owner-cypherpunks at toad.com Actually I think that should be majordomo at toad.com, and if it isn't, then cypherpunks-request at toad.com owner-* addresses are intended for mail bounces and stuff like that. G From gtoal at an-teallach.com Mon Apr 11 16:36:21 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 11 Apr 94 16:36:21 PDT Subject: A confused quotation ? Message-ID: <199404112333.AAA09944@an-teallach.com> : Is this not strange ? :Date: Sun, 10 Apr 1994 20:26:23 -0400 :From: E-D-U-P-A-G-E : ... : :OPEN SECRET : Instead of using mathematical codes to scramble and unscramble :messages, Georgia Tech physicists are devising a way of sending a message :with electronic noise generated by a flickering laser. By connecting :identical lasers over fiber optics, the same random pattern of noise is :generated at both the sending and receiving end, and the receiving simply :subtracts the noise to uncover the message. (Atlanta Journal-Constitution :4/7/94 E2) It is as you say a confused quotation. My guess is it's that synchronised chaos crap again, badly reported. G From karn at qualcomm.com Mon Apr 11 16:47:24 1994 From: karn at qualcomm.com (Phil Karn) Date: Mon, 11 Apr 94 16:47:24 PDT Subject: number theory In-Reply-To: <199404112227.PAA07925@mail2.netcom.com> Message-ID: <199404112346.QAA11556@servo.qualcomm.com> What estimates exist for the density of large Carmichael numbers, say 1000 bits long? I.e., what's the probability of running into one by accident when generating primes by the usual technique of picking a random starting point and searching up until you find a number that passes seive or small factor tests and a few iterations of Fermat's test? Are other probability tests like Miller-Rabin any more provably likely to detect these? I'm currently playing with the Miller-Rabin test. Boy, is modular exponentiation a pig (at least the routine in RSAREF). Phil From tcmay at netcom.com Mon Apr 11 17:06:09 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 11 Apr 94 17:06:09 PDT Subject: "Rendezvous with Ramanujan" In-Reply-To: <199404112227.PAA07925@mail2.netcom.com> Message-ID: <199404120007.RAA22767@mail.netcom.com> Some anonymous agent wrote: > Eric Hughes mentions that 1729 is the next Carmichael number... not > quite true. 1105 is the next Carmichael number. (But congrats Eric > for even remembering the third one!) ;) > I suspect Eric's memory was influenced by his memories of last Saturday night, after the Cyperpunks meeting and after the Dave Emory lecture a half dozen of us saw that evening. We all decided to attend the midnight showing at the Stanford Theater of a new Indian film, "Rendezvous with Ramanujan," based of course on the famous Arthur C. Clarke novel, and directed by noted British director, G. H. Hardy (no relation to Norm Hardy). Our taxi had the license plate number "RSA-1729," which we took to be a pun about the next big factoring project. After all, 1729 is a rather unremarkable number. The taxi driver, an unemployed mathematician named Ted Streleski, was heard muttering, "Some squares, some cubes." --Klaus! von Future Prime (channeled by Tim May) -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From pcw at access.digex.net Mon Apr 11 17:08:36 1994 From: pcw at access.digex.net (Peter Wayner) Date: Mon, 11 Apr 94 17:08:36 PDT Subject: Classic Math gone wrong...Re: (n!+1)^(1/2) Message-ID: <199404120007.AA13053@access3.digex.net> > >For any number n, if the square root of (n!)+1 is an integer, it is also > >prime. (This is interesting, but rather useless in practice) > >For any number a, 1is prime. Prime numbers don't have integral square roots. You're getting things missed up with the classic proof that there is no largest prime number. This doesn't hold in general. Try a=5. 5!=5*4*3*2*1=120. 120+1=121. 121=11*11. The classic proof goes: Is there a largest prime number? If there is then collect all primes, p1...pn and multiply them together p=p1*p2*...*pn. p+1 is not divisible by p1...pn. Therefore p+1 is a prime. Therefore there is no largest prime number. > > >Scott Collins | "That's not fair!" -- Sarah > | "You say that so often. I wonder what your basis > 408.862.0540 | for comparison is." -- Goblin King >................|.................................................... >BUSINESS. fax:974.6094 R254(IL5-2N) collins at newton.apple.com >Apple Computer, Inc. 5 Infinite Loop, MS 305-2D Cupertino, CA 95014 >..................................................................... >PERSONAL. 408.257.1746 1024:669687 catalyst at netcom.com From Frank.Vernaillen at rug.ac.be Mon Apr 11 18:01:41 1994 From: Frank.Vernaillen at rug.ac.be (Frank Vernaillen) Date: Mon, 11 Apr 94 18:01:41 PDT Subject: Classic Math gone wrong...Re: (n!+1)^(1/2) In-Reply-To: <199404120007.AA13053@access3.digex.net> Message-ID: > Scott Collins: > (...) > The classic proof goes: > > Is there a largest prime number? > If there is then collect all primes, p1...pn and multiply them > together p=p1*p2*...*pn. p+1 is not divisible by p1...pn. Therefore > p+1 is a prime. This last step (therefore p+1 is a prime) is not totally correct. You forgot the posibility p+1 NOT prime, but some prime number pn divides p+1. This number is prime and >pn. So in any case there would exist a prime >pn, which contradicts the hypothesis, and the conclusion is indeed: > Therefore there is no largest prime number. Frank.Vernaillen at rug.ac.be From XXCLARK at indst.indstate.edu Mon Apr 11 18:10:46 1994 From: XXCLARK at indst.indstate.edu (XXCLARK at indst.indstate.edu) Date: Mon, 11 Apr 94 18:10:46 PDT Subject: Tessera Message-ID: <9404120110.AA05757@toad.com> Check the April 4, 1994 issue of Electronic Design magazine, New Products section, p. 148. Product is the Tessera card, by National Semiconductor. A "token". From jeremy at crl.com Mon Apr 11 18:26:32 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Mon, 11 Apr 94 18:26:32 PDT Subject: Classic Math gone wrong...Re: (n!+1)^(1/2) In-Reply-To: <199404120007.AA13053@access3.digex.net> Message-ID: On Mon, 11 Apr 1994, Peter Wayner wrote: > Is there a largest prime number? > If there is then collect all primes, p1...pn and multiply them > together p=p1*p2*...*pn. p+1 is not divisible by p1...pn. Therefore > p+1 is a prime. Therefore there is no largest prime number. That's cool, why doesn't anyone use this to generate large prime numbers? I can see great potential for this one. Awaiting scorching flames, Jeremy _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From rjc at gnu.ai.mit.edu Mon Apr 11 18:39:09 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Mon, 11 Apr 94 18:39:09 PDT Subject: number theory Message-ID: <9404120138.AA09603@geech.gnu.ai.mit.edu> Phil Karn [density of Carmichael numbers?] I have a vague recollection of the number of Carmichael numbers less than N being N^(2/7). Thus, the number of 1000-bit Carmichael numbers is (2^1001)^(2/7) - (2^1000)^(2/7) = 2^286 - 2^(2000/7) = 2^285*(2-2^(5/7)) =~ 2.2 x 10^86 I make no claims that this information is correct. -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From fnerd at smds.com Mon Apr 11 18:42:51 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 11 Apr 94 18:42:51 PDT Subject: Wandering Seniors Message-ID: <9404112051.AA08049@smds.com> I saw something scary on our "public access" cable channel, just a one-screen announcement, and please forgive my memory: WANDERING SENIORS PROGRAM Help find Alzheimers patients who have gotten lost. New program gives people identification for life. [I didn't catch the program's phone number.] Seems like it just keeps oozing down those slippery slopes, don't it? -fnerd quote me - - - - - - - - - - - - - - - `We want information.' `You won't get it!' `By hook or by crook, we will.' -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From mpd at netcom.com Mon Apr 11 19:01:49 1994 From: mpd at netcom.com (Mike Duvos) Date: Mon, 11 Apr 94 19:01:49 PDT Subject: Classic Math gone wrong...Re: (n!+1)^(1/2) In-Reply-To: Message-ID: <199404120202.TAA06360@mail.netcom.com> > On Mon, 11 Apr 1994, Peter Wayner wrote: > > Is there a largest prime number? > > If there is then collect all primes, p1...pn and multiply them > > together p=p1*p2*...*pn. p+1 is not divisible by p1...pn. Therefore > > p+1 is a prime. Therefore there is no largest prime number. > That's cool, why doesn't anyone use this to generate large prime numbers? > I can see great potential for this one. > Awaiting scorching flames, > Jeremy The product of a bunch of primes plus one is not necessarily prime. It just contains a prime factor not in the primes multiplied together. When looking for a large prime number in some range of integers, it is computationally more efficient to simply strobe upwards from some starting point testing for primality than it is to try to generate the prime directly using a mathematical formula. -- Mike Duvos $ PGP 2.3a Public Key available $ mpd at netcom.com $ via Finger. $ From ebrandt at jarthur.cs.hmc.edu Mon Apr 11 19:24:14 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Mon, 11 Apr 94 19:24:14 PDT Subject: Prime Numbers In-Reply-To: Message-ID: <9404120224.AA07676@toad.com> > primes numbers who happen to be of the form (2^(2^n))+1 are called > Fermat primes. Some pretty large ones are known (could send a list...) Please do. My recollection was that none existed above 65537. Eli ebrandt at hmc.edu From nobody at shell.portal.com Mon Apr 11 19:56:13 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Mon, 11 Apr 94 19:56:13 PDT Subject: more number theorymore number theory Message-ID: <199404120257.TAA26115@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- > What estimates exist for the density of large Carmichael numbers, > say 1000 bits long? I'm not sure off hand - maybe Ray can try to check the source of his formula. Carmichael numbers must be square free and the product of at least three primes... I seem to remember a formula for the distribution of square free integers, but can't quite remember it... > test? Are other probability tests like Miller-Rabin any more > provably likely to detect these? Well Phil, you are in luck! Miller-Rabin isn't fooled by Carmichael numbers. There still is a chance for failure, but it doesn't depend on the input (i.e. there are no bad inputs for Miller-Rabin like there are for pseudoprime testing). Failure depends on how many iterations you perform (n iterations = 2^-n chance of failure) and the values of the base you choose. For example, in Miller-Rabin, the Carmichael number 561 is exposed to be composite by choosing a base of 7. I'm familiar with two other primality testing algorithms (I'm no number theory wiz so there are probably more): Lucas' and Lehmer's. Well, Lehmer's method is a modification of Lucas' method. They both are slow, but have the advantage of being true. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLaoM/IOA7OpLWtYzAQEXPQQAy1110rgCUzLtKoaTsWvGCujq3fWD7Ppz A+/2b4NmR9+YmqHl63kb9zKU1/KOfDVXsmE7o0beyRQzSNGzj2I5yEUrnz0IzBLt cy4ooiE3ED/jBBc01MBYhm5v3s9dIMJNXbsw7mBSBasqzEvHHpjH8dnGZA8QXhYT fKTlU7rKa0o= =XgrZ -----END PGP SIGNATURE----- From rjc at gnu.ai.mit.edu Mon Apr 11 19:59:36 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Mon, 11 Apr 94 19:59:36 PDT Subject: Prime Numbers Message-ID: <9404120259.AA11138@geech.gnu.ai.mit.edu> Eric Hughes: > It was first claimed that if (2^n-2)/n was an integer, then n was > prime. That's false. I thought he said "if p prime, then p|(2^p-2)" which is why I stated the converse isn't true. > then: > > This is fermat's little theorem. What you have written basically > >says 2^N - 2 = 0 (mod N) or 2^(N-1) = 1 (mod N). Note, the converse > >doesn't apply. If (2^N-2)/N is an integer, N isn't neccessarily > >prime. For example, take N=561=(3*11*37) > > 561 is the first Carmichael number. If you replace 2 by any other > number relatively prime to 561, then the congruence still holds. (The > second Carmichael number is 1729, if I remember right.) It was Which is why I chose it. Carmichael numbers are pseudoprime in any valid base so when coming up with a counterexample to the converse of fermat's little theorem, just memorize a few Carmichael numbers. The key property of them is if n is a Carmichael number and n=p*q*r, then (p-1), (q-1), and (r-1) divide (n-1). I wonder if Carmichael numbers always have some small factors. If true, PGP's sieve test probably eliminates the very very rare case that you actually choose one. -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From blancw at microsoft.com Mon Apr 11 20:21:19 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 11 Apr 94 20:21:19 PDT Subject: Shot 'Round the World Message-ID: <9404120321.AA15706@netmail2.microsoft.com> From: Greg Broiles "We don't insist on all-or-nothing accuracy in other forms of warfare, why expect it here?" Because you want to succeed? "Psychological warfare is about manipulation and FUD (fear, uncertainty, doubt)." All's fair in love and war. What makes it psychological is the faculty & type of effect aimed for, and FUD isn't the only thing possible, or desireable. "... we don't need to demonstrate good behavior to convince it/them that we deserve or can be trusted......" ". . . to bolster their flagging confidence, they need a good kick in the teeth." "There is no rational argument that can force the non-trusting to trust." ". . . the point may be to create a state of irrationality, not a particular rational conclusion." . What you would be aiming for here, apparently, is neither their psychology nor their intellect. But actually if you are not intending to communicate at all, then all of things which I mentioned are irrelevant. I would leave you to your own devices. "Perhaps this discourse about "images" isn't useful, and it's time to talk about capabilities." . What image do you get of the engagement of your capabilities under normal circumstances vs under a totalitarian regime? What sort of picture is created in your mind by the statements about human nature, "endowed ...with inalienable rights", among which are included "Life, liberty, Pursuit of Happiness", and what do you suppose George thought about that? Some questions I would ask in regard to this warfare business: What sort of a win would you be aiming for, which served the purposes of rational discussion poorly? For how long would you be expecting to live in the company of those whom you drove to irrationality? And how would you go about the business of returning everything back to a viable, liveable state, supposing you achieved victory? Blanc From gtoal at pizzabox.demon.co.uk Mon Apr 11 21:59:24 1994 From: gtoal at pizzabox.demon.co.uk (gtoal@gtoal.com) Date: Mon, 11 Apr 94 21:59:24 PDT Subject: New anon mailer idea? Message-ID: <9404120451.AA29748@pizzabox.demon.co.uk> Following up my own post, because I'm rather pleased with it and have had some more ideas... :-) : I want to mail fred at somesite anonymously. I know fred at somesite's : public key. I encrypt my message for fred, then send it to a : remailer address with instructions to pass it on to fred. For a little : eavesdropping security, I include an anonymous pgp key of mine : in the mail to fred so that he can reply to me without the remailer : operators reading his mail. You can choose your favourite syntax : for how I ask the remailer to send this mail to fred - I don't care : what it is. : The remailer then encrypts *my reply mail address* with the remailers own : key, and inserts this as a header in the mail which only it can read. : It attaches a little message to this header saying 'when you reply to : this message, be sure to include this opaque header I'm giving : you here...' : The recipient gets the mail, decodes it, reads it, and replies. : (Maybe encrypted with an anonymous public key I included in the : mail, maybe in cleartext - doesn't matter for the scheme) When : he replies, he included the small encrypted block that the remailer : gave him at the top of his message, as he was asked to do by the : remailer. : The reply goes to the anonymous remailer. The anonymous remailer : decrypts the header block that it searches the mail for, and : extracts my email address from it again. The remailer then passes : the mail back to me - this time including an encrypted block with : the fred at somesite's address in it. (Or some other address if : fred replied from another account; or perhaps I mailed a mail : to news gateway - well, my encrypted address will still work : even if a dozen people reply to the news article by mailing : via the remailer, and now I *don't* know who the encrypted : sender is) : In this way, once a conversation has been established, replies : can keep going backwards and forwards without much fancy protocol : at all - all you ever do is remember not to delete the encrypted : block that the remailer keeps inserting at the top of your mail. I've thought of another thing that cypherpunks like that this scheme can do: return postage. Where the remailer encrypts the reply address and puts it in the body of the destination mail, so that the adressee can reply, I'd been assuming a public key system like pgp, just because that's what we're used to. But in fact the encryption is entirely private to the remailer and might as well be secret key like DES. So instead of having a single master key, let's use a key that's generated for each message. So, the remailer encrypts the return block with a secret DES key, and includes something like the MD5 hash of the DES key in cleartext so that it can find the correct DES key when the reply comes back. (Hmmm. doesn't have to be the md5 hash - could even be the filename that stores the key - yeah, that works better...) Anyway, we now have a way of doing postage. Let's say that the outgoing message was to a mail2news gateway, and the sender asked for a limit of 10 replies. Then as each reply comes in, the reply count stored in the file that holds the DES key is decremented to 0, and when it hits 0 the file is deleted. Unless the remailer operator made illicit backups, that return address can *never* be used again - it may be out there on the net in an encrypted version, but *no-one* can now decrypt it. More likely you'd use this feature to guarantee single-shot replies. Similarly, the same thing can be applied to timed-expiry keys - the file storing the DES key can be removed after a certain time has elapsed. If you post a message on some timely event, you arrange that only answers posted in the next 48 hours will be delivered - anything that arrives too late is bounced by the remailer. I can see *lots* of uses for this feature :-) One nice use of this is to foil traffic analysis - if you send off something to someone with a reply address and force an immediate reply, they don't have time to get stuff in place to watch all the feed sites and follow a message through the net if they later want to trace who you are by sending you lots of mail (a technique I realised would work against Julf's mailer) - as soon as one of the remailer-chain's keys has expired (and been deleted), that part of the routing is permanently broken. Couple this implementation of postage-limitation with the Magic-money stuff for payment and I think we have quite a nice extension of the cypherpunk mailing ethos. I wonder if it could be hacked in to the existing remailers? Anyone interested? G From eagle at deeptht.armory.com Mon Apr 11 22:08:08 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Mon, 11 Apr 94 22:08:08 PDT Subject: Cyber PsyOps (Re: Shot) Message-ID: <9404112207.aa26681@deeptht.armory.com> From: Blanc Weber Date: Mon, 11 Apr 94 20:17:28 PDT >included "Life, liberty, Pursuit of Happiness", and what do you suppose >George thought about that? > >Some questions I would ask in regard to this warfare business: >What sort of a win would you be aiming for, which served the purposes >of rational discussion poorly? For how long would you be expecting to live in the company of those whom you drove to irrationality? And how >would you go about the business of returning everything back to a Psychological Warfare is the only way to compete with the NSA on this issue. This is how they are manipulating the Clinton Administration, and the population with propagandic undue infuluence. Power is only aquired by the fact that the population gives the NSA power via credibility. They are the NSA, ergo, they must know what they are talking about. The Clinton Administration has been similarly duped. Second question. Of the consensual normalities of society, Fredrich Perls said, "You can choose to participate in the collective psychosis, or dare to be yourself, and possibly be crucified." I'm in the business of raising the population's awareness, as is EFF. Perls also said, "Awareness of itself, is curative." Provisions for the survival of tribal anarchy- a pure democracy- were written into the Constitution by Thomas Jefferson, if one is to give weight to progressive theory. An aware, informed, and actively participating population is my aim, not "driven to irrationality" as Blanc state above. The internet, in its present state is a belevolent anarchy, with guidlines of courtesy extended to the new participants by the older experienced participants.Some of us are experienced and quite comfortable functioning in an anarchic environment. As the hordes come, we are already preparing the way for them. Kapor talked about the public outcry that would be percipitated by shutting down the internet. We've talked about strength in numbers. We can trust the innate herd instinct of humankind to self regulate and organize itself with in this new paradigm of confluence. Psychological Warfare is duofold. It harrases the enemy, and hopefully wins the hearts and minds of the population. I suggest Blanc not throw the baby out with the bath water. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From unicorn at access.digex.net Mon Apr 11 22:59:34 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 11 Apr 94 22:59:34 PDT Subject: Cyber PsyOps (Re: Shot) In-Reply-To: <9404112207.aa26681@deeptht.armory.com> Message-ID: <199404120558.AA01264@access1.digex.net> > > > From: Blanc Weber > Date: Mon, 11 Apr 94 20:17:28 PDT > > >included "Life, liberty, Pursuit of Happiness", and what do you suppose > >George thought about that? > > > >Some questions I would ask in regard to this warfare business: > >What sort of a win would you be aiming for, which served the purposes > >of rational discussion poorly? For how long would you be expecting to > live in the company of those whom you drove to irrationality? And how > >would you go about the business of returning everything back to a > > Psychological Warfare is the only way to compete with the NSA on this > issue. This is how they are manipulating the Clinton Administration, and > the population with propagandic undue infuluence. Power is only aquired > by the fact that the population gives the NSA power via credibility. They > are the NSA, ergo, they must know what they are talking about. The Clinton > Administration has been similarly duped. The assertion that the NSA is manipulating the executive borders on the indefensible. The NSA make educated suggestions in their field of expertise. The President worries about the policy implementations from the executive. If the NSA is really in control, why the hell are they doing public relations instead of remaining the super secret agency they would much prefer? This is simply a re-hash of the old arguement I had with tmp at netcom.com. I expected more. > Second question. Of the consensual normalities of society, Fredrich Perls > said, "You can choose to participate in the collective psychosis, or dare > to be yourself, and possibly be crucified." I'm in the business of raising > the population's awareness, as is EFF. Perls also said, "Awareness of > itself, is curative." The problem with your potential crucifiction is that no body gains for your death. You are not Jesus. We do not profit if you are imprisioned. > Provisions for the survival of tribal anarchy- a pure democracy- were written > into the Constitution by Thomas Jefferson, if one is to give weight to > progressive theory. An aware, informed, and actively participating population > is my aim, not "driven to irrationality" as Blanc state above. An aware, informed, and actively participating population being your target, you will want to reach as many people as possible. I think most will agree that you tend to the fringe right now and thus your audience will be limited. > The internet, in its present state is a belevolent anarchy, with guidlines of > courtesy extended to the new participants by the older experienced > participants. Some of us are experienced and quite comfortable > functioning in an anarchic environment. As the hordes come, we are > already preparing the way for them. An anarchy with local lords controlling individual participation. (System admins) An anarchy with regional economic powers that charge for inclusion. (Service providers) An anarchy with an organized watchdog group. (CERT) An anarchy subject to the laws of the participants residency. (MIT bust) An anarchy with export regulations. Some anarchy. It seems to me you're talking about goals, not reality. > Kapor talked about the public outcry that would be percipitated by shutting > down the internet. We've talked about strength in numbers. We can trust the > innate herd instinct of humankind to self regulate and organize itself with > in this new paradigm of confluence. Have to have a real anarchy first. > Psychological Warfare is duofold. It harrases the enemy, and hopefully wins > the hearts and minds of the population. I suggest Blanc not throw the baby > out with the bath water. Harass the NSA. Win the press and the people in the process? If that's what your proposing, I really can't follow you, and I think the majority of the population will tend to think along the same lines. > -- > PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! > > * eagle at deeptht.armory.com email info at eff.org * > *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** > ***** Committed to Free Public Internet Access for World Peace ***** Look, I really don't object to your goals. I'd like less regualtion too. Unfortunately distributing restricted documents at will and declairing psy-warfare on the NSA probably won't get you there. I hope I'm wrong, and I hope you do it all by yourself, but I have to ask the question, had the document been top secret, or even just confidential, would you still have spread it around so easily? To me that reflects a lack of judgement and recklessness. I tend to think of actively subverting an intelligence agency the same way. Better in my mind to learn and act in a guided way, not throwing every stick and spear and gernade that comes to hand at the target. What you seem to be looking for is change, NOW. THIS SECOND. If this is your timetable, I hope you like bloodshed. -uni- (Dark) From johns at macadam.mpce.mq.edu.au Mon Apr 11 23:57:26 1994 From: johns at macadam.mpce.mq.edu.au (John Savage) Date: Mon, 11 Apr 94 23:57:26 PDT Subject: Help: Can I get a current Cypherpunks gateway site list here? Message-ID: <9404120655.AA03642@macadam.mpce.mq.edu.au> I have been sent a somewhat dated file, listing Cypherpunks remailer sites, and mail-to-news gateways; can I get sent a current list, please? (It is the gateway list that I'm particularly after.) In case this is an automated a/c: I did not get the list please send list Thanks, ################## internet: johns at macadam.mpce.mq.edu.au ################### From eagle at deeptht.armory.com Tue Apr 12 00:54:15 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Tue, 12 Apr 94 00:54:15 PDT Subject: Cyber PsyOps Message-ID: <9404120054.aa03553@deeptht.armory.com> Black Unicorn sez.. >What you seem to be looking for is change NOW. >THIS SECOND. If this is your time table, I hope you like bloodshed. Change is happening now. This is not something an individual can instigate, it just happens in predictible cycles. I'm just spitting in the ocean with my $0.02. I am committed to the letter and the spirit of the Constitution of the United States of America. Maybe Marbury v. Madison (1803) was a fuck up. Reversing that decision is a plank of the Libertarian platform. The Constitution has provided amending provisions, and we can always rectify the errors of shortsightedness. Article XXI Section 1. The eighteenth article of amendment to the Constitution of the United States is hereby repealed. I opperate under the ASSUMTION that anything I release publicly, (email post cards included), is available to the intelligence community. Here's a little personal Hx for you and cypherpunks. I find it rather Pynchonesque. Between a high school friend of mine, Peter Anthony Zellner, and I, we have 3 Social Security #'s. Two of them are consecutive and are mine. The US Navy spent a years worth of investigation, (NIS), to find out why Pete's SS# didn't work. He was given an "N" designation for Navy until they got it straightened out. My mother has testified under oath in a court of law she signed my elistment papers when I was 17. When I was 18, my draft classification was 1-H. On 18 February 1983, an Air Force Lt Col stopped by my place in Denver on his way to a conference at Keystone that became SDI. I refused a mission and was cashiered on the spot. End of story. I can offer circumstantial evidence and personal corraboration that the above is true. FOIA is useless. I always draw a blank- (which is indicative of an active file). In the Fall of 1984, at the bequest of Robert Bragg, Petty Officer 1st Class, NIS ran a check on me. The reason is because FTS clearances are "Q" clearances, and I gave Bragg the proper cue. Bragg informed me that NIS considered me questionble. There are a lot of very bright people doing some important work on this list that is far beyond my technical expertise. I don't have to write it, however, just learn how to use it. I offer mainly social philosophy and social activism.In consideration of this, I have no intentions of disscussing the above any further. One may believe it, or disbelieve it. I don't care. If one tends toward disbelief, I'm sure the above will be used in an attempt to discredit me. If my personality and activism is disruptive to cypherpunks, I can always shut up and just read the damn thing. I have no intention of becoming involved in a Detweilerian flame war. Especially with Black Unicorn. I'm trained to determine potential harm of a classified leak. I can tell by Unicorn's response that he is informed to an extent, yet has a limited paradigm of intelligence access by which he/she makes his/her judgements. Carry on cypherpunks. If rebuttal to my statements cloggs the group, I will do all I can to minimize it. I can always sit here and read the damn thing. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From unicorn at access.digex.net Tue Apr 12 01:58:10 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 12 Apr 94 01:58:10 PDT Subject: Cyber PsyOps In-Reply-To: <9404120054.aa03553@deeptht.armory.com> Message-ID: <199404120857.AA03989@access1.digex.net> > > Black Unicorn sez.. > > >What you seem to be looking for is change NOW. > >THIS SECOND. If this is your time table, I hope you like bloodshed. > > Change is happening now. This is not something an individual can instigate, > it just happens in predictible cycles. I'm just spitting in the ocean with > my $0.02. I am committed to the letter and the spirit of the Constitution > of the United States of America. [Deletions] > I opperate under the ASSUMTION that anything I release publicly, (email > post cards included), is available to the intelligence community. Here's > a little personal Hx for you and cypherpunks. I find it rather Pynchonesque. Indeed, you have made it quite clear that you don't seem to care what leaks are attributed to you. > > Between a high school friend of mine, Peter Anthony Zellner, and I, we have > 3 Social Security #'s. Two of them are consecutive and are mine. The US > Navy spent a years worth of investigation, (NIS), to find out why Pete's SS# > didn't work. He was given an "N" designation for Navy until they got it > straightened out. > > My mother has testified under oath in a court of law she signed my elistment > papers when I was 17. When I was 18, my draft classification was 1-H. > > On 18 February 1983, an Air Force Lt Col stopped by my place in Denver on > his way to a conference at Keystone that became SDI. I refused a mission > and was cashiered on the spot. End of story. > > I can offer circumstantial evidence and personal corraboration that the above > is true. FOIA is useless. I always draw a blank- (which is indicative of > an active file). In the Fall of 1984, at the bequest of Robert Bragg, Petty > Officer 1st Class, NIS ran a check on me. The reason is because FTS > clearances are "Q" clearances, and I gave Bragg the proper cue. Bragg > informed me that NIS considered me questionble. [Deletions] > One may believe it, or disbelieve it. I don't care. If one tends toward > disbelief, I'm sure the above will be used in an attempt to discredit me. > If my personality and activism is disruptive to cypherpunks, I can always > shut up and just read the damn thing. I have no intention of becoming > involved in a Detweilerian flame war. I don't intend to flame you, nor to begin a flame war. I questioned your methods, and you respond with nothing but smoke. You outline some broad goals but advance no theories about how they might be accomplished by your immediate actions except admitting that the individual can't affect much. Your approach puzzles me. I will, however, never advance the suggestion that you not participate. I wouldn't bother to reply if you didn't seem worth the effort. This is why I stopped bickering with tmp at netcom.com. You seem too devoted to your cause to be dissuaded by me. What is one to infer about your response to more compelling pressures? > Especially with Black Unicorn. I'm trained to determine potential harm of > a classified leak. I can tell by Unicorn's response that he is informed to > an extent, yet has a limited paradigm of intelligence access by which he/she > makes his/her judgements. This from a "questionable" statured military type with three self-appointed SSN's? I have always found civilian intelligence more agreeable. Less regimented. Less reactionary. Less worry with the indoctrination of training. I'm afraid personal attacks deserve personal attacks. In addition, I question your analysis of the NSA security manual and its potential harm. I might add that I think it suggests a poor CI ability, not a well defined one as you would have us believe. To a person with your training, the damage of the manual should be clear to you. If I'm wrong than Military Intelligence really needs some work indeed. Back to the Walker days in the Navy? > Carry on cypherpunks. If rebuttal to my statements cloggs the group, I will > do all I can to minimize it. I can always sit here and read the damn thing. I believe that what your doing is an key part of cypherpunks, discussing, absorbing, sharpening. It's the DORK39's who are disruptive. Just try not to be so judgemental on a personal level and stick to the argument. You know nothing of me nor my education or experience, don't pretend to by citing some off the wall remark about CI training in the hopes that it might impress the less informed readers. > -- > PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! > > * eagle at deeptht.armory.com email info at eff.org * > *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** > ***** Committed to Free Public Internet Access for World Peace ***** > > From eagle at deeptht.armory.com Tue Apr 12 02:43:34 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Tue, 12 Apr 94 02:43:34 PDT Subject: Cyber PsyOps Message-ID: <9404120243.aa07957@deeptht.armory.com> Having read Black Unicorn, Thank you. Would you please critique my _Paradigms_of_Revolution? I am prone to action on instinct. I'm still thinking about your questions relative to function. For one thing, I suggest that everyone have a refferance with the Constitution with in arms reach of their terminals. Its despicalbly under read by law enforcement types, and may give us an edge up somewhere down the road. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From greg at ideath.goldenbear.com Tue Apr 12 04:50:59 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Tue, 12 Apr 94 04:50:59 PDT Subject: Shot 'Round the World Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Blanc Weber writes: > From: Greg Broiles > "... we don't need to demonstrate good behavior to convince it/them > that we deserve or can be trusted......" > ". . . to bolster their flagging confidence, they need a good kick in > the teeth." > "There is no rational argument that can force the non-trusting to trust." > ". . . the point may be to create a state of irrationality, not a > particular rational conclusion." > . What you would be aiming for here, apparently, is neither their > psychology nor their intellect. But actually if you are not intending > to communicate at all, then all of things which I mentioned are > irrelevant. I would leave you to your own devices. The only message I think is worth communicating is "We're doing our own thing. You will not be able to stop us because of [ .. reasons ..] so don't bother trying. Have a nice day." and I'm inclined to think even that is unnecessary. Terrorism and psychological warfare could be considered a form of communication; it is, after all, intended to create or maintain a particular understanding on the part of others; but it is not communication in the same way that a letter is. I don't know anything at all about what Jeff is up to, so he'll have to speak for his own (actual) motives and purposes; I was hoping to point out that what he's up to can seem more useful when it's not considered in the context of a rational discourse within polite society. > "Perhaps this discourse about "images" isn't useful, and it's time to > talk about capabilities." > . What image do you get of the engagement of your capabilities under > normal circumstances vs under a totalitarian regime? I've got no idea what you mean by "normal circumstances"; if your point is that totalitarianism sucks, I agree. I could chatter on about how I think things ought to be, but I don't imagine most folks give a damn. I believe we have a right to work towards a social/political structure (or lack thereof) where our capabilities are fruitfully and fully engaged, whether or not bureacrats and dictators find that convenient. (Of course, they may have already found the state where *their* capabilities are best engaged .. :) > What sort of picture is created in your mind by the statements about > human nature, "endowed ...with inalienable rights", among which are > included "Life, liberty, Pursuit of Happiness", and what do you suppose > George thought about that? Uhh .. a right to privacy (and to the use of strong crypto) whether or not that makes other people nervous or damages their fragile confidence? > Some questions I would ask in regard to this warfare business: > What sort of a win would you be aiming for, which served the purposes > of rational discussion poorly? For how long would you be expecting to > live in the company of those whom you drove to irrationality? And how > would you go about the business of returning everything back to a > viable, liveable state, supposing you achieved victory? The usual pattern is destabilization, then a power grab by whatever group is correctly positioned - either revolutionaries or the local military. Lather. Rinse. Repeat. Personally, I'm inclined vis-a-vis the NSA and TLA's in general to let sleeping dogs lie, at least for the moment. Other folks (Grady, Jeff) see opportunities differently; I encourage folks who think leverage and timing is on their side to take advantage of opportunities as they occur. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLapGn33YhjZY3fMNAQHmZAP7BscprSqPUr4cIW+nxRv1z/Ym8l2qcF0N Wav2xXK8R2D7ZlYb1fwTw+6Q85Z8fjh/8RXaWkfJzBLvcAj9dxIE+fYc8+USfAfV SfCev9f8QcZ9hYNzkoU4CiwmAftGsZzpoEFVl/N9jjd+YEAbO6ChI5UeBY6+/yeu Q5hVFg6fap0= =y8mJ -----END PGP SIGNATURE----- From Lyle_Seaman at transarc.com Tue Apr 12 08:15:00 1994 From: Lyle_Seaman at transarc.com (Lyle_Seaman at transarc.com) Date: Tue, 12 Apr 94 08:15:00 PDT Subject: Crypto, satellites, & China In-Reply-To: <199404111958.AA26473@poboy.b17c.ingr.com> Message-ID: paul at poboy.b17c.ingr.com (Paul Robichaux) writes: > I never knew that encryption fell under MTCR in addition to ITAR. > Presumably any crypto hardware or software which can be used to > protect missile or satellite telemetry or commanding can be > restricted. It's my understanding that, according to international missile treaties (probably the MTCR), missile telemetry data must be transmitted in the clear. This is ostensibly so that the various world powers can be assured that a "test" missile launch really is a test and is not going to wipe out someone's capital. It's also so that various intelligence agencies can have accurate estimates of everyone's capabilities. This knowledge is widely viewed as stabilising. From hughes at ah.com Tue Apr 12 09:54:45 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 12 Apr 94 09:54:45 PDT Subject: number theory In-Reply-To: <199404112227.PAA07925@mail2.netcom.com> Message-ID: <9404121644.AA21493@ah.com> >If a^(n-1) mod n != 1, the number is composite and can be >rejected. But, if a^(n-1) mod n == 1, you can only be 50% sure n is >prime. I should point out that the standard argument that picking 'k' different values for 'a' and then calculating the probability as (1/2)^k is fallacious. This would be true if the probabilities were independent, but they aren't. There was a paper on this about five years ago whose awareness has not been yet widespread. I no longer have the reference. For everybody that wants to really know about this, find out about the Miller-Rabin test. >(Roughly speaking; Phil Karn notes that the PGP docs indicate >a 50%, I've seen proofs that this pseudoprime test fails 50% of the >time, etc. But these are upper bounds; the real percentage seems much >lower and I haven't seen a tighter bound on it). The 50% figure is easy to show with some considerations about quadratic residues. Tightening the bound is much more difficult. Eric From hughes at ah.com Tue Apr 12 10:02:46 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 12 Apr 94 10:02:46 PDT Subject: number theory In-Reply-To: <199404112346.QAA11556@servo.qualcomm.com> Message-ID: <9404121652.AA21518@ah.com> The figure I have for the Carmichael numbers is x^(.1), where .1 is approximate. Ray has the exponent at 2/7. The exact one doesn't matter so much, because compared to the density of primes (x/ln x), these are both extremely small. The chance of picking a Carmichael number is very small. But that's not the relevant density. The problem with RSAREF's prime testing is that it will find pseudoprimes base 2. Carmichael numbers are pseudoprimes to any base, but that's unneeded for the RSAREF test. What is needed is the density of pseudoprimes base 2. I don't know that figure. I don't know that anybody does. I would really suggest that someone with access to Mathematica or Maple do an experiment to find out how many non-primes the RSAREF algorithm passes. Carmichael numbers do not, generally, pass the Miller-Rabin test. Some might; I'll bet it's an open question. Eric From eagle at deeptht.armory.com Tue Apr 12 10:08:15 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Tue, 12 Apr 94 10:08:15 PDT Subject: Cyber PsyOps & Media Message-ID: <9404121008.aa22177@deeptht.armory.com> I just got off the phone with David Wilson with the Chronicle of Higher Education. Sarah Simpson confirmed my membership in EFF to him, and said I'd better talk to him myself. I told him the document was posted to Usenet, I just accelerated the news of its leak. I told him it was my statement that a wake up call was needed to the American public. They need to take the initiative themselves to attain internet access by their own means. I told him in my opinion it was authentic and I told him why. I assured him that if the document contained classified information I would not have blasted it all over the globe. I told him I had no idea of the origin of the leak. He asked for a copy of my essay, _Paradigms_of_ Revolution_ and I sent it to him. That is a complete report. If it isn't in the above paragraph, I didn't tell him. Are we all clear? Thought so. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From hughes at ah.com Tue Apr 12 10:15:07 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 12 Apr 94 10:15:07 PDT Subject: more number theory In-Reply-To: <199404120257.TAA26115@jobe.shell.portal.com> Message-ID: <9404121704.AA21541@ah.com> >Failure depends on how many iterations >you perform (n iterations = 2^-n chance of failure) and the values of >the base you choose. As I pointed out before, this probability is not correct. The trials are not independent, so you cannot just multiply them together. >I'm familiar with two other primality testing algorithms [...]: >Lucas' and Lehmer's. For some good information on primality testing, see A Course in Computational Algebraic Number Theory by Henri Cohen Chapter 9 is titled "Modern Primality Tests". I give you fair warning that you will not be able to understand this without significant effort. The Pocklington-Lehmer primality test is in Chapter 8 "Factoring in the Dark Ages". There's a very interesting result stated here, "There exists a probabilistic polynomial time algorithm which can prove or disprove that a given number N is prime". The result is by Adleman and Huang. (Yes, _that_ Adleman.) And for purposes of cultural literacy, the names are the Jacobi sum test, the elliptic curve tests, Goldwasser-Kilian, and Atkin (a development on G-K). Eric From mg5n+ at andrew.cmu.edu Tue Apr 12 10:31:45 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 12 Apr 94 10:31:45 PDT Subject: remailer@soda ? Message-ID: Is the remailer at soda.berkeley.edu down? I tried to use it, but it doesn't seem to be remailing. :( From perry at snark.imsi.com Tue Apr 12 10:46:48 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Tue, 12 Apr 94 10:46:48 PDT Subject: Cyber PsyOps & Media In-Reply-To: <9404121008.aa22177@deeptht.armory.com> Message-ID: <9404121745.AA25274@snark.imsi.com> Jeff Davis says: > I just got off the phone with David Wilson with the Chronicle of Higher > Education. A really well known publication. > Sarah Simpson confirmed my membership in EFF to him, and said > I'd better talk to him myself. Yup, its real hard to get EFF membership so check those credentials, folks. > I told him the document was posted to Usenet, I just accelerated the > news of its leak. That document contained SO MUCH unexpected information we can see why you cared that much. > I told him it was my statement that a wake up call was needed to the > American public. I'd suggest using the phone. Call all the numbers in lexicographic sorting order starting with 201-221-0001 and work upwards. Happy dialing. > They need to take the initiative themselves to attain internet > access by their own means. Remember, the lightbulb contains the seeds of its own revolution. > He asked for a copy of my essay, _Paradigms_of_ Revolution_ A classic -- I can see why he wanted it. > That is a complete report. We would ask that from now on you file your reports by typing cat report >/dev/null We will receive all the important contents of your reports far faster that way than via email. > Speaking & Thinking For Myself! Thank goodness you aren't thinking for someone else! > *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** > ***** Committed to Free Public Internet Access for World Peace ***** *PLONK* Perry From lake at evansville.edu Tue Apr 12 10:50:43 1994 From: lake at evansville.edu (Adam Lake) Date: Tue, 12 Apr 94 10:50:43 PDT Subject: alias in phone book Message-ID: I have recently been participating in a thread concerning anonymity and pseudonymity on the Internet. Somebody was complaining about trying to find somebody and they were logged in with an uncorrelatable alias. (Fishman = Don Johnson????) The person was asking for a rule that everyone log in with an alias that DIRECTLY correlated them with their "real world" (relative term) pseudo. Yuch!!!!! What I was wondering was if any of you law hacks out there new anything about the following comment regarding phone books A professor of communications has brought up the fact that it is illegal to use a pseudo in the white pages of the phone book. Is this the case? Help!!!! lake at uenics.evansville.edu ---------------------------------------------------------------------------- Remember the last time you called her, she forgets Pray to her, she will remember that she will remember that ---------------------------------------------------------------------------- From koontzd at lrcs.loral.com Tue Apr 12 10:53:11 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Tue, 12 Apr 94 10:53:11 PDT Subject: Crypto, satellites, & China Message-ID: <9404121752.AA28444@io.lrcs.loral.com> >From: Lyle_Seaman at transarc.com > >paul at poboy.b17c.ingr.com (Paul Robichaux) writes: >> I never knew that encryption fell under MTCR in addition to ITAR. >> Presumably any crypto hardware or software which can be used to >> protect missile or satellite telemetry or commanding can be >> restricted. > >It's my understanding that, according to international missile >treaties (probably the MTCR), missile telemetry data must be >transmitted in the clear. This is ostensibly so that the various >world powers can be assured that a "test" missile launch really is a >test and is not going to wipe out someone's capital. It's also so >that various intelligence agencies can have accurate estimates of >everyone's capabilities. This knowledge is widely viewed as >stabilising. The space shuttle has provision for receive only secure voice for the same reason. On military missions they carry up codelists such as one would use over insecure medium. One wonders if they install a locking door on one of the lockers for securing classified. From koontzd at lrcs.loral.com Tue Apr 12 11:23:03 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Tue, 12 Apr 94 11:23:03 PDT Subject: Clipper Chips in video descramblers Message-ID: <9404121822.AA28517@io.lrcs.loral.com> Recently someone posted reference to GI (General Instruments) getting authority to use Clipper chips in descramblers. One wonders about motivation on their part. ITAR already exempts the use of crypto in video descramblers where the crypto cannot be used for other purposes. DES is already used in descramblers such as the Video Cypher II, and can be exported under commodity jurisdiction. It is unlikely that anyone is going to spend the money to break DES keys and redistribute pirate authorization. The chances of discovery are too large. So, what is their motivation? From jthomas at access.digex.net Tue Apr 12 11:51:44 1994 From: jthomas at access.digex.net (Joe Thomas) Date: Tue, 12 Apr 94 11:51:44 PDT Subject: Clipper Chips in video descramblers In-Reply-To: <9404121822.AA28517@io.lrcs.loral.com> Message-ID: On Tue, 12 Apr 1994, David Koontz wrote: > Recently someone posted reference to GI (General Instruments) getting > authority to use Clipper chips in descramblers. One wonders about > motivation on their part. Maybe they were "suitably incentivized..." Joe From blancw at microsoft.com Tue Apr 12 12:12:08 1994 From: blancw at microsoft.com (Blanc Weber) Date: Tue, 12 Apr 94 12:12:08 PDT Subject: Cyber PsyOps (Re: Shot) Message-ID: <9404121913.AA05000@netmail2.microsoft.com> From: Jeff Davis "Psychological Warfare is duofold. It harrases the enemy, and hopefully wins the hearts and minds of the population." And then all you have to do is maintain your control over the situation. Once you have persuaded everyone to come over to your psychological point of view and have won their sympathies, all you have to do is leave them to their own imagination and they will, like "herds", self-regulate and organize into a new paradigm of confluence according to the tribal provisions written into the Constitution by Thomas Jefferson, thus giving weight to progressive theory. Then for sure you would have a society based on consensual normalities, the horde for whom you would have prepared the way: aware, informed, and actively participating in your aim. Definitely, this would prove that Marbury v. Madison (1803) was a *not* a fuck up. The Libertarian platform would not reverse that decision, because the Constitution has provided amending provisions, and we can always rectify the errors of shortsightedness. I mean, the FOIA may be useless, but we *could* always sit here and read the damn thing. Psychological Warfare is truly the only way to compete with the NSA on this issue. Blanc From hughes at ah.com Tue Apr 12 12:12:35 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 12 Apr 94 12:12:35 PDT Subject: alias in phone book In-Reply-To: Message-ID: <9404121902.AA21744@ah.com> >A professor of communications has brought up the fact that it is illegal >to use a pseudo in the white pages of the phone book. Is this the case? I would suggest first, to ask this professor to make a legal citation, and if one is not forthcoming, to ask for a retraction of the claim. Eric From paul at poboy.b17c.ingr.com Tue Apr 12 12:29:16 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Tue, 12 Apr 94 12:29:16 PDT Subject: Crypto, satellites, & China In-Reply-To: Message-ID: <199404121924.AA04683@poboy.b17c.ingr.com> > It's my understanding that, according to international missile > treaties (probably the MTCR), missile telemetry data must be > transmitted in the clear. This is ostensibly so that the various > world powers can be assured that a "test" missile launch really is a > test and is not going to wipe out someone's capital. It's also so > that various intelligence agencies can have accurate estimates of > everyone's capabilities. This knowledge is widely viewed as > stabilising. No, I think the MTCR is like ITAR: it restricts who may export what. The MTCR is the rationale behind why we don't export rocket engines to countries like Pakistan who are believed to be developing IRBMs. Of course, some dual-use technology probably slips through, just as it has with ITAR and COCOM. All of the strategic arms reduction treaties include a provision for telemetry monitoring, but I didn't think "ordinary" satellite launches were covered. Especially in the case of commanding; you really don't want J. Random Hacker to reorient the attitude or orbit of your comsat. -Paul -- Paul Robichaux, KD4JZG | Out the 10Base-T port, through the router, perobich at ingr.com | over the leased line, off the bridge, past Intergraph Federal Systems | the firewall... nothing but net. Of course I don't speak for Intergraph. From habs at warwick.com Tue Apr 12 12:31:03 1994 From: habs at warwick.com (Harry Shapiro Hawk) Date: Tue, 12 Apr 94 12:31:03 PDT Subject: Clipper Chips in video descramblers Message-ID: <9404121925.AA02898@warwick.com> David Koontz: @ Recently someone posted reference to GI (General Instruments) getting @ authority to use Clipper chips in descramblers. One wonders about @ motivation on their part. ITAR already exempts the use of crypto @ in video descramblers where the crypto cannot be used for other purposes. @ So, what is their motivation? As I have long predicted, clipper has a likely chance of going into every cable converter/set-top box. That's 65 million homes and that would make clipper the defacto encrypt/decrypt system in the world. Cable systems need strong cypto to prevent not only theft of their services but to product the transactional data of their customers. (e.g, to hide what you are ordering on pay per view, your credit card numbers, etc,) and when they offer voice services they will also need to encrypt your voice.... This is really big brother in your living room, your bedroom, and if you have a TV there, you bathroom..... kitchen, den, workstop and ..... well you get the point. Harry Shapiro Hawk Manager of Computer Services Warwick Baker & Fiore habs at uucp.warwick.com From perry at snark.imsi.com Tue Apr 12 12:36:20 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Tue, 12 Apr 94 12:36:20 PDT Subject: alias in phone book In-Reply-To: <9404121902.AA21744@ah.com> Message-ID: <9404121936.AA25442@snark.imsi.com> Eric Hughes says: > >A professor of communications has brought up the fact that it is illegal > >to use a pseudo in the white pages of the phone book. Is this the case? > > I would suggest first, to ask this professor to make a legal citation, > and if one is not forthcoming, to ask for a retraction of the claim. A friend of mine who's a lawyer has a subtle pseudo in the phone book because he doesn't want to be harrassed at home by clients. (Basically he's listed under a deliberate misspelling of his name.) The phone company cheerfully listed him under a different name than the one on his bill. The "professor" in question is likely very very wrong. Perry From fhalper at pilot.njin.net Tue Apr 12 12:38:19 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Tue, 12 Apr 94 12:38:19 PDT Subject: MacPGP and AOL(again) Message-ID: <9404121938.AA03318@pilot.njin.net> I have figure out a way to distribute MacPGP on AOL. I uploaded a listing of where to get MacPGP and in the file description I said that I would e-mail individuals that wanted MacPGP but didn't have Internet access, along with sprea ding the word around. I will only have to mail it originally to myself and then forward it to others as they request it. Any comments or suggestions are welcome. Reuben Halper Montclair High~r MyPublicKey.asc From remailer-admin at chaos.bsu.edu Tue Apr 12 12:41:25 1994 From: remailer-admin at chaos.bsu.edu (Anonymous) Date: Tue, 12 Apr 94 12:41:25 PDT Subject: No Subject Message-ID: <199404122044.OAA20328@chaos.bsu.edu> -----BEGIN PGP SIGNED MESSAGE----- Earlier, somebody indicated that large primes of the form 2^(2^n)+1 exist... actually, it is conjectured that beginning with F5, all are composite. This person is probably confusing Fermat numbers with Mersenne numbers (see my earlier post) - large Mersenne primes exist, but not all Mersenne numbers are primes. Also, it was suggested that 2^128+1 is prime; this is false. You can almost do the calculation by hand using Fermat's Little Theorem. But with Mathematica: PowerMod[3, 2^128, 2^128+1] = 47511664169441434718291075092691853899 This is not 1 so 2^128+1 is definitely not prime. > The key property of them is if n is a Carmichael number and n=p*q*r, > then (p-1), (q-1), and (r-1) divide (n-1). > I wonder if Carmichael numbers always have some small factors. Well, many Carmichael numbers do have small factors, but not necessarily. If you derive the formuals for creating Carmichael numbers, you can use them to create Carmichael numbers with prime factors, arbitrarily large if your patience is willing. For example (with just a few minutes of Mathematica time) p = 600035641 q = 1200071281 r = 1800106921 n = 1296230964879005767193383441 p,q,r are prime n is a Carmichael number And incidentally, Carmichael numbers can have more than three prime factors, for instance 7 * 13 * 19 * 37, the smallest Carmichael number with four. > I should point out that the standard argument that picking 'k' > different values for 'a' and then calculating the probability as > (1/2)^k is fallacious. This would be true if the probabilities were > independent, but they aren't. There was a paper on this about five > years ago whose awareness has not been yet widespread. I no longer > have the reference. Well, for our purposes, we only care if the probability is lower or higher than (1/2)^k. Maybe you can be more certain than (1/2)^k in which case you are even happier. So this is "fallacious" because the probabilities aren't independent... so, what, are we talking larger than (1/2)^k or smaller? If smaller, then (1/2)^k is an easy to calculate upper bound. Earlier, I said: >> Failure depends on how many iterations you perform (n iterations = >> 2^-n chance of failure) and the values of the base you choose. >As I pointed out before, this probability is not correct. The trials >are not independent, so you cannot just multiply them together. Okay, this paper you keep referencing - does it apply to primality testing based on pseudoprimes (converse of Fermat's Little Theorem), or other methods, such as Miller-Rabin? The above passage (the double quoted one) applies specifically to Miller-Rabin, a test which has no "bad" inputs - e.g. there exist numbers which will always pass pseudoprime testing, but there do not exist numbers which always pass Miller-Rabin. For M-R, the chance of failure depends on the number of iterations. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLar5AYOA7OpLWtYzAQEyLQP/Wb6m+S0pBQrkqPVrbUgkLCgoT5fmLuKC +0zZ6plve65CuUSalI//L+kZmfaf2WiJnAow1V58i7YJQwMKnds3KomZKbMMpzzb Y3wbQvuNc+T0kSi7uMeJG0vuzgwjgCYzAI0Xqv2i7hkMN1wejqax8tSK0ZKualrr SEJKeTKmBvA= =RwAS -----END PGP SIGNATURE----- From rperkins-remailer at nyx.cs.du.edu Tue Apr 12 12:58:25 1994 From: rperkins-remailer at nyx.cs.du.edu (rperkins-remailer at nyx.cs.du.edu) Date: Tue, 12 Apr 94 12:58:25 PDT Subject: number theory Message-ID: <9404121958.AA03410@nyx.cs.du.edu> -----BEGIN PGP SIGNED MESSAGE----- > I should point out that the standard argument that picking 'k' > different values for 'a' and then calculating the probability as > (1/2)^k is fallacious. This would be true if the probabilities were > independent, but they aren't. There was a paper on this about five > years ago whose awareness has not been yet widespread. I no longer > have the reference. Okay, my memory has been jogged... is this a paper by Pomerance, "On the distribution of pseudoprimes"? He gave more precise estimates for the number of base-2 pseudoprimes. With his more precise estimates, the chance of a 100 digit number passing the base-2 pseudoprime test is about 1/10^13... I think his work applies only to base-2 pseudoprimes, so my statement concerning the error rate of Miller-Rabin is still correct: for s iterations, the chance of failure is 2^-s. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCUAgUBLar8xIOA7OpLWtYzAQEAmgP2NQx7a3woaZMgT5CeqOFrhqyRcYt3mAPd 9bnf+f19E4Il42e0xw9vQjOMyowB/IkATQf+//ADIFxhE9p+2MOpD8eDr9saGYOV bVwV2/bWtzsHqjsbWRH27/5lEwFXerGfJNSc1ITkZFwp1QwpzmVvn6gkOZ2lf0AJ /q3QneS7iw== =2XH+ -----END PGP SIGNATURE----- From dmandl at lehman.com Tue Apr 12 13:19:58 1994 From: dmandl at lehman.com (David Mandl) Date: Tue, 12 Apr 94 13:19:58 PDT Subject: alias in phone book Message-ID: <9404121954.AA03498@disvnm2.lehman.com> > From: hughes at ah.com (Eric Hughes) > > >A professor of communications has brought up the fact that it is illegal > >to use a pseudo in the white pages of the phone book. Is this the case? > > I would suggest first, to ask this professor to make a legal citation, > and if one is not forthcoming, to ask for a retraction of the claim. > > Eric It's definitely false, at least here in NYC. A well-known alternative to having an unlisted phone number (a privilege that the phone company charges extra for, the crooks) is to have your phone listed under a different name. So, if I'm listed in the phone book as "Nick Drake," I'm still listed, and so I don't get charged for being unlisted. However, anyone looking for D. Mandl in the phone book won't find me, so I'm _effectively_ unlisted. Strange but true. --Dave. From sandfort at crl.com Tue Apr 12 13:22:29 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 12 Apr 94 13:22:29 PDT Subject: alias in phone book In-Reply-To: Message-ID: C'punks, On Tue, 12 Apr 1994, Adam Lake wrote: > . . . > > A professor of communications has brought up the fact that it is illegal > to use a pseudo in the white pages of the phone book. Is this the case? > Help!!!! To the best of my knowledge, your professor is full of it. For years, I was listed in the White Pages as "TANSTAFFL." The phone company put up a fuss at first, but I bullied them into it. In the same White Pages a gay bartender in San Francisco's Castro district used the name, Kate Forna, which in telephone order is: Forna, Kate Works for me. S a n d y From jimn8 at netcom.com Tue Apr 12 13:25:52 1994 From: jimn8 at netcom.com (Jim Nitchals) Date: Tue, 12 Apr 94 13:25:52 PDT Subject: Alias in phone book Message-ID: <199404122026.NAA25429@netcom9.netcom.com> I doubt it's illegal to use an alias for the white pages. Pac Bell listed me as "Spaceman Spiff" in the '87 or '88 Palo Alto white pages. Only a few people bothered to call and see if there was "really" a Spaceman Spiff at my number :) The reasons for the strange name were: I didn't want to pay for an unlisted number, and Spaceman Spiff was my pseudonym on a BBS that discouraged use of real names. Of course the law may have changed; Pac Bell may have let my request slide by accident; I'm not a lawyer etc. Just supplying a point of information on the subject, - Jim Nitchals (jimn8 at netcom.com) From dwomack at runner.utsa.edu Tue Apr 12 14:54:28 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Tue, 12 Apr 94 14:54:28 PDT Subject: Aliases (general case) Message-ID: <9404122154.AA11300@runner.utsa.edu> Actually, it is legal to use an alias for any number of things, including the phone book, *_so long as the purpose is not to defraud_*; thus, using Mother Teresa Charities might be so construed, while using Sam Jones probably would not be. There are prohibitions against using false ID...driver's lic., passport, and so forth...but not against using an alias. This is all after consultation with my attorney... As a side note, it is possible in Texas to file an "assumed name" at the courthouse of the county(ies) wherein you plan to do business...costs about $15, including the notary fees, and lasts 10 years. You can have almost anything for a name....and what would be more natural than having your new "business name" in the phone book? Nice, legal...and cheap (except a business line is a bit more expensive). Can this be done in other states? Regards, Dave From sfexaminer at aol.com Tue Apr 12 15:22:32 1994 From: sfexaminer at aol.com (sfexaminer at aol.com) Date: Tue, 12 Apr 94 15:22:32 PDT Subject: Keay's story (hitting the street as we speak) Message-ID: <9404121727.tn683217@aol.com> Posted to relevant usenet groups: This story will appear on the front page of the San Francisco Examiner today (4/12/94) in the 3-star and later editions. Keay Davidson is writing a follow-up story for tomorrow: if you were involved or can offer other assistance, please call (415) 777-7793 collect or e-mail sfexaminer at aol.com. Hackers retaliate by leaking manual By Keay Davidson` EXAMINER SCIENCE WRITER` Computer hackers waging what they say is a war against government electronic snooping have distributed over international computer networks a copy of the supersecret U.S. National Security Agency's employee manual. The NSA manual, which was sent to dozens of news organizations Tuesday, was distributed ""to embarrass the NSA'' and prove that even the U.S. government's most covert agency can't keep documents secret, said Grady Ward, a software designer from Arcata in Humboldt County. Ward said the document initially appeared on a Texas-based hackers network late last week, and he helped redistribute it over other electronic networks. ""The intent is to embarrass the NSA and demonstrate that even their own security manual can be distributed,'' Ward said. NSA officials said the document is an unclassified employee handbook. Anyone seeking a copy of it would need to file a Freedom of Information Act request, said NSA spokeswoman Judi Emmel. The identity of the person who initially obtained the document and how it was obtained was not clear. The manual warns employees to safeguard the document: ""While you may take this handbook home for further study, remember that is does contain "FOR OFFICIAL USE ONLY' information which should be protected. ... Appropriate administrative action will be taken to determine responsibility and to apply corrective and/or disciplinary measures in cases of unauthorized disclosure. From nobody at jarthur.cs.hmc.edu Tue Apr 12 15:54:06 1994 From: nobody at jarthur.cs.hmc.edu (nobody at jarthur.cs.hmc.edu) Date: Tue, 12 Apr 94 15:54:06 PDT Subject: number theory Message-ID: <9404122254.AA03798@toad.com> -----BEGIN PGP SIGNED MESSAGE----- > I should point out that the standard argument that picking 'k' > different values for 'a' and then calculating the probability as > (1/2)^k is fallacious. This would be true if the probabilities were > independent, but they aren't. There was a paper on this about five > years ago whose awareness has not been yet widespread. I no longer > have the reference. Okay, my memory has been jogged... is this a paper by Pomerance, "On the distribution of pseudoprimes"? He gave more precise estimates for the number of base-2 pseudoprimes. With his more precise estimates, the chance of a 100 digit number passing the base-2 pseudoprime test is about 1/10^13... I think his work applies only to base-2 pseudoprimes, so my statement concerning the error rate of Miller-Rabin is still correct: for s iterations, the chance of failure is 2^-s. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCUAgUBLar8xIOA7OpLWtYzAQEAmgP2NQx7a3woaZMgT5CeqOFrhqyRcYt3mAPd 9bnf+f19E4Il42e0xw9vQjOMyowB/IkATQf+//ADIFxhE9p+2MOpD8eDr9saGYOV bVwV2/bWtzsHqjsbWRH27/5lEwFXerGfJNSc1ITkZFwp1QwpzmVvn6gkOZ2lf0AJ /q3QneS7iw== =2XH+ -----END PGP SIGNATURE----- From wcs at anchor.ho.att.com Tue Apr 12 16:19:15 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 12 Apr 94 16:19:15 PDT Subject: alias in phone book Message-ID: <9404122318.AA02875@anchor.ho.att.com> > > >illegal to use a pseudo in the white pages of the phone book. > It's definitely false, at least here in NYC. A well-known alternative > to having an unlisted phone number (a privilege that the phone company It may be that, under some monopolies\\\crooks\\bums\\\ Public Utility Commissars, the PUC has made it illegal to avoid Phone Company fees, or (far more likely) some Phone Companies don't let you do this, because it *is* a cheap way to get an unlisted number. I haven't heard of any jurisdictions for which this is true, but there are 50 sets of PUCs who make random annoying laws, and a lot of small phone companies as well as the Bells, GTE, Contel, etc. Most phone companies also let you have additional listings, usually for a fee, which are good for things like roommates, spouses with different last names, organization listings that are really your home phone number, etc. From hughes at ah.com Tue Apr 12 16:26:52 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 12 Apr 94 16:26:52 PDT Subject: alias in phone book In-Reply-To: <9404121936.AA25442@snark.imsi.com> Message-ID: <9404122316.AA22164@ah.com> >The phone >company cheerfully listed him under a different name than the one on >his bill. As long as we're telling funny phone name stories, I had a friend who had not only an "unlisted" number, but even if you knew the fake name, it was also unqueryable. Fokkersef, Hugo A friend of his was trying to get in touch with him from another city and only knew the alias. The first time he asked the information operator for the number for "Hugo Fokkersef", he got hung up on. After the third hang-up, he gave up. Eric From mg5n+ea1e6llvoz70pb6bweqlrmyla4udd80xgn0a0saq03 at andrew.cmu.edu Tue Apr 12 17:12:23 1994 From: mg5n+ea1e6llvoz70pb6bweqlrmyla4udd80xgn0a0saq03 at andrew.cmu.edu (Anonymous) Date: Tue, 12 Apr 94 17:12:23 PDT Subject: Yet more number theory Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Well, I'm the person posting all the number theory stuff anonymously. Well, not too anonymously since I am signing each post... ;) I thought I'd try out Matt Ghio's service. I'm not sure exactly what will happen, but hopefully you will able to reply to this message and reach me! Anyway, I got my copy of "Elementary Number Theory and its Applications" by Kenneth Rosen just now, and checked Miller-Rabin primality testing, and pseudoprime primality testing. Eric pointed out some recent work (by Pomerance I presume) and it does indeed junk the notion that for pseudoprime testing, the failure rate is 2^-n, n being the number of trials. However, Miller-Rabin isn't susceptible (it uses strong pseudoprime testing) - and what it even better is the latest bound is 4^-k! That is, if you pick k integers and perform M-R on n for each, the chance a composite will pass is less than (1/4)^k. And, there is no analogy of a Carmichael number for strong pseudoprimes. So I guess the bottom line is M-R is the way to go. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLas39YOA7OpLWtYzAQETVQP/YzHMudKp/ehgcG0MkBeoyhQsItAlAvXL VVj2VN2ac7KjlqtyP/Frjq+6s/T0ai4MhojboaWKBJfuUvZT1hBj0c0PvkaHVeiQ H1eJpEXEqbFoouRX/M7ZYLmwfeJenKn0th408gJBf6yDHwdv9dyo7//Hhd/GreWJ K+9nHl4k3kU= =9zRl -----END PGP SIGNATURE----- From greg at ideath.goldenbear.com Tue Apr 12 17:47:09 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Tue, 12 Apr 94 17:47:09 PDT Subject: Anonymity and the US Supreme Court Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Adam Lake's question about the legality of pseudonyms sent me trolling about Westlaw today, in search of some case law supporting the rule I learned (somewhere .. sigh.) - that pseudonyms are OK as long as there's no intent to defraud. No luck there yet, but I did find an interesting passage in an opinion which found a LA city ordinance void which required that any handbill have upon it the "true name and address" of the persons responsible for it. "Anonymous pamphlets, leaflets, brochures and even books have played an important role in the progress of mankind. Persecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all." It later says "Even the Federalist Papers, written in favor of the adoption of our Constitution, were published under fictitious names. It is plain that anonymity has sometimes been assumed for the most constructive purposes." Cite is _Talley v. State of California_, 362 U.S. 60, 64-65, 80 S.Ct. 536, 538-539 (1960). -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLas8qH3YhjZY3fMNAQGHogP+KZKWULNE7wftUNKGVJmdaJ4zpjaVywfS IQqpu0duzbORLyKVIV4ZtAGrAnItMV/ZDNwg2KyDoHasUUNKQeBMKYXp+4KpxFL2 flreCRCe/ZqKQ4+EJzNQXT4HtQglbDO3Tl3aM411urnhFLhTCorrbTW4NChhd3S8 6TIdKCFnD4Q= =Bp6d -----END PGP SIGNATURE----- From dork39 at wov.com Tue Apr 12 18:21:35 1994 From: dork39 at wov.com (DORK39@WOV.COM) Date: Tue, 12 Apr 94 18:21:35 PDT Subject: Pseudonyms and Reputa Message-ID: <9404130652422196@wov.com> From: dork39 at wov.com Hf> This is true, but the main purpose of this technology is to prevent Hf> users from creating large numbers of pseudonymous accounts. No Hf> technology can stop people from cooperating in an on-line forum, and Hf> the use of friends' or family members' accounts is also very hard to Hf> prevent. So collusion at some limited level will always be possible. Hf> But at least it should be possible to prevent the massive use of nyms. Hang on a mo. I'm new here and so I don't know how this started. If you would be so kind, what is the "problem" here about "massive use of nyms?" Seems to me that is a kind of self-limiting bookkeeping job for the user of nyms: like which ones are for what. Have you guys ever tried to DO a system of nyms for any important purpose? It is NOT a whole lot of fun: much more resembling hard work. You see I think there are plenty of reasons that reasonable people would agree are valid for some people to use nyms, even large numbers of nyms. For example I know a lawyer who uses a lot of nyms (and anon PGP keys) to create "clusters" of people involved with individual legal cases. It strikes me as a very well organized system for a good purpose. The people involved in a given case can all talk to each other about it, and outsiders or people in other cases don't get to peek in, or even know what the group is about or who's in it without going to a LOT of trouble. Since Phil is going to release the story to the Wall St. Journal anyway, I guess I can mention that the encryption method of CHOICE for the valiant fighters against SLORC in Burma (who are the worst kind of bad guys by any measure) is PGP and they are, of course, ALL using "nyms" and sterilized anon keys and so on. They are by FAR the heaviest PGP users in this part of the world. Full time trainers and the works. But you can surely see how they might not want to tell the thugs where to come to get them and their families for a course in extended torture. Now you guys with "ID" fetishes are seeing this as a PROBLEM? Excuse me very much, but I think I need to see a LOT of explaining about that. Note this principle: people with a NEED for anonymity are NOT going to want to get permission from, or even talk to, some Central Authority first. There is no way that you or anyone else is going to be able to decide if any use of anonymity is "legitimate" or not. If there are "problems" with that, it seems to me that your efforts are best directed into figuring out how you can live with it, and not about how you can "control" or "prevent" it. (Hey I am ever so sorry to hear how some people used nyms to cheat in a game. But somehow my reaction was "so what?" and to bang my [Enter] key right smartly. There are people in the world without the time or inclination to play games. Perhaps sometime in the next century I might personally get enough slack and curiosity to take a look at some computer game myself--who knows? But, you know, even if I do, I kind of think I will have a real hard time working up a lot of anxiety about possible cheating.) In the meanwhile not only do I support nyms and other anonymity, but I intend to use plenty of them, and will resist any attempts to preclude that in every way I can. GENERAL ADVICE TO ALL ONLOOKERS: Since it looks like self-appointed "ID police" are working hard to prevent you from using anonymity, I suggest that if you ever think that you might ever have a NEED for anonymity at any time in the future, that you take a little time off and set up a supply for yourself of nyms and so on and embed them in the system before these guys get their prevention systems in place. Do that NOW, because this kind of thinking is a THREAT to you. From nobody at shell.portal.com Tue Apr 12 18:36:09 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Tue, 12 Apr 94 18:36:09 PDT Subject: Prime number tests Message-ID: <199404130137.SAA24173@jobe.shell.portal.com> Well, there is one prime number test which NEVER fails, and that is that (n-1)!+1 mod n is zero for all primes, and non-zero for all non-primes. ;-) From flesh at fido.wps.com Tue Apr 12 18:57:11 1994 From: flesh at fido.wps.com (Flesh) Date: Tue, 12 Apr 94 18:57:11 PDT Subject: alias in phone book In-Reply-To: <9404121936.AA25442@snark.imsi.com> Message-ID: <199404130157.SAA05934@wps.com> It should be also noted, that my ex-wife had her name listed in the phone book as being Voom VaVa. From schirado at lab.cc.wmich.edu Tue Apr 12 19:02:25 1994 From: schirado at lab.cc.wmich.edu (Schirado) Date: Tue, 12 Apr 94 19:02:25 PDT Subject: CyberPsyOps and Media Message-ID: <9404130202.AA00235@lab.cc.wmich.edu> Is it really fucking necessary to write long, involved essays expounding on the exact reasons one is placing someone in thier killfile? Not only is it unnecssary, it's extremely rude. From pkm at maths.uq.oz.au Tue Apr 12 19:41:35 1994 From: pkm at maths.uq.oz.au (Peter Murphy) Date: Tue, 12 Apr 94 19:41:35 PDT Subject: Prime number tests Message-ID: <9404130240.AA19590@axiom.maths.uq.oz.au> Would you be able to show me a reference? Peter Murphy From mg5n+ea1e6llvoz70pb6bweqlrmyla4udd80xgn0a0saq03 at andrew.cmu.edu Tue Apr 12 20:28:56 1994 From: mg5n+ea1e6llvoz70pb6bweqlrmyla4udd80xgn0a0saq03 at andrew.cmu.edu (Anonymous) Date: Tue, 12 Apr 94 20:28:56 PDT Subject: MATH: number theory Message-ID: -----BEGIN PGP SIGNED MESSAGE----- All right, more people have joined the number theory fun! Somebody other than myself posted: > Well, there is one prime number test which NEVER fails, and that is > that (n-1)!+1 mod n is zero for all primes, and non-zero for all > non-primes. ;-) To which Peter Murphy asks: > Would you be able to show me a reference? I can, and I'm sure the original poster can as well. Any book on number theory should have Wilson's theorem; the second theorem isn't too difficult to prove. The first part of the above statement is a direct result of Wilson's theorem, which I posted in an earlier statement. A recap: Wilson's theorem: for any prime p, (p-1)! = -1 mod p ==> (p-1)! + 1 = 0 mod p See "Elementary Number Theory and its Applications" page 185. As a consequence of Wilson's theorem: for a composite number n, (n-1)! = 0 mod n, except for n = 4 (for n = 4 you get 2) ==> (n-1)! + 1 != 0 mod n For a proof, see "Number Theory and its History" page 261. Hm. hope nobody is getting confused between the factorial notation and C language "not equals" operator. More extensive bibliographic information is available (authors, publishers, etc.) if you want. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLatmAIOA7OpLWtYzAQFGLAQAlFv9mBD1+T4S8QB7zb+KZlhUtsIzEFH5 CvNw45V1kzbEMp4ydopbcyI9AmkODMZZdaW+lexUPJANqMCf7irb9bG0Jom//711 mvPEZmyVSMTBz33eAA6RSu+mQaaL7Ek1BE64iDXCJFkSyUy2x18Q9+APQ29AaMpH NG6FIbO/Ex8= =FjqL -----END PGP SIGNATURE----- From mcguirk at enuxsa.eas.asu.edu Tue Apr 12 21:58:50 1994 From: mcguirk at enuxsa.eas.asu.edu (Dan McGuirk) Date: Tue, 12 Apr 94 21:58:50 PDT Subject: Prime Numbers In-Reply-To: <9404120224.AA07676@toad.com> Message-ID: <199404130501.WAA09532@enuxsa.eas.asu.edu> -----BEGIN PGP SIGNED MESSAGE----- Eli Brandt writes: > > primes numbers who happen to be of the form (2^(2^n))+1 are called > > Fermat primes. Some pretty large ones are known (could send a list...) > Please do. My recollection was that none existed above 65537. Well, according to "An Introduction to the Theory of Numbers" by G.H. Hardy and E.M. Wright you're correct. They say the largest n for which the Fermat prime F_n has been found is F_4 = 2^(2^4)+1 = 65537. Of course, this book was written in 1938 so the situation could have changed since then. F_n is known to be composite for 7<=n<=16, n=18, 19, 21, 23, 36, 38, 39, 55, 63, 73 and others. Not a very successful conjecture for Fermat, I suppose... - -- Dan McGuirk djm at asu.edu When cryptography is outlawed, pkog ofklsjr vija fhsl ciehgoabykze. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQBVAgUBLat8kI6/chyd1nKpAQEqQQH/YUdds9T92d8jdeSdDYl3uiKS/otGARJe YZ/GOjrf3fSQsCqQ2zBYSW30aX+zyJRhvxTu6B9h91IphZHPq6hKzw== =4JUh -----END PGP SIGNATURE----- From anonymous at extropia.wimsey.com Tue Apr 12 23:21:47 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Tue, 12 Apr 94 23:21:47 PDT Subject: No Subject Message-ID: <199404130607.AA14231@xtropia> Subject: Any cypherpunks building encrypted phone? Hello everyone! I'd like to know if anyone on the list has made any attempt to construct a true encrypted phone, something at the level of the AT&T DES phone. I think that it ought not to be too difficult to build a couple, using existing modems and basic hardware design. If all the commercial phones are going to be Clipper-based, we'll have to build the real ones ourselves. Lady Ada, Queen of Engines From tcmay at netcom.com Tue Apr 12 23:48:47 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 12 Apr 94 23:48:47 PDT Subject: Encrypted Telephones In-Reply-To: <199404130607.AA14231@xtropia> Message-ID: <199404130649.XAA00336@mail.netcom.com> > Subject: Any cypherpunks building encrypted phone? > > Hello everyone! I'd like to know if anyone on the list has made > any attempt to construct a true encrypted phone, something at the > level of the AT&T DES phone. I think that it ought not to be too > difficult to build a couple, using existing modems and basic hardware > design. If all the commercial phones are going to be Clipper-based, > we'll have to build the real ones ourselves. > > Lady Ada, Queen of Engines Yes, several such projects are underway. Eric Blossom even showed a PCB of one at a Cypherpunks meeting, using an inexpensive DSP chip. Software-only versions, with some compromises in speech quality probably, are also underway. Phil Zimmermann described his progress at the last Cypherpunks meeting. ("Software-only" can mean using off-the-shelf, widely-available DSP boards like SoundBlasters.) And I know of at least two more such projects. Whether any will materialize is anyone's guess. And various hacks have already been done. NeXT users have had voicemail for years, and certain Macs now offer something similar. Adding encryption is not a huge obstacle. A year ago, several Cypherpunks meeting sites around the U.S. were linked over the Internet using DES encryption. The sound quality was poor, for various reasons, and we turned off the DES in a matter of minutes. Still, an encrypted audio conference call. So such things are possible today. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From evidence at netcom.com Wed Apr 13 00:22:05 1994 From: evidence at netcom.com (Evidence Inc.) Date: Wed, 13 Apr 94 00:22:05 PDT Subject: your mail In-Reply-To: <199404130607.AA14231@xtropia> Message-ID: On Tue, 12 Apr 1994 anonymous at extropia.wimsey.com wrote: > Subject: Any cypherpunks building encrypted phone? > > Hello everyone! I'd like to know if anyone on the list has made > any attempt to construct a true encrypted phone, something at the > level of the AT&T DES phone. I think that it ought not to be too > difficult to build a couple, using existing modems and basic hardware > design. If all the commercial phones are going to be Clipper-based, > we'll have to build the real ones ourselves. > > Lady Ada, Queen of Engines > Word has it that Phil Zimmerman, author of PGP, is working on an IBM compatible program to encrypt telephone conversations with PGP, using a high speed modem and a sound card. When I spoke with Phil last (actually, the only time I spoke with him) in February, he advised me that the program was in beta stage, and was currently operational with *no* encryption built in... He indicated that the basic engine (high speed modem and souncard in an IBM compatible) was working "better than [he] expected." I can't wait to see this thing when its finished. Forget clipper-phones, every American will already have everything they need to have their own encrypted phone... Yup, just use that multimedia PC that has been collecting dust except when you pull out the old Encylcopedia CD- Rom!! Evidence, Inc. From rishab at dxm.ernet.in Wed Apr 13 06:04:38 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Wed, 13 Apr 94 06:04:38 PDT Subject: US Constitution online Message-ID: Jeff Davis : > For one thing, I suggest that everyone have a refferance with the > Constitution with in arms reach of their terminals. Or *on* their terminals: ftp://wiretap.spies.com/Gov/World/usa.con The same directory contains constitutions and charters of many countries, from Chian to Slovakia, as well as the covenant of the Hamas, and the Magna Carta. -------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA -------------------------------------------------------------------------------- From frissell at panix.com Wed Apr 13 07:04:59 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 13 Apr 94 07:04:59 PDT Subject: Quants vs Congress Message-ID: <199404131404.AA29334@panix.com> Big hearings in Congress today about how evil derivatives and the quants who build them are. They are a threat to government as we know it. Don't tell anyone but the "intermediation of political risk" was one of the greatest invention of the 1980s. Combine same with strong crypto and you almost have to feel sorry for the public employees in our midst. Watch out for a little downsizing. To show that I'm a charitable guy, I have some free advice to anyone reading this who is involved in "taking the King's shilling": I understand that there is a bright future in computer maintenance technology. A word to the wise.... DCF "Buddy can you spare an EXPTIME-complete encryption system?" g' 5O--- WinQwk 2.0b#1165g' 5O From frissell at panix.com Wed Apr 13 07:32:04 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 13 Apr 94 07:32:04 PDT Subject: State------>Market Actor Message-ID: <199404131431.AA05169@panix.com> Yet another data point for tracking the conversion of governments to market actors from last week's Economist: On March 24th at the behest of the Mexican government, the SEC ordered US securities markets to suspend trading in the shares of Mexican companies after the recent political assasination. The NYSE complied. The NASDAQ refused. Shares started trading with a one-hour delay. "With finance globalized, governments can seldom block the operation of markets. Nor should they try to. Few would now suggest closing the foreign-exchange markets, as in the 1960s. In a 24-hour global market, traders and investors could simply shift their business elsewhere." DCF "We'd better hope that strong cypto, cheap telecoms and free markets can provide the organizing basis for a workable society because it is clear that coercion as an organizing principle ain't what it used to be." --- WinQwk 2.0b#1165 From mg5n+ea1e6llvoz70pb6bweqlrmyla4udd80xgn0a0saq03 at andrew.cmu.edu Wed Apr 13 07:33:32 1994 From: mg5n+ea1e6llvoz70pb6bweqlrmyla4udd80xgn0a0saq03 at andrew.cmu.edu (Anonymous) Date: Wed, 13 Apr 94 07:33:32 PDT Subject: response to tmp Message-ID: -----BEGIN PGP SIGNED MESSAGE----- tmp offers some thoughts on a "position" paper by Hal Finney: >> The level of anarchy will inevitably increase as larger numbers of >> people acquire net access. > it seems to me that the cypherpunks already have a name for the kind > of anarchy that can happen when somebody uses pseudonyms to harass and > cause trouble. that word is `detweiler'. do you really know what I don't think Hal is implying all the new people that acquire net access will harass and cause trouble. > hal argues below that `you already know nothing about the people you > interact with on the net' and that `anonymous remailers introduce no > more problems than are already present on the net'. these seem to me > to be flawed arguments. here's why. > [story about going to a party] > 1. [do we really want an online environment where identity is as > transitory as a nym on IRC?] > 2. [it seems that identity is intrinsic] > 3. [anonymous remailers] But see, you are taking things to extremes. Anonimity has its purposes; in some situtations it is valuable, in others it isn't. I should be able to be anonymous if I so desire. 1. Do you want a real life where identity is permanent and accessible to everybody? Where you carry an assortment of cards totally indexing your life and all activities, so in case you meet new people they can quickly be brought up on the sum total of your existence? 2. Identity is instrinsic. How true; by the way, what is yours? I find it incongruous for you to be railing against anonymity and privacy when you yourself hide behind them. 3. Anonymous remailers are just PARTS of a solution; the rest involves digital signatures and reputation systems. I say anonymity is valuable, and to this end, anonymous remailers are valuable. Part of the reason I am loathe to get involved in a detailed discussion with you is that I suspect you are like David Sternlight or Larry Detweiler ** of course, not that I am implying you are either of these people but I have found in the past the both have a tendency to ignore various questions they find "inconvenient" for example, I once cited several instances of real life cases of pseudonymous activity (whatever Mr. Detweiler called them) and another that demonstrates the value of anonymity. Mr. Detweiler swept these under the rug and by and large ignored them! Of course, since I am not implying you are Mr. Detweiler, after all, he is of a philosophical camp in which anonymity and identity hiding is bad. He certainly wouldn't rejoin this list under a name any other that his real one. Thus I conclude you aren't familiar with my previous examples. > but is it the case that all cypherpunks can say they have never > tried to censor anyone by notes to sysadmins, i.e. of detweiler? I think you are confusing censorship with association. Just because I no longer wish to read Mr. Detweiler's rants and raves, and report activity such as various threats to his sysadmin, doesn't mean censorship. > the cypherpunk vision seems to split the world into two groups: > those people i trust (my friends) and everyone else (whom i completely > distrust with intense paranoia). this is a very xenophobic and > chauvinistic philosophy at heart. You need to get off your extreme analogies. For certain interactions, dividing the world into "trusted" and "non trusted" partitions is necessary; for others, it isn't. I don't see the cypherpunks vision as dividing everything into the extreme case. > for example, it seems to me you cypherpunks have a very important > agenda, but you seem to be extremists. the important goal is `defining Hah, you should examine some of your opinions, I find them just as extreme in the other direction. Always citing the worst case scenario, the extreme position, etc. > so what the cypherpunks might consider is a less extremist > elucidation of what `privacy' means. for example, cypherpunks, what > information should a bank be allowed to have on you when you go in to > request a loan? what should companies be allowed to do with credit > histories, and what rights does the individual have to influence them? I agree with this summary, these are concerns all of us have (privacy, etc.) > if you continue to insist that `nobody should know who i am' i fear > you will be bypassed by more sophisticated groups that have a less > polarized view of issues of identity and privacy. and it will The point of anonymity is to allow you to express these "unpopular" views without fear of reprisal. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLawB7oOA7OpLWtYzAQGkbQP/V8pFmSgppjJHp4ZiyXa8H9dabadJZjEz qYpkTjiQtEbxZJOSPKFbIvBeqFDVSXIpIFmP8HIUJny/Q3Gv5dK7GLTmPzBDGjpl sIwEartietpwjdl0H7s5AOfMSMrD+UKwpvsW5gqAXuR1ec0fBdICS9oKCdZDQeFO y0z3RZuvrF0= =Nef2 -----END PGP SIGNATURE----- From banisar at washofc.cpsr.org Wed Apr 13 07:53:45 1994 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Wed, 13 Apr 94 07:53:45 PDT Subject: Clipper Chips in video descramblers Message-ID: <9404131054.AA26806@Hacker2.cpsr.digex.net> There was also a recent news item that they were being investigated for anti-trust actions. Sounds like a pretty good incentive to me.... -dave > Date: Tue, 12 Apr 1994 14:51:19 -0400 (EDT) > From: Joe Thomas > Subject: Re: Clipper Chips in video descramblers > To: David Koontz > Cc: cypherpunks at toad.com > In-Reply-To: <9404121822.AA28517 at io.lrcs.loral.com> > Message-Id: Mime- > Version: 1.0 > Content-Type: TEXT/PLAIN; charset=US-ASCII > Sender: owner-cypherpunks at toad.com > Precedence: bulk > > On Tue, 12 Apr 1994, David Koontz wrote: > > > Recently someone posted reference to GI (General Instruments) getting > > authority to use Clipper chips in descramblers. One wonders about > > motivation on their part. > > Maybe they were "suitably incentivized..." > > Joe > From habs at warwick.com Wed Apr 13 09:31:29 1994 From: habs at warwick.com (Harry Shapiro Hawk) Date: Wed, 13 Apr 94 09:31:29 PDT Subject: Tech: Encryption and Satellites (re: GI) Message-ID: <9404131331.AA03139@warwick.com> We need to learn more about these technology and if any are based on Clipper: As reported in the April 11th issue of Electronic Media: The satellite pirates are finally getting the message... owners of satellite dishes and unauthorized decoding technology are converting to authorized equipment in droves... Key pay cable providers are now going though the second stage of moving from General Instrument's Video Cipher II (VC II) encryption system to its more secure VideoCipher Renewable Security (VCRS) system. Adopting VCRS are HBO, Cinemax, Showtime, TMC, Viewer's choice, REquest TV, Playboy channel, Spice, and Netlink. Netline offers three superstations. "There have been 30,000 to 40,000 conversion customers a month for the past for months." Meanwhile, with the digital era in mind, Primestar Partners is preparing to move its DBS (direct broadcast satellite) from Scientific-Atlanta's analog B-Mac encryption to General Instrument's DigiCipher digital compression technology, which also provides teh most recent security meansures. Primstar expects to start phasing in DigiCipher in January. "We have the ability to make changes to the security as we move forward." The French pay TV service Canal Plus International is developing its own digital system in association with broadcasters in Germany and spain. Hughes' (hi Eric), DIRECTV plans to launch next year with News Datacom Conditional Acesss and Authorization Control system... A spokesperson for New Datacom said the basis for the technology is an algorithm with an efficient proof-of-identity scheme. .... have products for both analog and digital encryption. Harry Shapiro Hawk Manager of Computer Services Warwick Baker & Fiore habs at uucp.warwick.com From bsteve at zontar.com Wed Apr 13 11:48:59 1994 From: bsteve at zontar.com (Steve Blasingame) Date: Wed, 13 Apr 94 11:48:59 PDT Subject: Interesting news note. Message-ID: <9404131826.AA05587@zontar.attmail.com> Dear Colleagues; This came off the business wire yesterday. I wonder if they truly understand how vulnerable they really are without strong crypto for their transactions? -THE INTERNET SHOPPING Network, the nation's first electronic superstore -available on the worldwide Internet, was formally announced Tuesday at an -event at Techmart in conjunction with the launch of CommerceNet, the -first large-scale trial of electronic commerce on the Internet. -[Business Wire, 516 words, 450813#] Steve Blasingame bsteve at zontar.com (510) 866-1864 Voice (510) 866-1861 FAX From tcmay at netcom.com Wed Apr 13 12:00:17 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 13 Apr 94 12:00:17 PDT Subject: Interesting news note. In-Reply-To: <9404131826.AA05587@zontar.attmail.com> Message-ID: <199404131859.LAA11287@mail.netcom.com> > > Dear Colleagues; > This came off the business wire yesterday. I wonder if they truly understand > how vulnerable they really are without strong crypto for their transactions? > > -THE INTERNET SHOPPING Network, the nation's first electronic superstore > -available on the worldwide Internet, was formally announced Tuesday at an > -event at Techmart in conjunction with the launch of CommerceNet, the > -first large-scale trial of electronic commerce on the Internet. > -[Business Wire, 516 words, 450813#] Except that the full version of this announcement--which has been posted several places, possibly even here in Cypherpunks--explicitly mentions the use of RSA via a business relationship with RSA Data Security Inc. Though many Cypherpunks have various problems with RSADSI and the RSA patents, a topic I'll not go into further, it is a hopeful sign for Internet commerce that a strong crypto system is being built in from the git go. Remember, the alternative is Crippler! (Actually, what with the announcement of Crippler being built in to some television-top boxes--cf. the Harry Hawk posts--I would guess these Internet Commerce folks will soon be "visited" by Crippler advocates and "suitably incentivized" to replace RSA with EES technology.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From gtoal at an-teallach.com Wed Apr 13 12:24:00 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Wed, 13 Apr 94 12:24:00 PDT Subject: Interesting news note. Message-ID: <199404131920.UAA04651@an-teallach.com> : From: Steve Blasingame : This came off the business wire yesterday. I wonder if they truly understand : how vulnerable they really are without strong crypto for their transactions? : -THE INTERNET SHOPPING Network, the nation's first electronic superstore : -available on the worldwide Internet, was formally announced Tuesday at an : -event at Techmart in conjunction with the launch of CommerceNet, the : -first large-scale trial of electronic commerce on the Internet. : -[Business Wire, 516 words, 450813#] The press release I saw seemed to be saying it was some sort of integrated DOS turnkey package with built-in RSA signature validation and encryption. I wasn't paying too close attention though. I'm pretty sure it was the same people though. G From tcmay at netcom.com Wed Apr 13 13:20:57 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 13 Apr 94 13:20:57 PDT Subject: (fwd) If Crippler is a Done Deal, What Next? Message-ID: <199404132022.NAA23426@mail.netcom.com> Cypherpunk friends, Here's a long article I just posted to talk.politics.crypto and two other groups (with 6500 newsgroups days, you've got to post to more than one group just to ensure reasonable coverage of your target audience). I make a few points I've been itching to make for a while. --Tim Newsgroups: talk.politics.crypto,comp.org.eff.talk,alt.privacy.clipper Path: netcom.com!tcmay From: tcmay at netcom.com (Timothy C. May) Subject: If Crippler is a Done Deal, What Next? Message-ID: Organization: NETCOM On-line Communication Services (408 241-9760 guest) Date: Wed, 13 Apr 1994 20:13:26 GMT Lines: 184 Many of us believe the Crippler/Clipper/Skipjack/Tessera/Capstone/etc. "Escrowed Encryption" system is basically a "done deal," to use David Sternlight's words in alt.privacy.clipper. (Sorry for using so many different names for the "Clipper" program. It was announced as Clipper, last April 16th, and it took most of us only a few minutes to realize what the government folks had apparently not realized in _years_ of work (or at least _months_ with the "Clipper" name), namely, that Clipper is the well-known name of the Fairchild/Intergraph Clipper chip (Fairchild developed this 32-bit chip, then sold the line to Intergraph when National acquired Fairchild) and also is the name of a well-known database compiler. Jeeshh! Anyway, the other names associated with the project: Skipjack, Capstone, Tessera, and probably some I've forgotten here. We who scoff at it also call it: Cripple, Crippler, Flapjack, Clipjack, etc. And with no disrespect to my former employer Intel, with whom I spent 12 invigorating and profitable years, I came up with the "Big Brother Inside" slogan....someone else got the decals printed and I am certainly *not* advocating that cypherhooligans afix these stickers on Clipper phones and Capstone-compliant computers!) Clipper will happen, _is_ happening this very moment. I've believed this for the past year, though this has not lessened by distaste for it in any way. I just see the inertia of the bureaucracy and the ass-covering that is natural to places like Washington (having lived in Langley, Virginia). It was clear when Clipper was announced as an _Executive_ action (reminds me of a movie I saw...) that few if any changes would be made in the proposed system. A few minor alteration of the escrow agent selection, perhaps, but nothing central to the idea that one's private keys are to be held "in escrow" (as Eric Hughes has noted, a gross abuse of the term "escrow"). Clipper is like a requirement that house keys be "escrowed" with the local police, or that all photos processed at the local drugstore be double-printed, with copies sent to the local "Photo Escrow Center." After all, how else can we catch child pornographers and other "bad guys"? And what about those curtains that "encrypt" the visible contents of houses under surveillance? Surely drawing the curtains when one is under police surveillance is equivalent to encrypting one's traffic when the authorities are lawfully surveilling one's computers? Perhaps we need "approved curtains." And what about the many crimes people confess in their diaries? Plans to kill themselves, plans to hide their money from the tax collectors, even plans to develop things like PGP! Surely many crimes could be stopped if diaries, journals, and personal letters could be "escrowed"--with suitable safeguards, of course, to ensure that only legitimate inspections were done (for example, J. Edgar Hoover's need to inspect diaries to find salacious sexual material). Some may call me "shrill" for citing the above points. I don't think so. We are at a kind of cusp in history, where privacy can either be secured through strong crypto--despite the crimes that may go undetected or unpunished because of this--or privacy can be handed over to others to protect or not protect as they see fit. Consider the current signs: - that contractors like Mykotronx, VLSI Technology, Inc., National, and MIPS were already well along in building the chips. (There have been delays reported, and the SecurePhone 3600 is not available in places I've looked, and the MYK78A is reportedly a pig in various ways...) - that the NSA and NIST had too much at stake to back down because a bunch of the rabble (EFF, CPSR, Cypherpunks, 700 Club watchers, Rush Limbaugh fans, and similar pond scum) objected to it. Being an executive action, legislative approval is not needed (I'm not completely convinced there's no way for Congress to block it, as there must be enabling legislations that impinges on the Crippler project). - "suitable incentivization" is being used to induce manufacturers to adopt Crippler. Subsidies are given. Export controls (ITAR-related) are relaxed for Crippler systems, tightened for "noncomplying" crypto systems. Foreign governments have _apparently_ been approached (we on the Cypherpunks list have collected many inputs from non-U.S. sources pointing to this) to deploy their own versions of EES, possibly with variations, and presumably with their own family keys. A true conspiracy buff might call this the Crypto World Order. - reports that cable box makers are signing up to put Clipper technology in every set top (though RSA has a competing, non-escrowed system, which I seem to recall some cable box users were planning to use....could be we'll be seeing the "battle of the crypto systems" coming to a cable system soon! I know which of the two alternatives I'll lobby for: the RSA system (even if I have minor differences of opinion about the advisability of software patents in general and public key patents in particular). Lots of action underway. Turbulent waters can run deep, too. So, if deployment of Crippler is coming, regardless of our protestations and clamorings, what next? I've always felt the big danger was the *outlawing of non-escrowed encryption*. My article, "A Trial Balloon to Ban Encryption," October 1992, sci.crypt and elsewhere, correctly spotted the move toward some form of key escrow. The 1000 responses and messages in related threads indicated that nearly everyone else saw the same thing, too, once the Denning paper on key escrow was pointed out to them. As difficult as outlawing alternatives to escrowed encryption may be (so many avenues for skirting Clipper---too many to go into here), and with the likely public reaction against it (the Time-CNN poll), I strongly suspect this is the intended goal. Without some degree of exclusivity, will Clipper be used by the very folks the advocates want to catch--the drug dealers, the terrorists, the child pornographers, the tax cheats, and the other "bad guys"? Of course not. To be sure, some fraction of them will use Clipper--after all, Pablo Escobar was caught after using a plain old cellular telephone. But in the time frame envisaged, several years from now, wider use of encryption is expected. Absent a ban on non-Clipper technology (or an _attempted_ ban, to be more precise), many will be using cellphones with VoicePGP or similar approaches (I know of half a dozen groups busily developing cheap voice encryption products--and of course some systems are already available). Pity the stupid terrorist who buys an expensive Clipper phone and then uses it to discuss his plans! How might a ban on non-escrowed encryption happen and then be enforced? Whit Diffie has suggested what I think is the most likely--and most chilling--scenario for the outlawing of non-escrowed encryption: use the civil forfeiture laws to to implement a "Zero Tolerance" system for unauthorized, outlawed crypto. Analogous to the "War on Drugs," where corporations are enlisted in the War by threatening them with loss of their assests, or with shut down of their operations, if drugs are found on their premises or if they fail to maintain a "Drug-Free Workplace." The casual user of outlawed crypto may not be caught, but the widespread use of alternatives to key escrow crypto will be thwarted. Corporations will audit personal computers for signs of PGP, RSA, and other "contraband," networks will be Clipjacked for all inter-site (and perhaps intra-site LANs) networks, and the threat of civil forfeiture will be used to terrorize corporations and small businesses into compliance. Needless to say, I am opposed to this in nearly every way imaginable. I don't necessarily impute evil motives to those who advocate today's Clipper and tomorrow's likely mandatory key escrow. I just consider it a dangerous and even unconstitutional step...something like requiring permits for writing articles and for speaking in non-English languages. (By the way, the comparison of crypto to speech is a natural, and accurate, one. If I speak to my friend Alice in a language that wiretappers and eavesdroppers cannot understand, am I "illegally encrypting"? What difference does it make whether this undecipherable speech is Latvian, Elihiuish, or a computer-based translation?) For the past 18 months, since the Digital Telephony Bill and the initial appearance of the key escrow idea, I have targeted my efforts not at short-term things like Clipper, but instead at doing things to make sure that our ability to communicate freely with whomever and in whatever form we choose is not restricted. My favored approach is technological, not political. The real battle is coming, I suspect. --Tim May If you've read this far, thanks! If this outlook interests you, consider joining the Cypherpunks mailing list (the name was jokingly suggested by an editor at "Mondo 2000," as a pun on cipher/cypher and "cyberpunks"). Send a "help" message in the body to "majordomo at toad.com" for instructions. Or, you can bypass the instructions--if you dare--with just a "subscribe cypherpunks" message (in the body) to majordomo at toad.com. Don't join merely to disrupt our mailing list, and be prepared for 30-50 mail messages a day, sometimes more. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From sameer at soda.berkeley.edu Wed Apr 13 13:44:29 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Wed, 13 Apr 94 13:44:29 PDT Subject: DES/IDEA implemention for an HP 28s Message-ID: <199404132044.NAA13249@soda.berkeley.edu> :: Post-To: sci.crypt I'm looking for an implementation of DES or IDEA in the HP 28s calculator. (It uses a version of FORTH). Failing that, are there any other symmetric key schemes for the HP 28s? Thanks, Sameer From pierre at eshop.com Wed Apr 13 14:38:11 1994 From: pierre at eshop.com (Pierre Omidyar) Date: Wed, 13 Apr 94 14:38:11 PDT Subject: Interesting news note. Message-ID: <199404132118.OAA10190@netcomsv.netcom.com> Reply to: RE>>Interesting news note. Actually, someone asked about Clipper at the CommerceNet launch yesterday. The question was (paraphrasing): "I noticed you've decided to go with RSA for cryptography. How does Clipper fit into this? [as in, what's your position on Clipper?]" To which Allan Schiffman, CTO of EIT (the main technical architects of the CommerceNet system), replied (paraphrasing): "Apparently, Clipper is only for voice-encryption, so it has absolutely no relevance to this system [secure Mosaic]." This response received a nice smattering of applause from the participants. Pierre -------------------------------------- Date: 4/13/94 12:53 PM To: Pierre Omidyar From: Timothy C. May > > Dear Colleagues; > This came off the business wire yesterday. I wonder if they truly understand > how vulnerable they really are without strong crypto for their transactions? > > -THE INTERNET SHOPPING Network, the nation's first electronic superstore > -available on the worldwide Internet, was formally announced Tuesday at an > -event at Techmart in conjunction with the launch of CommerceNet, the > -first large-scale trial of electronic commerce on the Internet. > -[Business Wire, 516 words, 450813#] Except that the full version of this announcement--which has been posted several places, possibly even here in Cypherpunks--explicitly mentions the use of RSA via a business relationship with RSA Data Security Inc. Though many Cypherpunks have various problems with RSADSI and the RSA patents, a topic I'll not go into further, it is a hopeful sign for Internet commerce that a strong crypto system is being built in from the git go. Remember, the alternative is Crippler! (Actually, what with the announcement of Crippler being built in to some television-top boxes--cf. the Harry Hawk posts--I would guess these Internet Commerce folks will soon be "visited" by Crippler advocates and "suitably incentivized" to replace RSA with EES technology.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." ------------------ RFC822 Header Follows ------------------ From ecarp at netcom.com Wed Apr 13 14:43:45 1994 From: ecarp at netcom.com (Ed Carp) Date: Wed, 13 Apr 1994 14:43:45 -0700 (PDT) Subject: uses for PGP Message-ID: khijol (formerly khijol.yggdrasil.com) is a 486/25 running the Linux operating system. Until March 1 of this year, khijol was used almost exclusively as a place where subscribers to the newsgroup alt.sexual.abuse.recovery could meet electronically and discuss abuse issues. Anonymous accounts were freely given, and site names, etc. were not tracked, allowing the users complete anonymity. Several UNIX utilities were modified so as to obfuscate site names and user names (in the case of rlogin), so that people could have a sense that their privacy was ensured. Many of the people who used khijol were survivors of sexual abuse, often from within their own families. Many were still being abused, and were frightened for their safety, and their lives. It was not uncommon to join a group of survivors and discover that one of the group was actively suicidal and the rest of the group was trying to help get them "over the hump". In the 5 months of its operation, khijol had over 500 anonymous users. The system was available (and used) 24 hours a day, 7 days a week. As it was directly on the Internet, survivors from all over the world used khijol, and it was not uncommon to find 20 or 30 users on the system at any one time. Anonymity and security were a primary concern for most users, and I tried to make khijol as secure as possible. Many custom utilities were written for khijol, including an interactive multi- user "talk" facility that is similar to IRC, but did not allow for non-local connections. To facilitate the completely anonymous exchange of email, and to ensure the privacy of the users, PGP was pressed into service. Users could, from an easy-to-use full screen curses-driven menu, generate a key (their public key was automatically added to a public list) and select user(s) to send encrypted email to. "pgp -m" was added to ELM's configuration, so that decryption would be automatic - one only had to type their password. It was emphasized to the users that no one could read their encrypted email except the person for whom it was intended. ASs it turned out, PGP was a very welcome addition - many felt that their communications were being monitored and their email read (by curious system administrators), and so most users welcomed the addition. At the moment, khijol is connected to the net via UUCP only - I am looking for a new home for it. When it comes back, it will be announced on alt.sexual.abuse.recovery. -- Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From CCGARY at MIZZOU1.missouri.edu Wed Apr 13 15:07:22 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Wed, 13 Apr 94 15:07:22 PDT Subject: alias in phone book Message-ID: <9404132207.AA15183@toad.com> * Gun control is people control. - Gary Jeffers Why hasn't anyone discussed the utility of phony names in the phone books for fooling state investigators? If you have an unlisted phone number & a state snoop asks for your listing, the phone company will also check the unlisted numbers. What would happen if you had a phony name that the phone company agreed to use. Would the snoops be thrown for a loss? Could phony names be even better than unlisted? The phone company would probably demand your real name for billing purposes. Yours Truly, Gary Jeffers PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKKKK! BBBEEEAAATTTT STATE! From irdial at irdialsys.win-uk.net Wed Apr 13 16:48:08 1994 From: irdial at irdialsys.win-uk.net (Irdial-Discs) Date: Wed, 13 Apr 94 16:48:08 PDT Subject: The Clipper *CAN* be Thwarted. Message-ID: <314@irdialsys.win-uk.net> The Clinton administration is artificially forcing the usa/world to adopt the Clipper Chip as the standard for data/voice encryption, by using us government funded economies of scale to create a large pool of cheap devices that would be hard to resist by the communications using/manufacturin g community. In order to stop this obviously undesireable situation from becoming the only option, a similar counter-strategy must be employed to offset the saturation effects of the flood of clipper chips that is to come. How to do it. ------------- 1/ A massive public awareness operation must be started. 2/ A crypographically strong alternative chip must be created. 3/ In the same way that SETI was kept alive by contributions, the creation of this alternative 'Zipper' chip must be funded by the public, and then manufactured in the millions, to take the same advantage of economies of scale that the clipper will. 4/ The zipper chip should then be distributed and publicized to completely discredit the clipper chip. This is a very simplified outline of the kind of plan that needs to be implemented. If we are going to save privacy for everyone, economic warfare tactics must be used to counter the warfare that is being waged against us all. PC based phone scrambling systems will not have the necessary impact that will be needed to kill the clipper chip and all of the nefarious uses it can and will be put to. We must provide a strong, backdoorless, alternative chip that will be attractive to every telephone user and communications device manufacturer, who will reason that it is better to have a device that no one can tap than it is to have a device that even _one_ person can tap. This situation _can_ be turned around. From CCGARY at MIZZOU1.missouri.edu Wed Apr 13 18:36:45 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Wed, 13 Apr 94 18:36:45 PDT Subject: Soldier of Fortune magazine. Message-ID: <9404140136.AA16459@toad.com> Gun control is people control. The War on Drugs is the War on Citizens. I would like to suggest that some of our more knowledgeable & eloquent Ccypherpunks such as May, Hughes, Frissell or others consider approaching Soldier of Fortune magazine about a series of articles or a regular column on encryption & privacy. SOF may seem to be a childish publication to some of us but it has a readership many times that of Ccypherpunks & we would not be preaching to the converted (I know there are other purposes to cypherpunks as well). I've read some of their writing on the Waco affair & was impressed by their anti-government stance & the heavy detail (much better than the high production value/low content stuff from the mass media). I'm not a regular reader of SOF but they seem to be old fashioned patriots & might be warm to the Cypherpunk cause. We might have a series or a regular column titled CRYPTO - THE COMING GREAT WAR or COMMUNICATIONS - THE NEXT GREAT BATTLEFIELD. We already have a library of articles & copy. Our views would be a bit novel & just might fit right in with SOF. We could make a deal with them so that we could reprint the articles on the Internet. A number of Cypherpunks regularly write good articles. We should make better use of them. Yours Truly, Gary Jeffers PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKKK! BBBEEEAAATTTT STATE! P. S. Another name for a chip that subverts the Clipper chip. - THE CLIPPER CRIPPLER. From cat at soda.berkeley.edu Wed Apr 13 18:51:05 1994 From: cat at soda.berkeley.edu (Erich von Hollander) Date: Wed, 13 Apr 94 18:51:05 PDT Subject: what gtoal wrote about something Message-ID: <199404140150.SAA04899@soda.berkeley.edu> somebody (was it gtoal?) said something yesterday about how you could have the remailer encrypt the address of the person sending it and put that encrypted address in a block at the end of the message. this would be a good way to do it because the remailer operator cannot reveal a database of aliases and also not having a database makes the remailer easier to maitain and operate, resulting in a remailer with response capabilities, and yet as easy to use as the traditional cypherpunks remailer. i thought that was a cool idea, so i implemented that on the soda remailer (remailer at soda.berkeley.edu). give it a shot. just use it as you normally would and you will see how the response feature works. or finger remailer at soda or send mail to remailer at soda with Subject: remailer-info. e From tcmay at netcom.com Wed Apr 13 19:07:47 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 13 Apr 94 19:07:47 PDT Subject: Another reason for anonymity Message-ID: <199404140208.TAA07503@mail.netcom.com> The first defamation suit involving the Usenet is described in a post that apparently first appeared in misc.legal.moderated, and then cross-posted into comp.org.eff.talk and alt.comp.acad-freedom.talk. (I won't include it here, though I've ended up writing enough about it that I should've just forwarded the whole thing to Cypherpunks!) It involves a professor denied tenure (and dismissed) at the University of Western Australia. Dept. of Archaeology, or similar. The defendant made some comments last summer about the incompetence of this professor (an ex-American, by the way), his habit of holding "Puppy parties" with a local boy named "Puppy" as the chief entertainment, his drinking exploits, and so on. I read the attacking post and thought it somewhat more extreme than most Usenet comments. But not by much. (And certainly comparable to the various posts Detweiler made calling various people sodomites, spies, terrorists, and so on.) Anyway, the attacked professor (no longer at UWA, for the tenure reasons cited above) filed a suit, the defendant chose not to show up for the trial, and the judge recently issued his decision: AU$40,000 to the defendent, plus 8% annual interest to have begun September 1993. Read the article to see what may be coming, in spades. Of course, our legal minds here on Cypherpunks may be able to tell us how likely such cases are to go this way in America. I can't say. More reasons for anonymity, if one truly believes free speech should be just that, unencumbered by charges of "defamation" and "damage." In the Australian case, either the professor is "upstanding" (think of Richard Feynman, for example), in which case the charges would just bounce off (while I'm no Feynman, in any sense, those "sodomite" charges of Detweiler I just shrugged off) or there's some substance to the charges (i.e., he was a dissipated, pedophilic lech, who neglected his research). Draw your own conclusions. Anonymity has its problems, but it also allows discourse to be somewhat isolated from the idiosyncrasies of the law. And of course, in my view, it it completely kosher (I wanted to say "exculpatory," as I fell into the rhythm of legal lingo, but I'd probably be misusing the word terribly) for anonymous forums to basically say: "This is a forum that allows anonymity and pseudonymous speech. If this offends you, stay out. If you want to file a lawsuit based on some insult you hear in this forum, good luck and fat chance of winning!" But then I'm a free speech radical. (What about shouting "Fire!" in a crowded theater? Let those who see there's no fire beat the shit out of the twerp who shouted "Fire!" Seems fair to me.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Wed Apr 13 19:12:29 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 13 Apr 94 19:12:29 PDT Subject: Another reason for anonymity In-Reply-To: <199404140208.TAA07503@mail.netcom.com> Message-ID: <199404140213.TAA08077@mail.netcom.com> > reasons cited above) filed a suit, the defendant chose not to show up > for the trial, and the judge recently issued his decision: AU$40,000 > to the defendent, plus 8% annual interest to have begun September ^^^^^^^^^^ > 1993. Whoops! I mean, "to the plaintiff" (the professor). Sorry about that. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jkreznar at ininx.com Wed Apr 13 19:21:05 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Wed, 13 Apr 94 19:21:05 PDT Subject: Quants vs Congress In-Reply-To: <199404131404.AA29334@panix.com> Message-ID: <9404140219.AA09878@ininx> -----BEGIN PGP SIGNED MESSAGE----- > Big hearings in Congress today about how evil derivatives and the quants > who build them are. They are a threat to government as we know it. Don't > tell anyone but the "intermediation of political risk" was one of the > greatest invention of the 1980s. Combine same with strong crypto and you > almost have to feel sorry for the public employees in our midst. Watch > out for a little downsizing. Aw c'mon Duncan. Derivative of what? What's a quant? Where was the term ``intermediation of political risk'' used? I love your postings when I can make sense of them. This one is so well encrypted I can't. > To show that I'm a charitable guy, I have some free advice to anyone > reading this who is involved in "taking the King's shilling": Do you really think that such people deserve charity? John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLayny8Dhz44ugybJAQFnxwQA3ds9LuJq5S5DSoyh1YUC4C1I5osjcbbY 7CWVwE4NWG0vVuUuhiWuY758MhAfTUq0cvaVGI+fuMV6vyY8gG+muWR8QcDQZPpY bHoPSHgg/zzK1pfzJEM7LguIQsszzWAdJ6OllOsB0OfqwiaAiAphzF1HC/od+iqb R7hAJ5Kx1CU= =hqdA -----END PGP SIGNATURE----- From tcmay at netcom.com Wed Apr 13 20:13:54 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 13 Apr 94 20:13:54 PDT Subject: Quants vs Congress In-Reply-To: <9404140219.AA09878@ininx> Message-ID: <199404140313.UAA15518@mail.netcom.com> John Krexnar writes: (Duncan Frissell's section elided) > Aw c'mon Duncan. Derivative of what? What's a quant? Where was the > term ``intermediation of political risk'' used? > > I love your postings when I can make sense of them. This one is so well > encrypted I can't. "Derivatives" mean secondary financial instruments, based on ("derived from") things like stocks, bonds, and real estate. Things like futures markets, "baskets" of other instruments, etc. These started, it may be argued, in the trading pits of Chicago, but have now spread around the world. I think I recall reading (in "Time"'s cover story last week on derivatives and quants, ironically enough--the Wall Street nerd with the "messy room" has replaced the hacker as the Number One Threat to Civilization) that $ 4 Trillion in derivatives trades _daily_. "Quants," closely related to "rocket scientists," are those who use math and statistics for investment purposes. Short for "quantitative." I urge all Cypherpunks who can afford to do so to subscribe to "The Economist." It's filled with good, incisive articles, including the best treatments of breaking science and technology stories in any general magazine. Shoot your t.v., maybe, but don't let your subsription lapse. Available also on newstands, whence information on subscribing may be found (read the mag long enough, and you too will speak in terms of "whence"). --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From sandfort at crl.com Wed Apr 13 20:27:57 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 13 Apr 94 20:27:57 PDT Subject: Soldier of Fortune magazine. In-Reply-To: <9404140136.AA16459@toad.com> Message-ID: C'punks, On Wed, 13 Apr 1994, Gary Jeffers wrote: > . . . > I would like to suggest that some of our more knowledgeable & > eloquent Ccypherpunks such as May, Hughes, Frissell or others consider > approaching Soldier of Fortune magazine about a series of articles > or a regular column on encryption & privacy. I've written for SOF and know one of the contributing editors very well. The trouble is, I'm not sure the threat to strong crypto is close enough the the SOF mission objective. SOF may seem to be a > childish publication to some of us but it has a readership many times > that of Ccypherpunks & we would not be preaching to the converted > (I know there are other purposes to cypherpunks as well). I'm not sure I would agree with the characterization given of SOF. Many people still hold the mistaken belief that SOF is a magazine about mercs. In actuality, SOF is an intelligence publication, very similar to "Aviation Week and Space Technology." They have ass-in-the-grass correspondents wherever there is military confrontation or the threat thereof. > I've read some of their writing on the Waco affair & was impressed > by their anti-government stance & the heavy detail (much better than > the high production value/low content stuff from the mass media). > I'm not a regular reader of SOF but they seem to be old fashioned > patriots & might be warm to the Cypherpunk cause. This is certainly true. > We might have a series or a regular column titled CRYPTO - > THE COMING GREAT WAR or COMMUNICATIONS - THE NEXT GREAT BATTLEFIELD. > We already have a library of articles & copy. Our views would be a bit > novel & just might fit right in with SOF. We could make a deal with > them so that we could reprint the articles on the Internet. A number > of Cypherpunks regularly write good articles. We should make better > use of them. I'll talk to my SOF friend and see if we can come up with an angle. As of right now, I think we might be able to get one article. If so, I think the best approach would be to tie it to strong crypto like PGP as a tool for mercs and wannabees. S a n d y From sandfort at crl.com Wed Apr 13 20:38:41 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 13 Apr 94 20:38:41 PDT Subject: Another reason for anonymity In-Reply-To: <199404140213.TAA08077@mail.netcom.com> Message-ID: C'punks, American law differs from all other English-derived law in that in the US, truth is a defense against charges of libel or slander. Furthermore, American law is generally more "free speech" oriented with regard to what would otherwise be considered libel or slander. I don't know how this would have played in the States, but I'm not surprised that an Australian court found for the plaintiff. S a n d y From dwomack at runner.utsa.edu Wed Apr 13 20:41:31 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Wed, 13 Apr 94 20:41:31 PDT Subject: Soldier of Fortune magazine. In-Reply-To: <9404140136.AA16459@toad.com> Message-ID: <9404140341.AA08015@runner.utsa.edu> > > Gun control is people control. > The War on Drugs is the War on Citizens. > > I would like to suggest that some of our more knowledgeable & > eloquent Ccypherpunks such as May, Hughes, Frissell or others consider > approaching Soldier of Fortune magazine about a series of articles > or a regular column on encryption & privacy. SOF may seem to be a > > We might have a series or a regular column titled CRYPTO - > THE COMING GREAT WAR or COMMUNICATIONS - THE NEXT GREAT BATTLEFIELD. > We already have a library of articles & copy. Our views would be a bit > novel & just might fit right in with SOF. We could make a deal with > them so that we could reprint the articles on the Internet. A number > of Cypherpunks regularly write good articles. We should make better > use of them. > > Yours Truly, > Gary Jeffers > > (with apologies for snipping this excellent idea...) This is a great idea...much has been said about getting crypto software into the hands of the masses; this is a marvelous way to proceed! Those willing to write such articles could probably even get paid (a little) for doing so! From eagle at deeptht.armory.com Wed Apr 13 20:42:50 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Wed, 13 Apr 94 20:42:50 PDT Subject: AP Wire Story on NSA Manual (fwd) Message-ID: <9404132042.aa15990@deeptht.armory.com> Now NBC News is interested... > From: sfexaminer at aol.com > Date: Wed, 13 Apr 94 20:12:26 EDT > > Here's Keay's updated overnite story, which mentions your role. > AP has lots of different feeds. Not all the regional feeds run all the stuff > AP picks up. This was released to all the wire services this afternoon. > > NSA from A-1 > Semiconfidential > rules circulate > > By Keay Davidson > EXAMINER SCIENCE WRITER > It arrived mysteriously at an Austin, Texas, post office box by ""snail > mail'' - computerese for the Postal Service. > But once the National Security Agency's employee handbook was translated > into bits and bytes, it took only minutes to circulate across the country. > Thus did a computer hacker in Texas display his disdain for government > secrecy last week - by feeding into public computer networks the > semiconfidential document, which describes an agency that, during the darkest > days of the Cold War, didn't officially ""exist.'' > Now, anyone with a computer, telephone, modem and basic computer skills > can read the 36-page manual, which is stamped ""FOR OFFICIAL USE ONLY'' and > offers a glimpse of the shadowy world of U.S. intelligence - and the personal > price its inhabitants pay. > New NSA employees are warned: > ""Your home, car pool, and public places are not authorized areas to > conduct classified discussions - even if everyone involved in the discussion > possesses a proper clearance and "need-to-know.' The possibility that a > conversation could be overheard by unauthorized persons dictates the need to > guard against classified discussions in non-secure areas.'' > The manual includes a list of telephone numbers for NSA offices including > the cryptically named ""Agency Anonymity'' and ""Cipher Lock Repair,'' and > the not-so-cryptic ""Alcohol Rehabilitation Program'' and ""Disposal of > Classified Waste.'' > "Anal retentive and paranoid' > The manual is ""so anal retentive and paranoid. This gives you some > insight into how they think,'' said Chris Goggans, the Austin hacker who > unleashed it on the computer world. His on-line nom de plume is ""Erik > Bloodaxe'' because ""when I was about 11, I read a book on Vikings, and that > name really struck me.'' > NSA spokeswoman Judi Emmel said Tuesday that ""apparently this document is > an (NSA) employee handbook, and it is not classified.'' Rather, it is an > official NSA employee manual and falls into a twilight zone of secrecy. On > one hand, it's ""unclassified.'' On the other hand, it's ""FOR OFFICIAL USE > ONLY'' and can be obtained only by filing a formal request under the U.S. > Freedom of Information Act, Emmel said. > ""While you may take this handbook home for further study, remember that > it does contain "FOR OFFICIAL USE ONLY' information which should be > protected,'' the manual warns. Unauthorized release of such information could > result in ""appropriate administrative action ... (and) corrective and/or > disciplinary measures.'' > Goggans, 25, runs an on-line electronic ""magazine'' for computer hackers > called Phrack, which caters to what he calls the ""computer underground.'' He > is also a computer engineer at an Austin firm, which he refuses to name. > The manual recently arrived at Goggans' post office box in a white > envelope with no return address, save a postmark from a Silicon Valley > location, he says. Convinced it was authentic, he typed it into his computer, > then copied it into the latest issue of Phrack. > Private life not private > Other hackers, like Grady Ward of Arcata, Humboldt County, and Jeff > Leroy Davis of Laramie, Wyo., redistributed the electronic files to computer > users' groups. These included one run by the Cambridge, Mass.-based > Electronic Frontier Foundation, which fights to protect free speech on > computer networks. > Ward said he helped redistribute the NSA manual ""to embarrass the NSA'' > and prove that even the U.S. government's most covert agency can't keep > documents secret. > The action also was aimed at undermining a federal push for > data-encryption regulations that would let the government tap into computer > networks, Ward said. > In the NSA, one's private life ceases to be private: A ""waiver must be > granted in advance of a marriage to or cohabitation with a foreign national > in order to retain one's access to NSA information ...'' the manual says. > ""The marriage or intended marriage of an immediate family member (parents, > siblings, children) to a foreign national must also be reported. ... All > personnel, either employed by or assigned to NSA, must advise the Office of > Security of any changes in their marital status (either marriage or divorce), > cohabitation arrangements, or legal name changes.'' > There's nothing wrong with ""casual social associations with foreign > nationals,'' but during such associations ""you are encouraged to extend the > usual social amenities. Do not act mysteriously or draw attention to yourself > (and possibly to NSA) by displaying an unusually wary attitude.'' > None of the hackers thought he or she had done anything unpatriotic. > ""The cloak of secrecy that the intelligence communities operate behind is > an archaic paradigm of global warfare,'' said Davis, whose business card > identifies him as an ""Outlaw Transcendentalist.'' > ""The Cold War's over ...'' Davis said. ""What, is a terrorist group going > to call the National Security Agency alcoholism hot line and say, "Hey, I > have a drinking problem, can I come in?''' -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From m at BlueRose.com Wed Apr 13 21:00:11 1994 From: m at BlueRose.com (M Carling) Date: Wed, 13 Apr 94 21:00:11 PDT Subject: Soldier of Fortune magazine. Message-ID: <9404140348.AA02617@BlueRose.com> Sandy Sandfort writes: >I'll talk to my SOF friend and see if we can come up with an angle. >As of right now, I think we might be able to get one article. If >so, I think the best approach would be to tie it to strong crypto >like PGP as a tool for mercs and wannabees. This seems counterproductive. PGP should not be portrayed as a tool for those that most Americans consider antisocial. M Carling From VACCINIA at UNCVX1.OIT.UNC.EDU Wed Apr 13 21:31:25 1994 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Wed, 13 Apr 94 21:31:25 PDT Subject: Lock Out Message-ID: <01HB59MK2W8I003XTU@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- Well, I must say I was jarred from dozing this morning by Tim's post that the Clipper proposal is a done deal. I suppose I have always realized this but never allowed it to percolate up into my conscious. Executive fiat does have it's disadvantages doesn't it. Then irdial-discs (what the hell are irdail- discs?) wrote about battling Clipper on the economic front. On the face of it this would seem to be impossible. A gov't subsidized technology has too many advantages due to subsidy, mandates etc., right? Kind of. We all know that the U.S. Gov't has backed all manner of winning projects in the past. Take synthetic fuels for example, truly a master stroke in economic development of a technology. The problem? The market although artificially inflated at the time couldn't sustain a price needed to allow cost effective synth-fuel development, Gov't or not. The Gov't will pay for expensive chips, maybe even big Corporations can be forced to at first. But, if a cheaper, easier alternative is available, well then, we'll see how long VLSI & Mycotronix will make chips while bleeding red ink. Gov't absorbing development costs, yes, but direct subsidy, I don't think so. How can we make them bleed, then? Let's take Microsoft's strategy to them. Here I differ in opinion with irdial. The way Microsoft dominates the market (while putting out a sub-standard operating system to boot, sorry couldn't help it) is to package it's software as a bundle with the purchase of a piece of hardware. You get the computer, you get DOS-Windows, FREE (sort of). What are you gonna use? The hardware manufacturer pays a fee per computer, Microsoft makes money, the computer seller gets to offer "free" software and everybody's happy. Except the purveyors of good operating systems because they are locked out. What if a software version of PGP was bundled with modems and soundblaster cards? I know I got a modem communications program with my modem, still use it too. The software version of voicePGP (The Voice of Freedom!) would still make money for it's designer (presumably prz) and lock out clipper (alot more expensive). Anyone with a computer and modem can use PGP thru their phone! One could even market it as the guerilla product on the NET, now available when you buy your modem from us, VoicePGP. Just hook your phone thru the computer and speak without Gov't interfence or fear of intrusion. I think using sharp market principles crushes tawdry Gov't "programs". Microsoft has a great strategy, let's use it on Crippler. I also think software is the way to go, easier, cheaper and more dynamic. Hopefully, the Gov't won't be able to outlaw other crypto fast enough. Speed is crucial, Phil. If modem and soundcard manufacturers can be persuaded to bundle voicePGP with their hardware, the Gov't could well be LOCKED OUT. That's nice. Scott G. Morham !The First, Vaccinia at uncvx1.oit.unc.edu ! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLaoU6z2paOMjHHAhAQGOpwQAvOM79JakqkduFKPWhFeoEllhefUCNf9N oHAFN4PvxwrruYzyDzcWV3DIYbZ2gX0ggtLzSHNE/Cp4bl70cl95pilSy1J3p0o5 OO8rhX7ze7F9MgAHztfOkmuh1A78gvy+drK/RfMhuXT+EpJpl1cDITfLNZ5XUWdR 1sbX1f+2G70= =N0J7 -----END PGP SIGNATURE----- From sandfort at crl.com Wed Apr 13 21:31:45 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 13 Apr 94 21:31:45 PDT Subject: Soldier of Fortune magazine. In-Reply-To: <9404140348.AA02617@BlueRose.com> Message-ID: C'punks, On Wed, 13 Apr 1994, M Carling wrote: > . . . > >I think the best approach would be to tie it to strong crypto > >like PGP as a tool for mercs and wannabees. > > This seems counterproductive. PGP should not be portrayed as a tool > for those that most Americans consider antisocial. > > M Carling A) You don't speak for me, and I doubt you speak for "most Americans." B) Who the hell do you think reads SOF? S a n d y From eagle at deeptht.armory.com Wed Apr 13 22:25:27 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Wed, 13 Apr 94 22:25:27 PDT Subject: NBC News Tomorrow Message-ID: <9404132225.aa21030@deeptht.armory.com> Brokaw's producer just interviewed me via email and will call in the AM. Good night to watch NBC News tomorrow. The woman in LA I talked to tonight got a hell of an education. When she thanked me for it, I told her it was part of my job to educate as an EFF member, and I credited cypherpunks with a lot of my education. Don't give up yet. When the American public finds out they got fucked out of their right to privacy 4 Feburary and nobody even bothered to ask them about it, I think they're going to be really PISSED. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From jim at bilbo Wed Apr 13 22:57:13 1994 From: jim at bilbo (Jim Miller) Date: Wed, 13 Apr 94 22:57:13 PDT Subject: senseless waste of bandwidth Message-ID: <9404140409.AA21854@bilbo.suite.com> Mary had a little phone She used it on the go. But everything that Mary said The fed was sure to know. --------- Little Jack Horner Sat in the corner Watching his favorite tape. When in through the door Burst a fed and some more: "Freeze! You're a suspect for rape" From phred at well.sf.ca.us Wed Apr 13 23:14:47 1994 From: phred at well.sf.ca.us (Fred Heutte) Date: Wed, 13 Apr 94 23:14:47 PDT Subject: NBC News Tomorrow In-Reply-To: <9404132225.aa21030@deeptht.armory.com> Message-ID: <9404132314.ZM28737@well.sf.ca.us> I'm following the unfolding tale with interest. The document itself is trivial and looks like a thousand others throughout the government (and in the private sector too, particularly in the Beltway Bandits who service the 'national security' establishment). But what is interesting is the response from the throne room when the peasantry dares point out that the King of Encryption has no clothes. From hfinney at shell.portal.com Wed Apr 13 23:21:27 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 13 Apr 94 23:21:27 PDT Subject: New anon mailer idea? Message-ID: <199404140622.XAA20444@jobe.shell.portal.com> Graham Toal's suggestion for automatic insertion of an encrypted return address block is interesting. We had some discussion here last year of a similar approach, although Graham's twist of using a symmetric rather than PK cypher for the return address is new. A few thoughts: - You'd want this feature to be optional. Some people might not want their anonymity limited by having their return address recorded, even in encrypted form. - Graham is right about the advantages of use-once (or use-only-a-few-times) return addresses. Chaum discusses how multiple use of return addresses allows these systems to be broken, similar to the way Graham describes. - The use of a symmetric cypher is a very nice way of getting the use-once capability, along with the "burn after reading" effect of a remailer chain which destroys itself as it goes. But it could be a considerable burden on the remailer operator to maintain the database. One possibility would be to fix a maximum time limit on how long the return addresses are kept "alive" and require some real money to keep them longer. - What we would really like is for the recipient to hit the "reply" button and be able to send his mail back. It sounds like this system would still require some cut-and-paste. We already have programs to create encrypted remailer chain addresses fairly automatically. It would be nice to automate this last little bit. Unfortunately, there seems to be no easy way to make this work under Graham's scheme. - It doesn't look like this would be an easy drop-in to the current remailers, unfortunately. The syntax for how the address would be built up as it passes through a chain of remailers is a little unclear as well. The idea does have a lot of promise, though, and I think it is definately worth keeping in mind for the next generation of remailers. Hal From 71431.2564 at CompuServe.COM Wed Apr 13 23:30:09 1994 From: 71431.2564 at CompuServe.COM (Bradley W. Dolan) Date: Wed, 13 Apr 94 23:30:09 PDT Subject: The pot and the kettle Message-ID: <940414062729_71431.2564_FHA28-1@CompuServe.COM> >Date: Wed, 13 Apr 94 20:48:13 -0700 >From: m at BlueRose.com (M Carling) >To: cypherpunks at toad.com >Subject: Re: Soldier of Fortune magazine. >Sender: owner-cypherpunks at toad.com >This seems counterproductive. PGP should not be portrayed as a tool >for those that most Americans consider antisocial. But PGP _is_ a tool for those that most Americans consider antisocial: "hackers" (i.e. the computer literate). >M Carling I read SOF religiously and almost always learn something from it. I can't say the same about Time or Newsweek. bdolan at well.sf.ca.us From hfinney at shell.portal.com Wed Apr 13 23:36:39 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 13 Apr 94 23:36:39 PDT Subject: Remailer reply addresses Message-ID: <199404140637.XAA24792@jobe.shell.portal.com> Graham's suggestion about automatic remailer reply chains reminded me of a simpler system which I would like to see. Suppose one site, somewhere, would create new mail addresses upon request, and map them to encrypted remailer chain blocks. (These are nested remailer requests, where the outer layer is encrypted for the first remailer and tells it where to send the message, the next layer is encrypted for the 2nd remailer and tells it where to send, and so on. No remailer sees anything more than where it is sending the message and where it received it from.) A new account is created which maps, say, to a file which has one of these "anonymous return addresses" in it. Any mail incoming for that address simply gets sent to the remailer in the file, with the ARA stuck in front of it. This is not complicated software. I wrote a Bourne/Korn shell script which does the whole thing in a dozen lines. What is needed is a sendmail hack to allow mail to addresses in a specified form (say anxxxxx) to be piped to this script. I don't have a machine where I can do this. If such a site were running, then I could create an ARA block and send it to that site (via a remailer, of course). The site would make me a new address and return it via the ARA. That new address would be my pseudonym. Now, when I want to send something pseudonymously, I just stick a "Reply-To" into the outgoing headers of the message as it leaves the last remailer. The remailer-chain-creation script can easily be modified to do this. The Reply-To points at the address I got back from the pseudonym server site. With this software I could do something which cannot be done today. I could send mail to which someone could hit "r" to reply, and receive that reply, without any one person knowing my pseudonym. This is not that much to ask for! I'd say it is the bare minimum for the use of pseudonyms on the net, yet we don't have it, after all this time. And look how close we are to being able to do it. With this basic system in place, some of Graham's ideas about time-limited or use-limited pseudonyms could be applied as well. Other extensions people have suggested would have the pseudonym server hold messages in inboxes until people trigger a dump to a freshly created anonymous address. A lot of things are possible. But we should walk before we run. Right now I don't feel that we are even crawling yet. Hal From jmueller at gac.edu Wed Apr 13 23:45:21 1994 From: jmueller at gac.edu (Joel T Mueller) Date: Wed, 13 Apr 94 23:45:21 PDT Subject: US Constitution Online Message-ID: <9404140644.AA07888@gac.edu> Forwarded message: > Jeff Davis : > > For one thing, I suggest that everyone have a refferance with the > > Constitution with in arms reach of their terminals. > > Or *on* their terminals: > ftp://wiretap.spies.com/Gov/World/usa.con > > The same directory contains constitutions and charters of many countries, > from Chian to Slovakia, as well as the covenant of the Hamas, and the Magna > Carta. Maybe someone should mail the Constitution to president at whitehouse.gov - just to make sure he hasn't forgotten. -- Joel Mueller - "Here lies one whose name is writ in water." Keats GO -d+(---) -p+ c++@ l+ u++ e m+ s+/- n- h-- f+@ g+(-) w+ t(--) ry? PGP 2.3a Public Key : finger jmueller at gac.edu or on keyservers. "This must be a Thursday. I never could get the hang of Thursdays." A. Dent From sameer at soda.berkeley.edu Wed Apr 13 23:53:46 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Wed, 13 Apr 94 23:53:46 PDT Subject: Remailer reply addresses In-Reply-To: <199404140637.XAA24792@jobe.shell.portal.com> Message-ID: <199404140653.XAA19657@soda.berkeley.edu> > > But we should walk before we run. Right now I don't feel that we are even > crawling yet. > Hal describes a nice scheme. (I only skimmed it so maybe I missed something.) I have written such a aystsem and it is running. I can't publicly advertise it due to restrictions on my net connection, but hopefully by this summer I will have a net connection which I own so I will be able to run it publically. Check out soda.berkeley.edu:/pub/cypherpunks/remailer/blind-server.docs From pkm at maths.uq.oz.au Thu Apr 14 00:14:39 1994 From: pkm at maths.uq.oz.au (Peter Murphy) Date: Thu, 14 Apr 94 00:14:39 PDT Subject: Number Theory Message-ID: <9404140714.AA04038@axiom.maths.uq.oz.au> Well, since a fair amount of people have been asking for Number Theory books (including myself, I must admit), I decided to get off my butt, and see the major number theorist in this department, Dr. Keith Matthews. He is a really nice guy, and is always interested in writing and/or distributing programs for number theory calculations. He even showed me one of his newest programs, and demostrated it by factoring 2^71 -1 for me. Anyway, I asked him if he had any bibliographies for the subjects he teaches, and could I post it to the list. Voila! Not only did he have it printed out on paper, but he also mailed me the relevant LATEX files. I have decided to remove the LATEX symbols, course codes, class times, etc., from the files and just strip it down to the textbook list. Of course, this is only for a 2nd level subject, but the Library of Congress catalog codes included should help you look for new books. There are, of course, other books on this subject. I hope people find it useful. (If anyone wants the original LATEX files, well. . . I've got those too.) So, with Dr. Matthews kind permission, I present the following refernces: (Peter Murphy. ) {Textbooks: Number Theory} G. Andrews, "Number theory", QA 241.A5 1971, D. M. Bressoud, "Factorization and primality testing", QA161.F3B731989, T.H. Cormen, C.E. Leiserson, R.L. Rivest, "Algorithms", MIT Press, 1989, QA76.6.C6621990. H. Davenport, "The higher arithmetic", QA 241.D2 1952; G. H. Hardy and E. M. Wright, "Introduction to the theory of numbers", QA 241.H3 1945, T. H. Jackson, "Number theory", QA 241.J3 1975, N. Koblitz, "A course in number theory and cryptography", QA3.G7NO.114, W. J. LeVeque, "Fundamentals of number theory", QA 241.L57219771, I. Niven, H.S. Zuckermann, H.L. Montgomery, "An introduction to the theory of numbers", QA 241.N561991, O. Ore, "Invitation to number theory", QA 241.O68 1967, H. Riesel, "Prime numbers and computer methods for factorization", QA 246.R54 1985, K. Rosen, "Elementary number theory and its applications", QA 241.R67 1984, H. Shapiro, "Introduction to number theory", QA 241.S445 1983, M. Schroeder, "Number theory in science and communication", QA 241.S318 1984, W. Sierpinski, "Elementary theory of numbers", QA 241.S477 1964, H. Stark, "Introduction to the theory of numbers", QA 241.S72 1970, R. F. C. Walters, "Number theory -- an introduction", QA 241.W32 1987, N.L. Biggs, "Discrete Mathematics", QA 76.9.M35B541989, P. Giblin, "Primes and Programming", Cambridge University Press 1993. The following books are also of interest: [(a)] H. Flanders, "Scientific Pascal", QA76.73P2F551984, [(b)] R.K. Guy, "Unsolved problems in number theory", QA141.G891981. [(c)] P. Ribenboim, "The book of prime number records", QA246.R471988. {Textbooks: Cryptography} N. Koblitz, "A course in number theory and cryptography", QA3.G7NO.114, D. Welsh, "Codes and Cryptography", Oxford Science Publications, 1988, Z103.W461988 H.C.A. van Tilborg, "An Introduction to Cryptology", Kluwer Academic Publishers, 1988, Z103.T541988 W. Patterson, "Mathematical Cryptology for Computer Scientists and Mathematicians", Rowman and Littlefield, 1987, Z103.P351987 C. Pomerance, "Cryptology and Computational Nunber Theory", Proceedings of Symposia in Applied Mathematics, Volume 42, AMS, QA76.9.A25C841990 D.E.R. Denning, "Cryptography and Data Security", Addison-Wesley, 1982, QA76.9.A25D461982 G. Brassard, "Modern Cryptology: a tutorial", Lecture Notes in Computer Science 325, Springer 1988, QA76.L4V.325 G.J. Simmons,"Contemporary Cryptology", IEEE Press, 1992, QA76.9.A25C66781992 { Textbooks: Error--Correcting Codes} S. Roman,"Coding and Information Theory", GTM 134, 1992, QA3.G7NO.134 S.A. Vanstone and P.C. van Ooorschot, "An Introduction to Error Correcting Codes", Kluwer Academic Publishers,1989, TK5102.5.V321989 R. Hill, "A First Course in Coding Theory", Oxford Applied Mathematics and Computing Science Series, 1986, QA268.H551986 V. Pless, "Introduction to the Theory of Error-Correcting Codes", Wiley 1982, QA268.P551982 D.G. Hoffman et al, "Coding Theory", Marcel Dekker, 1991, QA268.C691991 O. Pretzel, "Error--Correcting Codes and Finite Fields"", Oxford Applied Mathematics and Computing Science Series, Clarendon Press 1992. From strat at cis.ksu.edu Thu Apr 14 00:17:58 1994 From: strat at cis.ksu.edu (Steve Davis) Date: Thu, 14 Apr 94 00:17:58 PDT Subject: Encrypted Telephones In-Reply-To: <199404130607.AA14231@xtropia> Message-ID: <199404140717.CAA14134@draconis.cis.ksu.edu> Timothy C. May writes: > Yes, several such projects are underway. Eric Blossom even showed a > PCB of one at a Cypherpunks meeting, using an inexpensive DSP chip. So when will the schematics and part numbers be posted for all to see? ;-) -- Steve Davis Kansas State University From lake at evansville.edu Thu Apr 14 00:21:09 1994 From: lake at evansville.edu (Adam Lake) Date: Thu, 14 Apr 94 00:21:09 PDT Subject: USWA Message-ID: I have a thought....... Did anyone ever think of involving the USWA (no, not the United States Wrestling Association) United We Stand America in the Clipper fight? Sounds to me like this would be a mass appeal if it appeared in their newsletter. For anyone who doesn't know, this is Perot's egg hatched a few years ago. I would hope somebody on the list has a contact/is a member. Despite his weak performance in which he was GORED on CNN, I would think he would be a definite ally. adam lake at uenics.evansville.edu ---------------------------------------------------------------------------- From HALVORK at dhhalden.no Thu Apr 14 00:43:45 1994 From: HALVORK at dhhalden.no (Halvor Kise jr.) Date: Thu, 14 Apr 94 00:43:45 PDT Subject: Help! New Remailer? Message-ID: <28CEB60F27@sofus.dhhalden.no> Hello all Cypherpunks! I want to set up an anonymous remailer in Norway. I once had one, but after formating my hard disk - it's no longer there. Why you ask? There are so many remailers as it is? Well, I think that it is important to have remailers in different countries. It's a little harder for the american FBI/NSA/CIA/whatever to shut down a foreign remailer. But now there is so many to choose from... What is the diffrence between Hal's, Sameer's, Nates' and hh's remailer?? I have seen that hh's? remailer at soda.berkeley.edu can post to newsgroups. Do I need a SMTP-NNTP gateway to use this remailer WITH the option to post to newsgroups? Can all of these remailers use PGP-encryption? I'm sorry if this is newbe questions for some of you, but there are surely others who also wants to know. Thanks for helping me out! Yours, Halvor Kise jr. -- * MEMENTO MORI * _____________________________________________________ | Halvor Kise jr. * halvork at sofus.dhhalden.no | | * halvork at gyda.dhhalden.no | | Ostfold * halvork at frodo.dhhalden.no | | Regional College * Student at | | N-1757 Halden * Computer Science | | * | | | | Finger halvork at sofus for PGP-key | ----------------------------------------------------- From tcmay at netcom.com Thu Apr 14 00:59:23 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 14 Apr 94 00:59:23 PDT Subject: USWA In-Reply-To: Message-ID: <199404140800.BAA23572@mail.netcom.com> Adam Lake writes: > Did anyone ever think of involving the USWA (no, not the United States > Wrestling Association) United We Stand America in the Clipper fight? > Sounds to me like this would be a mass appeal if it appeared in their > newsletter. > > For anyone who doesn't know, this is Perot's egg hatched a few years ago. > I would hope somebody on the list has a contact/is a member. Despite his > weak performance in which he was GORED on CNN, I would think he would be > a definite ally. "Excuse me? Excuse me? May I talk? Thank you. "Now as I was saying, what we've got to to to clean up the drug problem is just to seal off these neighborhoods and conduct some old-fashioned house to house searches. And if we find some these pencil-necked geeks with their traitorous secret codes, I say we just hang 'em right there in the public square. "It's that simple." I don't think Perot would be too receptive to the message many of us carry. Understand that I actually _voted_ for the guy, mainly to send a message of disgust to the major parties, and becuase the Libertarian Party candidate was too much of a crook (bad loans, land swindles) to vote for. I wouldn't have voted for Perot if he had a ghost of chance. Now that he's self-destructed, with a paranoia that Bobby Inman tried to duplicate, I say he's washed up. (Bobby Inman and Ross Perot, both of Texas, have more in common than just their Texas accents. Think about it.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From phantom at u.washington.edu Thu Apr 14 01:03:35 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Thu, 14 Apr 94 01:03:35 PDT Subject: Number Theory Message-ID: Peter Murphy writes: >... > >and see the major number theorist in this department, Dr. Keith Matthews. >He is a really nice guy, and is always interested in writing and/or >distributing programs for number theory calculations. He even showed me >one of his newest programs, and demostrated it by factoring 2^71 -1 for Is this really that impressive? MapleV and my 386dx-20 just factored it into 212885833 * 48544121 * 228479 in a matter of 23 cpu seconds. >he teaches, and could I post it to the list. Voila! Not only did he have >it printed out on paper, but he also mailed me the relevant LATEX files. way cool. thanks for the legwork.. >{Textbooks: Number Theory} >... >N. Koblitz, "A course in number theory and cryptography", QA3.G7NO.114, Speaking of who .. he's at my university. :) Nice guy; one of the people who offered to help me with the remailer situation last year. Funny thing; last year the computer administrators wouldn't even allow a copy of PGP to reside on their systems -- now it is part of their public account (student-run officially University unsupported software, usable by all). >H. Shapiro, "Introduction to number theory", QA 241.S445 1983, this isn't the Hawk Shapiro..? >D.E.R. Denning, "Cryptography and Data Security", Addison-Wesley, 1982, > QA76.9.A25D461982 sigh. mt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From hh at xcf.Berkeley.EDU Thu Apr 14 02:57:27 1994 From: hh at xcf.Berkeley.EDU (Eric Hollander) Date: Thu, 14 Apr 94 02:57:27 PDT Subject: fake pgp messages Message-ID: <9404140957.AA18212@xcf.Berkeley.EDU> in the process of doing stuff to fight traffic analysis, i need to generate a bunch of fake pgp messages. it is possible to asciiarmor random bits, but this is pretty easy to spot. does anyone know a good way to generate a large amount of bogus pgp messages? e From eagle at deeptht.armory.com Thu Apr 14 03:59:54 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Thu, 14 Apr 94 03:59:54 PDT Subject: fake pgp messages Message-ID: <9404140359.aa02151@deeptht.armory.com> Eric Hollander asked about faking pgp messages. How much disk space do you have? I have a couple of megs of active files of text I could email you and you could just send them out as ascii.armored real messages. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From cat at soda.berkeley.edu Thu Apr 14 04:36:20 1994 From: cat at soda.berkeley.edu (Erich von Hollander) Date: Thu, 14 Apr 94 04:36:20 PDT Subject: rng, anyone? Message-ID: <199404141136.EAA10090@soda.berkeley.edu> i'm doing some stuff on this remailer which requires a good rng. perl's rng just calls c's rng, which totally sucks. does anyone know of a cryptographically sound rng i can use? i could just call it from perl or something. thanks, e From paul at poboy.b17c.ingr.com Thu Apr 14 06:06:45 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Thu, 14 Apr 94 06:06:45 PDT Subject: Tech: Encryption and Satellites (re: GI) In-Reply-To: <9404131331.AA03139@warwick.com> Message-ID: <199404141305.AA09379@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- > Key pay cable providers are now going though the second stage > of moving from General Instrument's Video Cipher II (VC II) > encryption system to its more secure VideoCipher Renewable > Security (VCRS) system. VCII and VCII+ both use DES. VC/RS uses a plug-in card; right now the RS cards are all still DES. An interesting note is that the VC family uses digital sound and encrypts it. You can allegedly reconstruct the vertical sync signal and get watchable pictures, but for sound you either need to break DES or exploit a system vulnerability. > Adopting VCRS are HBO, Cinemax, Showtime, TMC, Viewer's choice, > REquest TV, Playboy channel, Spice, and Netlink. Netlink offers > three superstations. All of the above are presently VCII+ customers. There were several such design and implementation vulnerabilities in the VCII system, and they were quickly exploited by pirates. As a counter, GI introduced the VCII+, which has fewer vulnerabilities and has not yet (AFAIK) been "broken". (n.b. I know that the use of "wizard codes", or master keys, still continues, but I don't really count that as a break.) > "There have been 30,000 to 40,000 conversion customers > a month for the past for months." Part of the reason behind the conversion is necessity. Programmers were downlinking both VCII and VCII+ authorization datastreams for a while. When VC/RS became available, some programmers switched over to downlinking VCII+ and VC/RS. When the VCII+ datastreams go dark, VCII+ descramblers won't work. > Meanwhile, with the digital era in mind, Primestar Partners > is preparing to move its DBS (direct broadcast satellite) > from Scientific-Atlanta's analog B-Mac encryption to > General Instrument's DigiCipher digital compression > technology, which also provides teh most recent security > meansures. GI has been very, very tightlipped about any of the compression or encryption technology behind DigiCipher. - -Paul - -- Paul Robichaux, KD4JZG | Out the 10Base-T port, through the router, perobich at ingr.com | over the leased line, off the bridge, past Intergraph Federal Systems | the firewall... nothing but net. Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLa0+OiA78To+806NAQEJAQQAiS7q/xO+EI44NlVh2KBeP3e8/wBzD9HO L59ez9oSWV8etUfyokbbNcjHT5xbKImuN3oUxYGA7A0s0eGc/IGQfgTJ2Dn7qITN UyKNXuBm3l2wkKj0szp723lQSRjWJp7cIVFy0lbDZEA0yIzAyMC5WPWFunYE9ND3 hTzLxbY5Jdk= =WtA3 -----END PGP SIGNATURE----- From perry at snark.imsi.com Thu Apr 14 06:34:22 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 14 Apr 94 06:34:22 PDT Subject: Quants vs Congress In-Reply-To: <9404140219.AA09878@ininx> Message-ID: <9404141227.AA27757@snark.imsi.com> John E. Kreznar says: > > Big hearings in Congress today about how evil derivatives and the quants > > who build them are. They are a threat to government as we know it. Don't > > tell anyone but the "intermediation of political risk" was one of the > > greatest invention of the 1980s. Combine same with strong crypto and you > > almost have to feel sorry for the public employees in our midst. Watch > > out for a little downsizing. > > Aw c'mon Duncan. Derivative of what? Derivative securites. Usually "derived" from some base securities, commodities, or other derivatives. Options, futures, swaps, and other synthetic trading instruments of varying degrees of liquidity and fungibility are all derivative instruments. > What's a quant? Someone who does valuation of fixed income or derivative securities based on mathematical models. Its a bit of a fuzzy term. > Where was the term ``intermediation of political risk'' used? Well, presumably hedging, futures and insurance markets can be used to offset political risks. > I love your postings when I can make sense of them. This one is so well > encrypted I can't. Everyone should know a bit about the securities markets -- an educated individual owes it to themselves to understand them. Perry From mpj at netcom.com Thu Apr 14 07:17:14 1994 From: mpj at netcom.com (Michael Paul Johnson) Date: Thu, 14 Apr 94 07:17:14 PDT Subject: fake pgp messages In-Reply-To: <9404140957.AA18212@xcf.Berkeley.EDU> Message-ID: <199404141418.HAA15387@netcom9.netcom.com> > in the process of doing stuff to fight traffic analysis, i need to generate > a bunch of fake pgp messages. it is possible to asciiarmor random > bits, but this is pretty easy to spot. does anyone know a good > way to generate a large amount of bogus pgp messages? What better way than to generate real pgp messages that encrypt noise files? Just generate pseudorandom binary data of pseudorandom length (biased toward the length of real messages), and encrypt with pgp, using the public key of some person's key from a public server, selected at random. If you want to be able to spend less cpu time, you could hack a copy of pgp to simulate doing this, of course, using the symmetric key cipher (idea) in a stream cipher mode. Peace to you. ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp:csn.org//mpj/README.MPJ for crypto stuff | | |||/ /_\ | aka mpj at netcom.com mpjohnson at ieee.org mikej at exabyte.com | | |||\ ( | m.p.johnso at nyx.cs.du.edu CIS 71331,2332 PGP key by finger | | ||| \ \_/ |___________________________________________________________| From cort at ecn.purdue.edu Thu Apr 14 07:36:34 1994 From: cort at ecn.purdue.edu (cort) Date: Thu, 14 Apr 94 07:36:34 PDT Subject: fake pgp messages Message-ID: <199404141436.JAA05814@en.ecn.purdue.edu> > > in the process of doing stuff to fight traffic analysis, i need to generate > > a bunch of fake pgp messages. it is possible to asciiarmor random > > bits, but this is pretty easy to spot. does anyone know a good > > way to generate a large amount of bogus pgp messages? > > What better way than to generate real pgp messages that encrypt noise files? > Just generate pseudorandom binary data of pseudorandom length (biased > toward the length of real messages), and encrypt with pgp, using the > public key of some person's key from a public server, selected at > random. If you want to be able to spend less cpu time, you could hack a > copy of pgp to simulate doing this, of course, using the symmetric key > cipher (idea) in a stream cipher mode. > Better "noise" might be _real_ words, paragraphs, etc. It occurred to me once that some of the remailer operators could bounce the cypherpunks mailing list around through their remailers to get more traffic/noise. Cort. From cpsr at access.digex.net Thu Apr 14 07:44:18 1994 From: cpsr at access.digex.net (Dave Banisar) Date: Thu, 14 Apr 94 07:44:18 PDT Subject: Press Release on Secure NCSA Mosiac Message-ID: <9404141045.AA01426@Hacker2.cpsr.digex.net> Secure NCSA Mosaic establishes necessary framework for electronic commerce onthe Internet PALO ALTO, CALIF. (APRIL 12) BUSINESS WIRE - April 12, 1994-- Enterprise Integration Technologies (EIT), the National Center for Supercomputing Applications (NCSA) at the University of Illinois and RSA Data Security Tuesday announced agreements to jointly develop and distribute a secure version of NCSA Mosaic, the popular point-and-click interface that enables easy access to thousands of multimedia information services on the Internet. The announcement was made in conjunction with the launch of CommerceNet, a large-scale market trial of electronic commerce on the Internet. Under the agreements, EIT will integrate its Secure-HTTP software with public key cryptography from RSA into NCSA Mosaic Clients and World Wide Web (WWW) servers. WWW is a general-purpose architecture for information retrieval comprised of thousands of computers and servers that is available to anyone on Internet. The enhancements will then be made available to NCSA for widespread public distribution and commercial licensing. Jay M. Tenenbaum, chief executive officer of EIT, believes secure NCSA Mosaic will help unleash the commercial potential of the Internet by enabling buyers and sellers to meet spontaneously and transact business. "While NCSA Mosaic makes it possible to browse multimedia catalogs, view product videos, and fill out order forms, there is currently no commercially safe way to consummate a sale," said Tenenbaum. "With public key cryptography, however, one can authenticate the identity of trading partners so that access to sensitive information can be properly accounted for." This secure version of NCSA Mosaic allows users to affix digital signatures which cannot be repudiated and time stamps to contracts so that they become legally binding and auditable. In addition, sensitive information such as credit card numbers and bid amounts can be securely exchanged under encryption. Together, these capabilities provide the foundation for a broad range of financial services, including the network equivalents of credit and debit cards, letters of credit and checks. In short, such secure WWW software enables all users to safely transact day-to-day business involving even their most valuable information on the Internet. According to Joseph Hardin, director of the NCSA group that developed NCSA Mosaic, over 50,000 copies of the interface software are being downloaded monthly from NCSA's public server - with over 300,000 copies to date. Moreover, five companies have signed license agreements with NCSA and announced plans to release commercial products based on NCSA Mosaic. "This large and rapidly growing installed base represents a vast, untapped marketplace," said Hardin. "The availability of a secure version of NCSA Mosaic establishes a valid framework for companies to immediately begin large- scale commerce on the Internet." Jim Bidzos, president of RSA, sees the agreement as the beginning of a new era in electronic commerce, where companies routinely transact business over public networks. "RSA is proud to provide the enabling public key software technology and will make it available on a royalty-free basis for inclusion in NCSA's public distribution of NCSA Mosaic," said Bidzos. "RSA and EIT will work together to develop attractive licensing programs for commercial use of public key technology in WWW servers." At the CommerceNet launch, Allan M. Schiffman, chief technical officer of EIT, demonstrated a working prototype of secure NCSA Mosaic, along with a companion product that provides for a secure WWW server. The prototype was implemented using RSA's TIPEM toolkit. "In integrating public key cryptography into NCSA Mosaic, we took great pains to hide the intricacies and preserve the simplicity and intuitive nature of NCSA Mosaic," explained Schiffman. Any user that is familiar with NCSA Mosaic should be able to understand and use the software's new security features. Immediately to the left of NCSA's familiar spinning globe icon, a second icon has been inserted that is designed to resemble a piece of yellow paper. When a document is signed, a red seal appears at the bottom of the paper, which the user can click on to see the public key certificates of the signer and issuing agencies. When an arriving document is encrypted, the paper folds into a closed envelope, signifying that its formation is hidden from prying eyes. When the user fills out a form containing sensitive information, there is a "secure send" button that will encrypt it prior to transmission. To effectively employ public-key cryptography, an infrastructure must be created to certify and standardize the usage of public key certificates. CommerceNet will certify public keys on behalf of member companies, and will also authorize third parties such as banks, public agencies and industry consortia to issue keys. Such keys will often serve as credentials, for example, identifying someone as a customer of a bank, with a guaranteed credit line. Significantly, all of the transactions involved in doing routine purchases from a catalog can be accomplished without requiring buyers to obtain public keys. Using only the server's public key, the buyer can authenticate the identity of the seller, and transmit credit card information securely by encrypting it under the seller's public key. Because there are fewer servers than clients, public key administration issues are greatly simplified. To successfully combine simplicity of operation and key administration functions with a high level of security that can be accessible to even non- sophisticated users, significant changes were necessary for existing WWW security protocols. EIT developed a new protocol called Secure-HTTP for dealing with a full range of modern cryptographic algorithms and systems in the Web. Secure-HTTP enables incorporation of a variety of cryptographic standards, including, but not limited to, RSA's PKCS-7, and Internet Privacy Enhanced Mail (PEM), and supports maximal interoperation between clients and servers using different cryptographic algorithms. Cryptosystem and signature system interoperation is particularly useful between U.S. residents and non-U.S. residents, where the non-U.S. residents may have to use weaker 40-bit keys in conjunction with RSA's RC2 and RC4 variable keysize ciphers. EIT intends to publish Secure-HTTP as an Internet standard, and work with others in the WWW community to create a standard that will encourage using the Web for a wide variety of commercial transactions. EIT will make Secure NCSA Mosaic software available at no charge to CommerceNet members in September and NCSA will incorporate these secure features in future NCSA Mosaic releases. Enterprise Integration Technologies Corp., of Palo Alto, (EIT), is an R&D and consulting organization, developing software and services that help companies do business on the Internet. EIT is also project manager of CommerceNet. The National Center for Supercomputing Applications (NCSA), developer of the Mosaic hypermedia browser based at the University of Illinois in Champaign, Ill., is pursuing a wide variety of software projects aimed at making the Internet more useful and easier to use. RSA Data Security Inc., Redwood City, Calif., invented Public Key Cryptography and performs basic research and development in the cryptographic sciences. RSA markets software that facilitates the integration of their technology into applications. Information on Secure NCSA Mosaic can be obtained by sending e-mail to shttp- infoeit.com. --30--pc/sf CONTACT: Hamilton Communications Nancy Teater, 415/321-0252 KEYWORD: CALIFORNIA ILLINOIS INDUSTRY KEYWORD: COMPUTERS/ELECTRONICS COMED Z REPEATS: New York 212-575-8822 or 800-221-2462; Boston 617-330-5311 or 800- 225-2030; SF 415-986-4422 or 800-227-0845; LA 310-820-9473 Transmitted: 94-04-12 12:08:00 EDT From mmarkley at microsoft.com Thu Apr 14 09:17:35 1994 From: mmarkley at microsoft.com (Mike Markley) Date: Thu, 14 Apr 94 09:17:35 PDT Subject: Quants vs Congress Message-ID: <9404141518.AA06429@netmail2.microsoft.com> ---------- | From: Timothy C. May | To: John E. Kreznar | Cc: | Subject: Re: Quants vs Congress | Date: Wednesday, April 13, 1994 8:13PM | | Received: from relay2.UU.NET by netmail.microsoft.com with SMTP (5.65/25-eef) | id AA14155; Wed, 13 Apr 94 19:20:40 -0700 | Received: from toad.com by relay2.UU.NET with SMTP | (5.61/UUNET-internet-primary) id AAwlnp10043; Wed, 13 Apr 94 23:21:22 -0400 | Received: by toad.com id AA17257; Wed, 13 Apr 94 20:13:54 PDT | Received: from mail.netcom.com (netcom5.netcom.com) by | toad.com id AA17248; Wed, 13 Apr 94 20:13:47 PDT | Received: from localhost by mail.netcom.com (8.6.4/SMI-4.1/Netcom) | id UAA15518; Wed, 13 Apr 1994 20:13:38 -0700 | Message-Id: <199404140313.UAA15518 at mail.netcom.com> | In-Reply-To: <9404140219.AA09878 at ininx> from "John E. Kreznar" | at Apr 13, 94 07:19:36 pm | X-Mailer: ELM [version 2.4 PL23] | Mime-Version: 1.0 | Content-Type: text/plain; charset=US-ASCII | Content-Transfer-Encoding: 7bit | Content-Length: 1913 | Sender: netmail!owner-cypherpunks at toad.com | Precedence: bulk | | John Krexnar writes: | | (Duncan Frissell's section elided) | | > Aw c'mon Duncan. Derivative of what? What's a quant? Where was the | > term ``intermediation of political risk'' used? | > | > I love your postings when I can make sense of them. This one is so well | > encrypted I can't. | | "Derivatives" mean secondary financial instruments, based on ("derived | from") things like stocks, bonds, and real estate. Things like futures | markets, "baskets" of other instruments, etc. These started, it may be | argued, in the trading pits of Chicago, but have now spread around the | world. I think I recall reading (in "Time"'s cover story last week on | derivatives and quants, ironically enough--the Wall Street nerd with | the "messy room" has replaced the hacker as the Number One Threat to | Civilization) that $ 4 Trillion in derivatives trades _daily_. | | "Quants," closely related to "rocket scientists," are those who use | math and statistics for investment purposes. Short for "quantitative." | | I urge all Cypherpunks who can afford to do so to subscribe to "The | Economist." It's filled with good, incisive articles, including the | best treatments of breaking science and technology stories in any | general magazine. Shoot your t.v., maybe, but don't let your | subsription lapse. Available also on newstands, whence information on | subscribing may be found (read the mag long enough, and you too will | speak in terms of "whence"). | | --Tim May | | | -- | .......................................................................... | Timothy C. May | Crypto Anarchy: encryption, digital money, | tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | 408-688-5409 | knowledge, reputations, information markets, | W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. | Higher Power: 2^859433 | Public Key: PGP and MailSafe available. | "National borders are just speed bumps on the information superhighway." | The derivatives market is a very dangerous place also. In yesterdays financial section here in Seattle there was an article about how Proctor and Gamble is reporting a loss of over $100 million in the mortgage derivative market. Also in RISKS Digest 15.75 there is an article with the subject ' God Grants Granite Gift to RISKS Punsters' that talks about a company losing $600 million over the period of several weeks in the deriviative market. Mike. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Mike Markley || The opinions here do not represent the mmarkley at microsoft.com || opinions of my employer. Attempts to || associate the two are pointless. "I want to look at life, In the available light" - Neil Peart - From frissell at panix.com Thu Apr 14 09:33:20 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 14 Apr 94 09:33:20 PDT Subject: Soldier of Fortune Message-ID: <199404141633.AA25930@panix.com> M > M >This seems counterproductive. PGP should not be portrayed as a tool M >for those that most Americans consider antisocial. M > M >M Carling M > A quote from pgpdoc1.doc: "If privacy is outlawed, only outlaws will have privacy. Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers. So do defense contractors, oil companies, and other corporate giants. But ordinary people and grassroots political organizations mostly have not had access to affordable "military grade" public-key cryptographic technology. Until now." Now Phil wrote PGP in part so that "grassroots" political organizations could have strong crypto. SOF is a "grassroots political organization." It happens that some people don't like SOF. It happens that some other people think that the organizations that Phil was thinking of when he wrote PGP are unamerican communist front organizations who should be on the Attorney General's List (if we still had an Attorney General's List)(if we still had an Attorney General). Tastes differ. The point of cypherpunks is that everyone (even FBI agents) should have strong crypto if they want it. I know that Phil feels a personal sense of embarrassment at being adopted by all sorts of nut groups (including ourselves) and he has pleaded for stories of "worthy PGP use." Standards of worthiness will vary. DCF Who, as it happens, *is* a member of an organization on the Attorney General's list. --- WinQwk 2.0b#1165 From ian at geography.leeds.ac.uk Thu Apr 14 09:36:41 1994 From: ian at geography.leeds.ac.uk (Ian Turton) Date: Thu, 14 Apr 94 09:36:41 PDT Subject: fake pgp messages Message-ID: <3901.9404141632@geography.leeds.ac.uk> > > > in the process of doing stuff to fight traffic analysis, i need to generate > > > a bunch of fake pgp messages. it is possible to asciiarmor random > > > bits, but this is pretty easy to spot. does anyone know a good > > > way to generate a large amount of bogus pgp messages? > > > > What better way than to generate real pgp messages that encrypt noise files? > > Just generate pseudorandom binary data of pseudorandom length (biased > > toward the length of real messages), and encrypt with pgp, using the > > public key of some person's key from a public server, selected at > > random. If you want to be able to spend less cpu time, you could hack a > > copy of pgp to simulate doing this, of course, using the symmetric key > > cipher (idea) in a stream cipher mode. > > > > Better "noise" might be _real_ words, paragraphs, etc. > > It occurred to me once that some of the remailer operators could > bounce the cypherpunks mailing list around through their remailers > to get more traffic/noise. why not take a random news group comp.talk.eff seems like a good one and encrypt that and mail out one article whenever you need or whenever your news server recieves one. You could then tailor the frequency by choosing high or low volume news groups. > > Cort. > > > Ian Turton - School of Geography, Leeds University 0532 -333309 From kafka at desert.hacktic.nl Thu Apr 14 09:37:12 1994 From: kafka at desert.hacktic.nl (-=[ Patrick Oonk ]=-) Date: Thu, 14 Apr 94 09:37:12 PDT Subject: Code review is requested. Message-ID: <199404141636.AA05139@xs4all.hacktic.nl> In article <199404110553.AA00997 at xtropia>, you write the following: AN> Cypherpunks review code! AN> AN> I have written a hack to allow pgp's random.h and random.c to be used AN> with a hardware random number generator. I have mailed this to a AN> number of U.S. cypherpunks with the request that the hack be AN> distributed widely in the U.S. test --- "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 4 1994 == To get PGP, FTP /pub/unix/security/crypt/pgp23A.zip from ftp.funet.fi == From perry at snark.imsi.com Thu Apr 14 09:46:15 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 14 Apr 94 09:46:15 PDT Subject: Quants vs Congress In-Reply-To: <9404141518.AA06429@netmail2.microsoft.com> Message-ID: <9404141646.AA28110@snark.imsi.com> Mike Markley says: > The derivatives market is a very dangerous place also. In yesterdays > financial section here in Seattle there was an article about how > Proctor and Gamble is reporting a loss of over $100 million in the > mortgage derivative market. Actually, there isn't much of a mortgages derivatives market -- unless you think of CMOs as derivatives. The P&G loss was reportedly in some interest rate swaps, although I haven't read too much about it. Derivatives are no more dangerous than any other instrument. Its just that because they are often highly leveraged you can make or lose far more money as a percentage of your investment. However, there is no requirement that you leverage yourself that much -- people just choose to do so. > Also in RISKS Digest 15.75 there is an article with the subject ' > God Grants Granite Gift to RISKS Punsters' that talks about a > company losing $600 million over the period of several weeks in the > deriviative market. I believe you are mentioning Askin Capital Management. They were trading CMOs, which are basically just packages of mortgages that have had some fancy footwork performed on them to allow investors to manage the prepayment risks. Their problems were due to illiquidity in their market, which tended to be for unusual or "junky" traunches of CMOs. Based on what I've been able to read, they were using an arbitrage strategy between mortgage securities that should have fallen in price with interest rate fluctuations and those that should rise -- by having a balanced book they should theoretically have been free of interest rate risk, but because they were highly leveraged losses in their portfolio could cause margin calls. Normally they could just have unwound their matched positions in such a situation, but when the market turned illiquid they got margin calls without being able to meet them and because they were highly leveraged they swiftly lost most of their capital. However, I'll note again they were not trading derivatives per se -- just repackaged and securitised mortgages. I'll point out that this is not the FinancialPunks list but the cypherpunks list -- I'll discontinue the discussion here. Perry From hughes at ah.com Thu Apr 14 09:48:42 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 14 Apr 94 09:48:42 PDT Subject: rng, anyone? In-Reply-To: <199404141136.EAA10090@soda.berkeley.edu> Message-ID: <9404141639.AA24917@ah.com> >i'm doing some stuff on this remailer which requires a good rng. >perl's rng just calls c's rng, which totally sucks. does >anyone know of a cryptographically sound rng i can use? If you don't need high-bandwidth randomness, there are several good PRNG, but none of them run fast. See the chapter on PRNG's in "Cryptology and Computational Number Theory". You, Erich von Hollander, should just go talk to Manuel Blum, who's on the faculty at Cal. He's the second Blum of the Blum-Blum-Shub generator. Eric From eagle at deeptht.armory.com Thu Apr 14 09:58:42 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Thu, 14 Apr 94 09:58:42 PDT Subject: NBC's Kaul Message-ID: <9404140958.aa11886@deeptht.armory.com> Well, NBC's Alan Kaul and I had a discussion a few moments ago. Apparantly a helicopter crashed and this is old news. He has been instructed by NBC superiors to move on. The downplaying by the NSA was key. It wasn't another "Pentagon Papers" leak. He's got my unlisted number and asked if he could call from time to time to use me as an informed source, and asked to be kept on my mailing list. I guess I'll scrounge up that abitrary finger data from the AmEmbMoscow.gov deal and send that to him as an item of interest. Perhaps a CIA hand was logged on when that stuff popped up on the screen... This is not a topic for discussion. I know some of you have grown to care about me, and some rip me routinely. I am responsible and accountable for my own actions. "Those who risk nothing, are nothing, do nothing, and become nothing." By the time you rebut, that finger information will be gone. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From sameer at soda.berkeley.edu Thu Apr 14 10:07:36 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Thu, 14 Apr 94 10:07:36 PDT Subject: Help! New Remailer? In-Reply-To: <28CEB60F27@sofus.dhhalden.no> Message-ID: <199404141707.KAA06558@soda.berkeley.edu> > > What is the diffrence between Hal's, Sameer's, Nates' and hh's > remailer?? My remailer is very similar to Hal's except it is very easy to install. I don't know about Nates' remailer. I think it is written in C. hh's remailer started from Hal's remailer but it has many more features. > > I have seen that hh's? remailer at soda.berkeley.edu can post to > newsgroups. Do I need a SMTP-NNTP gateway to use this remailer WITH > the option to post to newsgroups? You need inews in order to use the post to news function of this remailer. hh & I are working on incorporating his remailer code with my installation code so that it will be easy to install a remailer which does: 1) Mail A) Anonymous B) Quick+dirty return addressing C) Nonymous (non-anonymous) 2) News (the same 3) 3) PGP encryption 4) pinger -- Ray's code which keeps track of which remailers are running 5) Pool/deliver/inject traffic analysis defeating.. (outgoing mail/news is pooled and every so often a program is run delivering the pooled messages to where they should go) More details will, of course, be released once the thing is actually ready for wide release. Good work in trying to set up a remailer! From hughes at ah.com Thu Apr 14 10:25:01 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 14 Apr 94 10:25:01 PDT Subject: fake pgp messages In-Reply-To: <9404140957.AA18212@xcf.Berkeley.EDU> Message-ID: <9404141714.AA24963@ah.com> >in the process of doing stuff to fight traffic analysis, i need to generate >a bunch of fake pgp messages. it is possible to asciiarmor random >bits, but this is pretty easy to spot. You'll have to write a simulator for PGP messages. This is straightforward, since the outer part of a PGP doesn't contain much information. There's the destination ID (those naughty bits), an encrypted session key, and an encrypted body. I recommend that the next PGP release come with just such a simulator. Fake messages are a useful primitive for certain tasks and their use should be supported. For similar reasons, a simulator for faking cleartext signatures should also be distributed. The destination ID should be chosen at random from a list of known ID's, maybe with some randomly generated ones added to the list. These shouldn't be flatly distributed because destination ID's are not flatly distributed. Download a big ol' public keyring and use that. [There's a small opening here. If the opponent were to seed the public keyring with keys known not to be in use, they could detect some of the messages as fakes, and certainly the presence of fakery. On the other hand, if _none_ of the messages used known moduli, that would be equally suspect.] The encrypted session key should be less than the RSA modulus for the given destination ID. For arbitrary ones added to your list, make a data structure which contains an upper limit, a substitute for the modulus. The encrypted body is just the output of your favorite PRNG. Since this is a simulation of encrypted text, you don't need the really strong characteristics of a good PRNG. Here's my recommendation. Take a cryptostrong PRNG and generate a seed of sufficient length (like 128 bits). Take this seed and seed a PRNG of lesser quality and (much) greater speed; a linear congruential generator would be fine. For each block of output, take a secure hash, like MD5. [crypto-strong PRNG] [slow seed 128 bits] | v [crypto-weak PRNG] [block 1] --> [block 2] --> [block 3] --> | | | v v v [MD5] [MD5] [MD5] ... | | | v v v [output 1] [output 2] [output 3] If the strong seed is too small, you could simply generate all messages and do an exhaustive search. If the space of the weak generator is too small, that's where to do the search. The reason for the one-way hash is to prevent detection that a random generator is behind it all. Eric From m at BlueRose.com Thu Apr 14 10:37:48 1994 From: m at BlueRose.com (M Carling) Date: Thu, 14 Apr 94 10:37:48 PDT Subject: Soldier of Fortune Message-ID: <9404141704.AA00518@BlueRose.com> I happen to like SOF, and I don't think most Americans have a bad opinion of it (certainly some do, but that is true of any publication). But SOF's appeal is much broader than just "mercs and wannabees" [Sandy's words], and that "mercs and wannabees" is probably the subfocus of SOF that most Americans find the least tasteful of what SOF is about. Most Americans don't think highly of mercenaries. If anyone is going write something for SOF about PGP, I hope that the article focuses on anything but "mercs and wannabees". M Carling Begin forwarded message: Date: Thu, 14 Apr 1994 12:33:04 -0400 From: Duncan Frissell To: CYPHERPUNKS at toad.com Subject: Re: Soldier of Fortune Sender: owner-cypherpunks at toad.com Precedence: bulk M > M >This seems counterproductive. PGP should not be portrayed as a tool M >for those that most Americans consider antisocial. M > M >M Carling M > A quote from pgpdoc1.doc: "If privacy is outlawed, only outlaws will have privacy. Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers. So do defense contractors, oil companies, and other corporate giants. But ordinary people and grassroots political organizations mostly have not had access to affordable "military grade" public-key cryptographic technology. Until now." Now Phil wrote PGP in part so that "grassroots" political organizations could have strong crypto. SOF is a "grassroots political organization." It happens that some people don't like SOF. It happens that some other people think that the organizations that Phil was thinking of when he wrote PGP are unamerican communist front organizations who should be on the Attorney General's List (if we still had an Attorney General's List)(if we still had an Attorney General). Tastes differ. The point of cypherpunks is that everyone (even FBI agents) should have strong crypto if they want it. I know that Phil feels a personal sense of embarrassment at being adopted by all sorts of nut groups (including ourselves) and he has pleaded for stories of "worthy PGP use." Standards of worthiness will vary. DCF Who, as it happens, *is* a member of an organization on the Attorney General's list. --- WinQwk 2.0b#1165 From ecarp at netcom.com Thu Apr 14 10:45:19 1994 From: ecarp at netcom.com (Ed Carp) Date: Thu, 14 Apr 94 10:45:19 PDT Subject: Soldier of Fortune In-Reply-To: <199404141633.AA25930@panix.com> Message-ID: > I know that Phil feels a personal sense of embarrassment at being adopted > by all sorts of nut groups (including ourselves) and he has pleaded for > stories of "worthy PGP use." Standards of worthiness will vary. I've already sent my story in... :) Haven't heard anything from Phil yet, though... From ecarp at netcom.com Thu Apr 14 10:49:32 1994 From: ecarp at netcom.com (Ed Carp) Date: Thu, 14 Apr 94 10:49:32 PDT Subject: uses for PGP Message-ID: Here's the text of a message I sent to Phil. Thought I'd share it with y'all... ---------- From jamiel at sybase.com Thu Apr 14 10:52:36 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Thu, 14 Apr 94 10:52:36 PDT Subject: cypherpunks and politics (Re: USWA) Message-ID: <9404141752.AA23904@ralph.sybgate.sybase.com> At 2:21 AM 04/14/94 -0500, Adam Lake wrote: >Did anyone ever think of involving the USWA (no, not the United States >Wrestling Association) United We Stand America in the Clipper fight? >Sounds to me like this would be a mass appeal if it appeared in their >newsletter. This is something I have been meaning to write to the list for several weeks, and this post is the perfect lead in. When I joined this list, I saw thought it was going to be much different. I had assumed 1) that people on this list would have much different politics and 2) that that wouldn't really matter, 'cause everyone here is concerned with one issue, which we could all agree on. 2) seems to have partially true, sometimes. Without expounding at lengths, my reaction was to unsubscribe on short order when I saw some of the first posts flying around. I didn't, because I try to keep an open mind and do change opinions sometimes. But not everyone who is a potential crypto supporter is gonna bother, and by tying (seemingly or not- impressions count here) the issue to a particular set of other beliefs, there is a huge chance that others are going to be alienated. I know *I* don't want to be associated with libertarianism or (even worse) Perot... The point is that even if you think anyone with a viewpoint opposing yours is automatically stupid and not worth your time (and I don't think that too many of you are that bad off ;), aren't they at least worth using to further something you believe strongly in? It might do well to be careful in alienating potential allys by flip political jokes and comments. -j From jamiel at sybase.com Thu Apr 14 10:52:38 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Thu, 14 Apr 94 10:52:38 PDT Subject: fake pgp messages Message-ID: <9404141752.AB23904@ralph.sybgate.sybase.com> What about a chron task that creates a new PGP key every x hours and encrypts random Usenet posts, according to traffic patterns (if there it tons of real activity, don't do much, if little, do more. just a thought. -j From danisch at ira.uka.de Thu Apr 14 11:12:54 1994 From: danisch at ira.uka.de (Hadmut Danisch) Date: Thu, 14 Apr 94 11:12:54 PDT Subject: Speech compression and encryption (Secure Phone) Message-ID: <9404141812.AA21861@deathstar.iaks.ira.uka.de> Hi folks, we want to start a project for a computer science class at the University of Karlsruhe. We want to write software to use a workstation/PC with a modem, speaker, and microphone as a secure Phone with encryption and authentication. Therefore we need speech compression. Can anyone give me hints to books, articles, algorithms or software for speech compression? Is CELP public available? Thanks a lot Hadmut From 72133.1415 at CompuServe.COM Thu Apr 14 11:19:08 1994 From: 72133.1415 at CompuServe.COM (PAPAMICHAIL) Date: Thu, 14 Apr 94 11:19:08 PDT Subject: Need info re Clipper/encryptions Message-ID: <940414181530_72133.1415_FHF70-1@CompuServe.COM> I'm writing a script, need someone to advise me on technical points re encryption, cracking computers and other things I probably shouldn't know. If there's anyone out there that can help please contact me via CompuServe 72133,1415 P.S. I'm no computer wiz. Thanks - ERB From jims at Central.KeyWest.MPGN.COM Thu Apr 14 11:26:13 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell - KD4CKQ) Date: Thu, 14 Apr 94 11:26:13 PDT Subject: Another reason for anonymity Message-ID: <9404141825.AA09455@Central.KeyWest.MPGN.COM> Preface: I inadvertently sent this via regular mail to Tim directly instead of on the list. He noted, correctly, that it should have been put to the list so I'm copying it there. Jim > > (You should carry these discussions on the main list, so I can justify > putting more time into the replies.) > > > > > > [ discussion of anonymity and defamation of character omitted since it's been posted before. - JCS] > > > > But what about the credit checking systems now or the "Data Hiway" (I'm > > growing very weary of the I.S. catchphrase) of the near future? What if > > I can type, anonymously, that Tim May is a pedophile and every newspaper, > > and thus every home, in the world sees it? Do you think you'd get a job > > as a elementary school teacher? Not likely. People always remember the > > accusation but rarely the retraction. Do you think Michael Jackson will > > ever shrug off the child molestation charges? Not fully. Even now, if > > I have a business and I tell XYZ Credit Check Company that you didn't > > pay your bill and owe me $1,000,000.00 then you're ruined! Oh, that's > > right, for me to report it I have to say who I am and then you can sue > > me for ruining your life. > > False or frivolous accusations are often made, and people take into > account the source. This is what free speech entails. Once again, though, if someone is granted anonymity then people can not take into account the source unless reputations are attached to the pseudonym, as you mention: > Look into how "reputations" work. > > As to the Michael Jackson case, people believed it because his > behavior supported the charges, there were corroborating witnesses, etc. > But we are guaranteed the right to face our accusor in legal cases which would go away with complete anonymity. > > > (What about shouting "Fire!" in a crowded theater? Let those who see > > > there's no fire beat the shit out of the twerp who shouted "Fire!" > > > Seems fair to me.) > > > > > > > Oops, tactical error, Tim. Under your statements a guy can shout "Fire!" > > anonymously so who do you "beat the shit out of" then? Neither argument > > (for or against anonymity) is water proof. > > No, if its anonymous, then it can't be punished anyway. I'm in favor > of "screenable anonymity": set your e-mail filters to ignore any > messages except from those names or pseuodonyms you place faith in. > Simple. Ok, so it is not just blind anonymity but rather one with some degree of responsibility and reputation, thus your psuedonym becomes known as a distinct entity that is not tied to you. Perhaps... > (My point about the "Fire!" example is that a rare, and solvable, > problem has been used inappropriately for decades to place legal > limits on free speech.) And a valid point it is. It seems that in 50 years we could have come up with a better example of limiting freedom than this. -- Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com Key West, FL 33041 CIS: 71061,1027 (305) 293-8100 "We keep coding and coding and coding..." From tcmay at netcom.com Thu Apr 14 11:36:44 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 14 Apr 94 11:36:44 PDT Subject: cypherpunks and politics (Re: USWA) In-Reply-To: <9404141752.AA23904@ralph.sybgate.sybase.com> Message-ID: <199404141837.LAA20455@mail.netcom.com> Jamie Lawrence wrote: > This is something I have been meaning to write to the list > for several weeks, and this post is the perfect lead in. > When I joined this list, I saw thought it was going to be > much different. I had assumed 1) that people on this list > would have much different politics and 2) that that wouldn't > really matter, 'cause everyone here is concerned with one > issue, which we could all agree on. 2) seems to have partially > true, sometimes. The list is what people make of it. Nothing more and nothing less. If you have held off on writing 'til now about topics that are of great interest to you, then why are you surprised that the topics others write about don't match your interests? > Without expounding at lengths, my reaction was to unsubscribe > on short order when I saw some of the first posts flying > around. I didn't, because I try to keep an open mind and do > change opinions sometimes. But not everyone who is a potential > crypto supporter is gonna bother, and by tying (seemingly or > not- impressions count here) the issue to a particular set of > other beliefs, there is a huge chance that others are going > to be alienated. I know *I* don't want to be associated with > libertarianism or (even worse) Perot... Nobody's asking you to be "associated with libertarianism," for example. That many of us are libertarian-oriented is hardly surprising, this being the Net. And the nonlibertarians are welcome, but they seldom make persuasive arguments contradiciting the lib. views, in my opinion. Certain non-lib (though *I* call him libertarian!) folks like Dave Mandl are very welcome here, and make their views known. > The point is that even if you think anyone with a viewpoint > opposing yours is automatically stupid and not worth your time > (and I don't think that too many of you are that bad off ;), > aren't they at least worth using to further something you > believe strongly in? It might do well to be careful in > alienating potential allys by flip political jokes and > comments. I don't know if this is a jab at me or not, perhaps for my sin of poking fun at Ross Perot.....I felt a satirical, but probably close to the truth, point about Perot's authoritarian streak would make my point better than a simple statement of my views. If you want your brand of politics discussed here, as it relates to cryptography, privacy, Clipper, etc., then *discuss* it. You can't blame others for making their own comments. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil Thu Apr 14 11:59:10 1994 From: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil (SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil) Date: Thu, 14 Apr 94 11:59:10 PDT Subject: My public key Message-ID: <9404141859.AA29021@toad.com> Enclosed is my public key. I am new to the list and have a lot of catching up to do. Please excuse my ignorance. Sgt Darren Harlow - Computer Security MCTSSA, Camp Pendleton, USMC Internet: harlow%isb%mctssa at nwsfallbrook3.nwac.sea06.navy.mil Voice: Comm: (619) 725-2970 DSN (Autovon): 365-2970 Fax: Comm: (619) 725-9512 DSN (Autovon): 365-9512 "The views expressed are my own, and always will be..." -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi2pYOoAAAEEAJ0Fdc1HDwlww3Wz8JPeQDZT2Gk/q1gh0J+4njtUC66HXngN DNyxzoGnZVcA0bbkirsCdjvvZlsP84QVgxdijzgW4pNOJKowJgrQWFftGEqJKH5b I2NxJrk0kmKt/jli5kV/wDs9Rr4PxXQjGN4B+uJOCSlyWX+fnWNyHMOkIY2tAAUR tENEYXJyZW4gSGFybG93IDxoYXJsb3claXNiJW1jdHNzYUBud3NmYWxsYnJvb2sz Lm53YWMuc2VhMDYubmF2eS5taWw+ =v34V -----END PGP PUBLIC KEY BLOCK----- From marssaxman at aol.com Thu Apr 14 12:02:23 1994 From: marssaxman at aol.com (marssaxman at aol.com) Date: Thu, 14 Apr 94 12:02:23 PDT Subject: PGP encryption Message-ID: <9404141459.tn756685@aol.com> Are there any shareware/freeware/PD PGP-like encryption systems for the Macintosh? Or is there a Mac version of PGP and I just haven't heard about it? -Mars From gtoal at an-teallach.com Thu Apr 14 13:01:52 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 14 Apr 94 13:01:52 PDT Subject: Remailer reply addresses Message-ID: <199404141958.UAA20685@an-teallach.com> Ah! I'm glad conversation on this thread has picked up - I was afraid no-one was interested. :Graham's suggestion about automatic remailer reply chains reminded me of :a simpler system which I would like to see. :Suppose one site, somewhere, would create new mail addresses upon request, :and map them to encrypted remailer chain blocks. (These are nested remailer :requests, where the outer layer is encrypted for the first remailer and tells :it where to send the message, the next layer is encrypted for the 2nd remailer :and tells it where to send, and so on. No remailer sees anything more than :where it is sending the message and where it received it from.) A new account :is created which maps, say, to a file which has one of these "anonymous return :addresses" in it. Any mail incoming for that address simply gets sent to the :remailer in the file, with the ARA stuck in front of it. That's pretty much what I was thinking of, except you don't need the pseudonym server. I find this stuff easier to talk about with examples than in general, so here's what I'm thinking about: I mail to first remailer (R1). The remailer inserts my reply address into the mail, encrypted, and either mails it to the recipient if I gave one, or to the next remailer if I specified a remailer chain - or to another remailer at random on it's own whim if it feels like doing so. Let's assume it's going to another remailer then. This next remailer (R2) takes the header block with my reply address in it, and prepends what *it* sees as the reply address, ie remailer R1. It then encodes this into an identically-structured reply block, and inserts *that* in the mail instead of the original reply block, before passing it on. This can be repeated as often as desired - the mail will always have only two parts where-ever it turns up - an encrypted reply-block and the text. Let's say it ends up on the n'th remailer, Rn. When the real recipient gets the mail and replies to it, the reply goes to remailer Rn, and Rn can decode the header block. The decoded header block contains an address, and extra text which happens to be a fully-formatted header block itself. This extracted, smaller, header block is put back into the mail instead of the one which was just decoded, and the mail is sent back to the address that was extracted. eventually it goes through umpteen remailers, and R2 passes it back to R1. R1 decodes the header block, finds *only* the address - no nested header block, and passes the mail back to the user at that address. So the whole thing is really a trivial protocol - just email address djhfkjsdhfdshf (opaque text from previous encryptions) kjfhkdhfkdhfkd dfkdfkjdfkhdf (possibly on multiple lines) jhldkjodkfdjfljdlfkjldjdl Sure, this could be extended to put all sorts of neat features in the encrypted area, but I rather like the simplicity of just keeping it to a plain username at site on a single line. :With this software I could do something which cannot be done today. I could :send mail to which someone could hit "r" to reply, and receive that reply, :without any one person knowing my pseudonym. This is not that much to ask :for! I'd say it is the bare minimum for the use of pseudonyms on the net, :yet we don't have it, after all this time. And look how close we are to :being able to do it. Absolutely! That's what I want too. :With this basic system in place, some of Graham's ideas about time-limited :or use-limited pseudonyms could be applied as well. Other extensions people :have suggested would have the pseudonym server hold messages in inboxes until :people trigger a dump to a freshly created anonymous address. A lot of things :are possible. I agree entirely except I don't see the need for a pseudonym server - just the normal remailer reply address should be enough (so that people who can't create aliases can run this stuff on remailers out their personal accounts) which is why I think the blinded reply addresses should be in the *body* of the mails. (Smart mail software would scan the text for these and handle stuff like indentation etc. It doesn't seem too difficult - I already use procmail for something like this where I scan for PGP blocks in mail and decrypt them on receipt where possible) :But we should walk before we run. Right now I don't feel that we are even :crawling yet. hh at soda seems to have shown us how to walk :-) G From ag588 at hela.INS.CWRU.Edu Thu Apr 14 13:29:49 1994 From: ag588 at hela.INS.CWRU.Edu (John C. Brice) Date: Thu, 14 Apr 94 13:29:49 PDT Subject: Rejected mail Message-ID: <199404142029.QAA02289@hela.INS.CWRU.Edu> ag588 is rejecting mail from you From habs at warwick.com Thu Apr 14 13:33:39 1994 From: habs at warwick.com (Harry Shapiro Hawk) Date: Thu, 14 Apr 94 13:33:39 PDT Subject: Re(2): Cyber PsyOps & Media Message-ID: <9404142001.AA04041@warwick.com> ------ From: imsi.com!perry at panix.UUCP, Thu, Apr 14, 1994 ------ Jeff Davis says: > I just got off the phone with David Wilson with the Chronicle of Higher > Education. @ A really well known publication. Actually among staff and administration of colleges, schools, etc., this is a rather well know publication of much note... having the article appear there will certainly educate the the "campus" folks... but to agree with what I think was Perry's intent this not a mainstream publication. /hawk Harry Shapiro Hawk Manager of Computer Services Warwick Baker & Fiore habs at uucp.warwick.com From gtoal at an-teallach.com Thu Apr 14 13:45:19 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 14 Apr 94 13:45:19 PDT Subject: New anon mailer idea? Message-ID: <199404142043.VAA21347@an-teallach.com> : Graham Toal's suggestion for automatic insertion of an encrypted : return address block is interesting. We had some discussion here last : year of a similar approach, although Graham's twist of using a symmetric : rather than PK cypher for the return address is new. A few thoughts: I'm not sure it matters; it was just to focus the mind on the point that even if a PK cypher was being used in practice, it was *in effect* a private key cypher because its security depended in part on keeping the decoding key secret within the remailer. Primarily I suggested something like DES/IDEA because RSA keys are expensive to generate, and for this scheme you definitely need one new password for every incoming mail. : - You'd want this feature to be optional. Some people might not want : their anonymity limited by having their return address recorded, even : in encrypted form. Yes, I agree. I think Eric von Hollander is doing this for *every* posting in the soda implementation he hacked up impressively quickly, and I'm not sure that's wise. (Eric will correct me if I read his docs wrongly) I've a feeling some of his customers might complain when they realise! (*I*'m not complaining - I think it's great that he added this feature so quickly) : - Graham is right about the advantages of use-once (or use-only-a-few-times) : return addresses. Chaum discusses how multiple use of return addresses : allows these systems to be broken, similar to the way Graham describes. I also hope Eric is using individually-created DES keys for every incoming post and not a single shared key. That would be a serious risk. I get the impression he's not, from his comment about the system being vulnerable to known-plaintext attacks. (Eric, if I'm right, could you change your hack to use disposable DES keys asap please?) : - The use of a symmetric cypher is a very nice way of getting the use-once : capability, along with the "burn after reading" effect of a remailer : chain which destroys itself as it goes. But it could be a considerable : burden on the remailer operator to maintain the database. One possibility : would be to fix a maximum time limit on how long the return addresses are : kept "alive" and require some real money to keep them longer. I'm not sure I agree with that. Actually I think the database management might be trivial - here's one suggestion. Let's say the invented random key is a hex string - well, we need 64 bits for a DES key, that's 16 hex digits, so lets be generous and make our random hex string 24 digits instead. We just take the first six digits as an identifying tag and use that tag as a filename to store the rest of the key. The tag is output in front of the encrypted block too, so when you come to decrypting the data, it's a straight file-open call to find the correct key. We don't have the problem here that we do with the pgp key-id's clashing, because if the key generator returns a clash, it can easily generate a second key. (If you're saying that deleting time-expired keys is onerous, well, it's just a case of mastering the unix 'find' command ;-) ) So if you're saying that finding a key will be expensive, I disagree; if you're saying that the database might get rather large, I do agree. Since these reply tokens aren't the same as well-known anonymous addresses, maybe it's sensible to insist from the start that they have a lifetime of no more than (say) a year; which can be shortened by user request on creation, but not extended. This is a plus feature in my opinion, because it avoids the problems Julf has had with lots of stale ID's needing to be purged. : - What we would really like is for the recipient to hit the "reply" button : and be able to send his mail back. It sounds like this system would still : require some cut-and-paste. We already have programs to create encrypted : remailer chain addresses fairly automatically. It would be nice to automate : this last little bit. Unfortunately, there seems to be no easy way to : make this work under Graham's scheme. No, I don't think that any cut and paste is required *at all* over the normal inclusion of the sender's mail in your reply. The remailer could grep the body of the mail for the magic tokens that delimit such a header block, and find it that way. (Allowing for indentation markers etc - not hard - the current usenet voting software does something similar) eg if you had: > : *** Remailer reply block *** > : jdhfkhdfkshfkhgkhfgkhf > : *** End remailer reply block*** in your mail, you can see it's still pretty easy for a program to extract the encoded bit... - just find the magic start token, note the stuff on the line before it, and strip similar stuff out until it finds the end token. : - It doesn't look like this would be an easy drop-in to the current remailers, : unfortunately. The syntax for how the address would be built up as it : passes through a chain of remailers is a little unclear as well. I've discussed this in a previous post. I think it's actually easy. The very first message goes out from the first remailer looking like this: (original text is the single line: username at real_site.com ) which encodes to: *** Remailer reply block *** jdhfkhdfkshfkhgkhfgkhf *** End remailer reply block*** which is inserted at the top of the mail. The next remailer extracts the encoded data, and prepares this text: last_remailer at wherever.edu jdhfkhdfkshfkhgkhfgkhf and encodes it, and sends it out in the mail in place of the original block, looking like this: *** Remailer reply block *** dfkjgahfskghfghfskhgkfhgfs kjfdskjsfdhgkjfhsgkjhf *** End remailer reply block*** (OK, slight poetic licence here - I'm using 1 1:1 cypher; in fact you'd expect the text to get bigger each time to cover the binary encoding method used) So the net effect is that the encoded text gets larger, but the mail is otherwise identical as it passes from site to site. : The idea does have a lot of promise, though, and I think it is definately : worth keeping in mind for the next generation of remailers. I might even start using them myself :-) One more point... I've been saying that the encrypted reply block is most easily thought about if *all* it contains is an email address. I think in practice you'd probably want to be able to store arbitrary remailer flags in here, like the command 'delete this DES key as soon as you've handled this reply' - this would in fact be more robust than keeping the same information in the DES key file itself, which was my original suggestion. And it would allow fairly arbitrary extension of the whole scheme. One way of implementing it that I can see is if the encrypted part of a block was a series of mail-header-like lines, eg: The cleartext would be: Reply-To: gtoal at an-teallach.com Initial-Usage-Limit: 5 Expire-Completely-After: 12/25/94 Decrement-Use-Count-By: 1 Random-Remailer-Hops-Left-In-M&M-Machine: 3 Previous-encrypted-Block: jhufdkjlwhfsjhgflkjfshkjfdhkjffsvjlfsjvkl lkjdhfkldshfksahfkshdgkhfgvkhdfkvbghfdkvhfdkj jhflkdsajhfkljshdfkjhsdkfljhdskhfksdhfkjdshf ljdsfhdkghlksfhglkfdjhglkjfhglkjhfgkjfh which would be wrapped and inserted in the usual way. G From sandfort at crl.com Thu Apr 14 14:17:11 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 14 Apr 94 14:17:11 PDT Subject: Soldier of Fortune In-Reply-To: <9404141704.AA00518@BlueRose.com> Message-ID: C'punks, On Thu, 14 Apr 1994, M Carling wrote: > . . . If anyone is going write something for SOF about PGP, I > hope that the article focuses on anything but "mercs and wannabees". Today, I spoke with Bob Brown, editor of SOF. He just got back from a six-week trip out of the country, so he was fairly fried. Nevertheless, he seemed interested in the concept and asked me to send him a short note about my proposed article so he and his staff could kick it around. I wrote up a one-pager which I will mail tomorrow. I'll follow up next week if I haven't heard from him. My article will focus is Clipper and PGP, but, I repeat, who the hell do you think reads SOF? The correct answer is: a few professional military freelancers (mercs), cops and enlisted military types (wannabees) plus a smattering of TLA folks. Those care the demographics, friend. S a n d y From mg5n+ea2uj7war2ufizqiqrdidkaii9mfkcwjze6q910g3a6 at andrew.cmu.edu Thu Apr 14 14:31:06 1994 From: mg5n+ea2uj7war2ufizqiqrdidkaii9mfkcwjze6q910g3a6 at andrew.cmu.edu (Anonymous) Date: Thu, 14 Apr 94 14:31:06 PDT Subject: New anon mailer idea? Message-ID: > Graham Toal's suggestion for automatic insertion of an encrypted > return address block is interesting. We had some discussion here > last year of a similar approach, although Graham's twist of using > a symmetric rather than PK cypher for the return address is new. [...] This is new? I thought Matt Ghio's remailer at andrew.cmu.edu did this already!?!? From ag588 at hela.INS.CWRU.Edu Thu Apr 14 14:47:57 1994 From: ag588 at hela.INS.CWRU.Edu (John C. Brice) Date: Thu, 14 Apr 94 14:47:57 PDT Subject: Rejected mail Message-ID: <199404142147.RAA18992@hela.INS.CWRU.Edu> ag588 is rejecting mail from you From mech at eff.org Thu Apr 14 14:56:11 1994 From: mech at eff.org (Stanton McCandlish) Date: Thu, 14 Apr 94 14:56:11 PDT Subject: advance info on upcoming Clipper hearings Message-ID: <199404142155.RAA12355@eff.org> Date: April 27, in the A.M. Committee: Senate Judiciary; Law & Technology Subcommittee, Chaired by Sen. Leahy Current witness list: Whit Diffie, Steve Walker, someone from the Justice Department, NSA Director. More will follow when available. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From eb at sr.hp.com Thu Apr 14 15:41:21 1994 From: eb at sr.hp.com (Eric Blossom) Date: Thu, 14 Apr 94 15:41:21 PDT Subject: Encrypted Telephones In-Reply-To: <199404140717.CAA14134@draconis.cis.ksu.edu> Message-ID: <9404142246.AA06261@srlr14.sr.hp.com> Steve Davis writes: > Timothy C. May writes: > > > Yes, several such projects are underway. Eric Blossom even showed a > > PCB of one at a Cypherpunks meeting, using an inexpensive DSP chip. > > So when will the schematics and part numbers be posted for all to see? ;-) > At this moment our primary efforts are on developing a family of extensible protocols for both encryption and voice across point to point links. We indend to use existing standards where ever possible. We are currently planning on building on top of the RFCs for PPP (see RFCs 1549, 1548, and 1334). The basic idea is to add a new Link Control Protocol (or possibly a Network Control Protocol) that will negotiate base and modulus and perform DH key exchange. Some forms of Authentication are already supported by RFCs. We're looking at others. The next layer up will perform an encrypted negotiation (using a fixed algorithm, perhaps Hellman-Pohlig) of the type of encryption to use for the session. This includes algorithm and modes. We are currently looking at 3DES or IDEA in OFB-64 or OFB-8. This gives you a synchronous stream cipher that does not propagate errors. At this point, you have an encrypted tunnel. The next layer up will negotiate the voice protocol, and support for muxing data and voice. On the voice front, we are looking at FED-STD 1015 LPC-10eV55 (2400bps), FED-STD 1016 CELP (4800bps) and a couple of CVSD variants in the 13000 - 28800bps range. There is a MILSPEC for CVSD. CVSD has the advantage of being cheap to compute, but since the data rate is higher, your crypto demands are higher. For those of you unfamiliar with PPP, it provides a very nice framework for negotiating options across both ends. The same automaton can be used for each layer, simplifying matters greatly. I'd welcome any comments or suggestions. I'll probably have a complete draft available in a week or so. Stay tuned for further developments... Eric Blossom From arthurc at crl.com Thu Apr 14 15:44:50 1994 From: arthurc at crl.com (Arthur Chandler) Date: Thu, 14 Apr 94 15:44:50 PDT Subject: 1st case of email libel won (fwd) Message-ID: Is this indeed the first such case? ------- Forwarded Message One of the students at our law school has provided the following regarding a recent Australian case of email defamation , and I will post further information she obtains. Archie Zariski * (zariski at csuvax1.murdoch.edu.au) * * Senior Lecturer, School of Law * * * Murdoch University * * * Murdoch, Western Australia 6150 * * * Ph +619 360 2761 Fax +619 310 6671 * * * * * * >From _The West Australian_ : Saturday, April 2, 1994 _COMPUTER LIBEL WINS ACADEMIC $40 000_ by Margot Lang Sacked University of WA Academic David Rindos has won $40 000 in a Supreme Court action against Derby anthropologist Gil Hardwick, who defamed him in a computer bulletin distributed worldwide. Dr Rindos' lawyer, Robert Castiglione, said he did not know of another case in which damages had been awarded for defamatory language on a computer message network. "Computer users who use these worldwide bulletin-boards should be aware that they could be exposing themselves to defamation actions," he said. "It's an informal system where people say quite personal things, but making allegations of paedophilia and bullying is going too far." An elated Dr Rindos said it was the first of many defamation actions he planned, adding: "I have to clear my name." About 23 000 people worldwide, mainly academics and students, have access to the science anthropology bulletin board on which Mr Hardwick's message appeared. Dr Rindos, who has a doctorate from Cornell University in the United States, became the centre of an international controversy after he was sacked from UWA last June. The University dismissed him on the ground of insufficient productivity. Protests poured in from academics at international archaeological institutions, many of who [sic] described Dr Rindos as eminent in his field. US anthropologist Hugh Jarvis put his protest in a message on the computer network. Three days later an answering message appeared from Mr Hardwick. Justice David Ipp said it contained the imputation that Dr Rindos's professional career and reputation had not been based on appropriate academic research "but on his ability to berate and bully all and sundry." He said that the message also suggested that Dr Rindos had engaged in sexual misconduct with a local boy. The inference was that these matters had some bearing on his dismissal from the university. "I accept that the defamation caused serious harm to Dr Rindos's personal and professional reputation," Justice Ipp said. "I am satisfied that the publication of these remarks will make it more difficult for him to obtain appropriate employment. "He suffered a great deal of personal hurt. The damages award must compensate him for all these matters and vindicate his reputation to the public." Mr Hardwick did not defend his action. He wrote to Dr Rindos's lawyer: "Let this matter be expedited and done with ... I can do nothing to prevent it, lacking any resources whatsoever to defend myself." ------- End of Forwarded Message From jamiel at sybase.com Thu Apr 14 16:01:32 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Thu, 14 Apr 94 16:01:32 PDT Subject: cypherpunks and politics (Re: USWA) Message-ID: <9404142138.AA16564@ralph.sybgate.sybase.com> At 11:37 AM 04/14/94 -0700, Timothy C. May wrote: >Jamie Lawrence wrote: >The list is what people make of it. Nothing more and nothing less. If >you have held off on writing 'til now about topics that are of great >interest to you, then why are you surprised that the topics others >write about don't match your interests? First off, don't dismiss me as a whiner. I personally could care less about your personal politics until they overlap with crypto. But you misread my post consistently. Perhaps I did poorly at expressing myself. I haven't been writing due to time constraints. It is not *my* political interests being underrepresented here that I was rambling about. It was the potential loss of other people. Extreme example- If you started to read a book called _Crypto for the Masses_ by someone who rambled on for 400 pages about socialism, and then got to the point and made really valid, cutting observations about the state of crypto, what are the odds you'd read to that section? >Nobody's asking you to be "associated with libertarianism," for >example. That many of us are libertarian-oriented is hardly >surprising, this being the Net. And the nonlibertarians are welcome, >but they seldom make persuasive arguments contradiciting the lib. >views, in my opinion. Certain non-lib (though *I* call him >libertarian!) folks like Dave Mandl are very welcome here, and make >their views known. What I was trying to say was not that I feel torn between being on this list and my own views, but that disregarding what anyone here may or may not believe in, first impressions are gonna chase a lot of people away who otherwise could be sympathetic to many beliefs that seem to be held as important. >> The point is that even if you think anyone with a viewpoint >> opposing yours is automatically stupid and not worth your time >> (and I don't think that too many of you are that bad off ;), >> aren't they at least worth using to further something you >> believe strongly in? It might do well to be careful in >> alienating potential allys by flip political jokes and >> comments. >I don't know if this is a jab at me or not, perhaps for my sin of >poking fun at Ross Perot.....I felt a satirical, but probably close to >the truth, point about Perot's authoritarian streak would make my >point better than a simple statement of my views. I wasn't replying to you so much as using this thread as a jump point for (!!) a new topic, specifically that of perceptions of others Re: this list. No, it wasn't a jab at you (I think Perot is scary as well)- sorry if my comments lent themselves to this interpretation. I do think, however, it would be valid to say that a Perot supporter should be considered a potential ally- as much as a libertarian or even a Clinton supporter. >If you want your brand of politics discussed here, as it relates to >cryptography, privacy, Clipper, etc., then *discuss* it. You can't >blame others for making their own comments. That was not my point. I do not blame others for anything. The goal was to inform others of the perceptions of a relative newcomer to the list who differs significantly in opinion on numerous points in relation to a attracting newcomers to the wonderful world of crypto. If I thought this list didn't interest me, I wouldn't be on it. >--Tim May -j From eb at sr.hp.com Thu Apr 14 16:02:57 1994 From: eb at sr.hp.com (Eric Blossom) Date: Thu, 14 Apr 94 16:02:57 PDT Subject: Speech compression and encryption (Secure Phone) In-Reply-To: <9404141812.AA21861@deathstar.iaks.ira.uka.de> Message-ID: <9404142308.AA06411@srlr14.sr.hp.com> > Can anyone give me hints to books, articles, algorithms or software > for speech compression? Is CELP public available? Try super.org From eb at sr.hp.com Thu Apr 14 16:10:09 1994 From: eb at sr.hp.com (Eric Blossom) Date: Thu, 14 Apr 94 16:10:09 PDT Subject: [hughes@hughes.network.com: Encrypting tunnel negotiation protocol] Message-ID: <9404142315.AA06442@srlr14.sr.hp.com> This came across the ipsec list. Apologies to those who have already seen it. Eric Blossom ---------------------------------------------------------------- Return-Path: From: hughes at hughes.network.com (James P. Hughes) Date: Thu, 14 Apr 1994 12:51:56 -0500 X-Mailer: Z-Mail (3.1.0 22feb94 MediaMail) To: ipsec at ans.net Subject: Encrypting tunnel negotiation protocol Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 This is a discussion that I promised to start at the last IETF. This is a long email, so I will ask for any comments here at the start. Thanks jim ------------------- Introduction. This note is to start a discussion regarding key negotiation for encrypting tunnels. There are several specific attacks and authentication capabilities that will be addressed. The tunnel establishment protocol must negotiate several parameters and well as reliably negotiate a session key. A 2 message authentication/session key negotiation was chosen because of the complexities of multiple messages. Authentication will be accomplished with RSA. Getting certified public keys will be beyond this document. It is expected that they will be distributed via "secure sneaker-net", via secure DNS or X.509 certification services. An example of a secure sneaker-net is where the public keys are gathered together on a disk and then distributed to potential partners. During this phase the disk mst be guarded to ensure that "Mallet" can get at the disk and replace the keys. After the keys are loaded into the partners, they must be protected form unauthorized external writes and/or erasures. Attacks addressed will be "denial of service because of message playback", "man in the middle", and "rubber hose" attacks. Denial of service It is expected that processing tunnel establishment messages will be an processor expensive task, and this protocol is intended to minimize the processing required to determine if a tunnel establishment packet is not an old packet or a malicious packet created to "clog up" the tunnel establishment task. If the tunnel is established, a tunnel request will be ignored unless the request has the proper identifier. If there is an active tunnel, then there will be an active tunnel negotiation request identifier. A malicious user can not interrupt an exiting tunnel without this "once". Once a request is received, that request identifier is (probably) not used again. When a tunnel is not established, there is not an existing tunnel negotiation request identifier, and a malicious user can create a packet that passes the initial checks. All a malicious user can cause is a one block of RSA decryption, one block of RSA encryption and a MD5 calculation. This vulnerability can be limited by queueing only the oldest packet per requestor IP address if the tunnel renegotiation task is busy. If the malicious user sends in old packets, the increasing time of day check will be enough to catch them. if the user modifies the time of day, then the RSA and MD5 checks will catch that. In either case, the malicious user can not interrupt existing tunnels and if the tunnel request processing is a background, low priority task, throughput will not be adversely effected. Other attacks. Man in the middle is addressed with (unspecified) trusted public key distribution mechanism. Rubber hose attack is where the private key is extracted through (possible painful means) and all previous messages passed can then be decrypted. The more common method of using this would be to "steal" the host or router and then use in circuit emulators or the like to extract the public key. After an attack like this the key would be compromised and never used again. What this is trying to protect is all previous messages passed before the rubber hose is applied even if the private key is compromised. The key establishment protocol The protocol is comprised of two messages. Requestor Responder Tunnel Request -----------------------------> <---------------------------------- Tunnel Reply If there is not a reply from the first packet, the source will resend the packet with a new time of day (and recomputed MD5). Sending traffic on the new tunnel or sending a Tunnel alive message will complete the negotiating. Tunnel keep alive messages are sent and acknowledged at a predetermined regular basis. Both sides send the requests and both sides send the Ackd. These messages are passed within the tunnel and are encrypted by that process. The format of the tunnel alive messages are in the tunnel document. The contents of the tunnel request is: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Requestor IP address | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Responder IP address | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Request Identifier | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Time of Day (2 words) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Diffie-Hellman modulus Length | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | g (16 through 64 words) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ MD5 | Modulus (16 through 64 words) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Diffie-Hellman (X=g^x mod n) (16 through 64 words) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | + | Reply identifier | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Tunnel request and parameters (TBD) (? words) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Tunnel Lifetime | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + RSA | MD5 residue (2 words) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Padding (Random data) (? words) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + "Request Identifier" is the value from the last tunnel negotiation that identifies this packet as the correct tunnel renegotiation packet. If there is not a current tunnel in effect then this is 0. "Time of day" is the unix format time of day, that is, the high word contains the number of seconds since January 1, 1970 GMT, and the second word contains the number of microseconds elapsed during the current second. The clock needs to be monotonically increasing, but does not need to be synchronized. The microseconds can be an increment. "Tunnel request parameter" contains information which is used in the negotiation of the tunnel. This includes tunnel ID (SAID), encryption type(s), compression type(s). Details TBD. "Reply identifier" is the value expected in the reply. This is a random number. "Tunnel Lifetime" is the expected time for the tunnel to live. This value, added to the local time of day creates both the expected time of day to be used in the next request as well as allowing the Responder to calculate the time after which it is to expect that negotiation to occur. Tunnel renegotiation can occur sooner if the tunnel keep alive messages show that the tunnel has collapsed. "Random Padding" is used to pad out the block to the RSA modulus. RSA is used to double encrypt this with the requestors private key and the responders public key. The double protection will obscure from any potential eavesdroppers the exact encryption methods, compression options as well as renegotiation times and reply identifier. The Diffie Hellman modulus length (in bytes) is then followed by the 3 values, g, n, and (g^x)mod n. (x is the secret value to be used to calculate the key later.) The length can be from 512 to 2k bits. When the packet is received the following steps are performed. 1. The IP address, request ID are validated to ensure that the packet is from the correct requestor. If the requestor id is 0, and the tunnel is still operational (as of last tunnel alive request), then toss the packet. (The requestor id should be 0 only if the tunnel is not operational.) If the request is 0 and the tunnel is not operational, the time of day is checked to ensure it is increasing. 3. The RSA protected data is decrypted by the responders private key and then encrypted by the requesters public key. 2. MD5 hash of the entire packet is calculated and determined to be correct. The originator and this packet has been authenticated. 5. The time of day is saved as being correct. 7. Create the random number y and calculate the value X^y mod n. A number of these bits are used as the session key. The responder then creates a reply packet. Once the packet is sent, the responder should be ready to accept packets using the new SAID. (Packets using the existing SAID can continue to be sent.) The reply should be resent after time-out until a packet is received on the tunnel. The responder can not use the SAID until a packet is received on the tunnel. The contents of the tunnel reply is: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Requestor IP address | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Responder IP address | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Reply identifier | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Time if Day (2 words) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Diffie-Hellman modulus Length | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ MD5 | Diffie-Hellman (Y=g^y mod n) (16 through 64 words) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | + | Next Request identifier | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Tunnel request and parameters (TBD) (? words) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | RSA | Tunnel Lifetime | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | MD5 residue (2 words) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Padding (Random data) (? words) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + Where "Time of day" is the time received in the request. (Actually, this is not used, but it is easier to leave the space there.) "Tunnel request parameter" contains results of the negotiation. This includes tunnel ID, encryption type(s), compression type(s). Details TBD. "Fixed Pattern" A value to ensure that the RSA decryption was successful. "Tunnel Lifetime" is the value received in the request or smaller. "Random Padding" is used to pad out the block to the RSA modulus. RSA is used to double encrypt this with the responders private key and the requestors public key. The Diffie Hellman modulus length (in bytes) is then followed by the (g^y)mod n. (y is the secret value.) When the packet is received the following steps are performed. 1. The source, destination and time are validated to be correct. 2. MD5 is calculated over the packet. 3. The RSA protected data is decrypted by the requestors private key and then encrypted by the responders private key. 4. The fixed pattern is checked. The packet has now been validated. 5. Verify MD5(2) is correct. 5. Calculate the value Y^x mod n. A number of these bits are used as the session key. The new SAID can now be used. -- jim From a-ophirr at microsoft.com Thu Apr 14 16:32:36 1994 From: a-ophirr at microsoft.com (Ophir Ronen (Rho)) Date: Thu, 14 Apr 94 16:32:36 PDT Subject: Little known facts about the infohigh.... Message-ID: <9404142232.AA23385@netmail2.microsoft.com> Greetings all, This was forwarded to me from rec.video.sat. Does anyone know any concrete details about the CC decoders installed in televisions? -Ophir | ------------------------------------------------------- | | > ... Here is some | > important information about the use of televisions. | > | > In an effort to gain access to the homes of millions of Americans, | > the FBI, CIA, and NSA have collaborated on a scheme which will | > finally bring to fruition George Orwell's nightmare scenario. | > | > American citizens will be the unwitting accomplices in this plan | > as they purchase new televisions and bring them into their | > livingrooms and *bedrooms*. I'm speaking of the CC decoders that | > have secretly been mandated by law. These decoders supposedly | > provide captions to TV shows for the hearing impaired, but in | > fact they are also rebroadcasters which will allow the gov. | > to spy on anyone they want. | > | > The television already comes with everything necessary to be | > a spying apparatus. Speakers are essentially no different than | > microphones and therefore can be used to pick up sounds in the | > room. The infrared eye which detects the remote control | > signal also receives an infrared picture of the room, especially | > detecting heat sources like people. Thus, all that is needed is | > a way of gathering this information and relaying it to the government. | > The little understood "Decoder" is the solution. | > | > The congress has recently passed a Law (in virtual secrecy) | > that requires all new TV's to have the "Decoder." This is | > claimed to be for the benefit of deaf people but that is | > obviously a smoke screen. | > | > How we know the congressional law mandating the "Decoder" is not | > for the deaf: | > 1) Legitimate CC decoders are already available for TV's. | > 2) The law doesn't cover other things, like telephones, | > which are obviously in the same situation w.r.t. the deaf. | > 3) There is no law requiring that shows even be broadcast with | > closed captions, only that the TV have the "Decoder". | > | > Clearly we see that there is no real justification for mandating | > decoders other than for gathering intelligence. | > | > How to deal with the decoder: simply removing the decoder will not | > be an option because it will undoubtedly be integrated in such a way | > that the television will not function without it. Also, if you open | > the TV to get at it, you will void the warrenty and then when you | > get it fixed, they will just replace the "Decoder" without telling. | > | > The best way to avoid the "Decoder" is to avoid it by not buying any | > new TV's. This will be made difficult by the predictable introduc- | > tion of High Definition Television soon after the "Decoders" are | > on line. In this way you will be forced to buy a new TV because the | > old one will not get HDTV. When HDTV is made a standard by the govern- | > ment, the old style sugnal will not be allowed to be broadcast on the | > grounds that it interferes with the HDTV. This is all to force people | > to buy new TV's with the "Decoder". | > | > When you find yourself with a TV equipped with the "Decoder" there | > are several things you can do to protect yourself. First, don't | > put the TV in your bedroom, this is where the government is most | > interested in spying. When not watching, push the antennas all the | > way in or disconnected the cable. Unplugging the TV will not help | > because the "Decoder" will use passive broadcasting to continue | > sending its signal. Also turn the volume down when not watching. | > When you watch the TV, place a candle or other heat source to confuse | > the infrared EYE. Don't say anything secret or get undressed near | > the TV. Don't be seen smoking near the TV. | > | | ________________________________________________________ Ophir Ronen (Myself != Microsoft) E67065:66 57 94 27 D9 70 C5 B4 95 31 F6 41 FD 5C EB 1A From ecarp at netcom.com Thu Apr 14 17:05:46 1994 From: ecarp at netcom.com (Ed Carp) Date: Thu, 14 Apr 94 17:05:46 PDT Subject: Little known facts about the infohigh.... In-Reply-To: <9404142232.AA23385@netmail2.microsoft.com> Message-ID: You're kidding, right? Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From schneier at chinet.com Thu Apr 14 17:09:16 1994 From: schneier at chinet.com (Bruce Schneier) Date: Thu, 14 Apr 94 17:09:16 PDT Subject: APPLIED CRYPTOGRAPHY errata version 1.5.8 Message-ID: Hi, people: This is the new errata sheet. There are somenew real errors, a whole lot of niddly grammatical errors, and a few explanatory sentences. I am trying desperately to get Wiley to print a corrected version of the book. To help the process, send your thoughts on the matter to my editor: pfarrell at jwiley.com Bruce ************************************************************************** APPLIED CRYPTOGRAPHY ERRATA Version 1.5.8 - April 15, 1994 This errata includes all errors I have found in the book, including minor spelling and grammatical errors. Please distribute this errata sheet to anyone else who owns a copy of the book. Page xvii: Third paragraph, first line: "Part IV" should be "Part III". Page xviii: "Xuija" should be "Xuejia". "Mark Markowitz" should be "Mike Markowitz". Page 1: First paragraph, fourth line: "receiver cannot intercept" should be "intermediary cannot intercept". Page 6: Sixth and seventh lines: "against symmetric" should be "against a symmetric". Page 8: Second paragraph, first line: "q code" should be "a code". Page 10: Second paragraph, fifth line: Reference "[744]" should be "[774]". Page 11: Second paragraph: "The rotations of the rotors are a Caesar Cipher" should be "Each rotor is an arbitrary permutation of the alphabet". Page 13: Third paragraph: Delete parenthetical remark. Fifth paragraph, first line: "Shift the key" should be "shift the ciphertext". Page 15: Section 1.3, first line: "Throughout the book use" should be "Throughout the book I use". Page 25: "Attacks Against Protocols," first paragraph: "the protocol iself" should be "the protocol itself". Page 27: "One-Way Functions," fourth paragraph: "For example, x^2" should be "For example, in a finite field x^2." Page 28: Third paragraph, third and fourth sentences should be "How to put mail in a mailbox is public knowledge. How to open the mailbox is not public knowledge." Page 29: Third paragraph: "If you only want" should be "If you want only". Page 30: Fourth line: "symmetric cryptosystems: by distributing the key" should be "symmetric cryptosystems: distributing the key". Page 30: "Attacks Against Public Key Cryptography," second paragraph: "The database also has to be protected from access by anyone" should be "The database also has to be protected from write access by anyone". Also: "substitute a key of his choosing for Alice's" should be "substitute a key of his own choosing for Bob's". Page 30: Last line: "substitute that key for his own public key" should be "substitute his own key for that public key". Page 32: Ninth line: Delete the word "encrypted". Page 34: "Signing Documents with..." First sentence: "too inefficient to encrypt long documents" should be "too inefficient to sign long documents". Page 36: Second line: "document encrypted with" should be "document signed with". "Multiple Signatures," step (4): "Alice or Bob sends" should be "Alice sends". Page 38: Fifth paragraph: "V_X = E_X and that S_X = D_X" should be "V_X = E_X and S_X = D_X". Page 40: Third line: "computer can exist" should be "computer can be". Second paragraph: Delete "should be runs of zeros and the other half should be runs of ones; half the runs". At the end of the sentence, add "The distribution of run lengths for zeros and ones should be the same." Page 41: Second paragraph: At the end of the paragraph, add: "Cryptographically secure pseudo-random sequence generators can only be compressed if you know the secret." Page 44: Ninth line: "for Alice's" should be "for Bob's". Page 50: First step (3): "With Alice's public key" should be "with "Alice's" public key." Page 51: Step 5: "with what he received from Bob" should be "with what he received from Alice". Page 55: First step (2): At the end of the step, add: "He sends both encrypted messages to Alice." Page 58: Last line: "Alice, Bob, and Carol" should be "Alice, Bob, Carol, and Dave". Page 59: First line: "Alice, Bob, and Carol" should be "Alice, Bob, Carol, and Dave". Page 69: Last line: "tried to recover her private key" should be "tries to recover Alice's private key". Page 73: "Bit Commitment Using One-Way Functions," last paragraph: Second and third sentences should be "Alice cannot cheat and find another message (R_1,R_2',b'), such that H(R_1,R_2',b') = H(R_1,R_2,b). If Alice didn't send Bob R_1, then she could change the value of both R_1 and R_2 and then the value of the bit." Page 75: First paragraph after quotation: "over modem" should be "over a modem". Page 76: First paragraph of text, third sentence: "Additionally, f(x) must produce even and odd numbers with equal probability" should be "Additionally, Alice should ensure that the random number x takes even and odd values with equal probability". Fifth sentence: " For example, if f(x) produces even numbers 70% of the time" should be "For example, if x takes even values 75% of the time". Page 77: "Flipping Coins into a Well," first line: "neither party learns the result" should be "Alice and Bob don't learn the result". Third line: parenthetical remark should be: "Alice in all three protocols". Page 78: Step (1): "Alice, Bob, and Carol all generate" should be "Alice, Bob, and Carol each generate". Page 80: Second paragraph, second sentence. It should read: "A general n-player poker protocol that eliminates the problem of information leakage was developed in [228]." Page 83: Step (2): "This message must" should be "These messages must". Page 87: Second sentence after protocol: "so that Bob" should be "so that Victor". Page 90: Last paragraph: "step (3)" should be "step (4)". Page 91: Second line: "step (3)" should be "step (4)". Page 93: "Blind Signatures," first line: "An essential in all" should be "An essential feature of all". Page 98: First paragraph after protocol, fourth line: "to determine the DES key with the other encrypted message" should be "to determine the DES key that the other encrypted message was encrypted in." Page 115: "Protocol #2," third paragraph: "together determine if f(a,b)" should be "together determine f(a,b)". Page 121: Second paragraph: Delete the colon in the third line. Page 131: Fifth paragraph: "each capable of checking 265 million keys" should be "each capable of checking 256 million keys". Page 133: Table 7.2: Third number in third column, "1.2308" should be "0.2308". Page 134: Table 7.3: "1027" should be "10^27". Page 139: Indented paragraph: "could break the system" should be "could break the system within one year". Page 141: "Reduced Keyspaces," last sentence: "don't expect your keys to stand up" should be "don't expect short keys to stand up". Page 148: Eighth line: "2^24" should be "2^32". Page 156: Second paragraph: "blocks 5 through 10" should be "blocks 5 through 12". Page 157: Figure 8.2: "IO" should be "IV". Page 158: Fifth line: "P_i" and "D_K" should be in italics. Page 159: Figure 8.3: "IO" should be "IV". Page 161: Figure 8.5: "Decrypt" should be "Encrypt". Page 162: Figure 8.6: "Encipherment" diagram: Input should be "p_i" instead of "b_i", and output should be "c_i" instead of "p_i". "Decipherment" diagram: "Decrypt" should be "Encrypt". Page 164: Figure 8.7: "IO" should be "IV". Page 165: Last equation: There should be a "(P)" at the end of that equation. Page 167: Second paragraph, last line: "2^(2n-4)" should be "2^(2n-14)". Page 168: Figure 8.8: This figure is wrong. The encryption blocks in the second row should be off-centered from the encryption blocks in the first and third row by half a block length. The pads are half a block length. Page 174: Middle of page: Equations should be: k_2 = c'_2 XOR p', and then p_2 = c_2 XOR k_2 k_3 = c'_3 XOR p_2, and then p_3 = c_3 XOR k_3 k_4 = c'_4 XOR p_3, and then p_4 = c_4 XOR k_4 Page 175: Last paragraph, second line: "acting as the output function" should be "acting as the next-state function". Page 177: Diffie's quote, second to last line: "proposal to built" should be "proposal to build". Page 178: Figure 8.20: In "Node 2", the subscripts should be "D_2" and "E_3". Page 190: Fourth paragraph, last line: "to determine M" should be "to determine P". Page 191: First paragraph: "3.5" should be "6.8" in fourth line. "0.56" should be "0.15". "EBCDIC (Extended Binary-Coded Decimal Interchange Code)" should be "BAUDOT". "0.30" should be "0.76". "0.70" should be "0.24". Page 193: Second sentence: "but does guarantee security if it's high" should be "but does not guarantee security if it's high." Page 197: Second paragraph, second sentence: "it has never been proven that P = NP" should be "it has never been proven that P = NP or that P <> NP". Third paragraph, fifth sentence: "Thus SATISFIABILITY is the hardest problem in NP" should be "Thus, there is no problem harder than SATISFIABILITY in NP". Page 198: Fourth paragraph from bottom, second sentence: "If a and b are positive and a is less than n, you can think of a as the remainder of b when divided by n" should be "If a and b are positive and b is less than n, you can think of b as the remainder of a when divided by n". Page 199: Middle of the page: In the sentence "Calculating the power of a number modulo a number", "a" should not be italicized. Page 201: First line of code: Remove "assuming x and y are > 0". Page 202: Middle of the page: In the sentence "Now, how do you go about finding the inverse of a modulo n?" "a" should be italicized. Page 206: Third line from bottom: "L(a,p) = -1 if a is a nonresidue mod p" should be "L(a,p) = -1 if a is a quadratic nonresidue mod p". Page 207: "Jacobi Symbol," formula: Variable "h" should be "a". Also, J(0,n) = 0. Page 208: Thirteenth line: "If a = 1, then J(a/p) = 1" should be "If a = 1, then J(a,p) = 1". Page 209: Fourth paragraph: "If that value does not equal q" should be "If that value does not equal 1". Page 210: Fifth line: "age 21" should be "age 20". Page 213: Second to last paragraph: "10^150" should be "10^151", "one in log N" should be "one in ln N", and "would still be 10^110 primes left over" should be "would still be enough for 10^34 other universes". Page 214: Solovay-Strassen, second sentence: "Jacobi function" should be "Jacobi symbol". Last line: "n" should be "p". Lines 29, 30, and 31: "r" should be "a", and "gcd(p,r)" should be gcd(a,p)". Page 215: Lehman test, step 5: All three "(n-1)/2" should be exponents. Page 217: There should be an open parenthesis in front of the second "ln" in both exponents. Sixth paragraph: "Guassian" should be "Gaussian". Page 222: "Validation and Certification of DES Equipment," first line: "As part of the standard, the DES NIST" should be "As part of DES, NIST". Page 223: Second to last paragraph, last line. Reference "[472]" should be "[473]". Page 225: Figure 10.2: L_i is taken from R_(i-1) before the expansion permutation, not after. And "L_(i)-1" should be "L_(i-1)". Page 226: Third sentence: "bit 1 to bit 58, bit 2 to bit 50, bit 3 to bit 42, etc." should be "bit 58 to bit 1, bit 50 to bit 2, bit 42 to bit 3, etc." Page 227: Fourth line from bottom: "output positions that correspond" should be "output positions correspond". Page 228: Fourth paragraph, last line: "0 to 16" should be 0 to 15". Page 228: Fifth paragraph should read: "For example, assume that the input to the sixth S-box (that is, bits 31 through 36 of the XOR function) are 110010. The first and last bits combine to form 10, which corresponds to row 2 of the sixth S-box. The middle four bits combine to form 1001, which corresponds to column 9 of the same S-box. The entry under row 2, column 9 of S-box 6 is 0. (Remember, we count rows and columns from 0, and not from 1.) The value 0000 is substituted for 110010. Page 230: Fifth sentence: "bit 4 moves to bit 21, while bit 23 moves to bit 4" should be "bit 21 moves to bit 4, while bit 4 moves to bit 31". Second to last line: delete "The key shift is a right shift". Page 231: Table 10.9, sixth line: "80286" should be "80386". Page 233: The second two weak keys should be: 1F1F 1F1F 0E0E 0E0E 00000000 FFFFFFFF E0E0 E0E0 F1F1 F1F1 FFFFFFFF 00000000 Page 236: Fifth paragraph: "would never be low enough" should be "would never be high enough". Page 238: Next to last line before "Additional Results": "NSA's" should be "IBM's". Page 238: "Differential Cryptanalysis," third paragraph: "(1/16)^2" should be "(14/64)^2". Page 239: Figure 10.4: "14/16" should be "14/64". Page 242: Table 10.14: In "XORs by additions" line, "2^39,2^3" should be "2^39,2^31". In "Random" line, "2^21" should be"2^18- 2^20". In "Random permutations" line, "2^44-2^48" should be"2^33-2^41". Page 245: Line 11" "8 bits is" should be "8 bits was". Page 247: Section heading, "Cryptanalysis of the Madryga" should be "Cryptanalysis of Madryga". Page 250: The two functions should be: S_0(a,b) = rotate left 2 bits ((a+b) mod 256) S_1(a,b) = rotate left 2 bits ((a+b+1) mod 256) Note the difference in parentheses. Page 250: Figure 11.4: Note that a is broken up into four 8-bit substrings, a_0, a_1, a_2, and a_3. Page 251: Figure 11.6: The definitions for S_0 and S_1 are incorrect ("Y = S_0" and "Y = S_1"). See corrections from previous page. Also, "S1" should be "S_1". Page 254: "REDOC III," second sentence: "64-bit" should be "80- bit". "Security of REDOC III," second sentence: Delete clause after comma: "even though it looks fairly weak." Page 259: First line: "made the former algorithm slower" should be "made Khafre slower". Page 262: Figure 11.9: There is a line missing. It should run from the symbol where Z_5 is multiplied with the intermediate result to the addition symbol directly to the right. Page 263: Table 11.1: The decryption key sub-blocks that are Z_n^(m)-1 should be Z_n^((m)-1). Also, the second and third column of decryption key sub-blocks in rounds 2 through 8 should be switched. Page 264: First line: "107.8 mm on a side" should be "107.8 square mm". Page 265: Figure 11.10: There is a line missing. It should run from the symbol where Z_5 is multiplied with the intermediate result to the addition symbol directly to the right. Pages 266-7: Since the publication of this book, MMB has been broken. Do not use this algorithm. Page 267: Sixth line from bottom: Reference should be "[256]". Page 269: "Skipjack." First paragraph. Reference should be "[654]". Page 270: "Karn." Third paragraph. Last sentence: "append C_r to C to produce" should be "append C_r to C_l to produce". Page 270-1: "Luby-Rackoff." Step (4), equation should be: "L_1 = L_0 XOR H(K_r,R_1)" In step (6), equation should be: "L_2 = L_1 XOR H(K_r,R_2)" Page 271: Middle of the page: "(for example, MD2, MD5, Snefru" should be "(for example, MD2, MD4, Snefru". Page 272: Second to last line: "But it is be analyzed" should be "but it is being analyzed". Page 275: Second to last paragraph: "Using 1028 bits" should be "using 1024 bits". Page 277: First lines: The correct street address is "310 N Mary Avenue" and the correct telephone number is "(408) 735-5893". Page 278: Second to last line: "greater than the largest number in the sequence" should be "greater than the sum of all the numbers in the sequence". The example on page 279 is also wrong. Page 281: Third paragraph: The correct street address is "310 N Mary Avenue" and the correct telephone number is "(408) 735-5893". Page 283: Table 12.2: "PRIVATE KEY: d e^(-1)" should be "PRIVATE KEY: d = e^(-1)". Page 284: Fifth line should be: "c = 1570 2756 2091 2276 2423 158". Page 286: Third paragraph: "Eve gets Alice to sign y," "y" should be italicized. Second to last line: "Eve wants to Alice to" should be "Eve wants Alice to". Page 287: Last line: Wiener's attack is misstated. If d is less than one-quarter the length of the modulus, then the attack can use e and n to find d quickly. Page 288: The correct street address is "310 N Mary Avenue" and the correct telephone number is "(408) 735-5893". Page 289: The correct street address is "310 N Mary Avenue" and the correct telephone number is "(408) 735-5893". Page 291: Fourth line: "factoring, and it" should be "factoring. However, it". "Feige-Fiat-Shamir," second paragraph: "all foreign nationals" should be "all foreign citizens". Page 292: Fifth line: "sqrt(x/v)" should be "sqrt(1/v)". Page 294: Second and third lines: "Bob" should be "Victor." Page 295: First line: "t random integers fewer than n" should be "t random numbers less than n". Page 297: Last line: "when" should be "where". Page 301: Middle of the page: Delete the sentence "Since the math is all correct, they do this step." Page 302: Fourth line from bottom: "a" should be in italics. Page 303: "Authentication Protocol," step (1): Add "She sends x to Victor." Page 305: Third paragraph, parenthetical remark: "NIST claimed that having DES meant that both that both the algorithm and the standard were too confusing" should be "NIST claimed that having DES mean both the algorithm and the standard was too confusing". Page 306: Eighth line: "cryptographers' paranoia" should be "paranoia". Page 307: "Description of the Algorithm": "p = a prime number 2^L bits long" should be "p = a prime number L bits long". "g = h^((p-1)/q)" should be "g = h^((p-1)/q) mod p". Page 309: Third line: "random k values and then precompute r values" should be "random k-values and then precompute r-values". Page 313: "Subliminal Channel in DSS": "see Section 16.7" should be "see Section 16.6". Page 314: Protocol, step (1): "when" should be "where". Page 318: "Other Public-Key Algorithms," third paragraph: "methods for factorizing polynomials was invented" should be "methods for factoring polynomials were invented". Page 319: There should be a blank line before "discrete logarithm:" and another before "factoring:". Fourth line from the bottom: "depends more on the" should be "depends on more than the". Page 321: Third line: "when h" should be "where h". Page 322: Second paragraph: "over 500 pairs of people" should be "253 pairs of people". Page 326: In the definition of h_i, "H_(i-1)" should be "h_(i- 1)". Page 330: Definitions of FF, GG, HH, and II are wrong. These are correct: FF: "a = b + ((a + F(b,c,d) + M_j + t_i) <<< s)" GG: "a = b + ((a + G(b,c,d) + M_j + t_i) <<< s)" HH: "a = b + ((a + H(b,c,d) + M_j + t_i) <<< s)" II: "a = b + ((a + I(b,c,d) + M_j + t_i) <<< s)" Page 335: Fifth line should be: "K_t = CA62C1D6, for the fourth 20 operations". Eleventh line: "represents a left shift" should be "represents a circular left shift". Page 336: "HAVAL," sixth line: "160, 92, 224" should be "160, 192, 224". Page 339: "LOKI Single Block": In computation of Hi, drop final "XOR M_i". Page 340: "Modified Davies-Meyer": In computation of H_i, "M_i" should be subscripted. Page 342: "Tandem Davies-Meyer": In computation of W_i, "M_i" should be subscripted. Page 345: "Stream Cipher Mac", first line:" "A truly elegant MDC" should be "A truly elegant MAC". Page 347: Formula: "aX_(n1)" should be "aX_(n-1)". Second paragraph: "(For example, m should be chosen to be a prime number.)" should be "(For example, b and m should be relatively prime.)" Page 351: Second line of text: "they hold current" should be "they hold the current". Page 353: Third line: ">> 7" should be ">> 31". Fourth line: ">> 5" should be ">> 6". Fifth line: ">> 3" should be ">> 4". Eighth line: "(ShiftRegister)" should be "(ShiftRegister))". Tenth line: "< 31" should be "<< 31". Second paragraph: "are often used from stream-cipher" should be "are often used for stream-cipher". Page 356: Source code: "ShiftRegister = (ShiftRegister ^ (mask >> 1))" should be "ShiftRegister = ((ShiftRegister ^ mask) >> 1)". Page 360: Equation should not be "l(2^1-1)^(n-1)", but "l(2^l- 1)^(n-1)". (A letter, not a number.) Page 362: Figure 15.10: "LFSR-B" should be "LFSR-A" and vice versa. The second "a(t+n-1)" should be "a(t+n-2)", and the second "b(t+n-1)" should be "b(t+n-2)". Page 363: Fourth paragraph: "cellular automaton, such as an CSPRNG" should be "cellular automaton as a CSPRNG". Page 364: "Generating Random Numbers." Note that the obvious way of shuffling, using random (n-1) instead of random (i) so that every position is swapped with a random position, does not give a random distribution. Page 365: "Blum-Micali Generator." In the equation, "x_i" should be an exponent of a, not a subscript. Page 367: Sixth paragraph: "Ingmar" should be "Ingemar". Page 370: "Using "Random Noise." Second paragraph, last line: "output 2 as the event" should be "output 0 as the event". Page 371: Sixth line: "access/modify times of/dev/tty" should be "access/modify times of /dev/tty". Page 371: "Biases and Correlations," third line: "but there many types" should be "but there are many types". Page 376: Seventh line: "send a message, M" should be "send a message, P". Page 380: Step (4): "K(R_B)" should be "K(R_A)". Page 383 and 386: "LaGrange" should be "Lagrange". Page 391: Second protocol, step (1): "in his implementation of DES" should be "in his implementation of DSS". Next sentence: "such that r is either q quadratic" should be "such that r is either a quadratic". Page 401: Second to last line: "and x is randomly chosen" should be "and x is secret". Page 402: Step (1): "when all values of r are" should be "where all r_i are". Step (2): "for all values of r" should be "for all values of i". Step (4): "when j is the lowest value of i for which b_i = 1" should be "when j is the lowest value for which b_j = 1". Line 18: "2^t" should be "2^(-t)". Page 406: Step (5): "ij". Page 409: Third paragraph: "measuring them destroys" should be "measuring it destroys". Fifth paragraph: "it has no probability" should be "it has zero probability". Page 417: Last paragraph: "Kerberos is a service Kerberos on the network" should be "Kerberos is a service on the network". Page 421: Figure 17.2: In the top message "C" should be lower case. Page 428: "Privacy Enhanced Mail": First line: "adapted by the Internet" should be "adopted by the Internet". Page 435: "RIPEM": "Mark Riorden" should be "Mark Riordan". Page 436: "Pretty Good Privacy," third paragraph: Delete fourth sentence: "After verifying the signature...." Page 436: Pretty Good Privacy is not in the public domain. It is copyrighted by Philip Zimmermann and available for free under the "Copyleft" General Public License from the Free Software Foundation. Page 437: Fifth line: Delete "assess your own trust level". "Clipper," second paragraph: reference should be "[473]". Fourth paragraph: references should be "[473,654,876,271,57]". Page 438: Middle of page: reference should be "[654]". "Capstone," first paragraph: reference should be "[655]". Page 445: The IACR is not the "International Association of Cryptographic Research," but the "International Association for Cryptologic Research." This is also wrong in the table of contents. Source Code: The decrement operator, "--", was inadvertently typesetted as an m-dash, "-". This error is on pages 496, 510, 511, 523, 527, 528, 540, and 541. There may be other places as well. Page 472: Third line: "2, 18, 11" should be "22, 18, 11". Eighteenth line: "for( i = 0; i<<16; i++ )" should be "for( i = 0; i<16; i++ )". Page 473: Function "cpkey(into)". "while (from endp)" should be "while (from < endp)". Page 478: Fourth line: "leftt > 4" should be "leftt >> 4". Seventh line: "leftt > 16" should be "leftt >> 16". Twentieth line: "leftt > 31" should be "leftt >> 31". Page 508: Line 8: "union U_INTseed" should be "union U_INT seed". Page 531: "for( i = 0; i<; i++ )" should be "for( i = 0; i<2; i++ )". Page 558: "#defineBOOLEAN int" should be "#define BOOLEAN int", "#defineFALSE0" should be "#define FALSE 0", and "#defineTRUE(1==1)" should be "#define TRUE (1==1)". Page 564: "#define BOOLEANint" should be "#define BOOLEAN int", "#define FALSE0" should be "#define FALSE 0", and "#defineTRUE(1==1)" should be "#define TRUE (1==1)". Page 569: "rand() > 11" should be "rand() >> 11". Page 569: In "G13.H", "#define G13int" should be "#define G13 int". Page 572: Reference [45]: "Haglen" should be "Hagelin". Page 576: References [136] and [137]: "Branstead" should be "Branstad." Page 576: Reference [148]: The authors should be G. Brassard, C. Crepeau, and J.-M. Robert. Page 578: Reference [184] "Proof that DES Is Not a Group" should be "DES Is Not a Group." The correct page numbers are 512-520. Page 589: Reference [475]: The publisher should be E.S. Mittler und Sohn, and the publication date should be 1863. Page 601: References [835] and [836]: "Branstead" should be "Branstad." Page 602: Reference [842]: "Solvay" should be "Solovay". Page 603: Reference [878]: "Weiner" should be "Wiener." This errata is updated periodically. For a current errata sheet, send a self-addressed stamped envelope to: Bruce Schneier, Counterpane Systems, 730 Fair Oaks Ave., Oak Park, IL 60302; or send electronic mail to: schneier at chinet.com. From mg5n+ at andrew.cmu.edu Thu Apr 14 17:31:11 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 14 Apr 94 17:31:11 PDT Subject: Remailer Reply Blocks Message-ID: from finger remailer at soda.berkeley.edu: >This feature currently uses the DES cypher, which is considered non-secure. >Not only that, but this system greatly facilitates a chosen plaintext >attack, which is a strong attack. This is not a cryptographically optimal >system in this respect. In other words, a determined adversary with >suffecient resources could probably decrypt the response block, and thus >break your anonymity, fairly easily. I will soon switch from DES to IDEA, >which is thought to be a more secure cypher... Which is why my remailer uses 3DES and adds random padding to the address before encrypting it. Random padding will thwart many chosen plaintext attacks, especially if you do some transpositions prior to encrypting it. Since the text to encrypt is so small, doing five or ten consecutive DES encryptions with different keys would not use up much CPU time, but could dramatically increase security. Also I compress the address slightly by stripping off the high bits so that 8 bytes fit into 7. Just a few suggestions to keep in mind... Overall, looks pretty good. BTW, what's the number that it prepends to your email address when you get a reply? From gtoal at an-teallach.com Thu Apr 14 19:28:58 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 14 Apr 94 19:28:58 PDT Subject: Remailer Reply Blocks Message-ID: <199404150227.DAA28644@an-teallach.com> From: Matthew J Ghio : Which is why my remailer uses 3DES and adds random padding to the : address before encrypting it. Random padding will thwart many chosen : plaintext attacks, especially if you do some transpositions prior to : encrypting it. Since the text to encrypt is so small, doing five or ten : consecutive DES encryptions with different keys would not use up much : CPU time, but could dramatically increase security. Also I compress the : address slightly by stripping off the high bits so that 8 bytes fit into : 7. Just a few suggestions to keep in mind... You beat me to it :-) I was going to suggest xoring the data with a set of random numbers (generated along with the des key) to shield it from known plaintext, but a few rounds of DES might do just as well. You have to do *something* because there's a known-plaintext '@' in every email addr. : Overall, looks pretty good. BTW, what's the number that it prepends to : your email address when you get a reply? The things I'd improve on it are the need to edit out the indentation when you use the header block in a reply, and that you have to move the block from the end of the file to the top. Either it should start out at the top, or the remailer should search the whole mail for it. On chaining reply blocks: I was wrong about them getting larger and larger as they went through remailers - you don't have to encode the ascii representation of the last remailer's block and then ascii encode that too - you could generate your block by first de-ascii'ing the last block, prepending the return address, and then re-ascii'ing it. That way the previous return addresses would contribute the same size of data in every link in the chain. One thing more has to be done to foil traffic analysis - the encrypted email address has to be padded out a lot so that they can't guess who it was by knowing the lengths of the email addresses of a small set of possible posters. Assuming we're already stripping out the personal names etc in email addreses and just keeping the canonical bits (for example "Graham Toal" -> gtoal at gtoal.com then I'd suggest padding with spaces to something like 64 chars, then going up +64 each time for those X400 idiots who might want to post through us :-) That way you won't be able to tell a 128-byte long name from 2 hops of a 64-byte short name. G From ag588 at hela.INS.CWRU.Edu Thu Apr 14 19:47:13 1994 From: ag588 at hela.INS.CWRU.Edu (John C. Brice) Date: Thu, 14 Apr 94 19:47:13 PDT Subject: Rejected mail Message-ID: <199404150247.WAA15402@hela.INS.CWRU.Edu> ag588 is rejecting mail from you From smb at research.att.com Thu Apr 14 16:48:01 1994 From: smb at research.att.com (smb at research.att.com) Date: Thu, 14 Apr 94 19:48:01 EDT Subject: Little known facts about the infohigh.... Message-ID: <9404142349.AA03938@toad.com> You deleted the header of that posting. Was the date, perchance, April 1? Or was it from Steve Carleton -- it's about on a par with From blancw at microsoft.com Thu Apr 14 20:18:29 1994 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 14 Apr 94 20:18:29 PDT Subject: cypherpunks and politics (Re: USWA) Message-ID: <9404150218.AA28193@netmail2.microsoft.com> From: Jamie Lawrence The point is that even if you think anyone with a viewpoint opposing yours is automatically stupid and not worth your time (and I don't think that too many of you are that bad off ;), aren't they at least worth using to further something you believe strongly in? It might do well to be careful in alienating potential allys by flip political jokes and comments. ......................................................... >From a cartoon in the Wall Street Journal a couple of days ago: A couple are sitting on a park bench, and she says to him: "I'm sorry, Bernie, but my financial planner says you're a non-performing asset and should be dumped!" Blanc From collins at newton.apple.com Thu Apr 14 20:30:58 1994 From: collins at newton.apple.com (Scott Collins) Date: Thu, 14 Apr 94 20:30:58 PDT Subject: Good PRNG (here's where) Message-ID: <9404141846.AA19622@newton.apple.com> >i'm doing some stuff on this remailer which requires a good rng. >perl's rng just calls c's rng, which totally sucks. does >anyone know of a cryptographically sound rng i can use? i could >just call it from perl or something. Mark Riordan's ftp site has the source for the Blum-Blum-Shub PRNG. This should meet your needs. You will have to contact him for access if you don't already have it. Hope this helps, Scott Collins | "That's not fair!" -- Sarah | "You say that so often. I wonder what your basis 408.862.0540 | for comparison is." -- Goblin King ................|.................................................... BUSINESS. fax:974.6094 R254(IL5-2N) collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2D Cupertino, CA 95014 ..................................................................... PERSONAL. 408.257.1746 1024:669687 catalyst at netcom.com From blancw at microsoft.com Thu Apr 14 21:22:40 1994 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 14 Apr 94 21:22:40 PDT Subject: (fwd) If Crippler is a Done Deal, What Next? Message-ID: <9404150323.AA28892@netmail2.microsoft.com> From: Timothy C. May .............since the Digital Telephony Bill and the initial appearance of the key escrow idea, I have targeted my efforts not at short-term things like Clipper, but instead at doing things to make sure that our ability to communicate freely with whomever and in whatever form we choose is not restricted. My favored approach is technological, not political. .............................................................. Short-term things like Clipper, long-term things like the loss of personal control (as in self-determination). In the degradation of the concept of personal control, making up one's life as though it were one's own project becomes a foreign idea, with communication being but one aspect of the total sacrifice. It creates the situation of individuals seeing the relationship between themselves and external regulation as a natural constant, rather than as an exceptional & artificial invention; your initiative is always subject to the review of self-appointed superiors, and you can never think of managing your own affairs independently (or express yourself freely) using your own judgement, because there always exists the potential that you might affect others in some way. There is always a clash between restrictive attempts against, and the ability of technological progress to "empower", the individual. PGP (Pretty Good Presentation) of your ideas. Blanc From snyderra at dunx1.ocs.drexel.edu Thu Apr 14 21:25:50 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Thu, 14 Apr 94 21:25:50 PDT Subject: PGP encryption Message-ID: <199404150424.AAA07830@dunx1.ocs.drexel.edu> At 2:59 PM 4/14/94 -0400, marssaxman at aol.com wrote: >Are there any shareware/freeware/PD PGP-like encryption systems for the >Macintosh? Or is there a Mac version of PGP and I just haven't heard about >it? > >-Mars There's RIPEM Mac, which I heartly endorse. Does RIPEM and PEM messages (can pull your AOCE signer from System 7 Pro as a Unaffiliated User certificate), and does it quite well. I have a set of AppleScripts I use to link it up with Eudora, my mail program. I can send it to anyone who wants it, if they provide a statement of their citizenship (US or Canada) and their agreement not to violate the export or RSAREF license agreeements. Also available from ripem.msu.edu, although you'll have to mail the ftp site's maintainer the same info I need. MacPGP also exists, but isn't as friendly to use, and is generally available where the standard PGP is located. Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From wcs at anchor.ho.att.com Thu Apr 14 22:47:41 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 14 Apr 94 22:47:41 PDT Subject: New anon mailer idea? Message-ID: <9404150546.AA12667@anchor.ho.att.com> Hal writes: > - You'd want this feature to be optional. Some people might not want > their anonymity limited by having their return address recorded, even > in encrypted form. The obvious implementation is to add a Generate-Return-Address: header so you can use it if you want it, but won't get one otherwise. The encryption definitely needs some sort of random padding, though CBC with a random IV plus length-padding at the end should probably suffice. > - The use of a symmetric cypher is a very nice way of getting the use-once > capability, along with the "burn after reading" effect of a remailer > chain which destroys itself as it goes. But it could be a considerable > burden on the remailer operator to maintain the database. One possibility > would be to fix a maximum time limit on how long the return addresses are > kept "alive" and require some real money to keep them longer. Public key has the advantage that the operator doesn't *need* a database. If you want to implement use-once addresses (or use-N-times), you could include a tag with the address (such as the IV), and reject future messages using that tag (e.g. save a hash of the tag). You could also implement time-limits by including an expiration date. Perhaps something S-Key like might be applicable, if you want to stick to private-key methods? > - What we would really like is for the recipient to hit the "reply" button > and be able to send his mail back. Matt Ghio's remailer+62647629379278 at wherever.com syntax does this fine. If desired, you could implement anonymous bit-bucket addresses this way as well, though they're somewhat more useful if your remailer generates encrypted outgoing messages. Alternatively, you can *always* generate either a real or a bit-bucket return address, and leave it up to the sender to inform the recipient that there's a probably-working return path. Bill From cme at sw.stratus.com Thu Apr 14 22:48:11 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Thu, 14 Apr 94 22:48:11 PDT Subject: remailers for kids Message-ID: <199404150548.BAA19113@galt.sw.stratus.com> To: turet at u.washington.edu Subject: Re: K12 Personal Security Newsgroups: comp.society.privacy In-Reply-To: In article you write: > >Dear Netters: > >I recently have become involved in a project to implement Internet >feeds to some elementary/high schools. Actually, they already have the >feeds and the hardware, we're putting together a science/math >curriculum, also using Mosaic. I recently (re-)started looking at the >k12 newsgroups, which I haven't done in a few years, since my kids were >small. It struck me that there could be a possibility for abuse of the >system, for example in the 'chat' or 'pen-pals' groups and access to >names/addresses/phone #'s by those with less than salutory intentions. > >Does anyone else have any thoughts or experiences with this, and is >this an appropriate newgroup for this discussion? I hope I'm simply >being parental (fatherly) and not paranoid. > >I would like something like this to be a long thread, since I want to >explore this aspect of things before we just go head-long into the >network with the little kids and expose them to potential problems >later on. > >--Phil Turet >> turet at pmel.noaa.gov Funny you should ask this. I had a conversation just yesterday with a relatively new parent who is really scared about the Internet because it leaves kids exposed to wierdos. Rather than ask for elimination of anonymity for weirdos, he was asking for anonymity for the kids -- not just the e-mail address hiding of various remailers but also an automatic filter on postings to remove (or translate) names, addresses and phone numbers. I know of no one who has done anything beyond hiding e-mail addresses but that software exists, at least. (I've cc:'ed them here.) Perhaps some will have thoughts on the rest of the problem. - Carl -- Carl M. Ellison cme at sw.stratus.com RIPEM MD5OfPublicKey: 39D9860686A9F075A9A83D49589C677A Stratus Computer Inc. TEL: (508)460-2783 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488 From wcs at anchor.ho.att.com Thu Apr 14 22:50:17 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 14 Apr 94 22:50:17 PDT Subject: rng, anyone? Message-ID: <9404150549.AA12690@anchor.ho.att.com> > need good RNG WHile Blum-Blum-Shub is probably the cool way to go, RSAREF uses repeated iterations of MD5 to generate its pseudo-randoms, which can be reasonably secure and use code you've probably already got hooks from perl for. From lcottrell at popmail.ucsd.edu Thu Apr 14 23:07:58 1994 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Thu, 14 Apr 94 23:07:58 PDT Subject: Any cypherpunks building encrypted phone? Message-ID: <199404150607.XAA04251@ucsd.edu> -----BEGIN PGP SIGNED MESSAGE----- >Subject: Any cypherpunks building encrypted phone? > > Hello everyone! I'd like to know if anyone on the list has made >any attempt to construct a true encrypted phone, something at the >level of the AT&T DES phone. I think that it ought not to be too >difficult to build a couple, using existing modems and basic hardware >design. If all the commercial phones are going to be Clipper-based, >we'll have to build the real ones ourselves. > > Lady Ada, Queen of Engines I am working on that exact problem. It is not really that trivial. The encryption has to handle a lot of data real time. I have a license agreement for IDEA and am working on RSA. I am thinking of using tripple DES rather than IDEA because of the cost of the IDEA license. Two questions. One: Does anyone know of a good source of DES chips? Two: How much would you pay for a good encrypted phone? -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLa4m2FVkk3dax7hlAQF4vwP+KppgEM/05FsVJoonnDQrLKcaRJxqvt8y CgJ5OgaFNwAdsJJyQ25SfxaaubP/Q/Ncz3os2ECdxFDGiVOk97tg6DvTfXA5QoSw hFYuKb+7W/KK455I8WdZkeX6O6T/cLDqe94pcJSLSKo2mqwuGUaZ3jdKLAthPtOE DjqkjZettOM= =34Dg -----END PGP SIGNATURE----- -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.3 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From albright at scf.usc.edu Thu Apr 14 23:47:03 1994 From: albright at scf.usc.edu (Julietta) Date: Thu, 14 Apr 94 23:47:03 PDT Subject: Little known facts about the infohigh.... Message-ID: <199404150646.XAA06382@nunki.usc.edu> uuh... I'm sitting here in shock right now,not knowing if this is yet another round of propganda, or another scheme set up by the NSA and other branches of our government's "protectful" branches to keep an eye on "terrorist activities" in the homes of our American citizens. I just finished reading "1984" to get me in the mood for a paper I am working on concerning computer surveillance...and now I receive this post regarding the use of TV technology being used to create the infamous Orwellian "Telescreen" which can hear and see our every move. Does anyone on this list have any further information about this? Perhaps (and I am crossing my fingers here) this was a post- April Fool's Day gag.. trouble is- it seems just feasible enough to make me worry. MM- one more thing. Did anyone see the Los Angelas time pieceby Michael Scrage from MIT entitled "Why Clipper's Unlikely to Chip Away Privacy?" (14 April 94). I can re-post if necessary. A couple of quotes from it at least: "Now, unless the government makes such private encryption illegal (such as PGP), Clipper is going to foment (sic) entrepreneurial digital cryptographers feeding off the paranoid fantasies of individuals and institutions that fear their communications might be compromised by Big Brother". and: "As long as there is a thriving market in commercial cryptography, CLipper is unlikely to be a threat to our privacy or our criminals." Comments Anyone? -- Julie ______________________________________________________________________________ Julie M. Albright Ph.D Student Department of Sociology University of Southern California albright at usc.edu From mg5n+ at andrew.cmu.edu Fri Apr 15 00:13:51 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Fri, 15 Apr 94 00:13:51 PDT Subject: Remailer Reply Blocks In-Reply-To: <199404150227.DAA28644@an-teallach.com> Message-ID: Graham Toal writes: > One thing more has to be done to foil traffic analysis - the encrypted > email address has to be padded out a lot so that they can't guess who > it was by knowing the lengths of the email addresses of a small set > of possible posters. Assuming we're already stripping out the personal > names etc in email addreses and just keeping the canonical bits (for > example "Graham Toal" -> gtoal at gtoal.com > then I'd suggest padding with spaces to something like 64 chars, > then going up +64 each time for those X400 idiots who might want > to post through us :-) That way you won't be able to tell a 128-byte > long name from 2 hops of a 64-byte short name. My remailer doesn't quite do the padding the way you describe, it adds a random amount of padding, so that the addresses will vary somewhat in legnth. It's not a perfect solution, but I thought it was best to keep the return address as short as possible since it has to fit in the To: header. However, with an encrypted block, perhaps more padding would be acceptable. As for the reply block, my remailer strips out everything except the actual address, but appearantly Eric's doesn't. I can't say which is best, it has been suggested that we might want to put the reply info in the to header in parentheses. Someone asked me in email if there was a way to chain emails from my remailer through soda, so that no single person knows your identity. You can send to remailer at soda.berkeley.edu anonymously via: mg5n+an4gyeonc4pgah6dnlyhlicoq46154jmssttbk6245zais at andrew.cmu.edu This way, I know your real address, but I can't match it to an anonymous reply block on soda; Eric Hollander knows only your anon address on my remailer. I must say I really appreciate all the work being done on the remailers; it looks like the remailers will finally get some much needed improvements. Keep up the good work! Now if we could just get more people to run remailers...we have only about 10 now; we had over 2 dozen at one time. Let's set up some more. From nobody at shell.portal.com Fri Apr 15 00:43:42 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Fri, 15 Apr 94 00:43:42 PDT Subject: Why the Clipper's Not Likely to Chip Away at Privacy Message-ID: <199404150744.AAA26542@jobe.shell.portal.com> ---------------------------------------------------------------------- Reproduced without permission. ====================================================================== The Los Angeles Times Thursday, April 14, 1994, p.D1 - Business ====================================================================== INNOVATION ====================================================================== Why the Clipper's Not Likely to Chip Away at Privacy By Michael Schrage JGVD BOSF BEUI JUZP VTIP VMEX PSLG PSUI FOTB... ...or maybe you shouldn't. But there should be no doubt that the Clinton Administration's confused Clipper chip initiative threatens to turn every American who cares about privacy into a practicing digital cryptographer. Which may very well be a good thing, but perhaps not in quite the way this Administration intended. Some background: One year ago, President Clinton signed an executive order that authorized the creation of an optional federal standard for secure voice and data communications. Rather than go with a commercially available encryption scheme, the government chose to use one effectively developed by the National Security Agency (America's Capital of Cryptanalysis). A specially designed silicon chip called Clipper would be the tool to encrypt and decode these communications. Clipper would ultimately be built into the telephones the government procured. Hey, why shouldn't the government have secure internal communications? But creating a new encryption standard for federal use apparently didn't go far enough. The feds -- aggressively encouraged by the national security and law enforcement communities -- agreed to market Clipper as an alternate encryption standard and an essential high-tech ingredient in the global War Against Crime. The NSA, the Justice Department and the FBI have publicly encouraged global corporations, such as banks, to adopt Clipper as their own encryption standard. To absolutely, positively assure that no one in the government would ever improperly eavesdrop on Clipper- ized conversations -- that could never happen, could it? -- the Administration offered an elaborate scheme of safeguards whereby law enforcement officers who managed to get a warrant would have to go to two separate agencies to get the software keys to unlock the relevant Clipper code. Needless to say, the civil libertarians have gone ballistic over this effort by the government to build an infrastructure that technologically empowers it to more easily listen in on human-to-human and computer-to-computer communications. Scores of private companies have voiced their opposition to the Clipper proposal (which, a harried spokeswoman for the National Institute of Standards and Technology swears up, down and sideways, is really "optional, optional, *optional*!"). Essentially, the public relations campaign for Clipper has been about as intelligently handled as Whitewater. Put the vital issues of privacy and civil liberties aside, however, and, on purely pragmatic terms, the Clipper initiative seems to have been put together by people who behave as if they have no understanding of privacy, technology or markets. In fact, the Clipper chip seems destined to produce exactly the opposite effect of what was intended. Instead of creating an encryption standard that gives the government a fighting chance for successful eavesdropping, the feds have encouraged the creation of an encryption market to bypass the threat of government decryption. Put it this way: Suppose the government issued you very strong locks to protect your home against intrusion. Now suppose the government could get the keys to those locks only with a very special warrant. If you could buy your own powerful locks or alarm system for just a few extra dollars, would you do it? that's the question confronting individuals and organizations who fear for their telecommunications privacy today. Right now, you can go on the Internet and, at no cost, get an encryption scheme called PGP (for Pretty Good Privacy) to protect you electronic mail. By the end of the year, predicts PGP creator Philip Zimmerman, people will be able to participate in scrambled voice communications using their personal computers as encryption boxes, for far less than the cost of a Clipper. You can expect to see cryptography activists posting freeware or shareware versions of their algorithms in the ongoing battle to assure truly private communications in the face of government standards. Who knows? Maybe Mitch Kapor's Electronic Frontier Foundation or the Markle Foundation will fund such privacy initiatives. Now, unless the government actually makes such private encryption illegal, Clipper is going to foment entrepreneurial digital cryptographers feeding off the paranoid fantasies of individuals and institutions that fear their communications might be compromised by Big Brother. Does the slogan "If cryptography is outlawed, only outlaws will have cryptography" ring a bell? As an internal government standard, Clipper is fine. But without regulating commercial cryptography, the Clipper chip is a wasteful, impotent policy gesture. The economics of digital cryptography mean the marginal cost of providing powerful encryption is going down even as the government tries to seduce -- or require -- people to use its proffered standard. Clipper is economically obsolete even as you read this. This is so obvious to people in the cryptographic community that they hardly discuss it. But the fact is that digital cryptography has proliferated to the point where Clipper is likely to be more of a catalyst for innovation than an effective weapon against criminals. People truly concerned about government eavesdropping -- global drug dealers, organized crime, hedge fund managers, munitions makers, etc. -- are precisely the sort who would be willing to pay a few hundred extra dollars to buy encryption software that foils or bypasses a Clipper chip. Talk with people in law enforcement about the bypass option and they have no real response (although they are fond of pointing out how stupid criminals can be when talking on the phone). As long as there is a thriving market in commercial cryptography, Clipper is unlikely to be a threat to our privacy or our criminals. It is, however, a definite threat to our respect for the government technocrats who craft public policies that treat our privacy and our technology marketplaces with a mix of such seeming ignorance and contempt. +----------------------------------------------------------------+ | Michael Schrage is a writer, consultant and research associate | | at the Massachusetts Institute of Technology. He writes this | | column independently for The Times. He can be reached at | | schrage at latimes.com by electronic mail via the Internet. | +----------------------------------------------------------------+ ====================================================================== From tcmay at netcom.com Fri Apr 15 00:49:31 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 15 Apr 94 00:49:31 PDT Subject: Little known facts about the infohigh.... In-Reply-To: <199404150646.XAA06382@nunki.usc.edu> Message-ID: <199404150750.AAA15508@mail.netcom.com> Julie Albright wrote: ... > on "terrorist activities" in the homes of our American citizens. I just > finished reading "1984" to get me in the mood for a paper I am working on > concerning computer surveillance...and now I receive this post regarding > the use of TV technology being used to create the infamous Orwellian > "Telescreen" which can hear and see our every move. Does anyone on this > list have any further information about this? Perhaps (and I am crossing my > fingers here) this was a post- April Fool's Day gag.. trouble is- it seems > just feasible enough to make me worry. Rest assured, that's just another wildly implausible paranoid rant. The red LED on a VCR or cable box is no more capable of acting as any kind of t.v. camera than doorknobs can act as palmprint scanners. (I mean, they _can_, but only with expensive reengineering.) This "cable boxes are spying on us" tale has been reposted several times in various groups. Kind of like the "IDealOrder" psychic t.v. broadcast people and their claims. It perhaps has been given superficial credence because some of the television ratings companings (Arbitron, Nielson (sp?). etc.) are toying with the idea of installing "body sensors" in their ratings boxes that would tell them how many people were actually in fron to the t.v. As these ratings families voluntarily agree to be part of the sample, any such system would be voluntary. (And I intend no irony here.) Monitoring people inside their homes is something not even Denning and Sternlight are arguing for. ---- And now for a rare opportunity for a _reverse_ spelling flame: > "Now, unless the government makes such private encryption illegal (such as > PGP), Clipper is going to foment (sic) entrepreneurial digital ^^^^^^^^^^^^ I don't know who added the "(sic)" after "foment," but foment is indeed the right usage here, meaning to "incite." As in "fomenting revolution." An alternative might be "ferment," which is perhaps what the (sic)-adder thought the word was meant to be, but that would be a much less appropiate usage. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jdwilson at gold.chem.hawaii.edu Fri Apr 15 01:09:54 1994 From: jdwilson at gold.chem.hawaii.edu (Jim Wilson (VA)) Date: Fri, 15 Apr 94 01:09:54 PDT Subject: fake pgp messages In-Reply-To: <199404141418.HAA15387@netcom9.netcom.com> Message-ID: RCA's multicast source has a small library of sound files for you to pick from too... Aloha ka ko! -Jim -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQBNAi2Ig+EAAAECALImsR18LE9I6NKICf8TVhbV6yJgF95ynGHnWnNo1ERfdqzk Zl3Icl2N5klNM3KQ9zM3uN/z55smi2QOiD3hL80ABRO0L0phbWVzIEQuIFdpbHNv biA8amR3aWxzb25AZ29sZC5jaGVtLmhhd2FpaS5lZHU+ =JTj1 -----END PGP PUBLIC KEY BLOCK----- ................................ . == = = James D. Wilson. . " " " P. O. Box 15432............................. . " " /\ " Honolulu, HI 96830-5432......Fr. Excelsior........ . \" "/ \" jdwilson at gold.chem.hawaii.edu.FRC/FAM/AASR/GWB/OTO. ................................................................... On Thu, 14 Apr 1994, Michael Paul Johnson wrote: > > in the process of doing stuff to fight traffic analysis, i need to generate > > a bunch of fake pgp messages. it is possible to asciiarmor random > > bits, but this is pretty easy to spot. does anyone know a good > > way to generate a large amount of bogus pgp messages? > > What better way than to generate real pgp messages that encrypt noise files? > Just generate pseudorandom binary data of pseudorandom length (biased > toward the length of real messages), and encrypt with pgp, using the > public key of some person's key from a public server, selected at > random. If you want to be able to spend less cpu time, you could hack a > copy of pgp to simulate doing this, of course, using the symmetric key > cipher (idea) in a stream cipher mode. > > Peace to you. > > ___________________________________________________________ > |\ /| | | | > | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | > | | | / _ | mpj at csn.org ftp:csn.org//mpj/README.MPJ for crypto stuff | > | |||/ /_\ | aka mpj at netcom.com mpjohnson at ieee.org mikej at exabyte.com | > | |||\ ( | m.p.johnso at nyx.cs.du.edu CIS 71331,2332 PGP key by finger | > | ||| \ \_/ |___________________________________________________________| > From albright at scf.usc.edu Fri Apr 15 01:24:02 1994 From: albright at scf.usc.edu (Julietta) Date: Fri, 15 Apr 94 01:24:02 PDT Subject: Little known facts about the infohigh.... In-Reply-To: <199404150750.AAA15508@mail.netcom.com> Message-ID: <199404150823.BAA09221@nunki.usc.edu> Tim May wrote: > > Rest assured, that's just another wildly implausible paranoid rant. > The red LED on a VCR or cable box is no more capable of acting as any > kind of t.v. camera than doorknobs can act as palmprint scanners. (I > > It perhaps has been given superficial credence because some of the > television ratings companings (Arbitron, Nielson (sp?). etc.) are > toying with the idea of installing "body sensors" in their ratings > boxes that would tell them how many people were actually in fron to > the t.v. As these ratings families voluntarily agree to be part of the > sample, any such system would be voluntary. (And I intend no irony here.) > > Monitoring people inside their homes is something not even Denning and > Sternlight are arguing for. > I guess I have been too immersed in surveillance theory lately - I'm begining to get a bit paranoid! However, I do sometimes wonder if some of the new technologies (such as "interactive TV") which will be be brought into the homes of the populus could in fact be used for more insidious purposes than was the original intent (I am generously assuming the original intent was as it was presented to the consumer). I mean- what's to stop the government- or perhaps the big capitalists- from utilizing the technologies, such as that suggested by the Neilson people, to monitor citizens *not* part of some voluntary rating program. Are you suggesting that since Denning et al aren't "argueing for it" that it is inconceivable? Hmm.... Julia _________________________________________________________________________ Julie M. Albright Ph.D Student Department of Sociology University of Southern California albright at usc.edu From tcmay at netcom.com Fri Apr 15 01:55:29 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 15 Apr 94 01:55:29 PDT Subject: Protecting Privacy in a Surveillance Society In-Reply-To: <199404150823.BAA09221@nunki.usc.edu> Message-ID: <199404150856.BAA20212@mail.netcom.com> Julie (or is it Julia or Julietta?) writes: > I guess I have been too immersed in surveillance theory lately > - I'm begining to get a bit paranoid! However, I do sometimes wonder if > some of the new technologies (such as "interactive TV") which will be be > brought into the homes of the populus could in fact be used for more > insidious purposes than was the original intent (I am generously assuming > the original intent was as it was presented to the consumer). > I mean- what's to stop the government- or perhaps the big capitalists- > from utilizing the technologies, such as that suggested by the Neilson > people, to monitor citizens *not* part of some voluntary rating program. > Are you suggesting that since Denning et al aren't "argueing for it" > that it is inconceivable? Hmm.... Let me make an important clarification: there *is* a privacy danger that multimedia/cable companies will use information...they already do in the sense that they get real-time feedback on who's ordering which premium pay-per-view channels. (My brother-in-law was marketing manager for a cable company in San Luis Obispo and he maintained that the cable companies could not tell which channel was being watched via the box, but that new 2-way boxes, coming Real Soon Now, would allow this.) This is the same "privacy" danger faced by subcribers to magazines, by purchasers of goods by mail order, and by any other system that allows purchasing or renting preferences to be correlated to True Names. (In the special case of videotape rentals, a specific law was passed to make compiling of rental records a crime. This was during the Bork imbroglio of some several years back.) The "cryptographic" solution, the one that does not involve passing a mess of new laws which will likely be ignored and exploited, is to allow the following, either separately or in combination: * receiver anonymity, via cryptographic codes which descramble some widely-broadcast transmission (complicated issues of how to ensure only one customer can view it, suggesting some Chaumian tie-ins and "is-a-person" credentialling, albeit identity-blinded). * digital money, so that goods and services may be bought over the cable system without any explicit mapping to viewer identity (e.g., no billing to the home address or VISA card is needed). (Example: coin-operated televisions are already this way, in airports and bus stations. Could extend to dorm rooms, hotels, etc., using either coins (a theft problem, hence digital cash a better idea) or tokens.) * blinding protocols a la Chaum, whereby one proves ownership of some credential (one's age, when entering a bar, for example) without providing a name which could too easily be entered into a database. Anyone interested in ways to defeat Orwellian surveillance technology (and it goes without saying that all Cypherpunks should read "1984," as Julie has just done) should run out and find David Chaum's paper "Transaction Systems to Make Big Brother Obsolete," November 1985, "Communications of the ACM." This paper has been cited _so_ many times here, but it remains the single most important paper I can think of. A slightly updated version was published in the First Computers, Freedom, and Privacy Conference Proceedings. Both of these sources should be findable in any large university science library. (It's not been scanned and OCRed and placed in the soda archives because it's a very long paper, and the diagrams are pretty much essential for figuring out the paper.) Crypto technology wins out over well-intentioned privacy laws any day. Locality of reference, and self-empowerment...if you buy books from me with a credit card, should there be a "privacy law" saying I can't keep a record of your purchases? That's the route some European countries are going. All kinds of problems, and not something most Cypherpunks would want, as it involves other invasions of privacy: "Open up! This is the Privacy Protection Police." The better solution: pay with cash for your books and then I _can't_ keep a record of who bought what. That's method over law. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From cme at sw.stratus.com Fri Apr 15 02:39:34 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Fri, 15 Apr 94 02:39:34 PDT Subject: CPSR Alert 3.06 Message-ID: <199404150937.FAA19661@galt.sw.stratus.com> >Section 1011(b) authorizes the FBI to obtain the credit reports of >individuals without a warrant if a designee of the Attorney General >sends a letter to the credit bureau stating that the subject is the >target of a counter-intelligence investigation and they have "specific >and articulable facts" that the person is a foreign agent. I wonder whether exchange of encrypted e-mail with a foreign national would constitute specific and srticulatable facts that a US citizen was a foreign agent.... - Carl From chughes at maths.tcd.ie Fri Apr 15 04:55:17 1994 From: chughes at maths.tcd.ie (Conrad Hughes) Date: Fri, 15 Apr 94 04:55:17 PDT Subject: Little known facts about the infohigh.... Message-ID: <9404151254.aa10436@salmon.maths.tcd.ie> Julietta writes: >I mean- what's to stop the government- or perhaps the big capitalists- >from utilizing the technologies, such as that suggested by the Neilson >people, to monitor citizens *not* part of some voluntary rating program. >Are you suggesting that since Denning et al aren't "argueing for it" >that it is inconceivable? Hmm.... It's not inconceivable, but you are suggesting that capitalist organisations would try this; they want to make a profit, so such trickery would have to either be ridiculously cheap or include some hidden financial benefit to offset its costs. Now an infrared sensor to receive remote control broadcasts might only cost 10p (about 15 cents I think), but a camera that small, implemented using CCD and disguised so that a casual investigation wouldn't turn up anything suspicious, would be a lot more expensive (portable video cameras are expensive for good reasons). The additional hardware - compression, encryption and transmission technology - would add hundreds (if not thousands) of dollars to the high street value of such a device if you knew what was in it; they'd have to hide this cost so customers didn't get suspicious. The device would be unable to pass TEMPEST (electromagnetic radiation guidelines) or any related trials. So the government would have to intervene. It would also require a transmission licence, again requiring secret service intervention. All people involved in the manufacture of the devices would have to be sworn to secrecy (and since most of therm are in Singapore this could be difficult) and someone would have to come up with a good explanation for the sudden violent change in the shape of video and television technology for maintenance techs. Speakers can act as microphones, but not very well - I'm not an electronic engineer, but I think that modern multi-way speakers are not well suited to such purposes, but a small omnidirectional microphone could be installed instead; eventually some technician would spot it. And why do all of this? So you can see who has sex with who? How big the average American penis is? What brands everyone buys? Methods already exist to obtain this information by cooperation; certainly corporations would like to improve their market research techniques, but at what cost? What would happen if they got found out? Send everyone who knows off to a concentration camp in New Jersey (that is where software engineers have to be legally certified isn't it)? I've just addressed a very specific set of circumstances - you'd probably choose to transmit the information down fibreoptic instead of using radio, but essentially such an idea would involve such a huge conspiracy of scientists, manufacturers, maintenance engineers and authors (remember that there's a book out there explaining how just about everything ever built works) that it would be far far easier for Them to manipulate public perception into believing that all of this was a Good Thing and doing it in full view. All you have to worry about is the average person's susceptibility to Their Manipu-Rays (tm). Come to think of it maybe you're right.. Conrad From wex at media.mit.edu Fri Apr 15 07:16:57 1994 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Fri, 15 Apr 94 07:16:57 PDT Subject: 'Nother MIT talk on crypto... Message-ID: <9404151416.AA27651@media.mit.edu> > Thursday, April 21, 1994 > Refreshments at 4:00pm, Talk at 4:15pm in NE43-518 > > ``WHICH KEY ESCROW, IF ANY?'' > or > ``Fair Cryptosystems vs. The Clipper Chip'' > by > Silvio Micali > MIT > >Wide-spread use of cryptography will greatly enhance our privacy, but >will also make court-authorized line-tapping impossible. In an effort >to make cryptography ``compatible'' with law enforcement, the Clinton >Administration has been advocating the use of a new encryption >technology: the Clipper Chip. > >Whether cryptography should be regulated at all is an important >question, one that should be debated at all possible levels of our >society. This talk, however, focuses primarily on TECHNICAL points >that are crucial to make an informed decision. In particular, we >address the following questions: > >* Does Clipper Chip really make cryptography and law enforcement > compatible? > >* Does Clipper Chip introduce unwanted and/or unforseen dangers? > >* Are there better alternatives to making encryption and law > enforcement compatible, if this is what we want? From fringeware at io.com Fri Apr 15 07:21:22 1994 From: fringeware at io.com (FringeWare Inc) Date: Fri, 15 Apr 94 07:21:22 PDT Subject: HACK - Encryption Intro (long; 700+ lines) Message-ID: <199404150300.fw.1134@illuminati.IO.COM> Sent from: twz at netcom.com (Peter Meyer) An Introduction to the Use of Encryption by Peter Meyer Dolphin Software 48 Shattuck Square #147 Berkeley, CA 94704 Written January 1994 Revised April 1994 The purpose of this article is to provide information in the area of practical cryptography of interest to anyone wishing to use cryptographic software. I have mostly avoided discussion of technical matters in favor of a more general explanation of what I regard as the main things to be understood by someone beginning to use encryption. Those wishing to get more deeply into the theoretical aspects should consult Bruce Schneier's book (see bibliography at end). Dolphin Software publishes several commercial cryptographic software products for the PC, including Dolphin Encrypt and Dolphin Encrypt Advanced Version (file and disk encryption software) and EZ-Crypt (an on-the-fly encryption TSR). (Product information available upon request). Occasionally in this article I include some remarks specifically concerning these or other products. Cryptography is the art or science of secret writing, or more exactly, of storing information (for a shorter or longer period of time) in a form which allows it to be revealed to those you wish to see it yet hides it from all others. A cryptosystem is a method to accomplish this. Cryptanalysis is the practice of defeating such attempts to hide information. Cryptology includes both cryptography and cryptanalysis. The original information to be hidden is called plaintext. The hidden information is called ciphertext. Encryption is any procedure to convert plaintext into ciphertext. Decryption is any procedure to convert ciphertext into plaintext. A cryptosystem is designed it so that decryption can be accomplished only under certain conditions, which generally means only by persons in possession of both a decryption engine (these days, generally a computer program) and a particular piece of information, called the decryption key, which is supplied to the decryption engine in the process of decryption. Plaintext is converted into ciphertext by means of an encryption engine (again, generally a computer program) whose operation is fixed and determinate (the encryption method) but which functions in practice in a way dependent on a piece of information (the encryption key) which has a major effect on the output of the encryption process. The result of using the decryption method and the decryption key to decrypt ciphertext produced by using the encryption method and the encryption key should always be the same as the original plaintext (except perhaps for some insignificant differences). In this process the encryption key and the decryption key may or may not be the same. When they are the cryptosystem is called a "symmetric key" system; when they are not it is called an "asymmetric key" system. The most widely-known instance of a symmetric cryptosystem is DES (the so-called Data Encryption Standard). The most widely-known instance of an asymmetric key cryptosystem is PGP. Dolphin Encrypt and EZ-Crypt are symmetric key cryptosystems. There are many reasons for using encryption (examples are given below), and the cryptosystem that one should use is the one best suited for one's particular purpose and which satisfies the requirements of security, reliability and ease-of-use. Ease-of-use is easy to understand. Reliability means that the cryptosystem, when used as its designer intended it to be used, will always reveal exactly the information hidden when it is needed (in other words, that the ciphertext will always be recoverable and the recovered data will be the same as to the original plaintext). Security means that the cryptosystem will in fact keep the information hidden from all but those persons intended to see it despite the attempts of others to crack the system. Ease-of-use is the quality easiest to ascertain. If the encryption key is a sequence of 64 hexadecimal digits (a 256-bit key), such as: B923A24C98D98F83E24234CF8492C384E9AD19A128B3910F3904C324E920DA31 then you may have a problem not only in remembering it but also in using it (try typing the sequence above a few times). With such a key it is necessary to write it down or store it in a disk file, in which case there is the danger that it may be discovered by someone else. Thus such a key is not only inconvenient to use but also is a security risk. The key used in Dolphin Encrypt is any typeable string of from 10 to 60 characters and thus may be a phrase which is easy to remember, e.g. "Lay on MacDuff!" Spaces are not significant, and upper and lower case are equivalent, so you don't have to remember whether the key is "Lay on MacDuff!" or "Lay on Macduff!" Reliability is the quality next easiest to test for. If it is not possible to provide a formal proof that the decryption of the encryption of the plaintext is always identical to the plaintext it is at least possible to write software to perform multiple encryptions and decryptions with many different keys to test for reliability (though this testing cannot be exhaustive). Such software is provided with Dolphin Encrypt. Finally there is the question of security. The security of a cryptosystem is always relative to the task it is intended to accomplish and the conditions under which it will be used. A theoretically secure system becomes insecure if used by people who write their encryption keys on pieces of paper which they stick to their computer terminals. In general a cryptosystem can never be shown to be completely secure in practice, in the sense that without knowledge of the decryption key it is impossible to recover the plaintext with real-world computing power in less than, say, a thousand years. There is one cryptosystem known as the one-time pad, which is absolutely secure, but in practice it is cumbersome and the key can be used only once without compromising the security of the system. In some cases it is possible to show that cracking a cryptosystem is equivalent to solving some particular mathematical problem, e.g. the problem of factoring large numbers ("large" here means numbers with several hundred decimal digits). If many mathematicians working for many years have been unable to solve a problem then this is a reason to regard a cryptosystem based on it as secure. However, there is no guarantee that a solution to the mathematical problem may not be found tomorrow, in which case the security of the cryptosystem would disappear overnight (or at least, as soon as word got around). In the case of PGP and other encryption software such as RIPEM which rely on an asymmetric encryption algorithm known as the RSA Algorithm, it is widely believed that these are secure if and only if the problem of factoring large numbers is insoluble (that is, computationally infeasible in real time). Yet recently a claim has been made, but has not been confirmed, that a method of cryptanalysis of the RSA Algorithm has been found which does not depend on a general solution to the problem of factor ing large numbers. A poster to the Usenet newsgroup sci.crypt (Francis Barrett) has remarked: Although factoring is believed to be hard, and factoring breaks RSA, breaking RSA does not simplify factoring. Trivial non-factoring methods of breaking RSA could therefore exist. Whether this paper [by William H. Payne] is legitimate remains to be seen, but it is certainly not beyond the realm of possiblity. Some have claimed that PGP is the most secure encryption program available for PCs, a claim that does not withstand critical examination. Given two encryption programs, each of which generates random-looking ciphertext, how does one decide that one of them is "more secure" than the other - even if full details of the encryption algorithms are known? Short of breaking one of the systems there is no clear answer. If one cannot provide criteria for determining when one program is more secure than another then it does not make sense to ask which is the most secure. Brute force attacks upon a cryptosystem (a brute force attack involves trying every possible key to decrypt some ciphertext until finding one that works) can be compared since the average time required by a brute force attack is half the number of possible keys multiplied by the time required to test each key (by using it to decrypt the ciphertext and seeing whether anything intelligible results). It is true that if the size of the key space associated with a cryptosystem is small (e.g. 2^16 = 65,536) then the cryptosystem is vulnerable to a brute force attack. But if a cryptosystem has a large key space (e.g. the key space associated with Dolphin Encrypt, whose size is about 10^109) then a brute force attack is not feasible and so any weakness in the system, if it exists, must be sought elsewhere. In general, the security of a cryptosystem can only be measured by its resistance to actual attempts to break it in practice. Those that have been broken are obviously insecure. (There are several commercially available PC encryption packages that have been broken; see for example the articles by Kochanski in the bibliography at the end of this article.) Those that have resisted the attentions of many cryptanalysts for many years may be deemed secure, at least until better methods of cryptanalysis are invented. In the case of DES there has long been widespread suspicion that the National Security Agency influenced its designers at IBM so that it was strong enough to withstand most attacks but not strong enough to withstand the NSA computers. The original design submitted by IBM permitted all 16 x 48 = 768 bits of key used in the 16 rounds to be selected independently. A U.S. Senate Select Committee ascertained in 1977 that the U.S. National Security Agency (NSA) was instrumental in reducing the DES secret key to 56 bits that are each used many times, although this had previously been denied by IBM ... (Massey, p.541.) But the best attempts by cryptanalysts over the years have produced only meager results (in particular, the demonstration of Adi Shamir that cryptanalysis of DES ciphertext, in the simplest DES mode (electronic code book), can be done with somewhat less effort than that required for a brute force attack). But recently a new method of DES cryptanalysis has been proposed which involves the use of parallel processing (using many computers simultaneously), and it now seems clear that for a few million dollars a computer can be built which can crack DES ciphertext in a few hours. Since NSA has practically unlimited funding and has the largest concentration of computing power and mathematical talent in the world, it is likely that NSA possesses the ability to decrypt DES ciphertext fairly easily. NSA has, of course, never affirmed or denied their ability to crack DES. (NSA also means Never Say Anything.) However, the absence of publication of a demonstration that a particular cryptosystem has been cracked is no proof that it hasn't. Anyone who discovered a way to crack DES, RSA, etc., could make a lot more money by quietly providing a decryption service than by telling the world about his discovery. In fact if he did announce it people would quickly stop using that cryptosystem and he would have few clients. When selecting a cryptosystem, or cryptographic software, you should first consider what you want it to accomplish. There are numerous (legitimate) reasons why you might wish to conceal information, for example: (i) Companies often possess data files on employees which are confidential, such as medical records, salary records, etc. Employees will feel safer knowing that these files are encrypted and are not accessible to casual inspection by data entry clerks (who may be bribed to obtain information on someone). (ii) Individuals may share working space with others, of whose honor they are not entirely sure, and may wish to make certain that in their absence no-one will find anything by snooping about in their hard disk. (iii) A company may wish to transfer sensitive business information between sites such as branch offices. Or it may wish to send confidential information (for example, a negotiating position, operating procedures or proprietary data) to an agent in the field (perhaps abroad). If the information is encrypted before transmission then one does not have to worry about it being intercepted since if this happens the encrypted data is incomprehensible (without the encryption key). (iv) A company may have information that a competitor would like to see, such as information concerning legal or financial problems, results of research, who the customers are and what they are buying, information revealing violations of government regulations, secret formulas or details of manufacturing processes, plans for future expansion or for the development of new products. (v) A person or company may wish to transport to a distant location a computer which contains sensitive information without being concerned that if the computer is examined en route (e.g. by foreign customs agents) then the information will be revealed. (vi) Two individuals may wish to correspond by email on matters that they wish to keep private and be sure that no-one else is reading their mail. >From the above examples it can be seen that there are two general cases when encryption is needed: (a) When information, once encrypted, is simply to be stored on-site (and invulnerable to unauthorized access) until there is a need to access that information. (b) When information is to be transmitted somewhere and it is encrypted so that if it is intercepted before reaching its intended destination the interceptor will not find anything they can make sense of. In case (b) there arises the problem of secure key exchange. This problem exists because the person who will decrypt the information is usually not the same as the person who encrypted the information. Assuming that the decryptor is in posssession of the decryption engine (normally a software program) how does the decryptor know which decryption key to use? This information must be communicated to the decryptor in some way. If, during the course of this communication, the key is intercepted by a third party then that third party can intercept and decrypt the ciphertext subsequently sent by the encryptor to the decryptor. This is a problem which all users of symmetric key systems (e.g. DES and Dolphin Encrypt) must face when transmitting encrypted data, because in such systems the decryption key is the same as the encryption key. The encryptor can choose any encryption key they wish, but how are they to communicate that key to the decryptor in a secure way? Governments typically solve this problem by putting the key in a locked briefcase, handcuffing it to the wrist of a trusted minion, and despatching him with several armed guards to deliver the briefcase in person (typically at an embassy in a foreign country). This solution is generally too expensive for ordinary citizens. If you know that your mail is not being opened then you can send the key that way, but who can be sure of this? Even registered mail may be opened. The best way to pass the key to whoever you will be sending encrypted material to is by personal contact someplace where there is no chance of being observed. If this is not possible then various less secure means are available. For example, if you used to live in the same city as the person for some years then you might call them and say, "Remember that restaurant in San Diego where we used to have breakfast? Remember the name of that cute waitress? Let's use her name as the key." Then you have a key that only you two know, unless someone has extensive information on your breakfast habits in San Diego several years ago and the names of the waitresses you might have come in contact with. There is a class of cryptosystems knowns as "public key" systems which were first developed in the 1970s to solve this problem of secure key exchange. These are the systems referred to above as "asymmetric key" systems, in which the decryption key is not the same as the encryption key. Such public key systems can, if used properly, go a long way toward solving the problem of secure key exchange because the encryption key can be given out to the world without compromising the security of communication, provided that the decryption key is kept secret. Let's say you wish to receive encrypted email from your girlfriend Alice. You call her and give her your public key - the one used to perform encryption. Alice writes a passionate love letter, encrypts it with your public key and sends it to you. You decrypt it with your private key. If your other girlfriend Cheryl intercepts this then there is no way she can decrypt it because the public key (assumed to be known to everyone and thus to her) is no good for decryption. Decryption can only be performed with the private key, which only you know (unless Cheryl finds it written on a piece of paper in the top drawer of the dresser under your socks). A public key cryptosystem relies on some mathematical procedure to generate the public and private keys. The mathematical nature of these systems usually allows the security of the system to be measured by the difficulty of solving some mathematical problem. There are numerous public key cryptosystems, the most well known being the one based on the RSA Algorithm (which is patented by its inventors, Rivest, Shamir and Adelman), which, as noted above, relies for its security on the difficulty of factoring large numbers. There are other public key systems available for licensing for commercial use, such as the LUC public key system (from LUC Encryption Technology, Sierra Madre, CA), and one developed by the computer manufacturer Next, Inc. Public key cryptography has applications beyond the classical one of hiding information. As a consequence of the encryption key and the decryption key being different, public key cryptography makes possible digital signatures (for authentification of documents) and digital forms of such activities as simultaneous contract signing. Digital cash is also an idea which builds on the use of an asymmetric cryptosystem. Although public key cryptography in theory solves the problem of secure key exchange, it does in general have a couple of disadvantages compared to asymmetric (or secret) key systems. The first is speed. Generally public key systems, such as PGP, are much slower than secret key systems, and so may be suitable for encrypting small amounts of data, such as messages sent by email, but are not suitable for bulk encryption, where it may be required to encrypt megabytes of data. Secret key systems can be very fast (especially if implemented by instructions hard-coded into chips rather than running in a computer's memory). The more complex such a system is the slower it tends to be, but even complex systems are generally of acceptable speed. For example, Dolphin Encrypt will encrypt and decrypt at about 30 Kb/sec on a 80486 PC running at 50 Mhz (equivalent to 1 megabyte in 35 seconds), which is fast enough for most people. The second disadvantage of public key systems is that there is a problem of key validation. If you wish to send encrypted data to a person, Fred, say, and you have obtained what is claimed to be Fred's public key, how do you know it really is Fred's public key? What if a third party, Jack, were to publish a public key in Fred's name? If Jack works for a U.S. intelligence or law enforcement agency and can monitor communications channels used by Fred then he can intercept encrypted data sent to Fred, including any message you send to him, and can then decrypt it (since he has the corresponding private key). If Jack were really sneaky, and knew Fred's real public key, he could re-encrypt your message to Fred using the real public key (perhaps after altering your message in ways you might not approve of) and deliver it to Fred as if it had come directly from you. Fred would then decrypt it with his private key and read a message which he assumes is from you, but which may in fact be quite different from what you sent. In theory Jack could sit in the middle of an assumed two-way email correspondence between you and Fred, read everything each of you send to the other, and pass to each of you faked messages saying anything he wanted you to believe was from the other. A recent contributor to sci.crypt (Terry Ritter, 11/29/93) wrote: When we have a secret-key cipher, we have the serious problem of transporting a key in absolute secrecy. However, after we do this, we can depend on the cipher providing its level of technical secrecy as long as the key is not exposed. When we have a public-key cipher, we apparently have solved the problem of transporting a key. In fact, however, we have only done so if we ignore the security requirement to validate that key. Now, clearly, validation must be easier than secure transport, so it can be a big advantage. But validation is not trivial, and many people do not understand that it is necessary. When we have a public-key cipher and use an unvalidated key, our messages could be exposed to a spoofer who has not had to "break" the cipher. The spoofer has not had to break RSA. The spoofer has not had to break IDEA. Thus, discussion of the technical strength of RSA and IDEA are insufficient to characterize the overall strength of such a cipher. In contrast, discussion of the technical strength of a secret-key cipher *IS* sufficient to characterize the strength of that cipher. Discussion of the strength of public-key cipher mechanisms is irrelevant without a discussion of the strength of the public-key validation protocol. Private-key ciphers need no such protocol, nor any such discussion. And a public-key cipher which includes the required key-validation protocol can be almost as much trouble as a secret-key cipher which needs none. When encryption is used in case (a), to be stored on-site (and invulnerable to unauthorized access) until there is a need to access that information, a secret key cryptosystem is clearly preferable, since such a system has the virtue of speed, and there is no problem of key validation and no problem of key exchange (since there is no need to transmit the encryption key to anyone other than by face-to-face communication). However, many people are still using secret key cryptosystems that are relatively easy to break since those people don't know any better. For example, the WordPerfect word processing program allows you to lock the information in a file by means of a password. In a bad marriage one spouse might think that by locking their WordPerfect files they can write what they like and not worry that the other spouse might later use this against them. What the first spouse doesn't know is that there are programs around that can automatically (and in a few seconds) find the password used to lock a WordPerfect file. In fact the WordPerfect encryption method (at least for Versions 5.1 and earlier) has been shown to be very easy to break. Full descriptions are given in the articles by Bennett, for Version 4.2, and by Bergen and Caelli, for Version 5.0 (see the bibliography below). Another case is the encryption scheme used by Microsoft's word processing program Word. A method to crack encrypted Word files was published on Usenet late in 1993, so this method of protecting information is now obsolete. There is even a company, Access Data Recovery (in Orem, Utah) that sells software that automatically recovers the passwords used to encrypt data in a number of commercial software applications, including Lotus 123. For a cryptosystem to be considered strong it should possess the following properties (I shall illustrate these by reference to the Dolphin Encrypt file encryption software): (i) The security of a strong system resides with the secrecy of the key rather than with the supposed secrecy of the algorithm. In other words, even if an attacker knows the full details of the method used to encrypt and to decrypt, this should not allow him to decrypt the ciphertext if he does not know the key which was used to encrypt it (although obviously his task is even more difficult if he does not know the method). The encryption algorithm used in Dolphin Encrypt is defined by the C source code for the encryption and decryption functions, and this source code is part of a publicly available C function library (the Dolphin Encryption Library). The method is not secret and its full details are available for examination to anyone who purchases the library. (ii) A strong cryptosystem has a large keyspace, that is, there are very many possible encryption keys. DES is considered by many to be flawed in this respect, because there are only 2^56 (about 10^17) possible keys. The size of the keyspace associated with Dolphin Encrypt is about 10^109, due to the fact that keys can be up to 60 characters in length. (iii) A strong cryptosystem will produce ciphertext which appears random to all standard statistical tests. A full discussion of these tests is beyond the scope of an introductory article such as this on the use of encryption software, but we may consider one interesting test, the so-called kappa test, otherwise known as the index of coincidence. The idea behind this is as follows: Suppose that the elements of the cipher text are any of the 256 possible bytes (0 through FF). Consider the ciphertext to be a sequence of bytes (laid out in a row). Now duplicate this sequence and place it beneath the first (with the first byte of the second sequence below the first byte of the first sequence). We then have a sequence of pairs of identical bytes. Slide the lower sequence to the right a certain distance, say, 8 places. Then count how many pairs there are in which the bytes are identical. If the sequence of bytes were truly random then we would expect about 1/256 of the pairs to consist of identical bytes, i.e. about 0.39% of them. It is not difficult to write a program which analyzes a file of data, calculating the indices of coincidence (also known as the kappa value) for multiple displacement values. When we run such a program on ordinary English text we obtain values such as the following ("IC" means "index of coincidence"): Offset IC coincidences 1 5.85% 2397 in 40968 2 6.23% 2551 in 40967 3 9.23% 3780 in 40966 4 8.31% 3406 in 40965 5 7.91% 3240 in 40964 6 7.88% 3227 in 40963 7 7.78% 3187 in 40962 8 7.92% 3244 in 40961 9 8.24% 3377 in 40960 10 7.98% 3268 in 40959 11 8.16% 3341 in 40958 12 8.09% 3315 in 40957 13 8.15% 3337 in 40956 14 7.97% 3264 in 40955 15 7.97% 3265 in 40954 16 8.07% 3306 in 40953 17 8.04% 3293 in 40952 18 7.85% 3214 in 40951 Typically only 80 or so different byte values occur in a file of English text. If these byte values occurred randomly then we would expect an index of coincidence for each displacement of about 1/80, i.e. about 1.25%. However, the distribution of characters in English text is not random ("e", "t" and the space character occur most frequently), which is why we obtain the larger IC values shown above. The kappa test can be used to break a weak cryptosystem, or at least, to provide a clue toward breaking it. The index of coincidence for the displacement equal to the length of the encryption key will often be significantly higher than the other indices, in which case one can infer the length of the key. For example, here are the indices of coincidence for a file of ciphertext (2048 bytes in size) produced by encrypting a text file using a weak cryptosystem (one which was discussed on sci.crypt in December 1993): Offset IC coincidences 1 0.15% 3 in 2047 2 0.34% 7 in 2046 3 0.34% 7 in 2045 4 0.54% 11 in 2044 5 0.44% 9 in 2043 6 0.39% 8 in 2042 7 0.24% 5 in 2041 8 0.49% 10 in 2040 9 0.49% 10 in 2039 10 0.29% 6 in 2038 11 0.15% 3 in 2037 12 0.10% 2 in 2036 13 0.64% 13 in 2035 14 0.74% 15 in 2034 15 0.39% 8 in 2033 16 0.20% 4 in 2032 17 0.30% 6 in 2031 18 0.34% 7 in 2030 256 different byte values occur in the ciphertext, so if it were to appear as random then the kappa value should be about 0.39% for each displacement. But the kappa values for displacements 13 and 14 are significantly higher than the others, suggesting that the length of the key used in the encryption was either 13 or 14. This clue led to the decryption of the ciphertext and it turned out that the key length was in fact 13. As an example of how non-random some ciphertext produced by commercial cryptosystems may be it is instructive to consider the proprietary encryption algorithm used by the Norton Diskreet program. The file named NORTON.INI, which comes with the Diskreet program, contains 530 bytes and 41 different byte values, including 403 instances of the byte value 0. The non-zero byte values are dispersed among the zero values. If we encrypt this file using Diskreet's proprietary encryption method and the key "ABCDEFGHIJ" we obtain a file, NORTON.SEC, which contains 2048 bytes, including 1015 0-bytes. When we examine this file with a hex editor we find that it consists of the letters "PNCICRYPT", seven 0-bytes or 1-bytes, 1024 bytes of apparent gibberish (the ciphertext) and finally 1008 0-bytes. Suppose we extract the 1024 bytes of ciphertext. There are 229 different byte values in this ciphertext, so if it really appeared random we would expect the kappa values to be about 1/229, i.e. about 0.44%. What we find is the following: Offset IC coincidences 1 0.29% 3 in 1023 2 21.72% 222 in 1022 3 0.69% 7 in 1021 4 1.08% 11 in 1020 5 0.49% 5 in 1019 6 0.20% 2 in 1018 7 0.39% 4 in 1017 8 0.00% 0 in 1016 9 0.79% 8 in 1015 10 0.39% 4 in 1014 11 0.69% 7 in 1013 12 0.69% 7 in 1012 13 0.30% 3 in 1011 14 0.99% 10 in 1010 15 0.20% 2 in 1009 16 0.30% 3 in 1008 17 0.40% 4 in 1007 18 0.20% 2 in 1006 The figure of 21.72% for offset 2 is quite astounding. When we look at the ciphertext with a hex editor we see that there are many lines which have a byte pattern: xx yy aa bb aa bb cc dd cc dd ee ff ee ff gg hh gg hh ... that is, in which pairs of bytes tend to be repeated, for example: 4B 25 4B 25 8D 28 8D 28 2D F8 2D F8 21 AC 21 AC E8 9E E8 9E F2 FC F2 FC C6 C5 C6 C5 7E 4F 7E 4F B2 8B B2 8B 32 EE 32 EE 25 2C 25 2C A5 32 A5 32 8D 61 8D 61 E5 C1 E5 C1 D4 F7 D4 F7 This explains why sliding the ciphertext against itself two places to the right produces such a large number of coincidences. Clearly this ciphertext shows obvious regularities, and appears to be very far from random. Such regularities are what a cryptanalyst looks for, as a clue to the encryption method and to the key, and which a good cryptosystem denies him. In contrast to Diskreet, Dolphin Encrypt encrypts the same file, NORTON.INI, using the same key, to a file of 450 bytes (in which there are 207 different byte values, implying that the kappa values should be about 0.48% if the ciphertext is to appear random) with kappa values as follows: Offset IC coincidences 1 0.45% 2 in 449 2 0.45% 2 in 448 3 0.00% 0 in 447 4 0.45% 2 in 446 5 0.00% 0 in 445 6 0.23% 1 in 444 7 0.45% 2 in 443 8 0.23% 1 in 442 9 0.23% 1 in 441 10 0.23% 1 in 440 11 0.46% 2 in 439 12 0.23% 1 in 438 13 0.23% 1 in 437 14 0.46% 2 in 436 15 0.23% 1 in 435 16 0.69% 3 in 434 17 0.00% 0 in 433 18 0.46% 2 in 432 The essentially discrete distribution of these indices of coincidence (0.00, 0.23, 0.46, 0.69) are due to the small size of the ciphertext (450 bytes). When we do the same test for a file of Dolphin ciphertext of size 60201 bytes (in which there are 256 different byte values, implying a desired kappa value of 0.39%) we find: Offset IC coincidences 1 0.41% 248 in 60200 2 0.43% 258 in 60199 3 0.44% 263 in 60198 4 0.43% 258 in 60197 5 0.43% 257 in 60196 6 0.34% 205 in 60195 7 0.40% 239 in 60194 8 0.42% 252 in 60193 9 0.40% 241 in 60192 10 0.40% 242 in 60191 11 0.41% 247 in 60190 12 0.36% 216 in 60189 13 0.41% 245 in 60188 14 0.37% 223 in 60187 15 0.36% 219 in 60186 16 0.41% 247 in 60185 17 0.40% 238 in 60184 18 0.37% 222 in 60183 The kappa test, and other statistical tests, reveal no regularities in the ciphertext produced by Dolpin Encrypt (or by EZ-Crypt). Selected Bibliography Cryptology is an academic discipline which has implications for the security of life and property, and thus there is a vast literature on the subject, often highly technical in nature. Much of the research is secret and unpublished. The following are just a few of the many books and journal articles available. The history of codes and code-breaking is especially interesting. The best book on this subject is David Kahn's The Codebreakers (the bound edition is recommended). Among the following works those marked with an asterisk are more historical than technical and tend to be somewhat easier reading. Those marked "#" contain commentary on some contemporary political aspects of the civilian use of cryptography. Andreassen, K.: Computer Cryptology, Prentice-Hall. Angluin, D. and Lichtenstein, D.: Provable Security in Cryptosystems, Yale University, 1983. #Bamford, J.: The Puzzle Palace, Penguin Books. #Barlow, J. P.: "Decrypting the Puzzle Palace", Communications of the ACM, July 1992, pp. 25-31. *Barker, W. G.: History of Codes and Ciphers in the U.S., several volumes, Aegean Park Press, P. O. Box 2837, Laguna Hills, CA 92654. Beker, H. and Piper, F.: Cipher Systems, Wiley, 1982. Bennett, J.: "Analysis of the Encryption Algorithm Used in the WordPerfect Word Processing Program", Cryptologia 11(4), pp. 206-210, 1987. Bergen, H. A. and Caelli, W. J.: "File Security in WordPerfect 5.0", Cryptologia 15(1), pp. 57-66, January 1991. Biham, E. and Shamir, A.: "Differential cryptanalysis of DES-like cryptosystems", Journal of Cryptology, vol. 4, #1, pp. 3-72, 1991. *Boyd, C.: "Anguish under Siege: High-Grade Japanese Signal Intelligence and the Fall of Berlin", Cryptologia 8(3), July 1989, pp. 193-209. Brassard, G.: Modern Cryptology, Springer-Verlag, 1988. Deavours, C. A. and Kruh, L.: Machine Cryptography and Modern Crypt- analysis, Artech House, 610 Washington St., Dedham, MA 02026, 1985. DeLaurentis, J. M.: "A Further Weakness in the Common Modulus Protocol in the RSA Cryptoalgorithm", Cryptologia, 8(3), July 1984, pp. 253-259. Denning, D.: Cryptography and Data Security, Addison-Wesley, 1982. *Diffie, W.: "The first ten years of public key cryptography", IEEE proceedings, 76(5), 560--577, 1988. ---- and Hellman, M.: "Privacy and authentication: an introduction to cryptography", IEEE proceedings, 67(3), 397-427, 1979. Feistel, H.: "Cryptography and Computer Privacy", Scientific American, 228(5), pp. 15-23, 1973. *Flicke, W. F.: War Secrets in the Ether, Volumes 1 & 2, Aegean Park Press. *Friedman, W. F.: Solving German Codes in World War I, Aegean Park Press. *---- and Mendelsohn, C. J.: The Zimmermann Telegram of 1917 and its Cryptographic Backround, Aegean Park Press. Gaines, H. F.: Cryptanalysis, Dover, 1956. Garon, G. and Outerbridge, R.: "DES watch: an examination of the sufficiency of the Data Encryption Standard for financial institutions in the 1990's", Cryptologia 15(3), 1991, pp. 177-193. *Hinsley, F. H. et al.: British Intelligence in the Second World War, Cambridge U. P., volumes 1 - 4. *---- and Stripp, A. (eds.): Codebreakers: The Inside Story of Bletchley Park, Oxford U.P., 1993. Held, G.: Top Secret Data Encryption Techniques, Sams Publishing, 1993. Hellman, M.: "The mathematics of public key cryptography", Scientific American, pp. 130-139, 1979. *Kahn, D.: The Codebreakers, Macmillan, 1967. *----: Seizing the Enigma, Houghton Mifflin, 1991. Kochanski, M.: "A Survey of Data Insecurity Packages", Cryptologia 11(1), pp. 1-15, 1987. ----: "Another Data Insecurity Package", Cryptologia 12(3), pp.165-177, July 1988. Konheim, A. G.: Cryptography: A Primer, John Wiley, 1981. #Kruh, L.: "The Control of Public Cryptography and Freedom of Speech - A Review", Cryptologia 10(1), January 1986, pp. 2-9. Lysing, H.: Secret Writing, Dover, 1974. Marotta, M.: The Code Book, Loompanics, 1987. Massey, J.: "An Introduction to Contemporary Cryptology", IEEE Proceedings, 76(5), pp. 533-549, May 1988. Meyer, C. H., and Matyas, S. M.: Cryptography, John Wiley, 1982. #Pierce, K. J.: "Public Cryptography, Arms Export Controls, and the First Amendment: A Need for Legislation", Cornell International Law Journal, Vol. 17, No. 3 (Winter 1984), pp. 197-236. Rivest, R. L., Shamir, A. and Adelman, L.: "A Method for Obtaining Digital Signatures and Public-key Cryptosystems," Communications of the ACM, February 1979. Salomaa, A.: Public Key Cryptography, Springer-Verlag, 1990. Schneier, B.: "Untangling Public Key Cryptography", Dr Dobb's Journal, May 1992, pp. 16-28. ----: "The IDEA Encryption Algorithm", Dr Dobb's Journal, December 1993, pp. 50-56. ----: Practical Cryptography, John Wiley & Sons, 1994. Simmons, G. (ed.): Contemporary Cryptology: the Science of Information Integrity, IEEE Press, 1991. Smith, L. D.: Cryptography, Dover, 1955. *Weber, R. E.: United States Diplomatic Codes and Ciphers 1775-1938, Precedent, 1979. Welsh, D.: Codes and Cryptography, Claredon Press, 1988. *Yardley, H. O.: The American Black Chamber, Ballantine 1981. From gtoal at an-teallach.com Fri Apr 15 07:38:18 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 15 Apr 94 07:38:18 PDT Subject: New anon mailer idea? Message-ID: <199404151437.PAA27581@an-teallach.com> From: "bill.stewart at pleasantonca.ncr.com +1-510-484-6204" The obvious implementation is to add a Generate-Return-Address: header so you can use it if you want it, but won't get one otherwise. Yep, that's one way that fits in with the cypherpunk remailer syntax; another way would be to have a separate address that you used to explicitly start a conversation, eg reply-remailer at somewhere.edu Hmmm... you could in fact make the Generate-Return-Address: header take the actual return address you want to use, like a Reply-To: header. That would be nice. (I'd been assuming that it would use the normal reply address - Reply-To:, From:, envelope address; in that order depending on which was given) The encryption definitely needs some sort of random padding, though CBC with a random IV plus length-padding at the end should probably suffice. Exactly my thoughts. Or make it a stream cypher with random IV. Public key has the advantage that the operator doesn't *need* a database. If you want to implement use-once addresses (or use-N-times), you could include a tag with the address (such as the IV), and reject future messages using that tag (e.g. save a hash of the tag). I think you missed the point - with your scheme it's still technically possible to decrypt the address years afterwards - you're relying on the remailer to always stay secure; with a delete-the-key scheme you couldn't even if you were hung upsidedown from the ceiling from your toenails by the gestapo. (Though you might want to...) - so a corrupted remailer would limit damage to only live keys that arrived after it was corrupted and not its entirely history of dead ones from the period beforehand. > - What we would really like is for the recipient to hit the "reply" button > and be able to send his mail back. Matt Ghio's remailer+62647629379278 at wherever.com syntax does this fine. The problem is 99% of mailers don't support that syntax, and although it can be added by clever sendmail hacks, it can't be added unless you have root access, and the philosophy of cypherpunk remailers/keyservers/etc is that they run on random accounts with no special privileges. Hence why putting the address in the body is more portable. Also random remailer names are likely to draw less attention in your system's outgoing-mail logs that addresses that are obvious remailers. If desired, you could implement anonymous bit-bucket addresses this way as well, though they're somewhat more useful if your remailer generates encrypted outgoing messages. Alternatively, you can *always* generate either a real or a bit-bucket return address, and leave it up to the sender to inform the recipient that there's a probably-working return path. I don't like the idea of replying and no knowing if it'll get there - in fact, I meant to say earlier, if a reply is sent on a key that has expired I'd expect the remailer to bounce an error report back saying that the key had expired. G From bmackay at ug.cs.dal.ca Fri Apr 15 08:07:49 1994 From: bmackay at ug.cs.dal.ca (Bruce MacKay) Date: Fri, 15 Apr 94 08:07:49 PDT Subject: Backup Encrypted DOS Partitions? Message-ID: <94Apr15.120740adt.55@ug.cs.dal.ca> Hi, excuse me if this is in a FAQ someplace, but I'm new to this list. I am looking for a secure way to backup a SECDRV encrypted partition. I have a large enough partition that I want to use a Colorado Jumbo 250 Tape. All of the tape backup software that I have seen is based on DOS file copies. What I need is something that will do a byte by byte copy of the entire partition. Obviously I want my backups encrypted so that they may be safely stored off site. Is there software out there that will do the job? I don't object to writing something if I can get the Quick80 specs from some place. (I'm looking for something that is DOS based. No Windoze apps, please!) Any help would be appreciated. -- Bruce Mackay | Finger ug for my PGP public key. InterNet Address: bmackay at ug.cs.dal.ca | bmackay at biome.bio.ns.ca | From ag588 at hela.INS.CWRU.Edu Fri Apr 15 08:08:32 1994 From: ag588 at hela.INS.CWRU.Edu (John C. Brice) Date: Fri, 15 Apr 94 08:08:32 PDT Subject: Rejected mail Message-ID: <199404151508.LAA15648@hela.INS.CWRU.Edu> ag588 is rejecting mail from you From MaraW at fs-gate.uchicago.edu Fri Apr 15 08:33:32 1994 From: MaraW at fs-gate.uchicago.edu (Whitney, Mara) Date: Fri, 15 Apr 94 08:33:32 PDT Subject: Help in SF Message-ID: <2DAEB2C1@FS-GATE.UCHICAGO.EDU> I have an activist friend in SF (Mission Street Area) who needs help to set up email in a safe, good way. He can receive mail in, but has trouble sending out. He needs help in determining if there are bugs and also to create privacy. He doesn't have a lot of computer experience. Any suggestions/help would be greatly appreciated. If you email me and get no response until Thursday, it is because I'm out of the office and will not be able to read my mail until my return. Thanks, Mara (marw at fs-gate.uchicago.edu) From SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil Fri Apr 15 08:46:09 1994 From: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil (SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil) Date: Fri, 15 Apr 94 08:46:09 PDT Subject: Some Questions... Message-ID: <9404151546.AA16205@toad.com> I am new to the list and learning rapidly. However I have a couple of questions: 1) How is it that I sign a message with PGP and still have the message be in plaintext? I know this is trivial to most, but new to me. 2) I know that there were programs out there that would break the protection scheme for ZIP and ARJ files (older versions of both), is there new ones out and what are their keys based on? Sorry for the inconvenience, but I am trying to learn. Sgt Darren Harlow - Computer Security MCTSSA, Camp Pendleton, USMC Internet: harlow%isb%mctssa at nwsfallbrook3.nwac.sea06.navy.mil Voice: Comm: (619) 725-2970 DSN (Autovon): 365-2970 Fax: Comm: (619) 725-9512 DSN (Autovon): 365-9512 "The views expressed are my own, and always will be..." -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi2pYOoAAAEEAJ0Fdc1HDwlww3Wz8JPeQDZT2Gk/q1gh0J+4njtUC66HXngN DNyxzoGnZVcA0bbkirsCdjvvZlsP84QVgxdijzgW4pNOJKowJgrQWFftGEqJKH5b I2NxJrk0kmKt/jli5kV/wDs9Rr4PxXQjGN4B+uJOCSlyWX+fnWNyHMOkIY2tAAUR tENEYXJyZW4gSGFybG93IDxoYXJsb3claXNiJW1jdHNzYUBud3NmYWxsYnJvb2sz Lm53YWMuc2VhMDYubmF2eS5taWw+ =v34V -----END PGP PUBLIC KEY BLOCK----- From rishab at dxm.ernet.in Fri Apr 15 08:54:38 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Fri, 15 Apr 94 08:54:38 PDT Subject: Speech compression Message-ID: danisch at ira.uka.de (Hadmut Danisch): > Can anyone give me hints to books, articles, algorithms or software > for speech compression? Is CELP public available? CELP C code for SPARCs is ftp from: furmint.nectar.cmu.edu celp.audio.compression/ super.org /pub/celp_3.2a.tar.Z There is a lot of info, source etc available. Pick up part 1 of the compression faq. You can get it from news.answers, or the archive at rtfm. I think that's rtfm.mit.edu /pub/Usenet-by-heirarchy/comp/compression/* -------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA -------------------------------------------------------------------------------- From killbarny at aol.com Fri Apr 15 08:57:03 1994 From: killbarny at aol.com (killbarny at aol.com) Date: Fri, 15 Apr 94 08:57:03 PDT Subject: Safeway + Your Privacy Message-ID: <9404151154.tn25740@aol.com> Safeway food stores has this neat little glitch in their shopping database that is just ripe for abuse and litigation. When you pay by check, your information is recorded and stored in their computers, so the next time you go in there and try to get out your ID [for your check], they say "Don't bother, we have that information." So if Joe bad guy gets ahold of your checkbook, writes a bunch of checks, let's say, over a weekend, Safeway doesn't care because the computer sez your account is Kosher. Hopefully, someone will have this awful thing happen to them and sue the Shit out of Safeway for being so negligent. Peter Mc Gowan, the asshole who owns Safeway, sized down his employees [so his shareholders could make more millions], which means we have to wait in even longer lines, due to his excellent insight into the Food Management. These databases are already collecting information every time we do not pay in cash. Those bar codes record everything. Safeway has taken this a bit higher, and I only wish I had someone steal my checkbook and take Safeway to the cleaners. From frissell at panix.com Fri Apr 15 09:50:49 1994 From: frissell at panix.com (Duncan Frissell) Date: Fri, 15 Apr 94 09:50:49 PDT Subject: Soldier of Fortune Message-ID: <199404151650.AA10664@panix.com> Someone asks: B >Do you know why Phil thinks the cypherpunks are a "nut group" (or B >something to that effect)? B > Phil was active in the Nuclear Freeze movement and is vauguely in the 'conventional' left. He doesn't like right-wing nuts or libertarian anarchists. He hopes strong crypto will just restrain the State rather than rendering it technologically obsolete. DCF Privacy 101 - You cannot be forced to either own a car or only drive cars you own. Register your car in a state without inspections or insurance requirements in the *name* of a company (which can be a sole proprietorship) under your control. Tell cops that you are an itinerant worker of some sort and that the car is supplied by your employer. --- WinQwk 2.0b#1165 From mg5n+ea1e6llvoz70pb6bweqlrmyla4udd80xgn0a0saq03 at andrew.cmu.edu Fri Apr 15 09:53:28 1994 From: mg5n+ea1e6llvoz70pb6bweqlrmyla4udd80xgn0a0saq03 at andrew.cmu.edu (Anonymous) Date: Fri, 15 Apr 94 09:53:28 PDT Subject: Dolphin Encryption Tutorial Message-ID: I just received this encryption "tutorial", which is really a thinly disguised sales pitch for Dolphin Encryption software. The sales pitch seems aimed toward less knowledgable users of PGP. >Some have claimed that PGP is the most secure encryption program >available for PCs, a claim that does not withstand critical >examination. What PGP is built on (IDEA, MD5, RSA) are all available for public inspection. Same for RIPEM. Available for free. Are you somehow implying the Dolphin Encrypt withstands critical examination? Be real. >Generally public key systems, such as PGP, are much slower than >secret key systems, and so ?? PGP uses MD5 to hash the passphrase to create a session key. It uses the session key to encrypt data, and uses RSA to encrypt the session key. It does not perform full blown RSA encryption on the data. What follows is a wondrous statistical analysis designed to frighten. A "weak" system is used to encrypt 2048 bytes, showing statiscal skewing. Fortunately, Dolphin Encrypt produces a flat distrubution when encrypting a 60201 byte file. Dolphin encrypt versus a 60201 byte file is superior to another system versus a 2048 file. Thank god. I just wonder what kind of data these two files are: 2048 bytes of ascii text versus 60201 bytes of a jpeg, zip archive, random noise? The comparison, fairly useless as it is, is even more useless without this further information. From mg5n+ea2uj7war2ufizqiqrdidkaii9mfkcwjze6q910g3a6 at andrew.cmu.edu Fri Apr 15 10:07:35 1994 From: mg5n+ea2uj7war2ufizqiqrdidkaii9mfkcwjze6q910g3a6 at andrew.cmu.edu (Anonymous) Date: Fri, 15 Apr 94 10:07:35 PDT Subject: Some Questions... Message-ID: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil wrote: > I am new to the list and learning rapidly. However I have a couple > of questions: > > 1) How is it that I sign a message with PGP and still have the message be > in plaintext? I know this is trivial to most, but new to me. pgp -sta +clearsig=on filename... > 2) I know that there were programs out there that would break the protection > scheme for ZIP and ARJ files (older versions of both), is there new ones out > and what are their keys based on? Yes, there are some new versions out, but they're still not particularily secure. There are various programs to break them, you could look on ftp soda.berkeley.edu, but you seem to be on UUCP so I don't know if you can FTP or not... From blancw at microsoft.com Fri Apr 15 10:28:39 1994 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 15 Apr 94 10:28:39 PDT Subject: Safeway + Your Privacy Message-ID: <9404151629.AA11363@netmail2.microsoft.com> From: killbarny at aol.com> Hopefully, someone will have this awful thing happen to them and sue the Shit out of Safeway for being so negligent. Peter Mc Gowan, the asshole who owns Safeway, sized down his employees [so his shareholders could make more millions], . . . . . These databases are already collecting information every time we do not pay in cash. Those bar codes record everything. Safeway has taken this a bit higher, and I only wish I had someone steal my checkbook and take Safeway to the cleaners. .............................................. Now that you know how negligent Safeway is and how their database is being used, you can choose an alternate place to shop for groceries, thus preserving your privacy as well as preventing the support of their shareholders. Blanc From whitaker at dpair.csd.sgi.com Fri Apr 15 10:31:13 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Fri, 15 Apr 94 10:31:13 PDT Subject: Some Questions... In-Reply-To: <9404151546.AA16205@toad.com> Message-ID: <9404151027.ZM1129@dpair.csd.sgi.com> On Apr 15, 8:43am, SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac wrote: > Subject: Some Questions... > I am new to the list and learning rapidly. However I have a couple > of questions: > > 1) How is it that I sign a message with PGP and still have the message be in > plaintext? I know this is trivial to most, but new to me. > Nothing is trivial if you find yourself banging your head on a problem to which you have no immediate answer. Here's the immediate answer: pgp -sta +clearsig=on message.txt That's from pgpdoc2.txt. Hope it helps. You might wish to set up your mail user agent to invoke this command upon exiting your default message editor, with "message.txt" set to whatever your editor calls the temporary message file. > > Sorry for the inconvenience, but I am trying to learn. > No problem. You might also consider taking the newsgroups sci.crypt and alt.security.pgp. Hmmm... you might find talk.politics.crypto interesting, too. > Sgt Darren Harlow - Computer Security What does your job involve? Local sysadmin? How did you find out about us? Welcome aboard. > MCTSSA, Camp Pendleton, USMC > >-- End of excerpt from SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac Russell -- Russell Earl Whitaker whitaker at sgi.com Silicon Graphics Inc. Technical Assistance Center, Mountain View CA (415) 390-2250 ================================================================ #include From mg5n+ at andrew.cmu.edu Fri Apr 15 10:32:19 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Fri, 15 Apr 94 10:32:19 PDT Subject: Safeway + Your Privacy In-Reply-To: <9404151154.tn25740@aol.com> Message-ID: <0hfgxAi00awIQ2l1Fm@andrew.cmu.edu> KillBarny at aol.com wrote: > Hopefully, someone will have this awful thing happen to them and sue the > Shit out of Safeway for being so negligent. Peter Mc Gowan, the asshole > who owns Safeway, sized down his employees [so his shareholders could > make more millions], which means we have to wait in even longer lines, > due to his excellent insight into the Food Management. Shop somewhere else if you don't like it. VONS pulled a similar scam a while back, but they gave you a "VonsChek" card. Every time you wanted to use a check they'd ask for this card. The card had a little magnetic strip that they'd scan. Anyway, this one guy I know went in there and the card wouldn't scan, so the cashier wouldn't take his check. She said, "Well, sir, you'll need to apply for a replacement card." He asked how to do that and she said, "Well, you need to fill out this form..." at which time he said "No I don't," threw the card at her and walked away, leaving the cashier there with a cart full of groceries. Then the manager noticed, and tried to come over and offer assistance, but he just walked out of the store. I think they cut back on that crap somewhat since then; but I don't really know, since I don't shop there anymore (this was when I lived in California...) > These databases are already collecting information every time we do > not pay in cash. Those bar codes record everything. Safeway has taken > this a bit higher, and I only wish I had someone steal my checkbook > and take Safeway to the cleaners. More likely they would take YOU to the cleaners first. I'm not sure if this would be the desired outcome, as Safeway might try to cover their asses by demanding more shit from you like driver's liscense, Social insecurity number... From SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil Fri Apr 15 10:59:41 1994 From: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil (SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil) Date: Fri, 15 Apr 94 10:59:41 PDT Subject: My Job Message-ID: <9404151759.AA19392@toad.com> Russell, Thanks for the info and encouragement. My job entails accrediting 5 VAX systems, two of which are running Ultrix, a Share system, and a Banyan LAN. I also am in charge of anti-virus software for the LAN. I am working on digital signatures, since we have a problem with forgery around here. Also I am working implementing PGP on a large around the compound. I want to get in depth with cryptology, and learn as much as I can as fast as I can. Please, if you have questions, ask them to me if I can help, as I know I will bother the list with mine. I learned about the list from the bugtraq discussion list. Thanks ! Sgt Darren Harlow - Computer Security Internet: harlow%isb%mctssa at nwsfallbrook3.nwac.sea06.navy.mil or another less reliable: harlow at mqg1.usmc.mil Phone: (619) 725-2970 Fax: (619) 725-9512 "The views expressed are my own, and always will be..." From ravage at bga.com Fri Apr 15 11:57:35 1994 From: ravage at bga.com (Jim choate) Date: Fri, 15 Apr 94 11:57:35 PDT Subject: Rejected mail In-Reply-To: <199404151508.LAA15648@hela.INS.CWRU.Edu> Message-ID: <199404151855.AA19460@zoom.bga.com> > > ag588 is rejecting mail from you > One really annoying bug in all the remailers and such out there is the above message. I figured it out the first damn time I saw it. I don't need a copy for every post to the c-punks list. The way they should work is send the notice the first time the rejection is activated. After that it should not send any kind of responce, I am being rejected after all.... From sandfort at crl.com Fri Apr 15 12:23:58 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 15 Apr 94 12:23:58 PDT Subject: Safeway + Your Privacy In-Reply-To: <9404151154.tn25740@aol.com> Message-ID: C'punks, On Fri, 15 Apr 1994 killbarny at aol.com wrote: > Safeway food stores has this neat little glitch in their shopping database > that is just ripe for abuse and litigation. When you pay by check, your > information is recorded and stored in their computers, so the next time you > go in there and try to get out your ID [for your check], they say "Don't > bother, we have that information." > > So if Joe bad guy gets ahold of your checkbook, writes a bunch of checks, > let's say, over a weekend, Safeway doesn't care because the computer sez your > account is Kosher. Nonsense. Of course they care, because they will have to eat the bad check, not you. > Hopefully, someone will have this awful thing happen to them and sue the > Shit out of Safeway for being so negligent. [ irrevelvant rant against > Safeway's hiring practices ] . . . I only wish I had someone steal my > checkbook and take Safeway to the cleaners. And what, pray tell, would be your cause of action? Why don't you just pay cash if you are so bothered? S a n d y From jimn8 at netcom.com Fri Apr 15 12:59:57 1994 From: jimn8 at netcom.com (Jim Nitchals) Date: Fri, 15 Apr 94 12:59:57 PDT Subject: Leahy on Supreme Court? Message-ID: <199404152001.NAA15315@netcom9.netcom.com> In an article on clari.news.gov.usa, Sen. Patrick Leahy was mentioned as a possible candidate for Supreme Court nomination. >From reading his comments, it would appear he's capable of thinking critically regarding privacy and commerce issues. Would it make sense to encourage his nomination, where we might have an ally on the Supreme Court, or to discourage it and leave him in charge of the committees? Who's likely to succeed Leahy in the telecommunications committee, and do we know their stance on Clipper? - Jim Nitchals (jimn8 at netcom.com) From pdn at dwroll.dw.att.com Fri Apr 15 15:54:03 1994 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Fri, 15 Apr 94 15:54:03 PDT Subject: Safeway + Your Privacy In-Reply-To: <9404151154.tn25740@aol.com> Message-ID: <9404151633.AA20479@ig1.att.att.com> -----BEGIN PGP SIGNED MESSAGE----- killbarny at aol.com writes : > > Safeway food stores has this neat little glitch in their shopping database > that is just ripe for abuse and litigation. When you pay by check, your > information is recorded and stored in their computers, so the next time you > go in there and try to get out your ID [for your check], they say "Don't > bother, we have that information." > > So if Joe bad guy gets ahold of your checkbook, writes a bunch of checks, > let's say, over a weekend, Safeway doesn't care because the computer sez your > account is Kosher. > Hmmm... In this scenario, wouldn't Safeway wind up eating the bad checks? I realize that it would be a royal pain in the ass for the victim (the checkbook owner) to sort out the mess, but it would seem to me that the victim could prove that he/she didn't sign the checks, leaving Safeway in the position of having exchanged groceries for worthless paper. This same problem exists with credit cards to some degree, due to the lax verification processes in place ay many businesses, and there is some law that limits your liability in the event of card theft. Buying groceries may not immediately appear to be cypherpunks-related, but this thread does bring up a point about 'identity theft' and verification; I'd be interested to hear from the legal gurus on the Safeway/stolen checkbook idea. - -- ........................................................................ Philippe D. Nave, Jr. | Strong Crypto: Don't leave $HOME without it! pdn at dwroll.dw.att.com | Denver, Colorado USA | PGP public key: by arrangement. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLa7BbQvlW1K2YdE1AQHT/gQA2MZxQw+STucJybjOzyXoegh0RGSsVFCf kNe4ANK7w40tJ6ne8/OpR27lLoB+K2UIvAEq6ivC+VqAvSMCXF8ycSd2fG0lwdQv R5AC56K4wN77v9HlOU111oZYSqAbT5J5st6OWube6kUbBicNqnW95E5tNySdvz0L np/FBAi8TA4= =MzA6 -----END PGP SIGNATURE----- From kafka at desert.hacktic.nl Fri Apr 15 16:19:40 1994 From: kafka at desert.hacktic.nl (-=[ Patrick Oonk ]=-) Date: Fri, 15 Apr 94 16:19:40 PDT Subject: Legalisering Drugs Message-ID: <199404152319.AA02942@xs4all.hacktic.nl> In article <2oken2INNt59 at dds.hacktic.nl>, you write the following: AN> AN> Ha PAt, AN> AN> In a previous article, kafka at desert.hacktic.nl (=== Patrick Oonk ===) says: AN> AN> >Ja, Perron 0, waar alle mensen die weleens een blowtje roken terecht AN> >kunnen. AN> AN> Ik rook ook wel eens een blowtje, maar op perron 0 waag ik me AN> maar niet. De bagatellisatie van Perron 0 wijst erop dat je er AN> waarschijnlijk niets van weet. Ik woon in een oude wijk in Rotterdam, en AN> kom dagelijks op het CS, omdat het Openbaar Vervoer me daar langs brengt. R'dam CS is inderdaad geen gezellige plek. Ik ben er weleens door de politie op aangesproken omdat ik er een blowtje rolde, terwijl de junks om me heen krioelden. AN> En dat al enige jaren. Ik heb autoriteit, omdat ik al deze zaken van AN> dichtbij zie. Jij bagatelliseert waarschijnlijk omdat dat goed in je AN> wereldbeeld past. Maar wat voor reden heb je er nou eigenlijk voor om AN> mijn verhaal niet te geloven, of Perron 0 te bagatelliseren ? Doe eens AN> hetzelfde als ik. Kom ook eens in het Oude Noorden wonen. Ga ook eens AN> dagelijks over het CS. Doe dat eens een jaar of 4. Dan gaan we weer AN> praten, dan heb jij ook autoriteit. Rinus, heb je wel eens van s-a-r-c-a-s-m-e gehoord ? AN> Wat hebben duizenden (hoe kom je aan dit getal) illegale AN> >Marokkanen met soft-drugs te maken? AN> AN> Je lijkt Theo Dudeck wel. speel je naieviteit ofzo ? Theo en ik kennen elkaar al jaren. Maar je beantwoord mijn vragen niet. AN> Runners ? Voor soft-drugs ? AN> AN> idem dito AN> AN> >En niet te vergeten al die vrouwen die verkracht worden door AN> >stonede mensen, en al die overvallen door mensen die geld nodig AN> >hebben voor wat weed. AN> AN> idem dito AN> AN> >Rinus, get a fucking LIFE! AN> AN> Hier zeg je eindelijk iets wat ik me aantrek. Ik realiseer me dat de AN> manier waarop ik er mee bezig ben, best wel ver gaat, en zelfs een stukje AN> van mijn eigen welzijn er door inlever. Maar ja, er zijn altijd mensen, AN> die (een deel van hun) leven beschikbaar willen stellen voor een ideaal. AN> Een soort wereldverbeteraars dus. Als jij de wereld moet verbeteren, dan laat ik hem liever zoals hij is. AN> >AN> gebied. Ik begin te denken aan Singapore- varianten (en niet van de GRIEP) AN> > AN> >Je bedoelt het verbod op kauwgom in Singapore ? AN> AN> De doodstraf voor drugshandel, natuurlijk ! Ja! De doodstraf! Die endlosung ! Rinus Visser! De DDS zijn eigen net.loon... Patrick --- "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 4 1994 == To get PGP, FTP /pub/unix/security/crypt/pgp23A.zip from ftp.funet.fi == From kafka at desert.hacktic.nl Fri Apr 15 16:19:49 1994 From: kafka at desert.hacktic.nl (-=[ Patrick Oonk ]=-) Date: Fri, 15 Apr 94 16:19:49 PDT Subject: (n!+1)^(1/2) In-Reply-To: <9404111823.AA19530@newton.apple.com> Message-ID: <199404152319.AA02965@xs4all.hacktic.nl> collins at newton.apple.com (Scott Collins) once said: CO> >For any number n, if the square root of (n!)+1 is an integer, it is also CO> >prime. (This is interesting, but rather useless in practice) CO> CO> For any number a, 1 is prime. Prime numbers don't have integral square roots. CO> CO> CO> Scott Collins | "That's not fair!" -- Sarah CO> | "You say that so often. I wonder what your basis CO> 408.862.0540 | for comparison is." -- Goblin King CO> ................|.................................................... CO> BUSINESS. fax:974.6094 R254(IL5-2N) collins at newton.apple.com CO> Apple Computer, Inc. 5 Infinite Loop, MS 305-2D Cupertino, CA 95014 CO> ..................................................................... CO> PERSONAL. 408.257.1746 1024:669687 catalyst at netcom.com CO> CO> --- "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 4 1994 == To get PGP, FTP /pub/unix/security/crypt/pgp23A.zip from ftp.funet.fi == From mech at eff.org Fri Apr 15 16:33:54 1994 From: mech at eff.org (Stanton McCandlish) Date: Fri, 15 Apr 94 16:33:54 PDT Subject: Clipper (Tessera, to be exact) laptops already being made Message-ID: <199404152333.TAA15110@eff.org> NOTICE: Tessera PCMCIA card laptops are already being manufactured, as of at least one week ago. For those new to the issue, the Tessera is an encryption device for PCMCIA-capable notebook computers, being a cartridge bearing a hardware encryption chip. The chip is based on the Skipjack algorithm, just like the Clipper chip (for phones), and it too features so-called "key escrow" (key surrender, to police/intelligence agencies). See ftp.eff.org, /pub/EFF/Issues/Crypto/ and subdirectories thereof for more inforation. Or call the EFF BBS at +1 202 638 6120 (N81) and look in the "Privacy--Clipper" file area. I spoke 2 days ago, informally, with a friend who works for a PC manufacturer. He told me he was thinking of quitting, and was looking for a new job. He was asked by his employer to help resolve a technical problem for a customer. The customer turned out to be none other than the NSA, and the problem product was a notebook PC manufactured by this company. Specifically, there was a serious design flaw that rendered it incompatible with the Tessera cards they were installing in the laptops. This "batch" were being made for internal NSA use, not commercial distribution, and it appears that the NSA will go looking elsewhere unless this bug can be fixed, so Tessera deployment is temporarily stalled. I have no reason to doubt this information, and believe it to be genuine. All this aside, I personally couldn't give a hoot whether the superspooks cripple their own security. However, this is yet another indication that Executive branch agencies are ready and willing to deploy Skipjack-derived product, and are unlikely to give it up w/o even more of a fight. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From ying at trd.iii.org.tw Fri Apr 15 19:53:05 1994 From: ying at trd.iii.org.tw (Chiung-Ying Huang) Date: Fri, 15 Apr 94 19:53:05 PDT Subject: call for security products! Message-ID: <9404160248.AA16340@research.trd.iii.org.tw> Hi: Is there any product for Netware security(access control, auditing). Or for LAN security. I would like to detect the intrusions to my Netware system. Any information is appreciated. e-mail: ying at research.trd.iii.org.tw From hfinney at shell.portal.com Fri Apr 15 20:32:32 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 15 Apr 94 20:32:32 PDT Subject: Time for a change? Message-ID: <199404160333.UAA22972@jobe.shell.portal.com> What's that smell? Doesn't it seem a little... musty? A little stale? Something's getting old. Something needs to be changed. It's your key. There are a lot of old, stale keys out there. Moldy, dusty keys a year or two old. It's time for those keys to change! The need for regular change of public keys has not been emphasized enough. The longer you use a key, the more likely something will happen which will expose your secret. Plus, it gives attackers more incentive to try to break or steal your keys if they know they'll be able to decrypt messages for a long time once they get them. A lot of people seem to think of keys as quasi-permanent, sort of a voluntary version of social security numbers. One key, cradle to grave. But this is not the idea at all. I was reminded of this by Graham Toal's response to Bill Stewart: > Public key has the advantage that the operator doesn't *need* a database. > If you want to implement use-once addresses (or use-N-times), > you could include a tag with the address (such as the IV), > and reject future messages using that tag (e.g. save a hash of the tag). > > I think you missed the point - with your scheme it's still technically > possible to decrypt the address years afterwards - you're relying on the > remailer to always stay secure; with a delete-the-key scheme you couldn't > even if you were hung upsidedown from the ceiling from your toenails by the > gestapo. (Though you might want to...) - so a corrupted remailer would > limit damage to only live keys that arrived after it was corrupted and not > its entirely history of dead ones from the period beforehand. Graham is thinking in terms of remailers which retain their keys for years. What is a good interval for key changes? I would suggest every year or so makes sense, especially if infrastructure can be developed to make it easier to propagate key changes. Keys should be overlapped in time, so that you make a new key and start using it, while continuing to support the old key for a time. But for remailers, I'd like to see a considerably accelerated key turnover schedule - maybe every month, or every week. This would help defeat the kinds of attacks Graham is talking about. And the remailers should securely dispose of their old keys to the extent possible. Granted, right now the difficulties of distributing keys are rather high, so the costs of changing keys may be large. But as this technology becomes more available, key changes should be scheduled regularly. PGP has some fields for key expiration, but support for that was never implemented. The idea was that you would get warned when it was time for you to change to a new key. Users of old keys would be warned as well that they should try to find out the new key they should use. All this was not done because there wasn't time. Hopefully the feds will change their mind about pursuing legal sanctions against PGP developers and progress can be made again. Hal From SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil Fri Apr 15 20:33:40 1994 From: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil (SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil) Date: Fri, 15 Apr 94 20:33:40 PDT Subject: call for security products! Message-ID: <9404160333.AA29143@toad.com> -----BEGIN PGP SIGNED MESSAGE----- I work with a Banyan Vines Network which contains it's own logs. What type of logs are you wanting to maintain? I may be able to help point you in the right direction. Sgt Darren Harlow - Computer Security Internet: harlow%isb%mctssa at nwsfallbrook3.nwac.sea06.navy.mil or another less reliable address: harlow at mqg1.usmc.mil "The views expressed are my own, and always will be..." - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi2pYOoAAAEEAJ0Fdc1HDwlww3Wz8JPeQDZT2Gk/q1gh0J+4njtUC66HXngN DNyxzoGnZVcA0bbkirsCdjvvZlsP84QVgxdijzgW4pNOJKowJgrQWFftGEqJKH5b I2NxJrk0kmKt/jli5kV/wDs9Rr4PxXQjGN4B+uJOCSlyWX+fnWNyHMOkIY2tAAUR tENEYXJyZW4gSGFybG93IDxoYXJsb3claXNiJW1jdHNzYUBud3NmYWxsYnJvb2sz Lm53YWMuc2VhMDYubmF2eS5taWw+ =v34V - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLa8zRmNyHMOkIY2tAQHm7AQAmde5g8D4MPorbwPyxx+P1mMoBOtw0W1/ sXIsXUgNaMwEQLGohuYYGOU05KITqPGCynhaRTBoj2jGhH4nmay7h/OBt421nGI8 Pvthbt4aBkiPHdaNecESs085CWHdvUzTyBErWdgZuHueGHoI+z2tPdcAaxDdZ3R1 M3BcYEFCia8= =3Mv6 -----END PGP SIGNATURE----- From sameer at soda.berkeley.edu Fri Apr 15 22:06:07 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Fri, 15 Apr 94 22:06:07 PDT Subject: Time for a change? In-Reply-To: <199404160333.UAA22972@jobe.shell.portal.com> Message-ID: <199404160505.WAA02707@soda.berkeley.edu> > > But for remailers, I'd like to see a considerably accelerated key turnover > schedule - maybe every month, or every week. This would help defeat the > kinds of attacks Graham is talking about. And the remailers should securely > dispose of their old keys to the extent possible. I think that a remailer-key server would be a good idea. Is the code to the keyserver @wasabi.io.com available? If so I might start such a server once I get my machines on the net. From gnu Fri Apr 15 23:26:10 1994 From: gnu (gnu) Date: Fri, 15 Apr 94 23:26:10 PDT Subject: Laundering money through commodity futures Message-ID: <9404160625.AA00695@toad.com> I wonder if anonymous digital cash will really consist of shares in frozen orange juice futures... John Date: Fri, 15 Apr 1994 06:55:58 -0400 From: farber at central.cis.upenn.edu (David Farber) Subject: The Soft Pork Underbelly of Efficient Markets [I knew electronic markets were good for something .. djf] To: interesting-people at eff.org (interesting-people mailing list) Date: Thu, 31 Mar 1994 23:30:20 -0500 From: Peter Wayner Subject: The Soft Pork Underbelly of Efficient Markets The Under Pork Belly of Efficient Markets, or How to Launder Money Using Cattle Futures The great promise of electronic networks and virtual communities is a collection of very efficient markets. In the future, information will be moved, products will be sold and trades will be executed in a blink of an eye. This efficiency is usually considered to be a pretty good thing by everyone in business, in economics or in line at the video store. The underside of this efficiency, though, is a blurring of the line between legitimate and illegitimate business. A good way to understand this effect is to study the case of how to launder money using the futures markets. Laundering money is an age old problem for people who want to move funds from person A to person B without leaving a suspicious trail. Cash is the nieve approach and it has plenty of problems: it is bulky, it can be lost or stolen, and most importantly it often leaves people asking "Hey, where did that come from?" The futures markets, though, make it simple to move funds in a way that is indistinguishable from ordinary commerce. If it is done correctly, the recipiant, person A, looks like a lucky stiff or a market savvy investor. Person B is usually out of the picture or out of luck. The same games can be played with almost any other market, but futures markets are so efficient that the process is actually feasible and easy to do. The basic transaction in futures is to buy or sell a contract for the delivery of x pounds/barrels/tons/feet of some commodity at y dollars/yen/marks etc. If you buy a contract, then you're obligated to actually cough up y dollars when the contract comes due. Most people don't hold on to the contracts long enough for them to actually take delivery. They sell another contract and the futures market maintains a clearing house that is responsible for matching up the contracts and cancelling them out. It's a great system. Very efficient and very useful for farmers, manufacturers and others who actually produce and consume commodities. Futures markets are great for laundering money, though, because they can generate big losses or big gains in a short amount of time. It is quite possible for $100 to turn into a $5000 gain overnight. The downside is that it can often turn into a $5000 loss in the same amount of time. In fact, the market is a zero sum game. If you make n dollars, then there is someone out there who just lost n dollars. The sum total of the losses and the winnings equals zero. This zero sum nature is the key to laundering the money. Person A and Person B get together and guess that the price for a commodity is going to go up. That means that who ever buys a contract will make money. So Person A, the intended recipient buys a contract and Person B sells a contract. If they're right, then Person A gets the money and Person B loses the same amount. Bingo. The money moved from B to A and no one can trace how it got there. Person A looks smart or lucky and Person B looks out of luck. There was no direct connection between the two. There are thousands of other people out there winning and losing money at the same time. The marketplace's central clearing house arranges it so each wins and loses their rightful share. You may wonder why B bothered to sell a contract and lose money. This is the safeguard against guessing wrong. No one is correct all of the time. Even the people who try and rig the markets and corner them get burned as often as they succeed. The best investors in the futures markets, the ones who make money time after time, are the arbitrageurs. They spot inefficient pockets and try and remain neutral to the overall shifts in the market. Person B sells the contract so that if the market goes down, i.e., the wrong way, then A and B together have lost no money. It's a zero sum. Now they just have to play the game a bit longer or for stakes that are twice as high. You can think of the process as flipping a coin until you have encounter a heads. Ideally, you play this game with two players with relatively deep pockets. This means that A can cover the short term loses. This is a bit of a disadvantage because many money laundering operations must move cash from the rich to the poor. You can cover up this problem by using the same broker for A and B. The broker executes the trades and then assigns the winning trade to A and the losing trade to B. They fill in the order books after the fact. Using the same broker for A and B can be problematic because it may look too suspicious if the mirrored trades appear on the same ledger. The beauty of this system is that it can look quite indistinguishable from normal business practices. Many companies actively enter the futures markets to hedge themselves against foreign currency movements. Others actively enter the futures markets to guarantee themselves a good supply of their raw materials. The essential point of this lesson is that fast, efficient markets make it possible to move money easily. The futures markets were designed so that is no real other half to every trade. It's literally you against the world with every trade. The RISKS, of course, is that accountability can vanish as the size of the crowd grows to be as big as the world. There is no way to catch up with this. The futures market are so great because there is no need to deal one on one. The effects of speed are not only apparent in big financial markets. Credit cards and overnight delivery are a dangerous combination. You could steal cards, order a fortune of stuff, arrange for it all to be delivered overnight and then jump town quickly before people notice the card was gone. Suddenly, merchants must deal with the fact that something that used to be complete legitimate (exchanging cash for goods) is now a potential theft. Of course, there are other crimes that lose their edge. It is much harder to escape the law by heading to a new town. Computerized fingerprint files are very, very efficient. I think everyone felt that perfect, computerized markets would bring about the right mixture of accountability and efficiency. It would be a perfect mixture of Big Brotherly scrutiny would take care of everything. Every trade, after all, is recorded in the futures market. Yet, the best mechanism for anonymous fund transfer yet discovered exists here in the midsts of all of this record keeping, legal scrutiny and oversight. ------- End of Forwarded Message From albright at scf.usc.edu Sat Apr 16 00:39:10 1994 From: albright at scf.usc.edu (Julietta) Date: Sat, 16 Apr 94 00:39:10 PDT Subject: Safeway + Your Privacy In-Reply-To: Message-ID: <199404160738.AAA04602@nunki.usc.edu> > > C'punks, > > On Fri, 15 Apr 1994 killbarny at aol.com wrote: > > > Safeway food stores has this neat little glitch in their shopping database > > that is just ripe for abuse and litigation. When you pay by check, your > > information is recorded and stored in their computers, so the next time you > > go in there and try to get out your ID [for your check], they say "Don't > > bother, we have that information." And Sandy Sandfort responded: > > And what, pray tell, would be your cause of action? Why don't you just > pay cash if you are so bothered? The thing is- yes of course, one coulpd pay cash to avoid Safeway- and in fact, perhaps that is one must do. However, it seems to me that we a re touching on alarger issue here- and that is the fact that these practices amount to societal surveillance techniques which are being employed with greater and greater frequency. One has to get a bit nervous, it would seem- when it becomes easier and easier for the powers that be to track your every move- including the videos you have rented, the people you have spoken with or correspaonded with, the books and magazines you have read, etc. This may not be of concern to the average citizen who is content with going to work and going home and watching TV every night- but for those who don't buy into or are actively hostile towards the dominant hegemonic ideology of this country- surveillance may in fact become a real concern. Computers make such surviellance, as we have seen, more and more feasible on a grander scale- both in terms of the amount of information it is possible to obtian about a person, and in terms of the amount of people which can easily be watched. I am not suggesting a grand conspiricy, although I think that computer technology could potentially inadvertently give great power to a centralized government. I suppose that is why it is so important not to merely say "Hey- pay cash"- but rather to think about the further implications of surveillance via computer in our society. Ciao for now, Julie __________________________________________________________________________ Julie M. Albright Ph.D Student Department of Sociology University of Southern California albright at usc.edu From rjc at gnu.ai.mit.edu Sat Apr 16 02:23:07 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Sat, 16 Apr 94 02:23:07 PDT Subject: Factoring Broken, news at 11 Message-ID: <9404160922.AA10379@geech.gnu.ai.mit.edu> A friend of mine told me that a friend of his (who I know), has a professor who knows someone at Bellcore who has just succeeded in a factoring breakthough. Supposedly it relies on quantum complexity theory or something else I've never heard of. Of course, I think it's total bullsh*t and probably a misinterpreted April Fools joke, but there's always the possibility.... Just thought I'd relay this semihumorous tidbit. (and possibly start another nasty net.rumor ;-) ) -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From sonny at netcom.com Sat Apr 16 06:19:19 1994 From: sonny at netcom.com (James Hicks) Date: Sat, 16 Apr 94 06:19:19 PDT Subject: Laundering money through commodity futures Message-ID: <199404161320.GAA05453@mail.netcom.com> Slick! +---------------------------------------------------------------------+ | james hicks | Give me your tired, your poor, | | | your huddled masses yearning to breathe free, | | ...can you hear | Send these, the homeless, tempest-tossed to me.| | the music?... | I lift my lamp beside the golden door! | +---------------------------------------------------------------------+ From athomas at hydra.acs.uci.edu Sat Apr 16 07:39:07 1994 From: athomas at hydra.acs.uci.edu (Andrew Thomas) Date: Sat, 16 Apr 94 07:39:07 PDT Subject: Liability wrt making pgp available to the campus In-Reply-To: Message-ID: <199404161438.AA08286@hydra.acs.uci.edu> >> Funny thing; last year the computer administrators wouldn't even allow a >> copy of PGP to reside on their systems -- now it is part of their public >> account (student-run officially University unsupported software, usable >> by all). About six months ago I was going to to compile and install pgp in the campus software library which is made available to hundreds of systems distributed accross the campus. I decided against it at the time becuase I was unsure if anyone (namely the University) would be liable for providing the pgp executable to the public without having a liscence for the RSA algorithm. I had pretty much abandoned the idea until I saw this post. If i'm correct, it's the resposibility of the user to obtain a liscence which is why pgp is freely available at ftp sites without putting the owner of the site at risk. In this case would the University be resposible for aquiring a liscence? This also brings up another question: is there anyone out there using freeware pgp who has obtained a RSA licsence so they can use it legally? Also I'm curious if there are there any sysadmins out there that have made pgp available to their users? Andy Thomas aethomas at uci.edu From mg5n+ at andrew.cmu.edu Sat Apr 16 08:39:01 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sat, 16 Apr 94 08:39:01 PDT Subject: Liability wrt making pgp available to the campus In-Reply-To: <199404161438.AA08286@hydra.acs.uci.edu> Message-ID: Andy Thomas wrote: > >> Funny thing; last year the computer administrators wouldn't even allow a > >> copy of PGP to reside on their systems -- now it is part of their public > >> account (student-run officially University unsupported software, usable > >> by all). > > About six months ago I was going to to compile and install pgp in the > campus software library which is made available to hundreds of systems > distributed accross the campus. I decided against it at the time > becuase I was unsure if anyone (namely the University) would be liable > for providing the pgp executable to the public without having a > liscence for the RSA algorithm. I had pretty much abandoned the idea > until I saw this post. If i'm correct, it's the resposibility of the > user to obtain a liscence which is why pgp is freely available at ftp > sites without putting the owner of the site at risk. In this case > would the University be resposible for aquiring a liscence? This also > brings up another question: is there anyone out there using freeware > pgp who has obtained a RSA licsence so they can use it legally? Also > I'm curious if there are there any sysadmins out there that have made > pgp available to their users? Well, I went through a similiar situation with CMU, they told someone (not me) that they wouldn't allow PGP to be in the campus software library, so I put it in my personal directory and told everyone where to get it, and they didn't complain. It's in /afs/andrew.cmu.edu/usr12/mg5n/pgp/pgp23A.tar.Z From cpsr at access.digex.net Sat Apr 16 08:55:25 1994 From: cpsr at access.digex.net (Dave Banisar) Date: Sat, 16 Apr 94 08:55:25 PDT Subject: FOIA- New Docs Reveal Criticisms of FBI Cost-Benefit Analysis of DT Message-ID: <9404161156.AA20478@Hacker2.cpsr.digex.net> [1] FBI Wiretap Claims Questioned Ever since it first proposed "Digital Telephony" legislation in 1992, the Federal Bureau of Investigation has claimed that wiretapping enables law enforcement agencies to prevent billions of dollars in economic loss. Most recently, in a briefing book on the proposed legislation dated March 8, 1994, the Bureau stated that "[t]he economic benefit from the continued use of electronic surveillance (fines, recoveries, restitution, forfeitures and prevented economic loss) is in the billions of dollars per year." These FBI figures are derived from a cost-benefit analysis the Bureau drafted in May 1992 to justify the substantial cost the telecommunications industry would need to bear in order to comply with the legislation. Among other things, the FBI analysis claimed that electronic surveillance had prevented more than $1.8 billion in "potential economic loss" between 1985 and 1991. CPSR has now obtained government documents under the Freedom of Information Act (FOIA) that raise substantial questions as to the accuracy of these numbers. The documents contain comments on the Bureau's cost-benefit analysis from various components of the federal government, including the White House. These internal critiques of the FBI analysis include the following: * May 22, 1992 memo from the White House: "The analysis should make consistent assumptions with respect to both costs and benefits. The benefits analysis should reflect clearly that only some cases involve electronic surveillance; that some surveillance could continue in the absence of this legislation (at least for some period of years); and that some convictions could probably still be obtained absent surveillance." ... "The analysis does not consider the existence of or the potential for other forms of surveillance that might compensate for the reduction in telephone wiretapping capabilities." ... "On p. 4 and p. 6, certain figures representing 'prevented potential economic loss' are cited. Please explain what losses are encompassed in those figures and how they are calculated." ------------------------------------------------------ * May 22, 1992 memo from Office of the Vice President: "In several places in the analysis, figures are cited without reference to their sources or to how they were derived. For example, on p. 4 a figure of $1.8 billion is cited for potential economic loss. ..." ------------------------------------------------------ * May 26, 1992 memo from Treasury Department: "It is difficult to do a critical analysis of DOJ's cost benefit package without a full explanation of how DOJ arrived at its cost/benefit figures, and what costs and benefits were included in those figures. It is not clear that DOJ knows, or could know, all the costs and benefits involved, but this should be clearly stated." ------------------------------------------------------ In addition to these new documents, industry officials at a Congressional hearing on March 18 sharply questioned the FBI's figures. Roy Neel, President of the US Telephone Association, disputed the FBI's figures that the bill would only cost around 300 million, citing that just revising call forwarding would cost an estimated $1.8 billion. ---------------------------------------------------------------- From cpsr at access.digex.net Sat Apr 16 08:56:39 1994 From: cpsr at access.digex.net (Dave Banisar) Date: Sat, 16 Apr 94 08:56:39 PDT Subject: Counter-Intelligence Provisions Pass Senate Message-ID: <9404161157.AA37096@Hacker2.cpsr.digex.net> [2] National Security Provisions Added to Competitiveness Act In March, the US Senate added several controversial provisions to S. 4, the National Competitiveness Act of 1994, to make counter-intelligence surveillance easier. The amendment, named the Counter-Intelligence Improvement Act of 1994, was introduced by Senator William Cohen (R-ME) and approved by a voice vote March 10. S. 4 passed the Senate on March 16 and is now pending in the House of Representatives as HR. 820. One provision makes it easier for the FBI to obtain credit reports. Another allows the secretive Foreign Intelligence Surveillance Court to authorize break-ins. Section 1011(b) authorizes the FBI to obtain the credit reports of individuals without a warrant if a designee of the Attorney General sends a letter to the credit bureau stating that the subject is the target of a counter-intelligence investigation and they have "specific and articulable facts" that the person is a foreign agent. Section 1011(c) allows the FBI to obtain the name, address, former addresses, current and former places of employment of a person from a credit bureau with a written request stating that "the information is necessary to the conduct of an authorized foreign counterintelligence investigation." The credit bureaus are prohibited from disclosing to the people that their reports have been obtained. The only oversight is a yearly report presented to the Intelligence Committees of the House and the Senate. Another provision allows the Foreign Intelligence Surveillance Court, (FISC) a secretive court of 7 specially chosen judges created by the Foreign Intelligence Surveillance Act of 1978 to authorize physical searches. The court currently only has jurisdiction to authorize electronic surveillance in counter-intelligence cases. Since its formation in 1979, it has never rejected any of the 6,500 requests by the government for a electronic surveillance order. From sandfort at crl.com Sat Apr 16 09:16:03 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 16 Apr 94 09:16:03 PDT Subject: Safeway + Your Privacy In-Reply-To: <199404160738.AAA04602@nunki.usc.edu> Message-ID: C'punks, On Sat, 16 Apr 1994, Julietta wrote: > . . . > > And Sandy Sandfort responded: > > > > And what, pray tell, would be your cause of action? Why don't you just > > pay cash if you are so bothered? > > The thing is- yes of course, one coulpd pay cash to avoid Safeway- and in > fact, perhaps that is one must do. However, it seems to me that we a re > touching on alarger issue here- and that is the fact that these practices > amount to societal surveillance techniques which are being employed with > greater and greater frequency. . . > > I am not suggesting a grand conspiricy, although I think that > computer technology could potentially inadvertently give great power to a > centralized government. I suppose that is why it is so important not to > merely say "Hey- pay cash"- but rather to think about the further > implications of surveillance via computer in our society. . . > > Julie First, my main point was that the original poster's solution (i.e., "sue the shit out of Safeway") was sophomoric. I don't see any basis for a cause of action. Second, other than pay cash or--as someone else suggested--shop elsewhere, what are your options? These solutions work. Since Julie seems to think they are not enough, what would she suggest? If one is concerned about centralizing power in the government, than that would seem to eliminate governmental solutions such as suing or sponsoring "privacy" laws, n'est-ce pas? S a n d y From rarachel at prism.poly.edu Sat Apr 16 12:29:52 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sat, 16 Apr 94 12:29:52 PDT Subject: Safeway + Your Privacy In-Reply-To: <199404160738.AAA04602@nunki.usc.edu> Message-ID: <9404161917.AA21098@prism.poly.edu> As insidious as it seems, there are a couple of advantages to this commercial invasion of privacy. firstly it allows you to go through the checkout counter a bit faster. Secondly, it allows Safeway to compile statistical information about what products you're interested in, and can sell this information to advertisers, which would either bombard you with junk mail, or unexpected/unwanted phonecalls, but may also throw in some cupons to sweaten the deal. (Of course the advantages are not quite all the shoppers...) Now this is fairly harmless, however, should something like DT2 require Safeway to provide its database to the Feds, they will hold practically all the information they could dream of having about an individual/family. They can already get all the credit info, at the records of your bank account, your credit card purchases, phone calls, food purchases, your trash (sort of like dumpster diving, only more sinister), what more could they possibly need to know you without your consent? It really is time to get anon digital cash... :-I From rarachel at prism.poly.edu Sat Apr 16 13:57:40 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sat, 16 Apr 94 13:57:40 PDT Subject: anti-clipper autobomber Message-ID: <9404162045.AA22719@prism.poly.edu> I found this on comp-privacy. Maybe we can use a scheme like this one to send anti-clipper information over the net... Does toad.com have a usenet news feed? If so, maybe we can have a program written that scans for keywords and mails the author of the message some info about cypherpunks and clipper and digital telespying 2. I do however strongly suggest that the automail bomber keep records of who it sent a particular anti-clipper message to. We don't want to actually mailbomb people with 500 copies of the same message. Just one article would do. We could also have this program autobomb different articles based on different keywords. It would be a good idea to also keep a list of names of those who complained so we don't send'em anything again, and separate "already-sent-to" lists for different articles with a central universal "no-send" list. I would guess that this could be done with a daemon and a couple of scripts, or perhaps some atrun'ed program. The 1st program would scan all the articles for the keywords and useraddresses. It would then append any usernames it finds that have sent messages with keywords that may indicate a favorable response to the article to the article's mail list. The second program would then take the mail list for each article and remove any names found in the universal "send-no-mail-to-me" list, and in the "already-sent-to" list. The resulting list could be fed to perhaps majordomo(?) or just passed to a mailer along with the text of each article. The name would then be thrown in the "already-sent-to" list after the message completed. Perhaps at the bottom of the mailed article we can have some instructions on subscribing to cypherpunks, or telling this autobomber to put the name into the "no-send" list. Perhaps a message to majordomo with "remove autobomber" or something... I'd imagine that this would create quite a lot of traffic for toad.com, not to mention the requirements of huge names lists... Maybe if the articles are periodic and are no longer sent after a month, it can help keep the storage and traffic in check??? Anyway, here's the article: Article 1117 of comp.society.privacy: Path: prism.poly.edu!cmcl2!yale.edu!yale!gumby!newsxfer.itd.umich.edu!gatech!howland.reston.ans.net!vixen.cso.uiuc.edu!uwm.edu!computer-privacy-request From: "Paul W. Robinson" Newsgroups: comp.society.privacy Subject: Every Move You Make...I'll Be Watching You Date: 14 Apr 1994 23:41:27 GMT Organization: Computer Privacy Digest Lines: 39 Sender: comp-privacy at uwm.edu Approved: comp-privacy at uwm.edu Message-ID: NNTP-Posting-Host: 129.89.2.6 X-Original-Submission-Date: 14 Apr 1994 02:43:17 -0400 (EDT) X-Submissions-To: comp-privacy at uwm.edu X-Administrivia-To: comp-privacy-request at uwm.edu X-Computer-Privacy-Digest: Volume 4, Issue 052, Message 5 of 19 Originator: levine at blatz.cs.uwm.edu "Paul W. Robinson" stated: Here's something which might be of interest to you. A large Educational Instuitution's computer is watching everything sent in newsgroups and possibly in some mailing lists. I am using a modified address of PAULW at TDR.COM instead of PAUL because that computer has already sent me a message to PAUL at TDR.COM. I want to try to see what it does this time. In one list I mentioned that the Massachusetts Institute of Technology (you know what the 3 letter abbreviation is) has a system that collects E-Mail addresses of people who post to newsgroups. That site used to be called "pit-manager". I am writing this message in this way to see what happens. Apparently, any time one of the Institute's computers sees a reference to "pit-manager" it mails a message to the sender telling them that the site was changed to the address "rtfm". I am not referencing the internet address that ends in .EDU here for that educational Institution because I want to see if the Massachusetts Institute of Technology's computer is checking based upon someone using the name "pit-manager" or is it because of reference to the Institute's domain name with that term used within the message? I don't know if a program that is sending out messages based on it scanning the contents of messages that it saw is a good idea. Consider a program that checked for spelling errors and criticized people who misspelled words by telling them of all the words they misspelled. (Considering how bad some people's writing is, that might not be a bad idea.) This sort of practice could be prostituted into to all sorts of interesting political correctness tactics by having automated programs that watch for comments someone doesn't like and mailing the writer complaints. --- Paul Robinson - Paul at TDR.COM From samman at CS.YALE.EDU Sat Apr 16 14:11:00 1994 From: samman at CS.YALE.EDU (Llywelyn) Date: Sat, 16 Apr 94 14:11:00 PDT Subject: anti-clipper autobomber In-Reply-To: <9404162045.AA22719@prism.poly.edu> Message-ID: On Sat, 16 Apr 1994, Arsen Ray Arachelian wrote: > I found this on comp-privacy. Maybe we can use a scheme like this one to s$ > anti-clipper information over the net... Does toad.com have a usenet news > feed? If so, maybe we can have a program written that scans for keywords > and mails the author of the message some info about cypherpunks and clipper > and digital telespying 2. > > I do however strongly suggest that the automail bomber keep records of who > it sent a particular anti-clipper message to. We don't want to actually > mailbomb people with 500 copies of the same message. Just one article would > do. Sounds a bit like Serdar's scheme. Ben. ____ Renegade academician. They're a dangerous breed when they go feral. -James P. Blaylock in "Lord Kelvin's Machine" From kadie at eff.org Sat Apr 16 14:16:34 1994 From: kadie at eff.org (Carl M. Kadie) Date: Sat, 16 Apr 94 14:16:34 PDT Subject: Another reason for anonymity In-Reply-To: <199404140213.TAA08077@mail.netcom.com> Message-ID: <2opkj9$7qm@eff.org> sandfort at crl.com (Sandy Sandfort) writes: [...] >Furthermore, American law is generally more "free speech" oriented >with regard to what would otherwise be considered libel or slander. [...] Mike Godwin has a good article about American libel law and the Net. ANNOTATED REFERENCES (All these documents are available on-line. Access information follows.) ================= law/libel_2.IW ================= * Expression -- Libel -- Public Figures and the Net "Libel, Public Figures, and the Net" by Mike Godwin, an article for Internet World. Argues that in most cases, replying to defamation on the Net is more effective than and preferable to a lawsuit. ================= ================= If you have gopher, you can browse the CAF archive with the command gopher gopher.eff.org These document(s) are also available by anonymous ftp (the preferred method) and by email. To get the file(s) via ftp, do an anonymous ftp to ftp.eff.org (192.77.172.4), and then: cd /pub/CAF/law get libel_2.IW To get the file(s) by email, send email to ftpmail at decwrl.dec.com Include the line(s): connect ftp.eff.org cd /pub/CAF/law get libel_2.IW -- Carl Kadie -- I do not represent EFF; this is just me. =kadie at eff.org, kadie at cs.uiuc.edu = From hfinney at shell.portal.com Sat Apr 16 14:32:25 1994 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Sat, 16 Apr 94 14:32:25 PDT Subject: Blind signature cash patents Message-ID: <199404162133.OAA05438@jobe.shell.portal.com> A little while ago someone posted about a new company that would do patent searches via email requests. For another week they are doing free searches as an introductory offer. I did a search on blind-signature based cash systems, and these are the patents it found. This might be useful for those considering implementing electronic cash. Full text of patents are available for $4.95. The kind of search I did for free will cost $149 after another week. People are allowed 3 searches per day for free until then. For more info send a message with just "help" in the body to spo_patent at spo.eds.com. Hal 2 04977595 19901211 380/24 Method and apparatus for implementing ++electronic++ ++cash++ Inventor: Ohta; Kazuo Assignee: Nippon Telegraph and Telephone Corporation Abstract: In an ++electronic++ ++cash++ implementing method, a user makes a ++bank++ apply a ++blind++ signature to user information Vi produced, by a one-way function, from secret information Si containing identification information, thereby obtaining signed user information. Further, the user makes the ++bank++ apply a ++blind++ signature to information containing authentication information Xi produced, by a one-way function, from random information Ri, thereby obtaining signed authentication information. The user uses an information group containing the signed user information, the signed authentication information, the user information and the authentication information, as ++electronic++ ++cash++ for payment to a ++shop++. The ++shop++ verifies the validity of the signed user information and the signed authentication information, and produces and sends to the user an inquiry. In response to the inquiry the user produces a response Yi by using secret information and random information and sends it to the ++shop++. Having verified the validity of the response the ++shop++ accepts the ++electronic++ ++cash++. 3 05224162 19930629 380/24 ++Electronic++ ++cash++ system Inventor: Okamoto; Tatsuaki Assignee: Nippon Telegraph and Telephone Corporation Abstract: In an ++electronic++ ++cash++ system, K sets of ++blind++ signature information are derived from secret information containing identification information of a user, K/2 sets of them are opened and a ++bank++ attaches a ++blind++ signature to the remaining K/2 sets of information. The user obtains a signed license from the ++blind++ signature. The user generates ++blind++ signature information from the license and a desired amount of money and gets a ++blind++ signature of the ++bank++ to the ++blind++ signature information and obtains ++electronic++ ++cash++ signed by the ++bank++ from the ++blind++ signature. The user presents to a ++shop++ a residue power root of a node in a money hierarchial structure and the ++electronic++ ++cash++, corresponding to the amount of money to be used, and the ++shop++ verifies their validity and, if they are valid, offers inquiry information to the user. The user offers, as response information, a residue power root of the node corresponding to the amount of money to be used to the ++shop++. The ++shop++ verifies the validity of the response information and, if it is valid, acknowledges the payment with ++electronic++ ++cash++ of the amount of money to be used. 4 04759063 19880719 380/30 ++Blind++ signature systems Inventor: Chaum; David L. Abstract: A cryptographic system allows, in one exemplary use, a supplier to cryptographically transform a plurality of messages responsive to secret keys; the transformed messages to be digitally signed by a signer; and the signed transformed messages returned to the supplier to be transformed by the supplier, responsive to the same secret keys, in such a way that a ++digital++ signature related to each original message is developed by the supplier. One important property of these systems is that the signer cannot determine which transformed message received for signing corresponds with which ++digital++ signature-even though the signer knows that such a correspondence must exist. 6 04914698 19900403 380/30 One-show ++blind++ signature systems Inventor: Chaum; David Abstract: Numbers standing for ++cash++ money can be ++spent++ only one time each, otherwise the --account-- from which they were ++withdrawn++ would be revealed. More generally, a technique for issuing and showing ++blind++ ++digital++ signatures ensures that if they are shown responsive to different challanges, then certain information their signer ensures they contain will be revealed and can be recovered efficiently. Some embodiments allow the signatures to be unconditionally untraceable if shown no more than once. Extensions allow values to be encoded in the signatures when they are shown, and for change on unshown value to be obtained in a form that is aggregated and untraceable. 11 04949380 19900814 380/30 Returned-value ++blind++ signature systems Inventor: Chaum; David Abstract: A payer party obtains from a signer party by a ++blind++ signature system a first public key ++digital++ signature having a first value in a withdrawal transaction; the payer reduces the value of the first signature obtained from the first value to a second value and provides this reduced-value form of the signature to the signer in a payment transaction; the signer returns a second ++digital++ signature to the payer by a ++blind++ signature system in online consummation of the payment transaction; the --paper-- derives from the first and the second signature a third signature having a value increased corresponding to the magnitude of the difference between the first and the second values. Furthermore, the following additional features are provided: payments are unlinkable to withdrawals; a ++shop++ between the payer and signer can be kept from obtaining more value than desired by the payer; the first value need not be revealed to the signer or intermediary in the payment transaction; the returned difference can be accumulated across multiple payment transactions; and the returned difference can be divided between a plurality of payment transactions. 19 04759064 19880719 380/30 ++Blind++ unanticipated signature systems Inventor: Chaum; David L. Abstract: An improved ++blind++ signature system not requiring computation during ++blinding++ for anticipating which of a plurality of possible signatures will be made during signing, while still allowing the ++blinding++ party to unblind and recover the unanticipated kind of signature on what was ++blinded++. An exemplary embodiment ++blinds++ by forming a product including a plurality of generators raised to powers normally secret from the signing party, and unblinds by forming a product with the multiplicative inverse of a signed form of the generators raised to the original powers. Re-blinding allows a signature on a value to be transformed into a signature on a particular ++blinded++ form of the value. 23 04206315 19800603 380/23 ++Digital++ signature system and apparatus Inventor: Matyas; Stephen M. Assignee: International Business Machines Corporation Abstract: A ++digital++ signature machine provides a simplified method of forming and verifying a signature that is appended to a ++digital++ message. A sender transmits a signature with the usual signature keys and with validation table entries that correspond to the unsent keys and with the compressed encoding of the next validation table. The receiver uses the compressed encoding of the next validation table to form validation table entries from the signature keys so that the receiver has a full validation table. This validation table is compressed and compared with the compressed encoding which was received from the sender in a preceding message. From eagle at deeptht.armory.com Sat Apr 16 15:00:15 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Sat, 16 Apr 94 15:00:15 PDT Subject: Media Mass Mailers Message-ID: <9404161500.aa08813@deeptht.armory.com> -----BEGIN PGP SIGNED MESSAGE----- From: Llywelyn Subject: Re: anti-clipper autobomber On Sat, 16 Apr 1994, Arsen Ray Arachelian wrote: > I do however strongly suggest that the automail bomber keep records of who > it sent a particular anti-clipper message to. We don't want to actually > mailbomb people with 500 copies of the same message. Just one article ::Sounds a bit like Serdar's scheme. ::Ben. Having had some experimental success with mass mailing the media, I've already considered the concept. Pertinent adresses would include major newspaper, TV and periodicals. Items would have to be newsworthy, not just informational. Personal attention would be paramount. A live person would have to monitor the responses, personally appologizing for the inconvienience to those requesting deletion, with assurances that the matter will taken care of to their satisfaction immediately. Out of the God knows how many media adresses Adam Gaffin provided me, I had two deletion requests. One from an IL local, and the other from the Pheonix Gazzette. Notable persons requesting to be kept informed of newsworthy developments on the electronic frontier include Adam Kaul of NBC News. IMHO, we need to use our technological resources to their greatest tactical and operational advantage. Albeit, ladies and gentlemen, we must consider it of paramount importance to preserve a strategy of befriending the media, avoiding at ALL COST a technological alienation of them. Serdar's roboposts are the classic example of what not to do. I'm sure if this ever gets out of the intellectual stage and into the operational, sufficient safeguards for our integrity will have been established. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbBfmV/ScHuGXWgVAQHxpAQAtDl2gXZbKD621n+UNvzTtylxifqpx6ry wk4o/ZdGaA+jfJbeVnTdd/+Borq1VdgIGAyJEwBCoDft/qbuMoKrhhNAHzWcLy9T 96mNmgFzGZw0OKgniDbVkBLcL3g9uCtvce1E+XFFZeHUeXwHL3NWqOH2oiG3ti+d uk04h1SLUBI= =oPEx -----END PGP SIGNATURE----- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From tcmay at netcom.com Sat Apr 16 18:44:25 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 16 Apr 94 18:44:25 PDT Subject: Table of Key Lengths and Brute Force Cracking Times Message-ID: <199404170145.SAA28011@mail.netcom.com> Here are some numbers from Bruce Schneier's article in the April 1994 "Dr. Dobb's." The article is a review of the "Cambridge Algorithms Workshop," where Bruce also presented a paper on Blowfish. These estimates are in a slightly different form than what "Applied Cryptography" has (on pp. 130-135), and incorporate (apparently) the Michael Wiener DES-busting estimates from last summer. First, some typical key lengths for block ciphers, as reported by Schneier: Algorithm Key Block Problems/Comments DES 56 64 key too small Triple DES (3DES) 112 64 slow Khufu (Merkle/Xerox) 64 64 patented, key too small FEAL 32 64 64 patented, key too small LOKI-91 64 64 weaknesses, key too small REDOC II 160 80 patented REDOC III variab. 64 patented IDEA (Europe) 128 64 patented RC2 (RSADSI) variab. 64 proprietary Skipjack (NIST/NSA) 80 64 secret algorithm GOST (FSU, Russia) 256 64 not completely specified MMB 128 128 insecure The "problems" reported are exactly as reported by Schneier. No mention of RC4, which may in "exportable" versions may be as short as 40-45 bits. Second, some estimates of brute-force cracking time: Key Length Time for a $1M Time for a $1B ($1000M) Machine to Break Machine to Break 40 0.2 second 0.0002 sec 56 3.5 hours (Wiener) 13 sec 64 37 days 54 minutes 80 2000 years 6.7 years (2 years?) 100 7 billion years 7 million years 128 10^18 10^15 years 192 10^37 years 10^34 years 256 10^56 years 10^53 years Note that a billion dollar cipher-busting machine is not out of the question. Norm Hardy once described to us the $100M "Harvest" machine (also described by Bamford). NSA has its won on-site wafer fab facility (built by National Semiconductor several years back). A single Space Shuttle launch costs around a billion dollars (NASA says $0.6B, GAO says $1.5B), and many of the launches are just put up reconnaisance and SIGINT satellites, so spending $500M to $1B on special computers to crunch the data seems plausible. (However, it's hard for NSA to make plans for what key length they'll have to target. It's also not clear that enough non-financial users have been using DES to make it "necessary" for such large expenditures....a single machine that can crack a DES-encrypted message in, say, 1-10 hours may be enough for their current needs. All of this is just speculation.) For logistical and other reasons, I would expect they may have _several_ smaller machines. Just as effective, of course, cumulatively. Obviously a billion dollars worth of hardware will not be dedicated for a couple of years to crack a single 80-bit cipher. Anyway, you all can fool with these numbers and draw your own conclusions. Ron Rivest did some similar calculations for RSA modulus sizes and came to similar conclusions (e.g., 1200-bit modulus will withstand even attacks by billion-dollar machines for several more decades). --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From qjones at infi.net Sat Apr 16 21:05:25 1994 From: qjones at infi.net (Wayne Q Jones) Date: Sat, 16 Apr 94 21:05:25 PDT Subject: Sgt Russell Message-ID: Sorry for pounding this to the list but I cant get through to the Sgt Russel on my system. Q: I did not know sea06 funded the USMC . Is this some special unit or just the way it is? Q: SInce when did the Fallbrook Weapons Station need to use PGP for its security? Sounds a little black to me especially when you can get RSA for free. Wayne **************************************************************************** Qjones at infi.net She kissed me- I felt the hot blush * * Qjones at larry.wyvern.com Of raging passion incinerate my heart * **************************************************************************** From hughes at ah.com Sat Apr 16 21:13:56 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 16 Apr 94 21:13:56 PDT Subject: rng, anyone? In-Reply-To: <9404150549.AA12690@anchor.ho.att.com> Message-ID: <9404170405.AA28846@ah.com> Re: PGP simulators >WHile Blum-Blum-Shub is probably the cool way to go, >RSAREF uses repeated iterations of MD5 to generate its pseudo-randoms, >which can be reasonably secure and use code you've probably already got >hooks from perl for. There is a problem with generating random numbers by repeated iterations of a hash function when these numbers will be used to simulate an encrypted message body. The body can be seen to be generated by the algorithm. All you do is to apply MD5 to the first block and see if it's equal to the second block. This completely identifies the message as a hash-chain generation, and thus as a fake message. Indistinguishability is a harder criterion to simulate than other notions of randomness. Eric From hughes at ah.com Sat Apr 16 21:16:56 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 16 Apr 94 21:16:56 PDT Subject: 'Nother MIT talk on crypto... In-Reply-To: <9404151416.AA27651@media.mit.edu> Message-ID: <9404170408.AA28860@ah.com> >> ``WHICH KEY ESCROW, IF ANY?'' >> or >> ``Fair Cryptosystems vs. The Clipper Chip'' >> by >> Silvio Micali Micali's "fair" cryptosystem is a much better key surrender system than Clipper, but it still allows non-intended recipients for a message. For this reason, I don't like it either. Fight _all_ intrusions. Eric From hughes at ah.com Sat Apr 16 21:26:02 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 16 Apr 94 21:26:02 PDT Subject: Laundering money through commodity futures In-Reply-To: <9404160625.AA00695@toad.com> Message-ID: <9404170417.AA28879@ah.com> >This zero sum nature is the key to laundering the money. Person A and Person B >get together and guess that the price for a commodity is going to go up. Guess. Read that word again; it's important. >That >means that who ever buys a contract will make money. So Person A, the intended >recipient buys a contract and Person B sells a contract. If they're right, >then Person A gets the money and Person B loses the same amount. >Bingo. The money moved from B to A and no one can trace how it got there. _If_ they're right. >You may wonder why B bothered to sell a contract and lose money. This is the >safeguard against guessing wrong. No one is correct all of the time. Even the >people who try and rig the markets and corner them get burned as often as they >succeed. So then, let's take the probability of guessing right at 1/2. [then is described the double-up strategy] >Ideally, you play this game with two players with relatively deep >pockets. This means that A can cover the short term loses. Here's the flaw, in full glory. This scheme is the classic double-or-nothing martingale. It doesn't work. The "relatively deep pockets" of A have to be infinite, because that's the expected value of the amount of A's intermediate loss in the random walk to the completion of the transaction. The example is ludicrous, but the conclusion is valid. More transactions means more interactions between them and more possibility to hide something inside the ever-increasing flux. Eric From hughes at ah.com Sat Apr 16 21:27:28 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 16 Apr 94 21:27:28 PDT Subject: Table of Key Lengths and Brute Force Cracking Times In-Reply-To: <199404170145.SAA28011@mail.netcom.com> Message-ID: <9404170419.AA28890@ah.com> >First, some typical key lengths for block ciphers, as reported by >Schneier: [table omitted] >No >mention of RC4, which may in "exportable" versions may be as short as >40-45 bits. RC4 is a stream cipher, and thus not in the table of block ciphers. Eric From hughes at ah.com Sat Apr 16 21:34:45 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 16 Apr 94 21:34:45 PDT Subject: Dolphin Encryption Tutorial In-Reply-To: Message-ID: <9404170426.AA28904@ah.com> >Are you somehow implying the Dolphin Encrypt withstands critical >examination? Be real. Last time Dolphin Encrypt reared its insecure head in this forum, these same issues came up. The cipher that DE uses is not public and was not designed by a person of known cryptographicc competence. It should therefore be considered extremely weak. >The comparison, fairly useless as it is, is even more useless without >this further information. Agreed. I repeat my recommendation of before: Do not use Dolphin Encrypt if you want secrecy. If you want something on the scale of a secret decoder ring, fine. Eric From vkisosza at acs.ucalgary.ca Sat Apr 16 22:06:53 1994 From: vkisosza at acs.ucalgary.ca (Istvan Oszaraz von Keszi) Date: Sat, 16 Apr 94 22:06:53 PDT Subject: New Remailer Message-ID: <9404170509.AA41720@acs5.acs.ucalgary.ca> Could someone give me some quick direction on installing and running a new remailer. Due to system constraints, I've had to rewrite some of the mailer software, I've tested it, and it seems to operate fine. My question is what is necessary, to create an address for the remailer? I'd like it addressed as something other than my personal account. Do I contact my sysadmins for a new address, or is this something which is user configurable. Thanks BTW: Do I open up the remailer to the public or do I ask some of the users of remailers to help me test it prior to a world release. From tcmay at netcom.com Sat Apr 16 22:39:14 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 16 Apr 94 22:39:14 PDT Subject: Idea for a Minor New Remailer Feature: Dead Drop Aliases In-Reply-To: <9404170509.AA41720@acs5.acs.ucalgary.ca> Message-ID: <199404170540.WAA04579@netcom12.netcom.com> Istvan Oszaraz von Keszi writes: > My question is what is necessary, to create an address for the > remailer? I'd like it addressed as something other than my > personal account. Do I contact my sysadmins for a new address, > or is this something which is user configurable. > This reminds me of an idea: why not create "symbolic links" between pseudonyms chosen by the remailer operators and their actual physical sites? The idea is this: fred at uptight.org wants to run a remailer, but he doesn't want his managers at "uptight.org" to know he's advertising this service (e.g., by postings in a public place, by the finger of remailer at soda.berkeley.edu, etc.). He wants a "dead drop" to forward to him mail intended to be remailed. What he wants is an alias at another site, run probably by a sympathetic Cypherpunks who has more control over his own site. So, joe at uptight.org arranges with eric at freedom.org to establish this alias. (eric at freedom.org knows what's going on....the only security is that based on the trust between eric and joe.) I know, I know, this is "security through obscurity." (In a sense.) And eric at freedom.org might _just as well_ run the second or third or nth remailer _himself_. But the advantage of there being _many_ physical people acting as remailers is still there. And it encourages people who might shy away from running a remailer to do so. The overall security is at least not any lower than if joe at uptight.org got the remailer traffic directly. There are other wrinkles. I can give more of my thoughts if there's any interest. Not to volunteer anybody's copious spare time, but I have a hunch a Perl program could implement this automatic reflector easily. Maybe some mailers can already handle this (I don't see any commands in elm, my mailer, that can do selective bouncing/forwarding....kind of like a kill file, except the targetted address gets forwarded.) Any thoughts? --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hayden at krypton.mankato.msus.edu Sat Apr 16 23:11:51 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sat, 16 Apr 94 23:11:51 PDT Subject: Clipper Comparisons for non-geeks Message-ID: (First, geeks is a complimentary term, finger me for info :-) I was talking to some friends about Clipper and it's dangers. Unfortunately, they are not very computer literate and really didn't grasp what exactly escrowing meant or anything. Anyone have some more-common, real world, analogies I could make for future discussions? ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From warlord at ATHENA.MIT.EDU Sat Apr 16 23:28:23 1994 From: warlord at ATHENA.MIT.EDU (Derek Atkins) Date: Sat, 16 Apr 94 23:28:23 PDT Subject: Clipper Comparisons for non-geeks In-Reply-To: Message-ID: <199404170628.CAA15605@charon.MIT.EDU> Well, one way I've described the clipper to a non-computer literate person is to have them imagine a situation where the government required that you gave them a copy of your housekey, and, if you decided to get a safe-deposit-box, they would get a copy of that, too. Basically, whatever you consider private or secure, in a physical sense, would still be wide open to the government, no matter how much you wanted to keep it private or secret. Granted, this isn't a direct analogy, but it's close enough to try to get someone to understand the implications of the Clipper chip. -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord at MIT.EDU PP-ASEL N1NWH PGP key available From jdwilson at gold.chem.hawaii.edu Sat Apr 16 23:51:13 1994 From: jdwilson at gold.chem.hawaii.edu (Jim Wilson (VA)) Date: Sat, 16 Apr 94 23:51:13 PDT Subject: Rejected mail In-Reply-To: <199404151508.LAA15648@hela.INS.CWRU.Edu> Message-ID: Any chance we can start rejecting his rejects? -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQBNAi2Ig+EAAAECALImsR18LE9I6NKICf8TVhbV6yJgF95ynGHnWnNo1ERfdqzk Zl3Icl2N5klNM3KQ9zM3uN/z55smi2QOiD3hL80ABRO0L0phbWVzIEQuIFdpbHNv biA8amR3aWxzb25AZ29sZC5jaGVtLmhhd2FpaS5lZHU+ =JTj1 -----END PGP PUBLIC KEY BLOCK----- ................................ . == = = James D. Wilson. . " " " P. O. Box 15432............................. . " " /\ " Honolulu, HI 96830-5432......Fr. Excelsior........ . \" "/ \" jdwilson at gold.chem.hawaii.edu.FRC/FAM/AASR/GWB/OTO. ................................................................... On Fri, 15 Apr 1994, John C. Brice wrote: > ag588 is rejecting mail from you From jdwilson at gold.chem.hawaii.edu Sun Apr 17 00:24:57 1994 From: jdwilson at gold.chem.hawaii.edu (Jim Wilson (VA)) Date: Sun, 17 Apr 94 00:24:57 PDT Subject: Rejected mail (fwd) Message-ID: Forwarded FYI -Jim -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQBNAi2Ig+EAAAECALImsR18LE9I6NKICf8TVhbV6yJgF95ynGHnWnNo1ERfdqzk Zl3Icl2N5klNM3KQ9zM3uN/z55smi2QOiD3hL80ABRO0L0phbWVzIEQuIFdpbHNv biA8amR3aWxzb25AZ29sZC5jaGVtLmhhd2FpaS5lZHU+ =JTj1 -----END PGP PUBLIC KEY BLOCK----- ................................ . == = = James D. Wilson. . " " " P. O. Box 15432............................. . " " /\ " Honolulu, HI 96830-5432......Fr. Excelsior........ . \" "/ \" jdwilson at gold.chem.hawaii.edu.FRC/FAM/AASR/GWB/OTO. ................................................................... ---------- Forwarded message ---------- Date: Fri, 15 Apr 1994 13:55:53 -0500 (CDT) From: Jim choate To: "John C. Brice" Cc: cypherpunks at toad.com Subject: Re: Rejected mail > > ag588 is rejecting mail from you > One really annoying bug in all the remailers and such out there is the above message. I figured it out the first damn time I saw it. I don't need a copy for every post to the c-punks list. The way they should work is send the notice the first time the rejection is activated. After that it should not send any kind of responce, I am being rejected after all.... From bill at kean.ucs.mun.ca Sun Apr 17 01:35:17 1994 From: bill at kean.ucs.mun.ca (Bill Garland) Date: Sun, 17 Apr 94 01:35:17 PDT Subject: Safeway + Your Privacy Message-ID: <0097D140.1B631720.2317@Leif.ucs.mun.ca> Subj: Re: Safeway + Your Privacy From: Julietta Message-ID: <199404160738.AAA04602 at nunki.usc.edu> > To: sandfort at crl.com (Sandy Sandfort) >Date: Sat, 16 Apr 1994 00:38:57 -0700 (PDT) >CC: cypherpunks at toad.com >> C'punks, >> >> On Fri, 15 Apr 1994 killbarny at aol.com wrote: >> >> > Safeway food stores has this neat little [glitch in their] shopping database... ^ ^ --- My [BillG] inserted square brackets there...intentional change of meaning, remove the glitch part... related to below. [Comment about the glitch itself interjected below below.] --- >And Sandy Sandfort responded: >> >> And what, pray tell, would be your cause of action? Why don't you just >> pay cash if you are so bothered? > >The thing is- yes of course, one coulpd pay cash to avoid Safeway- and in >fact, perhaps that is one must do. Okay. End of that problem. Now then, what's all this: > However, it seems to me that we a re >touching on alarger issue here- and that is the fact that these practices >amount to societal surveillance techniques which are being employed with >greater and greater frequency. No they don't. Let's assume for the moment that I own Safeway. Well, the original author did mention the guy's name, in a somewhat derogatory way...anyway, That's MY neat little database there. I can do with it what I want. What I want to do with it is ..... IRACIS. (Increase Revenue, Avoid Cost, Improve Service). Actually, if you want to look at a larger issue, consider working towards achieving your goals, sort of increasing extropy, as it were, by using intelligent technology... This is not societal surveillance. Oh, sure, I can sell my mailing lists, and if my list buyer wants forty year old left handed albinoes who recently purchased books about cats, then you can be sure she will get them, and she will sell them again, and the PTB will eventually find out. Unless, of course, I have in some way assumed an obligation to my Customers not to do this. The one thing I wouldn't want to do with my neat little database is piss the Customer off. >One has to get a bit nervous, it would seem- >when it becomes easier and easier for the powers that be to track your >every move- including the videos you have rented, the people you have >spoken with or correspaonded with, the books and magazines you have read, >etc. Everything is on the record. If you don't want records kept, well, that's absurd... records will always be kept. They wont always be accessable by those powers you fear, if you do your homework, now. I know I'M not putting cripple chips in any of my stores. Anyone caught with tessera cards is fired on the spot, since this is de facto evidence that you are a government spy. And their name goes into BlackNet... >This may not be of concern to the average citizen who is content with >going to work and going home and watching TV every night- Okay, let's not be concerned about them - no, wait, they are our Customers! They will have more money to spend in my stores if they have enough left after taxes. Gee, if they didn't have to pay so many taxes, ... > but for those who >don't buy into or are actively hostile towards the dominant hegemonic >ideology of this country- Hey. Cypherpunks, are we all active in our hostility now? The BlackNet Police are watching you. For extra points, name the dominant hegemonic ideologies of all G7 countries. > surveillance may in fact become a real concern. >Computers make such surviellance, as we have seen, more and more feasible >on a grander scale- both in terms of the amount of information it is >possible to obtian about a person, and in terms of the amount of people >which can easily be watched. Sorry if this sounds offensive to you, as I do not wish to offend - even though I would like to own Safeway... My own hostility is tongue-in-cheek - but once again, I get to surveil my own cash registers, pos terminals, inventory systems, etc, and my neat little database knowbot gives me a strategic advantage in producing my income, as well as the income of all those oppressed minions who are forced into employment contracts in my stores, so you might just as well assume I am going to make use of it. If I don't, someone else will. In fact, even if I do someone else will - they already are. --- Trying to exploit some misguided feelings about a glitch because you feel watched - back to the original threadline for a moment - It seems to me, as a customer, that I want my cheques cleared fast in the checkout line, just as I want laser bar code scanners. I hate wasting time looking at chocolate bars. If I don't want them to know I really do buy chocolate bars and cigarettes and that is why I gained weight and got emphysema and that is why they might cancel my government sponsored health care insurance, and OH YEAH, that's why they use my SmartHealthCard as ID, well, then, I might just stop writing cheques. Steal your cheques, indeed! Why not just go tell Mr. Wasisname whom you seem to hate so much that his system could be cracked if someone knew what you know and hope he gives you a reward for it. I wouldn't recommend blackmailing him... --- Back to the newer sub-thread from Julie - > I am not suggesting a grand conspiricy, although I think that >computer technology could potentially inadvertently give great power to a >centralized government. I suppose that is why it is so important not to >merely say "Hey- pay cash"- but rather to think about the further >implications of surveillance via computer in our society. Ciao for now, Hey, we have already inadvertently given great power to a centralized government. We - many of us - well, some of us, well, er, I'm sure at least Tim May and myself, are just trying to get some of it back, and not to give them any more. [Actually, Tim and I seem to have given great powers to _different_ centralized governments, eh! You can't get away from them - yet.] >Julie Bill Garland, whose .sig is watching you From MIKEINGLE at delphi.com Sun Apr 17 01:42:55 1994 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Sun, 17 Apr 94 01:42:55 PDT Subject: Key Eater Needed Message-ID: <01HB9P5CBXDE9BZ8MR@delphi.com> Hal Finney suggests expiring old keys. The first thing we would need is a way to clear the keyservers of such dead keys. The keyservers are already up to 1.3 MB. Many of those keys must be long dead. In any case, the key servers cannot just accumulate keys forever. There is no way to know now when a key was sent to a server, so it is hard to know when to delete it. One way would be to keep track of when new keys are sent or updated, and delete any key which has not been updated within a certain time, such as one year. All existing keys could be given six months to live. Those who wanted to keep their present keys could send them again, and others could create new ones. The web of trust model does not lend itself easily to key expirations, because this requires you to frequently get people to re-sign your key, and to re-sign the keys of others. This creates the opportunity for the "here's my new key, and I haven't got it resigned yet" attack. There would have to be a fairly long overlap period between new and old keys, during which time the old key signed the new key. Expirations would complicate the system considerably. --- Mike From ebrandt at jarthur.cs.hmc.edu Sun Apr 17 01:44:46 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Sun, 17 Apr 94 01:44:46 PDT Subject: Idea for a Minor New Remailer Feature: Dead Drop Aliases In-Reply-To: <199404170540.WAA04579@netcom12.netcom.com> Message-ID: <9404170844.AA13739@toad.com> > Not to volunteer anybody's copious spare time, but I have a hunch a > Perl program could implement this automatic reflector easily. It's a one-liner in the .forward or .maildelivery file you edit to set up a remailer. Almost anybody could act as a "bounce point" in this fashion. I don't think it would do much for joe at uptight.org, though. root at uptight is more likely to notice the traffic than to happen across joe advertising his remailer in alt.random.group. > (I don't see any commands in elm, > my mailer, that can do selective bouncing/forwarding... Try "man forward". (Or "man maildelivery" in my case, but probably not netcom's.) This sort of handling happens before the MUA sees the mail. Eli ebrandt at hmc.edu From bill at kean.ucs.mun.ca Sun Apr 17 02:30:29 1994 From: bill at kean.ucs.mun.ca (Bill Garland) Date: Sun, 17 Apr 94 02:30:29 PDT Subject: Cypherpunks Quick Code Message-ID: <0097D147.D4A0CBE0.2401@Leif.ucs.mun.ca> Cypherpunks Quick Code V 1.00 ====================== 1. Cypherpunks, QUICK! CODE! 2. Cypherpunks write code. 3. Cypherpunks, WRITE CODE! 4. Cypherpunks, right. Code? 5. Cryptography is all Economics. 6. There is no cypherpunks agenda. 7. According to something tossed around over on the Extropians list, .... 8. i am NOT Detweiller. 9. As long as you use the MD5 hash of the 3DES session keys in the remailer header and PGP in the digital postage stamps, the NSA can't de-cripple your whiffie, er, de-clipple your Hell, man, - the money will still be safe with aunt bessie. 10. DISSEMINATION of this IMPORTANT INFORMATION in UnAltered Format is .... 11. ag588 is rejecting mail from you. Wendell Noseworthy =========== Just so as not to generate any more wasted bandwidth here, or is that waste more generated bandwidth, whatever, I will forward any suggested changes to the Cypherpunks Quick Code to Wendell Noseworthy for insertion into the next offically cypherpunk-agenda-approved release of the Cypherpunks Quick Code. Send them to me... Bill Garland, whose .sig does channeling for a small fee From wet!naga Sun Apr 17 05:15:37 1994 From: wet!naga (Peter Davidson) Date: Sun, 17 Apr 94 05:15:37 PDT Subject: If however Dolphin Encrypt was extremely strong ... Message-ID: >Date: Sat, 16 Apr 94 21:26:24 -0700 >From: hughes at ah.com (Eric Hughes) >Message-Id: <9404170426.AA28904 at ah.com> >To: cypherpunks at toad.com >In-Reply-To: Anonymous's message of Fri, 15 Apr 1994 12:53:16 -0400 >Subject: Dolphin Encryption Tutorial >Precedence: bulk >Status: R Eric Hughes quotes "Anonymous": >>Are you somehow implying the Dolphin Encrypt withstands critical >>examination? Be real. Real? "Anonymous" here reveals that he has not been keeping up with the literature. DE was examined critically by Prof. Cipher Deavours in the October 1993 issue of Cryptologia, who (after studying the C source code for the encryption algorithm) wrote: "The diffusion process employed in the ciphering of data is fairly complex for an inexpensive system such as this one." Eric then allows as how: >Last time Dolphin Encrypt reared its insecure head in this forum, >these same issues came up. The cipher that DE uses is not public and >was not designed by a person of known cryptographicc competence. It >should therefore be considered extremely weak. However, in Peter Meyer's article we read: >The >encryption algorithm used in Dolphin Encrypt is defined by the C source >code for the encryption and decryption functions, and this source code is >part of a publicly available C function library (the Dolphin Encryption >Library). The method is not secret and its full details are available for >examination to anyone who purchases the library. Perhaps the DE cipher is not "public" in the sense that it is widely available on unix sites, but it is "publicly available". Perhaps the source code is not posted on sites such as soda because the publisher does not wish to expose himself to the the charge of making a strong crypto system available for export. Eric again quotes "Anonymous": >>The comparison, fairly useless as it is, is even more useless without >>this further information. > >Agreed. For all we know Eric himself posted that "anonymous" message, so he could quote him out of context. As I recall, Anonymous seemed to have (deliberately?) misunderstood the part about the statistical test (and Eric agrees with him). >I repeat my recommendation of before: Do not use Dolphin Encrypt if >you want secrecy. If you want something on the scale of a secret >decoder ring, fine. > >Eric By his own admission Eric is ignorant of the DE cipher and is ignorant of the cryptographic competence of the author (or authors) of DE. Yet, rather than withholding judgment until more information is available, he makes a strong negative recommendation (and adds an insult). I would imagine that, in the opinion of most people, recommendations based upon ignorance such as this are worthless. Eric seems to have a burr up his ass regarding either DE or its author(s). His misrepresentation (e.g. that the DE cipher is not public) and lack of logic (e.g. we don't know that X is true therefore X is false) suggest that there is an emotional basis to his "recommendation". Apparently as regards DE Eric is not capable of anything except smear tactics. The astute readers of this list are not likely to be fooled by this. From pfarrell at netcom.com Sun Apr 17 06:44:45 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Sun, 17 Apr 94 06:44:45 PDT Subject: Laundering money through commodity futures Message-ID: <34907.pfarrell@netcom.com> hughes at ah.com (Eric Hughes) posts to C'punks: >> This zero sum nature is the key to laundering the money. Person A and >> Person B get together and guess that the price for a commodity is going >> to go up. > > Guess. Read that word again; it's important. > >[stuff elided] > The example is ludicrous, but the conclusion is valid. More > transactions means more interactions between them and more possibility > to hide something inside the ever-increasing flux. On the OP-Ed page of the WSJ a week ago thursday (page A14) is an article that describes a way to make a $100,000 bribe look like extrodinary luck in the cattle futures market. The trick that both the initial poster and Eric missed is that you don't guess. You need a shady broker who makes a saddle - both side of the trade - and doesn't register either. Once the market has moved, one will post a gain, and the other a loss. So you could, hypothetically of course, post the loser to a huge poultry conglmerate, and the winner to a successful laywer's account. The Poultry firm would write it off as a normal market loss that was protecting their operations. The laywer would claim that she read the WSJ and was lucky. But untracable electronic markets will have lots of transactions, so there will be lots of ways to play these games. This is what drives the taxman crazy. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From hughes at ah.com Sun Apr 17 08:02:57 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 17 Apr 94 08:02:57 PDT Subject: Key Eater Needed In-Reply-To: <01HB9P5CBXDE9BZ8MR@delphi.com> Message-ID: <9404171454.AA29518@ah.com> >Hal Finney suggests expiring old keys. The first thing we would need is a >way to clear the keyservers of such dead keys. One way to expire keys is to simply declare that any old PGP key more than two years old is expired. >There is no way to know now when a key was sent to a server, so it is hard >to know when to delete it. You can use the date in the PGP key structure to timeout on. >The web of trust model does not lend itself easily to key expirations, >because this requires you to frequently get people to re-sign your key, >and to re-sign the keys of others. This creates the opportunity for the >"here's my new key, and I haven't got it resigned yet" attack. Everyone should sign their new keys with their old ones. Eric From hughes at ah.com Sun Apr 17 09:15:19 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 17 Apr 94 09:15:19 PDT Subject: If however Dolphin Encrypt was extremely strong ... In-Reply-To: Message-ID: <9404171607.AA29599@ah.com> I repeat my advice: Don't use Dolphin Encrypt if you want secrecy. If you want something that will provide short term security against unsophisticated opponents, it's probably fine. For why I think this, read on. >>>Are you somehow implying the Dolphin Encrypt withstands critical >>>examination? Be real. >Real? "Anonymous" here reveals that he has not been keeping up >with the literature. DE was examined critically by Prof. Cipher >Deavours in the October 1993 issue of Cryptologia, who (after studying >the C source code for the encryption algorithm) wrote: "The diffusion >process employed in the ciphering of data is fairly complex for an >inexpensive system such as this one." 1. The description of the cipher used for Dolphin Encrypt is not published. It is available only by special arrangement. It is not open to casual inspection. 2. Complexity is no criterion at all for ascertaining the security of a cipher. Complexity is not even necessary; for example, a stream cipher based upon one of the number-theoretic PRNGs is quite strong and simple to describe. One of the very most basic errors of making ciphers is simply to add layer upon layer of obfuscation and make a cipher which is nice and "complex". Read Knuth on making random number generators for the folly in this kind of approach. Designing secure ciphers requires some theory as why you expect the cipher to be secure. "Adding complexity" is false security of the worst kind. I've not seen the DE cipher. I won't sign a non-disclosure agreement in order to do so. I have seen an outline of the cipher, and it smacks of the "many layers of complexity" model. The author of DE: >>The >>encryption algorithm used in Dolphin Encrypt is defined by the C source >>code for the encryption and decryption functions, "Defined by the source code." In a better world, I would need say no more after pointing out this phrase. Peter Davidson: >Perhaps the >source code is not posted on sites such as soda because the publisher >does not wish to expose himself to the the charge of making a strong >crypto system available for export. I asked the author of DE why it wasn't available. He's worried that he'll lose a valuable trade secret. He greatly overestimates the value of such secrecy, believing it to be positive instead of negative. >and is ignorant >of the cryptographic competence of the author (or authors) of DE. This I am not ignorant of. The author of DE knows only the very most basic of statistical tests. He goes on and on about the posterior statistics of the ciphertext without even once examing the conditional statistics of the ciphertext relative to the plaintext. These conditional probabilities are an absolute necessity to examine. The author of DE does not even mention them, much less mentioning advanced techniques like differential cryptanalysis. >Yet, >rather than withholding judgment until more information is available, Ciphers are insecure until proven secure. Ciphers carry the presumption of guilt, not innocence. Ciphers designed by amateurs invariably fail under scrutiny by experts. This sociological fact (well borne out) is where the presumption of insecurity arises. This is not ignorance, to assume that this will change. The burden of proof is on the claimer of security, not upon the codebreaker. Until a cipher has undergone testing by differential cryptanalysis, it should be considered insecure. Until a cipher has undergone testing by linear cryptanalysis, it should be considered insecure. Etc. The person who says "If you can't break it, it must be secure"--well, I don't feel very polite today--that person has their head up their ass. >Eric seems to have a burr up his ass regarding either DE or its >author(s). Yes, I do. The rhetoric the DE promulgates is toxic. >His misrepresentation (e.g. that the DE cipher is not >public) It is not public. Being available does not make it public. >and lack of logic (e.g. we don't know that X is true therefore >X is false) The lack here is the lack of understanding that we have an epistemelogical question, not a question of fact. It may be that DE is secure, but I sincerely doubt it. Nevertheless, it should not be considered that DE is secure until we know that it is secure. >Apparently as regards DE Eric is not capable of >anything except smear tactics. Now this, _this_ is an insult. Peter Davidson doesn't understand the process of vetting a cipher, and so claims that I must be on a smear campaign. He doesn't understand the difference between public and available-under-contract, i.e. private, and so accuses me of having an unfounded argument. Rather than simply discussing the matter, Peter Davidson chooses to insult me. One word: projection. >The astute readers of this list are >not likely to be fooled by this. Flattery of the audience. How, er, quaint. Eric From warlord at MIT.EDU Sun Apr 17 09:22:02 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Sun, 17 Apr 94 09:22:02 PDT Subject: Key Eater Needed In-Reply-To: <9404171454.AA29518@ah.com> Message-ID: <9404171621.AA16350@hodge.MIT.EDU> > One way to expire keys is to simply declare that any old PGP key more > than two years old is expired. No, this is a bad idea. Any arbitrary setting of expire time by the keyserver is a bad idea. It is the key owner that should set the timeout of the PGP key (there is an expiration time in the key certificate, but the current implementation sets it to zero and ignores the field). There are people that have longer or shorter keys, and its possible that they might want longer or shorter expiration times. I think that there are a few things that can and should be done. First, a revoked key should get all signatures removed from that key (and possibly any signatures that key made should disappear as well). Also, revoked keys should probably time out from the keyservers after some period of time. -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord at MIT.EDU PP-ASEL N1NWH PGP key available From hfinney at shell.portal.com Sun Apr 17 09:45:26 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 17 Apr 94 09:45:26 PDT Subject: 'Nother MIT talk on crypto... Message-ID: <199404171646.JAA22137@jobe.shell.portal.com> From: hughes at ah.com (Eric Hughes) > Micali's "fair" cryptosystem is a much better key surrender system > than Clipper, but it still allows non-intended recipients for a > message. > > For this reason, I don't like it either. > > Fight _all_ intrusions. > > Eric Right - here are some quotes from Micali's paper in the Crypto 92 proceedings. "Abstract. We show how to construct public-key cryptosystems that are _fair_, that is, strike a good balance, in a democratic country, between the needs of the Government and those of the Citizens. [...] "In this paper we show how cryptographic protocols can be successfully and efficiently used to build cryptosystems that are fairer, that is, that strike a better balance, in a democratic country, between the needs of society and those of the individual." Micali's system is basically a key escrow system that would be quite appealing to those who love Clipper. At least he has the honesty to make it clear that such a system makes more sense if competing systems are made illegal: "Of course, if using any other type of public-key cryptosystem were to be made _illegal_, Fair PKC's would be most effective in guaranteeing both private communication to law-obeying citizens and law enforcement. (In fact, if a criminal uses a phone utilizing a Fair PKC to plan a crime, he can still be secured to justice by court-authorized line tapping. If he, instead, illegally uses another cryptosystem, the content of his conversations will never be revealed even after a court authorization for tapping his lines, but, at least, he will be convicted for something else: his use of an unlawful cryptosystem.) Nonetheless, as we shall discuss in section 4, Fair PKC's are quite useful even without such a law." When I first heard of this so-called "Fair" (one of the most misused words in political debate) system, my reaction was to snort in derision. But since Clipper it starts to look like the lesser of two evils. That just shows how the terms of the debate can shift. Eric is right that the best thing to do is to remain firmly committed to free access to cryptographic technology for everyone. Hal From paul at hawksbill.sprintmrn.com Sun Apr 17 10:37:56 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Sun, 17 Apr 94 10:37:56 PDT Subject: Warrantless searches -- A sign of things to come? Message-ID: <9404171839.AA05150@hawksbill.sprintmrn.com> A Page 1 story in The Washington Post Sunday (94.04.17) reads, "Clinton Lets Police Raid Projects," "Warrantless Searches Said to Be Needed For Tenants Safety." For those who haven't been following this ludicrous story, the USG has now decided that Chicago Housing Authority-sponsored, and warrantless, searches of dwellings within the CHA, is "A Good Thing" (tm) and specifically geared towards uncovering weapons of criminals (or would-be criminals) for the safety of law-abiding Housing tenants. Personally, I find this mentality alarming and indicative of a growing trend within the government. "Big Brother knows best." Vile and Nauseating. This is another absurdity in the "War on Drugs" and "War on Crime." More government-sponsored "wars" are undoubtedly on the horizon, perhaps even a war on non-escrowed crypto. I suppose things will get worse before they get better. _______________________________________________________________________________ Paul Ferguson US Sprint Enterprise Internet Engineering tel: 703.904.2437 Herndon, Virginia USA internet: paul at hawk.sprintmrn.com From sdw at meaddata.com Sun Apr 17 11:29:36 1994 From: sdw at meaddata.com (Stephen Williams) Date: Sun, 17 Apr 94 11:29:36 PDT Subject: Aliases (general case) In-Reply-To: <9404122154.AA11300@runner.utsa.edu> Message-ID: <9404171831.AA07617@jungle.meaddata.com> > > Actually, it is legal to use an alias for any > number of things, including the phone book, > *_so long as the purpose is not to defraud_*; > thus, using Mother Teresa Charities might be > so construed, while using Sam Jones probably > would not be. There are prohibitions against > using false ID...driver's lic., passport, > and so forth...but not against using an > alias. This is all after consultation > with my attorney... > > As a side note, it is possible in Texas to > file an "assumed name" at the courthouse > of the county(ies) wherein you plan to > do business...costs about $15, including the > notary fees, and lasts 10 years. You can > have almost anything for a name....and what > would be more natural than having your new > "business name" in the phone book? Nice, > legal...and cheap (except a business line > is a bit more expensive). Can this be done > in other states? > > Regards, > > Dave In Ohio, you are supposed to file a Ficticious Name form for $15 or so, but I was in business for years before I even knew about it. I don't know if it's practically required or not. Businesses using an assumed name are supposed to be noted in certain places as "so and so dba FRED's USED STUFF" ^^^ Doing Business AS sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From mg5n+ at andrew.cmu.edu Sun Apr 17 11:31:37 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sun, 17 Apr 94 11:31:37 PDT Subject: rng, anyone? In-Reply-To: <9404170405.AA28846@ah.com> Message-ID: <8hgM0uC00Vpc9g7nQ2@andrew.cmu.edu> hughes at ah.com (Eric Hughes) wrote: > There is a problem with generating random numbers by repeated > iterations of a hash function when these numbers will be used to > simulate an encrypted message body. The body can be seen to be > generated by the algorithm. All you do is to apply MD5 to the first > block and see if it's equal to the second block. This completely > identifies the message as a hash-chain generation, and thus as a fake > message. > > Indistinguishability is a harder criterion to simulate than other > notions of randomness. Try xoring the output with a secret value between MD5 hashes. From mg5n+ at andrew.cmu.edu Sun Apr 17 11:39:35 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sun, 17 Apr 94 11:39:35 PDT Subject: New Remailer In-Reply-To: <9404170509.AA41720@acs5.acs.ucalgary.ca> Message-ID: "Istvan Oszaraz von Keszi" wrote: > Could someone give me some quick direction on installing > and running a new remailer. > > Due to system constraints, I've had to rewrite some of the > mailer software, I've tested it, and it seems to operate fine. > > My question is what is necessary, to create an address for > the remailer? I'd like it addressed as something other than > my personal account. Do I contact my sysadmins for a new > address, or is this something which is user configurable. Well, many people run their remailer from their personal account, but if you want a special account for your remailer, you'll have to ask your sysadmin. If you want any help with testing it, I can help, and I'm sure many others would be willing to as well. Thanks for running a remailer! From ph at netcom.com Sun Apr 17 11:45:53 1994 From: ph at netcom.com (Peter Hendrickson) Date: Sun, 17 Apr 94 11:45:53 PDT Subject: 'Nother MIT talk on crypto... In-Reply-To: <199404171646.JAA22137@jobe.shell.portal.com> Message-ID: <199404171846.LAA19612@netcom10.netcom.com> > Right - here are some quotes from Micali's paper in the Crypto 92 > proceedings. > "Abstract. We show how to construct public-key cryptosystems that > are _fair_, that is, strike a good balance, in a democratic country, > between the needs of the Government and those of the Citizens. > [...] In a democratic country, the needs of the government should be identical to the needs of the citizenry. One of the basic political ideas upon which our society is founded is that government serves the people and not the other way around. We've seen Micali's point raised again and again. The NSA spokesman quoted on this list some time ago, whose name I have forgotten, made this point as well. He also claimed that "government money" had been used to pay for most recent cryptographic advances. This is likely untrue, but it does raise an important philosophical point: The government has no money of its own, it spends the money of the citizenry. The argument that the citizenry should be denied the benefits of their expenditures is a weak one. These points are likely to be obvious to most readers of this list, but I haven't seen them raised. I think that every time an NSA official or White House spokesman or anyone else questions the important political principle of "government of the people, by the people, and for the people" we should point this out as often as we can. We must delegitimize NSA and their friends and show them for the rascals they truly are. Peter From mg5n+ at andrew.cmu.edu Sun Apr 17 12:07:06 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sun, 17 Apr 94 12:07:06 PDT Subject: Key Eater Needed Message-ID: <4hgMVY600VpcBhckdD@andrew.cmu.edu> Mike Ingle wrote: > There is no way to know now when a key was sent to a server, so it is hard > to know when to delete it. One way would be to keep track of when new > keys are sent or updated, and delete any key which has not been updated > within a certain time, such as one year. All existing keys could be given > six months to live. Those who wanted to keep their present keys could > send them again, and others could create new ones. > > The web of trust model does not lend itself easily to key expirations, > because this requires you to frequently get people to re-sign your key, > and to re-sign the keys of others. This creates the opportunity for the > "here's my new key, and I haven't got it resigned yet" attack. There > would have to be a fairly long overlap period between new and old keys, > during which time the old key signed the new key. Expirations would > complicate the system considerably. How about people just keep their keys, and the signatures, but they re-sign their own keys every six months or so? In order to keep their keys on the keyserver, they must submit a PGP signed message to prove that they still have that key. If they don't, the key is assumed to be lost, and it is deleted. From bruce at phantom.com Sun Apr 17 12:21:43 1994 From: bruce at phantom.com (Bruce Fancher) Date: Sun, 17 Apr 94 12:21:43 PDT Subject: Warrantless searches -- A sign of things to come? In-Reply-To: <9404171839.AA05150@hawksbill.sprintmrn.com> Message-ID: <9404171919.AA11346@mindvox.phantom.com> [Paul Ferguson] has written: | | A Page 1 story in The Washington Post Sunday (94.04.17) reads, | "Clinton Lets Police Raid Projects," "Warrantless Searches Said to Be | Needed For Tenants Safety." | | For those who haven't been following this ludicrous story, the USG has | now decided that Chicago Housing Authority-sponsored, and warrantless, | searches of dwellings within the CHA, is "A Good Thing" (tm) and | specifically geared towards uncovering weapons of criminals (or | would-be criminals) for the safety of law-abiding Housing tenants. | | Personally, I find this mentality alarming and indicative of a growing | trend within the government. "Big Brother knows best." | | Vile and Nauseating. | | This is another absurdity in the "War on Drugs" and "War on Crime." | More government-sponsored "wars" are undoubtedly on the horizon, | perhaps even a war on non-escrowed crypto. | | I suppose things will get worse before they get better. | | _______________________________________________________________________________ | Paul Ferguson | US Sprint | Enterprise Internet Engineering tel: 703.904.2437 | Herndon, Virginia USA internet: paul at hawk.sprintmrn.com | Personally, I find the idea of government-owned housing alarming and indicative of a growing trend within the government. "Big Brother knows best." Vile and Nauseating. From pfarrell at netcom.com Sun Apr 17 12:46:01 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Sun, 17 Apr 94 12:46:01 PDT Subject: Key Eater Needed. NOT! Message-ID: <56611.pfarrell@netcom.com> Matthew J Ghio writes: > How about people just keep their keys, and the signatures, but they > re-sign their own keys every six months or so? In order to keep their > keys on the keyserver, they must submit a PGP signed message to prove > that they still have that key. If they don't, the key is assumed to be > lost, and it is deleted. I have no problem with periodic deletion of keys from keyservers. They are interesting, but not a very important part of strong crypto (IMHO). My objection is to anything that makes the key itself invalid over a period that I don't chose. I'm not sure what problem you are trying to solve. Loading the whole public ring from the servers exceeds my definition of reasonable procesing now. Since the number of keys keeps growing, I expect that it will never be SOP to munge all of them. You will get keys directly, or get a few specific ones on demand. If you're just trying to save disk space on the keyservers, I'm not all that sure it is worth the effort. Disks are cheap, and getting cheaper. But your approach is as good as any. I know there are lots of keys on the servers that are no longer active -- I collected a few hundred that I exchanged with Phil K two years ago, and know many are unused starting with strnlght, the folks at CERT, and Brad Cox's key of that vintage. Even if a fair percentage, say 25% are dead, the savings are pretty trivial. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From unicorn at access.digex.net Sun Apr 17 12:46:48 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 17 Apr 94 12:46:48 PDT Subject: Key Eater Needed Message-ID: <199404171946.AA01772@access3.digex.net> Mike Ingle says: There is no way to know now when a key was sent to a server, so it is hard to know when to delete it. One way would be to keep track of when new keys are sent or updated, and delete any key which has not been updated within a certain time, such as one year. All existing keys could be given six months to live. Those who wanted to keep their present keys could send them again, and others could create new ones. <- Why not a note sent from the server to the key address to the effect: Your key has been deleted.... etc. Not only will this fish out some of the changed addresses and thus non- updated keys, but also remind the legitimate user who just hasn't gotten or looked to get a new signature in 6mos - Years to think about a new key and a revocation. I assume revocations will be kept for good? From pcw at access.digex.net Sun Apr 17 13:35:24 1994 From: pcw at access.digex.net (Peter Wayner) Date: Sun, 17 Apr 94 13:35:24 PDT Subject: Laundering money through commodity futures Message-ID: <199404172035.AA04142@access3.digex.net> >>[then is described the double-up strategy] >>Ideally, you play this game with two players with relatively deep >>pockets. This means that A can cover the short term loses. >Here's the flaw, in full glory. This scheme is the classic >double-or-nothing martingale. It doesn't work. The "relatively deep >pockets" of A have to be infinite, because that's the expected value >of the amount of A's intermediate loss in the random walk to the >completion of the transaction. >The example is ludicrous, but the conclusion is valid. More >transactions means more interactions between them and more possibility >to hide something inside the ever-increasing flux. There is a major difference between playing this game with commodities and trying to win with a double or nothing Martingale scheme in a casino. The casino always takes their cut. The transaction costs in the futures market are often much smaller if you're dealing with significant amounts of money. Many of the people who experiment with these schemes have very large pools of money to move. You must realize that laundering money was usually done through much more inefficient ways. Some typical techniques involve double billing and inflated construction costs. If Entity A wants to move money to Entity B then, Entity A contracts with B for a big new building. B charges too much for the building and A pays up. This can be done with supplies or other commodities. The problem is that you've got a brand new building that you've got to sell/lease or whatever. So, are there problems? Yes. But it can be much more efficient and much more transparent than almost other scheme. Remember that the flux between the two entities in the commodities market is not immediately apparent. You don't need to use the same broker. One could use a broker in Hong Kong and the other could use one in Chicago. You don't even need to trade the same contracts. One side of the deal could buy gold futures market marked in pounds sold in London and the other side could sell gold futures marked in dollars in Chicago. The thousands of arbitrageurs out there will make sure that the markets move together. (You can also hedge your deal against the currency risk.) Who is going to piece these two together? From GERSTEIN at SCSUD.CTSTATEU.EDU Sun Apr 17 13:35:32 1994 From: GERSTEIN at SCSUD.CTSTATEU.EDU (GERSTEIN at SCSUD.CTSTATEU.EDU) Date: Sun, 17 Apr 94 13:35:32 PDT Subject: Warrantless searches -- A sign of things to come? Message-ID: <940417163514.20221886@SCSUD.CTSTATEU.EDU> On Sun, 17 Apr 94 13:39:39 paul at hawksbill.sprintmrn.com (Paul Ferguson) wrote: >A Page 1 story in The Washington Post Sunday (94.04.17) reads, >"Clinton Lets Police Raid Projects," "Warrantless Searches Said to Be >Needed For Tenants Safety." > >For those who haven't been following this ludicrous story, the USG has >now decided that Chicago Housing Authority-sponsored, and warrantless, >searches of dwellings within the CHA, is "A Good Thing" (tm) and >specifically geared towards uncovering weapons of criminals (or >would-be criminals) for the safety of law-abiding Housing tenants. > >Personally, I find this mentality alarming and indicative of a growing >trend within the government. "Big Brother knows best." > >Vile and Nauseating. > >This is another absurdity in the "War on Drugs" and "War on Crime." >More government-sponsored "wars" are undoubtedly on the horizon, >perhaps even a war on non-escrowed crypto. > >I suppose things will get worse before they get better. ======== While I don't agree with these searches either, you have to understand the situation that the people in the CHA buildings are in. Did you see the show that was done on it? (I think it was Nightline, they did a whole hour on it) Anyway, the point is, these people aren't safe in their own homes. The parents keep their children home from school because they are afraid that they will either get shot (which happens quite a lot, one child was shot by a "gangsta" with a sniper rifle while his mother was walking him to school- the kid was about 5 years old) or that the kids will get involved in the gangs. For a while, the Chicago PD were unwilling to enter the buildings until after the shooting had stopped, and would then go in to tag and bag the bodies. IT WAS BAD!!! The landlord of the little kid who got shot decided he wasn't going to put up with that, and started the CHA PD, and they were kicking ass until the ACLU got involved. Slightly related is the fact that I live on my school's campus in the residence halls. If the resident advisors feel there is probable cause for something and decides to do a room search, I can do nothing about it but hope they don't find what ever it is their looking for (usually because I don't do anything bad >:)). Anyway, if they find something (drugs, beer in excess of the 6 can limit, firearms, PGP, etc.) they can call the campus police (real, live, actual cops) in to bust my ass and nail it to the wall. BUT NO WARRANT WAS SERVED! Does that mean I can get the ACLU up the school's ass? If the school says they can do that because I pay to live on their property, then why can't the CHA do what they want? Just my 0.02�..... adam "After this, nothing will shock me." ---------- "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 4, 1994 From pcw at access.digex.net Sun Apr 17 13:45:22 1994 From: pcw at access.digex.net (Peter Wayner) Date: Sun, 17 Apr 94 13:45:22 PDT Subject: 'Nother MIT talk on crypto... Message-ID: <199404172045.AA04481@access3.digex.net> I saw the talk Micali gave on his Fair Crypto systems at Crypto 92. Someone asked him about governmental abuse and he said (I approximate), "Well, you have to trust them. That's why they're called trustees." From samman at CS.YALE.EDU Sun Apr 17 13:51:09 1994 From: samman at CS.YALE.EDU (Llywelyn) Date: Sun, 17 Apr 94 13:51:09 PDT Subject: Warrantless searches -- A sign of things to come? In-Reply-To: <940417163514.20221886@SCSUD.CTSTATEU.EDU> Message-ID: Adam writes: > Anyway, the point is, these people aren't safe in their own homes. The parents > keep their children home from school because they are afraid that they will either > get shot (which happens quite a lot, one child was shot by a "gangsta" with a > sniper rifle while his mother was walking him to school- the kid was about 5 years > old) or that the kids will get involved in the gangs. > > For a while, the Chicago PD were unwilling to enter the buildings until after the > shooting had stopped, and would then go in to tag and bag the bodies. IT WAS BAD!!! Ok, now let me get this straight. The police who are supposed to 'serve and protect' weren't willing to go in there to protect their constituents because it was too dangerous, but in the same breath they want to remove these people's ability to protect themselves. Just wanted to make sure. Ben. ____ Renegade academician. They're a dangerous breed when they go feral. -James P. Blaylock in "Lord Kelvin's Machine" From unicorn at access.digex.net Sun Apr 17 14:09:05 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 17 Apr 94 14:09:05 PDT Subject: Warrantless searches -- A sign of things to come? Message-ID: <199404172108.AA05956@access3.digex.net> On Sun, 17 Apr 94 13:39:39 paul at hawksbill.sprintmrn.com (Paul Ferguson) wrote: >A Page 1 story in The Washington Post Sunday (94.04.17) reads, >"Clinton Lets Police Raid Projects," "Warrantless Searches Said to Be >Needed For Tenants Safety." > [Deletions] What really gets me here is the alienability of the rights in question. One of the prevailing arguements seems to be "the tenants are willing to sacrifice their rights for more safety." This of course misreads the question. If it were only a questions of relinquishing your own rights then there are procedures for the waiver and consent to search. What drives me up the wall is some tenants saying they are willing to waive their own rights for safety when what they are really doing is waiving EVERYONES rights for their safety. This is merely another load of whiskey for the toothache. Bust down some doors and we will solve the nations problem of violence. I have to hand it to the administration, they managed to divert the attention of the media from the other major screw-ups and cast a "fight the violence" spotlight on it. At least this cluster-fuck is (in the current atmosphere) defendable. What a crock. The ease with which this nation disregards its own fundamental principles disturbs me. -uni- (Dark) From ebrandt at jarthur.cs.hmc.edu Sun Apr 17 14:16:20 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Sun, 17 Apr 94 14:16:20 PDT Subject: Warrantless searches -- A sign of things to come? In-Reply-To: <199404172108.AA05956@access3.digex.net> Message-ID: <9404172116.AA01688@toad.com> > The ease with which this nation disregards its own fundamental principles > disturbs me. A government official was quoted in today's LA Times as saying approximately, "I'm sure we can square this with the Fourth Amendment... this is an emergency situation." Eli ebrandt at hmc.edu From paul at hawksbill.sprintmrn.com Sun Apr 17 14:19:53 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Sun, 17 Apr 94 14:19:53 PDT Subject: Warrantless searches -- A sign of things to come? In-Reply-To: <199404172108.AA05956@access3.digex.net> Message-ID: <9404172221.AA05569@hawksbill.sprintmrn.com> -uni- (Dark) writes - > > The ease with which this nation disregards its own fundamental principles > disturbs me. > Ditto and Amen. - paul From unicorn at access.digex.net Sun Apr 17 14:28:37 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 17 Apr 94 14:28:37 PDT Subject: Warrantless searches -- A sign of things to come? Message-ID: <199404172128.AA15073@access1.digex.net> > The ease with which this nation disregards its own fundamental principles > disturbs me. A government official was quoted in today's LA Times as saying approximately, "I'm sure we can square this with the Fourth Amendment... this is an emergency situation." Eli ebrandt at hmc.edu To which I reply: Then declare a national emergency and suspend the constitution. Any emergency not sufficent enough to do this isn't a national emergency. The only thing that bothers me more than the use of rhetoric like "The War on Drugs" or "The War on Crime" or "The Health Care CRISIS" to cover up the fact that rights are being circumvented or outright eliminated is the willingness of the population to buy into the game. -uni- (Dark) From MIKEINGLE at delphi.com Sun Apr 17 15:04:28 1994 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Sun, 17 Apr 94 15:04:28 PDT Subject: MS Word - don't email documents Message-ID: <01HBAH50B8BM9PMXAL@delphi.com> >From Apr 11 Computer Currents: Windows Magazine Uncovers Word "Time Bomb" Ever wonder if someone could read your mind? Well, if you use any Microsoft Word version 2.0 through 6.0 you may have unwittingly provided someone with your thought processes. If you ever create documents which are sent digitally, be aware that your client might be able to read your earlier drafts. This is due to the fact that in Word's default mode, with options Prompt for Summary Info off and Allow Fast Saves on, deleted text portions are retained in the internal document structure. This enables anyone with a file viewer to check your earlier passages -- such as a lower price you were originally going to quote. (Incidentally, you can do the same thing with the Macintosh version and a utility like CanOpener. -- Ed.) By turning Prompt for Summary Info on and Allow Fast Saves off, you can prevent a potential disaster. Since this is not a bug, Microsoft says there is no fix. From eagle at deeptht.armory.com Sun Apr 17 15:20:35 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Sun, 17 Apr 94 15:20:35 PDT Subject: Warrentless Search Message-ID: <9404171520.aa22319@deeptht.armory.com> -----BEGIN PGP SIGNED MESSAGE----- Black Unicorn states: >The only thing that bothers me more than the use of rhetoric like >"The War on Drugs" or "The War on Crime" or "The Health Care CRISIS" >to cover up the fact that rights are being circumvented or outright >eliminated is the willingness of the population to buy into the game. >-uni- (Dark) The average citizen operates from a paradigm of self interest, perhaps extended to his/her family. If a governmental action does not resonate with this paradigm- (i.e. "what's in it for me?")- the government action goes largley unnoticed. When the Reagan administration exhumed the 1888 Law allowing military to assist law enforcement, but not make arrests, I took note of that because it directly affected my life. Almost no one else paid any attention to it. Another facet of human nature one can trust is 75% of the population will follow a direct order without much question, given the person issuing the order appears to have the authority to do so. I am Emergency Medically Trained. When the shit hits the fan, I order people to preform specific tasks, most notibally calling 911. If a person stands there and thinks, I order another to do it. It only takes a matter of seconds to organize a concerted team effort to aid the victim- because I am the responsible person. They are not accountable for their actions anymore in their minds, I am. This isn't civilization, it's gregarious herd instinct ;) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbG1hV/ScHuGXWgVAQFbfQP/Xy6ZvJDwWAUGpuqUM4nXekBb9oH8wxBD LuXuBTUX3IdZzaG9ZRwFLBrZMSEw8t7GXvSZYTh0+LMqM4B2wM6oIa0p8XDuYe++ iyMO/KdZsh5FpJL/sDS1w9OTQQWfoX4bYUSBRE6S/NOtMlHyIpVGDBl4hrJhvwop GaFgmpq45K8= =UtdX -----END PGP SIGNATURE----- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From qjones at infi.net Sun Apr 17 16:24:05 1994 From: qjones at infi.net (Wayne Q Jones) Date: Sun, 17 Apr 94 16:24:05 PDT Subject: Laundering money through commodity futures In-Reply-To: <199404161320.GAA05453@mail.netcom.com> Message-ID: No lie..... On Sat, 16 Apr 1994, James Hicks wrote: > Slick! > > > +---------------------------------------------------------------------+ > | james hicks | Give me your tired, your poor, | > | | your huddled masses yearning to breathe free, | > | ...can you hear | Send these, the homeless, tempest-tossed to me.| > | the music?... | I lift my lamp beside the golden door! | > +---------------------------------------------------------------------+ > **************************************************************************** Qjones at infi.net She kissed me- I felt the hot blush * * Qjones at larry.wyvern.com Of raging passion incinerate my heart * **************************************************************************** From m5 at vail.tivoli.com Sun Apr 17 16:42:12 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Sun, 17 Apr 94 16:42:12 PDT Subject: IRS vs. privacy Message-ID: <9404172342.AA18634@vail.tivoli.com> There was a neat piece on NPR Friday about why it's a bad idea to evade filing Federal tax returns. Among the spine-tingling techniques used to pinpoint tax cheats: * The IRS knows about big cash transactions (we knew this already here.) * The IRS has all data from states concerning individuals registered as licensed persons in any field of work; thus, if you're a doctor, lawyer, plumber, electrician, or registered professional engineer, the IRS knows it. * [This blew my socks off] The IRS has subscription data for many national magazines. Thus, if they know you're getting Time & Newsweek & Barron's and USNews but they see no tax return, they nab you. This builds a good case for the notion that the IRS will have big, big problems with digital cash economies. They also probably have problems with electronic magazines mailed through anonymous remailer chains :-) m5 From albright at scf.usc.edu Sun Apr 17 16:43:17 1994 From: albright at scf.usc.edu (Julietta) Date: Sun, 17 Apr 94 16:43:17 PDT Subject: Warrantless searches -- A sign of things to come? In-Reply-To: <9404171839.AA05150@hawksbill.sprintmrn.com> Message-ID: <199404172343.QAA13848@nunki.usc.edu> geez!! ! Here I am, working on my "Big Brother is Watching You in Cyberspace" piece- and I read this now about warantless searchs!! I'll tell you- I think we've got to keep an eye on the government. I love how they go ahead and supercede the rights of the lower classes- if warrantless searches were being conducted in Beverly Hills or some other mainly upper-middle class city- the public outcry would be enormous! People sometimes think I am being "paranoid" when I suggest the government may want to watch the activities of certain people in our country via electronic means- however, if the activities of people happen to go against the current government's ideology, it seems to me more than possible that they may be watched. This warrantless search thing seems ot me just one more example that the governemnt can and will do what it wishes. Um- did I miss soemthing here, or have they also superseded our right to keep and bear arms? Hmm... gettin a little scary out there. Ciao, Julie ______________________________________________________________________________ Julie M. Albright "Passions elevate the soul to great things" Ph.D Student Department of Sociology University of Southern California albright at usc.edu From unicorn at access.digex.net Sun Apr 17 17:00:40 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 17 Apr 94 17:00:40 PDT Subject: Warrentless Search Message-ID: <199404180000.AA21589@access1.digex.net> Mr. Davis said: The average citizen operates from a paradigm of self interest, perhaps extended to his/her family. If a governmental action does not resonate with this paradigm- (i.e. "what's in it for me?")- the government action goes largley unnoticed. When the Reagan administration exhumed the 1888 Law allowing military to assist law enforcement, but not make arrests, I took note of that because it directly affected my life. Almost no one else paid any attention to it. <- What you describe, as near as I can tell, is the effect of "entrepreneurial politics." That is when a policy (allegedly) creates general and widespread benefits at a cost that burdens a small portion of the popolous. The incentive is strong for the few opponents to oppose it. These tend to pass when the opponents are poorly represented and cannot make their objections widely known. Compare these with: Client politics: When the benefits of a policy are concentrated, but the burdens widely spread. Small groups have powerful reasons to support the regulation/legislation. The opponents have little reason to resist if it even is clear that the legislation will effect them. These usually pass when watchdog groups are not present. Interest-Group politics: Costs and benefits are narrowly concentrated. The public doesn't have much incentive to be bothered with the legislation and doubts there is a serious effect to them. Interest groups usually carry the day here. Majoritarian politics: All or most of society hopes to gain; all or most hopes to gain. Interest groups have little incentive to form. In general what you seem to want to attribute to a basic non-concern by the people in general is really the fact that none or little of the citizenry feel themselves effected by the legislation. The circumvention of the rights against warrantless search in such a major way is a majoritarian politic issue, and is not comparable to the example that you gave, (baring more specific information). Ignoring the potential ramifications of a seizure of constitutional rights to fight the symptoms of some invented "Crime Crisis" is to me much more indictive of citizen's apathy. I make this assertion with the admission that I don't know the specifics of your example, as you did not provide them. I feel this conversation, which facinates me, bears off of the cypherpunks topic. Unless the voices calling for a more technical and a less political subject matter have waned, I think we should consider another forum. Personally I find the discussion of centralist issues in general important. It's the tie in to cryptography and the lack of a comprehensive list position on the political nexus with the technical that worries me. Sorry for the bandwidth in any event. See, J.Q. Wilson, The Politics of Regulation (1980) for a deeper discussion. -uni- (Dark) From unicorn at access.digex.net Sun Apr 17 17:07:00 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 17 Apr 94 17:07:00 PDT Subject: hyperdisk Message-ID: <199404180006.AA21760@access1.digex.net> Does anyone remember the application hyperdisk? It had encryption functions and I was hoping someone would recall which method it used... -uni- (Dark) From tcmay at netcom.com Sun Apr 17 18:17:47 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 17 Apr 94 18:17:47 PDT Subject: Does the List Have a Political Ideology? In-Reply-To: <199404180000.AA21589@access1.digex.net> Message-ID: <199404180118.SAA11504@mail.netcom.com> Black Unicorn writes: ... > I feel this conversation, which facinates me, bears off of the cypherpunks > topic. Unless the voices calling for a more technical and a less > political subject matter have waned, I think we should consider another > forum. Unfortunately, there are few other forums for this kind of discussion. The Extropians list used to have this kind of discussion, though it was mixed in with all kinds of other stuff--and I hear that list currently has 80 subscribers (Harry or Ray can tell us the facts), which is about 12% of what Cypherpunks has, so the discussion universe may be too small for comfort. Robin Hanson's "AltInst" list exists to discuss "alternative institutions." "Libernet" is for the hard-core libertarians, though most people I know can no longer stand to be on it. A few other groups and mailing lists exist, also, but the problem is that they're all "competing in the same memetic space." Most of the groups are low-volume, so the discussions rarely take off. But discussing politics here is not at all banned--how could it be? Politics comes up a lot, including the Clipper debate and all the recent discussions. The "Cypherpunks write code" credo is related to the idea that actually bringing on the future we want to see, via such things as remailers, anonymity, digital cash (someday), etc., is more important--and more interesting--than the usual political chatter about whether the means of production belong to the ruling class or to the working class, whether trees have legal standing, and whether gold should be the basis of money. Blah blah, we've all heard this stuff before. But with the "ground truth" of strong crypto to keep us honest, to keep us focussed, these political debates take on a new piquancy and a new importance. Our debates about banking, national borders, extortion markets, tax evasion, electronic democracies, and so on, have been fairly useful. So, Black Unicorn, where else will you find another group that has this mix of folks, this combination of crypto expertise and political acumen? > Personally I find the discussion of centralist issues in general important. > It's the tie in to cryptography and the lack of a comprehensive list > position on the political nexus with the technical that worries me. A comprehensive list position? My views (which I call "crypto anarchy") are well-known. Many others seem to agree with some or all of the main points. Others don't. But how can 700+ folks on this list be expected to reach a consensus? Furthermore, we have no voting, no leadership--except the "leadership of the soapbox." No central lobbying office such as EFF, CPSR, and other political action groups have. No funding. No treasury. No nothing. Thus, it's unlikely we'll ever be like the EFF, issuing position papers, lobbying Congress, sending out spokesmen to talk to groups, and so on. We're more of an anarchy, appropriately enough. And yet we serve a useful function, as borne out by the citations in the press, the inclusion on mailing lists of CPSR, EFF, etc. It seems to work pretty well. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hughes at ah.com Sun Apr 17 18:27:55 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 17 Apr 94 18:27:55 PDT Subject: Laundering money through commodity futures In-Reply-To: <199404172035.AA04142@access3.digex.net> Message-ID: <9404180119.AA00279@ah.com> >There is a major difference between playing this game with commodities >and trying to win with a double or nothing Martingale scheme in a >casino. The casino always takes their cut. The transaction costs in >the futures market are often much smaller if you're dealing with >significant amounts of money. Many of the people who experiment with >these schemes have very large pools of money to move. You still need infinite pockets with transaction costs of zero. Again, it's only this one example that's flawed, not other ways around it. >If Entity A wants to move money to Entity >B then, Entity A contracts with B for a big new building. B charges too >much for the building and A pays up. This can be done with supplies >or other commodities. Ever been suspicious of the run-up in prices of Impressionist paintings by the Japanese a few years ago? Give someone an inexpensive painting (or have them buy it), and then buy it at an inflated rate from them, at auction. Eric From hughes at ah.com Sun Apr 17 18:30:14 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 17 Apr 94 18:30:14 PDT Subject: rng, anyone? In-Reply-To: <8hgM0uC00Vpc9g7nQ2@andrew.cmu.edu> Message-ID: <9404180122.AA00290@ah.com> >> There is a problem with generating random numbers by repeated >> iterations of a hash function when these numbers will be used to >> simulate an encrypted message body. >Try xoring the output with a secret value between MD5 hashes. That'll work. Take the seed as the secret value, and take the first hash as the first block. Eric From hughes at ah.com Sun Apr 17 18:32:01 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 17 Apr 94 18:32:01 PDT Subject: Key Eater Needed In-Reply-To: <9404171621.AA16350@hodge.MIT.EDU> Message-ID: <9404180123.AA00302@ah.com> >> One way to expire keys is to simply declare that any old PGP key more >> than two years old is expired. >No, this is a bad idea. Any arbitrary setting of expire time by the >keyserver is a bad idea. The idea wasn't just the keyserver, but PGP itself. If we set the time to three years, the earliest that will be is September 1995. A future version of PGP can enforce this. Eric From mg5n+ at andrew.cmu.edu Sun Apr 17 18:41:19 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sun, 17 Apr 94 18:41:19 PDT Subject: IRS vs. privacy In-Reply-To: <9404172342.AA18634@vail.tivoli.com> Message-ID: Mike McNally wrote: > This builds a good case for the notion that the IRS will > have big, big problems with digital cash economies. No, they will have big problems with ANONYMOUS digital cash economies. The IRS loves the current digital cash systems, such as ATM cards, because they let them spy on your bank account. :) digital-cash!=anonymous-transactions > They also probably have problems with electronic magazines > mailed through anonymous remailer chains :-) heh. Maybe we ought to convince phrack to publish this way? From jim at bilbo.suite.com Sun Apr 17 18:44:58 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Sun, 17 Apr 94 18:44:58 PDT Subject: Terra Libre? Message-ID: <9404180138.AA16108@bilbo.suite.com> I recently received some junk mail from a group/company called Terra Libre (I think that's their name). Anybody know anything about them. >From their mailing it seems like they would be very interested in the privacy technology this list promotes. Jim_Miller at suite.com From tcmay at netcom.com Sun Apr 17 18:47:26 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 17 Apr 94 18:47:26 PDT Subject: Laundering money through commodity futures In-Reply-To: <9404180119.AA00279@ah.com> Message-ID: <199404180148.SAA13372@mail.netcom.com> > > Ever been suspicious of the run-up in prices of Impressionist > paintings by the Japanese a few years ago? Give someone an > inexpensive painting (or have them buy it), and then buy it at an > inflated rate from them, at auction. > > Eric Not only that, but paintings were a favored way to transport large amounts of cash in a compact form across U.S. borders. From the article I read about 2 years ago, in "ArtWeek" or somesuch (I don't normally read it...I just saw the story mentioned on the cover, in connection with why so much art is being stolen, used as collateral, moved around, etc.), art does *not* have to be declared at Customs at the U.S. border, either coming or going. So, a Columbian cartel member wishing to move $10M into or out of the U.S. can carry Picasso's famous "Young Girl Encrypting a File" in his luggage and not have to worry. The same article mentioned that bribes were often paid to people by selling them artworks at "artificially low" prices. (The notion that there is some "true" or "market" price for thinly-traded things like paintings is at issue here. Many opportunities for tax evasion, money laundering, and bribes. And not much the government can do about it.) Ironically, I saw Peter Wayner's article in "RISKS" a few days ago and was preparing e-mail to him noting the similarity of what he talked about to Hillary Clinton's sweetheart deal...then Netcom crashed and I never did send the mail. "Insider nontrading" is another gem of an idea. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From sandfort at crl.com Sun Apr 17 19:47:16 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 17 Apr 94 19:47:16 PDT Subject: Laundering money through commodity futures In-Reply-To: <9404180119.AA00279@ah.com> Message-ID: C'punks, On Sun, 17 Apr 1994, Eric Hughes wrote: > . . . [quotes from another poster] > You still need infinite pockets with transaction costs of zero. > . . . [blah, blah, blah] Almost everyone posting on this subject keeps forgetting that this isn't an exercise in probablity theory. These are rigged transactions. The fix is in. A broker in on the deal assigns the wins and loses *after* the trades are completed. This is not conjecture; I used to work for someone who--by his own admission--used to perform a similar service for clients. S a n d y P.S. I'm not picking on Eric, he just had the most recent post. From sandfort at crl.com Sun Apr 17 19:50:50 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 17 Apr 94 19:50:50 PDT Subject: IRS vs. privacy In-Reply-To: Message-ID: C'punks, On Sun, 17 Apr 1994, Matthew J Ghio wrote: > . . . > The IRS loves the current digital cash systems, such as ATM cards, > because they let them spy on your bank account. :) > . . . Remember what Duncan I keep telling you: The ATM card issued by your banking secrecy, offshore bank, doesn't give the IRS squat. S a n d y From eagle at deeptht.armory.com Sun Apr 17 20:17:23 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Sun, 17 Apr 94 20:17:23 PDT Subject: Warrantless Search Message-ID: <9404172017.aa02849@deeptht.armory.com> uni- (dark) writes: >Ignoring the potential ramifications of a seizure of constitutional rights >to fight the symptoms of some invented "Crime Crisis" is to me much more indictive of citizen's apathy. I make this assertion with the admission that I don't know the specifics of your example, as you did not provide them. I spend the majority of the warm months on the fecal end of the stick in the Drug War. I personally do not drink, nor do I even smoke pot. A Warrior's sobriety has great survival value, and extends far beyond the ethnocentric denotation of "sobriety" in this western culture. As a consequence of having very long hair, and prefering Grateful Dead to mere Rock 'n Roll, I get stopped and searched frequently anytime I'm out of Wyoming. I prefer to be harrassed by law enforcement, than make the simple concession of cutting my hair. I wear the hairstyle of my Cheyenne ancestory for spiritual reasons. Being a civil libertarian, I accept this drastic change in my life brought on by the Drug War for very simple reasons. All the time law enforcement spends harrassing me, several people who are minding their own business and smoking a little pot, not to mention the use of other soft drugs, are getting away scott free. We keep looking at real life case law for precident in cyberspace legal defense. This is speech. That was established by EFF in the S Jackson et al. games case. Now we are looking at privacy. I have no personal privacy. Absolutely everything I do is open to inspection by the US Gov't. Warrentless search precident means that my accounts can be inspected. My passwords can be obtained by technological surveillance with out my know- lege, and my private accounts invaded. I live in a community where I don't even lock my front door- ever. This is widely known and most people are aware they are free to walk in my home any time they want, whether I am here or not. This trust is honored reciprocally. The current state of cberspace is exactly like being on Acid in 1964. I urge you all to study the parallel's of revolutionary uprising, and subsequent oppression of same by the US Gov't. I've seen the other side of the fence. We're in the business of reclaiming privacy and liberty, not struggling to keep it. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From ritter at IO.COM Sun Apr 17 20:49:04 1994 From: ritter at IO.COM (ritter) Date: Sun, 17 Apr 94 20:49:04 PDT Subject: Fenced DES Message-ID: <199404180344.WAA17369@indial1.IO.COM> Ritter Software Engineering 2609 Choctaw Trail Austin, Texas 78745 (512) 892-0494, ritter at io.com Fenced DES Terry Ritter April 17, 1994 Introduction This article is one in a series which document my attempts to find a fast, strong, acceptable extension to the U.S. Data Encryption Standard (DES), which I believe is now dangerously insecure. The intent is to find a relatively-simple and believable construct which uses DES as a building block, thus avoiding the need to certify a complete new cipher. I note that currently there is no institution which could and also would provide such certification. In this article I propose a new "fenced" ciphering construct which may be a solution. The experimental 256-bit-block implementation takes about 1.2 times the computation (per byte) of DES alone, and may have the strength of four DES keys. In this design, some important block-cipher properties seem to follow logically from the widely-accepted existence of those properties in DES itself. Wide Blocks All practical block ciphers attempt to emulate a large substitution table algorithmically; DES employs substantial computation simply to behave like a substitution table of 2**64 elements. Accepting DES as a reasonable design means that we have implicitly accepted the argument that a fast 8-bit-wide substitution is not secure (by itself). Certainly, if a small-block substitution were secure, we would all use that simple and fast alternative instead of DES. Since we do not, we must have accepted the fact that block size is a significant factor in block cipher strength. DES is often used to encipher language text, which contains a surprisingly small amount of information. Since data-compression programs routinely compress language text by 60%, we can expect that a 64-bit block of language text may contain perhaps 26 bits of information. While it is not currently known how this could be exploited, a 256-bit-wide block should contain four times that much information, which should solve any related problem. A large block size also addresses some aspects of cryptoanalytic weakness: Some attacks on block ciphers make use of the "birthday paradox" to find a matching pair from a large number of ciphertexts. With a 64-bit block about 2**32 ciphertext blocks would be expected to be needed; a large number, admittedly, but still possible. But the same attack on a 256-bit block would require about 2**128 ciphertext blocks, which is completely out of the question. Thus, a large block size eliminates one type of attack on the cipher. A large-block 4x-wide cipher need not expand ciphertext beyond the normal expansion for DES (CBC initialization vector and key-length aside), provided that one trailing 2x and one trailing 1x block can be used if needed. All the preceding blocks would be 4x blocks. The Two Problems This project has had to address two major problems: 1. Weaknesses of Multi-Layer Constructs: Many simple multi- level ciphering structures based on DES can be attacked by working simultaneously on both the input and output layers, given "known plaintext" or "defined plaintext." In general, this means that two-level constructs are much weaker than one might expect. This leads to three-level construct like "triple-DES" which tend to be very slow. 2) Weakness in Multi-Block Constructs: Similarly, simple large-block structures based on DES can be attacked by defining or "fixing" the input values of all but one DES block, using "defined plaintext." Apparently, any composite structure which does not have each bit affect the every DES ciphering will have this weakness. To expand the effective block size while using DES itself, Fenced- DES uses the "block mixing transform" construct which I described in the previous article. In this article I want to clarify how those transforms can be used to create a cipher with a large block size out of smaller blocks, despite the mixing having no strength of its own. The Block Mixing Transform In a previous article I introduced the concept of a "block mixing transform" (extended from work by Eli Biham) as a tool to mix the information in two data blocks, and then recover that information. This concept could be expressed as two pairs of expressions: X := f1( A, B ); Y := f2( A, B ); A := f3( X, Y ); B := f4( X, B ); The term "transform" is taken from the ability to change the data into a different data-space, and then recover the original values, and also the similarity to the "fast Fourier transform" "butterfly" operation. This "block mixing transform" should be distinguished from the "mixing transformation" described by Shannon [10: 711]. The particular form I suggested was: X := 2A + 3B; Y := 3A + 2B; A := 2X + 3Y; B := 3X + 2Y; with operations mod-2 and mod-p, where p is some primitive mod-2 polynomial of appropriate degree for the data blocks X, Y, A and B. (Later work shows that p need not be primitive, but p must be irreducible in cryptographic service.) This transform is a self- inverse, has good mixing correlation properties, is statistically balanced, and has a processing cost which is linear with block size. Efficient implementation suggests a re-labeling as follows: X := 3A + 2B; Y := 2A + 3B; A := 3X + 2Y; B := 2X + 3Y; Comments on the original "block mixing transform" article have uncovered a few other references to fixed-size math transforms, including Agarwal and Burrus [1], Pollard [6], and Rader [7], but none related to cryptography. I would be glad to hear of any other references of any sort. The mixing transform need not be a cipher by itself. Indeed, it need have no "strength" at all, but must provide at least a minimal level of mixing and be cryptographically-balanced; it should also be expandable and fast. Although speed is not an issue in most individual ciphering, speed is a major issue for industrial applications, including centralized network servers. The application in this article mixes blocks of substantial size, making many other forms of mixing completely impractical. 4x Fenced-DES Consider the following construct: S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S --------------mix-------------- --------------mix-------------- ------------------------------mix------------------------------ ------DES------ ------DES------ ------DES------ ------DES------ ------------------------------mix------------------------------ --------------mix-------------- --------------mix-------------- S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S Here each "S" represents an 8-bit substitution table. Thus, we have 32 input substitutions and 32 output substitutions, each a separately-shuffled and independent table, and an overall block size of 256 bits. We also have four DES operations, plus two levels of input mixing and two levels of output mixing. Note that the innermost mixing levels combine two 128-bit blocks, a substantial operation which is nevertheless practical using the selected block mixing transform. The idea is to spread the effect of each input bit to each of the four DES operations, and to produce a particular output bit from a combination of all four DES results. If this works, The Opponent would be forced to search all four DES keyspaces simultaneously to match a particular known-plaintext pair. An experimental implementation of the above construct performs all 64 substitutions and all 6 mixings in less time than a single DES computation. Currently, it ciphers 4 times the data with about 4.8 times the computation, and has, perhaps, a keyspace of 224 bits or so. (A much faster hybrid implementation might do the DES computations in hardware.) In the experimental implementation, table and key initialization take about 200 times the computation of a single 256-bit-block ciphering. (This is mainly a consequence of shuffling 64 small substitution tables.) Even so, it is probably faster to compute the 16K initial state than to decipher 16K of saved state with software DES or Fenced-DES: Construction is faster than ciphering. The keyed construction of the substitution tables implies the presence of a specific cryptographic RNG. This means that any overall Fenced-DES specification will pin-down the key processing which varies so widely in current DES applications. The current implementation uses a fast 992-bit Additive RNG and the nonlinear "jitterizer" [8] which I have discussed many times with respect to my Penknife cipher and my other Dynamic Substitution [9] ciphers. In the experimental implementation, a User Key of arbitrary length and content is hashed (CRC'd) by 32 separate degree-31 primitive mod-2 polynomials (11- through 19-nomials), producing the 992-bit RNG state, which also eventually generates the DES keys. Note that this approach eliminates the need for keys to have a specific format unique to this particular cipher. This enables the selection of an arbitrary cipher from among many different ciphers, all of which can use the exact same key. Deciphering simply uses inverse substitutions (the inverse of each encipher output substitution is used for decipher input) and DES in decipher mode. The selected block mixing transform is a self- inverse and needs no changes. Mixing Levels The arrangement of the mixing levels deserves some comment. First, note that a change in any one input data bit produces a distribution of changes out of the associated input substitution, depending on the particular substitution, original input value, and change. Any possible byte input has a 50 percent probability of affecting each of the eight output bits from that substitution. A substitution table S is an indexable n-element vector of output codes. An invertible substitution table S with inverse table inv(S) has the property that for any input code i in n, inv(S)[ S[i] ] = i. This implies that S contains n different output codes. An invertible substitution table S contains each output code value exactly once. Since each possible index selects a different element, any index change will select a different output code. Since different code values must differ in at least one bit, any input change must produce a change in at least one output bit. Given invertible substitution table S with shuffled contents, define the output distribution for any input code change to be an arbitrary selection from the output codes which differ from the current output code. If the output codes are a complete set of 2**m values (0..(2**m-1)) for some m, counting arguments show that it is likely that about half of the output bits will change for any input code change of any nature whatsoever. Conversely, since each output bit is produced by an output code, and the selected output code is completely dependent upon every bit in the input code, each output bit is dependent on every bit of the input. A network with this property is normally called "complete" [5], and localized completeness is also the basis for "avalanche" [3: 22] in an iterated block cipher. Next, note that we first mix two 64-bit blocks (twice), then two 128-bit blocks. Suppose we have a change in any one input data bit: this produces an 8-bit substituted result which would normally affect just a single DES block. But the 64-bit mixing extends those changes to two DES blocks, and the 128-bit mixing extends the changes to all four DES blocks. Thus, any change of even a single input bit will affect all four DES operations. Using the transformation X := 3A + 2B; Y := 2A + 3B; any value change to A or B must be reflected in both X and Y: Suppose some change C is added to A: X := 3A + 2B (mod 2, mod p) X' := 3(A+C) + 2B X' := 3A + 3C + 2B dX := X' - X = 3C but 3C is non-zero (thus affecting the output) for any C which is not zero, and if C is zero, there has been no change to A. Suppose some change C added to B: X := 3A + 2B (mod 2, mod p) X' := 3A + 2(B+C) X' := 3A + 2B + 2C dX := X' - X = 2C Similarly, 2C is also non-zero for any C which is not zero. Suppose we try to make C half the value of p plus the highest bit (2**(deg(p)-1)) so that p will be activated and 2C will cancel the lower bits of p: Alas, p is irreducible so there is no q S.T. 2q = p. Similar arguments apply for Y := 2A + 3B. The experimental implementation uses the degree-128 irreducible 0100004000000400200002000004000001 (hex), and the degree-64 irreducible 010002000000800201 as block mixing polynomials. The output from each DES operation is, of course, random-like, so one might think it could be used directly. However, a three- level structure is still necessary to prevent, for example, "fix- in-the-middle" attacks, so the output substitutions are important. We also need the output mixing so that the result from a single DES block cannot be isolated and worked on independently. The guaranteed performance of the input substitution and the block mixing transform imply that each DES input block collectively depends upon each and every input bit. The expected performance of the DES algorithm extends this, making every DES output bit depend upon each and every input bit in the entire large input block, thus making all DES outputs "complete" over the large input block. Cryptographic Strength First let's review where modern cryptographic science stands with respect to "strength": 1. There is no algorithmic test to "certify" or evaluate the "strength" of a cipher. 2. Despite a half-century of intensive mathematical work, we still have exactly one cipher which is commonly accepted as having been proven "unbreakable," and that cipher is normally impractical. Despite this immense effort, and the fact that a "proof" of cipher strength is unfulfilled for any practical cipher whatsoever, there are still calls for "proofs" of new cipher designs. 3. While various cryptanalytic attack strategies are known, each such attack is necessarily specific to the particular cipher being attacked. Attack names represent strategies, rather than generally-applicable algorithms. Simply knowing the history of previous attacks does not necessarily provide insight into applying those attacks to a new cipher. 4. Ordinarily we speak of the "strength" of a cipher as the minimum effort needed to "break" the cipher. Unfortunately, we are necessarily limited to discussing what we know now, and not what can be known in the future. Any current minimum may not last, and we may not be able to know whether it will last or not. With those points in mind, the current "strength" for 4x Fenced-DES is ((2**56)**4)(256!**64) keys, a very big number. I would be delighted to learn of a simpler attack. It would of course be ridiculous to accept this sort of number as a true indication of strength. Personally, I would be happy with anything over 112 bits, since this should be sufficient for the next couple of decades and then we may have a stronger basis for cryptographic design. Design Strength Note that we need assume no "strength" for the mixing layers, but simply mixing: Each mixed output block must be a function of each and every bit in both input blocks. In this particular design we need only two levels of mixing to make sure that every input bit has propagated to all four DES blocks. And then we need two more to make sure that all four DES blocks participate in every output bit. The purpose of the small substitutions is to prevent the (weak and known) mixing functions from being exploited to divide-and-conquer the DES operations. Small substitutions appear to be sufficient to isolate the mixing functions, because "known plaintext" is only available across the entire cipher, and not across the internal layers of the cipher. When known-plaintext is not available, and substitutions cannot be separated for divide-and-conquer, little substitutions can be surprisingly strong. In the 4x construct, we might lay all the strength on the four DES keys, which would imply a 224-bit value. On the other hand, an attack which is able to isolate one of the DES keys (perhaps as a consequence of 1x operation using the same state), would reduce this to 168 bits. Note that the substitutions must be keyed even if we discount their "strength." Strength Arguments by Attack Exhaustive Search: Try each key until the correct one is found. Preventing this now requires a keyspace substantially larger than 56 bits (or, with a computationally-expensive setup phase, perhaps a few bits less). It seems reasonable to claim that Fenced-DES has at least a 224-bit keyspace. Note that this is not four times the DES keyspace, but four times the key size, which is 2**168 times the conventional DES keyspace. Known-Plaintext/Defined Plaintext: Somehow "obtain" both the plaintext and the corresponding ciphertext for some large number of encipherings (under one key). This has many flavors: Codebook: Try to obtain all possible ciphertexts and associated plaintext; then, when a ciphertext occurs, look it up. This is normally prevented by having a large number of transformations, which implies both a large block size and a large keyspace. Fenced-DES has both. Codebook approaches can be combined with "divide-and-conquer" to isolate and define parts of some ciphers. Fenced-DES tries to avoid these attacks by not allowing the parts to be isolated and worked on separately. Meet-in-the-Middle: With a multi-layered structure, given known- or defined-plaintext, search the top keyspace to find every possible result, and search the bottom keyspace to find every possible value. With a two-level construct, matches can be verified with some subsequent known-plaintext/ciphertext pairs. Fenced-DES avoids this by using a three-level construction, and by using outer layers which have a huge "keyspace." Differential Cryptanalysis: Given a S-P iteration cipher with known tables, use any statistical unbalance in the tables to peer back into previous steps. Fenced-DES avoids this by having no fixed tables, by using only balanced full-substitution tables, and by using a fully-balanced block mixing transform to avoid "divide-and-conquer." Important Aspects of the Design First, the Fenced-DES construct is more like a Kam-Davida substitution-permutation (S-P) design [5] than the common iterated Feistel design [3] represented by DES itself. The block mixing transform is specifically intended to avoid the sort of weakness exploited by the recent Heys-Tavares attack [4] on S-P designs. Next, it seems that there is a fundamental weakness in any two- layer construct for some form of "meet in the middle" attack when we assume "defined-plaintext" capabilities. Fenced-DES has three independent layers to avoid such attacks. Conventional block-cipher designs generally use unkeyed static substitution tables which are selected for "optimum" performance. In contrast, Fenced-DES uses only key-generated tables, in which any table permutation is as good as any other, making selection unnecessary. (A shuffled substitution is very unlikely to be linear [2], but linearity is itself unimportant when it cannot be detected externally. The mid-level substitution--here DES--acts to hide any S-box linearity.) Conventional block-cipher designs are also very economical with state, using either small tables (e.g., the 256 bytes in eight 6-bit to 4-bit tables in DES), or no tables at all (e.g., IDEA). But 4x Fenced-DES uses 16K (bytes) of tables, all keyed. More conventional S-P designs tend to use the same block size at each substitution level, thus becoming vulnerable to Heys-Tavares attacks [4]. Fenced-DES differs from this approach by having a middle layer with a block size which is much larger than the outer layers (this is similar to a Kam-Davida "partition" [5: 749] but differs in that it is a single block). This should prevent those small substitutions associated with a single internal block from being separated and attacked individually. Other contemporary block-cipher designs generally use a 64-bit block size. This is much weaker than it was 20 years ago, when that size was selected for DES. To avoid birthday attacks on ciphertext, as well as unknown information-based attacks, 4x Fenced-DES has a nominal block size of 256 bits, although 8x or even 16x versions are both possible and practical. 2x and 1x versions can be used to cipher the last part of a message, thus reducing data expansion to that expected with DES alone. A fundamental difference is that conventional S-P designs perform only a bit-permutation (or "transposition") between substitution layers; this is a weakness in that an input bit to one layer is exactly the same as some output bit in the previous layer. Fenced-DES differs from other block-cipher designs in the use of a block mixing transform to make the input code to a middle-layer substitution (in this case, DES) a function of every substitution in the previous layer. This allows the external block size to be expanded while preventing substitutions in the middle layer from being separated and attacked individually. An interesting aspect of the Fenced-DES design is the possibility that assumed properties of DES--a cipher which has been studied and evaluated for almost 20 years--can be provably expanded into properties of the larger cipher. Summary A new type of cryptographic ciphering construct has been introduced which uses DES as a building block. The result seems to provide a larger block size and more strength than triple-DES (the leading alternative), while operating almost three times as fast. References [1] Agarwal, R. and C. Burrus. 1974. Fast Convolution Using Fermat Number Transforms with Applications to Digital Filtering. IEEE Transactions on Acoustics, Speech, and Signal Processing. ASSP-22(2): 87-97. [2] Ayob, F. 1982. Probabilistic completeness of substitution- permutation encryption. IEE Proceedings, Pt. E. 129(5): 195-199. [3] Feistel, H. 1973. Cryptography and Computer Privacy. Scientific American. 228(5): 15-23. [4] Heys, H. and S. Tavares. 1993. Cryptanalysis of Tree- Structured Substitution-Permutation Networks. Electronics Letters. 29(1): 40-41. [5] Kam, J. and G. Davida. 1979. Structured Design of Substitution-Permutation Encryption Networks. IEEE Transactions on Computers. C-28(10): 747-753. [6] Pollard, J. 1971. The Fast Fourier Transform in a Finite Field. Mathematics of Computation. 25(114): 365-374. [7] Rader, C. 1972. Discrete Convolutions via Mersenne Transforms. IEEE Transactions on Computers. C-21(12): 1269-1273. [8] Ritter, T. 1991. The Efficient Generation of Cryptographic Confusion Sequences. Cryptologia. 15(2): 81-139. [9] Ritter, T. 1990. Substitution Cipher with Pseudo-Random Shuffling: The Dynamic Substitution Combiner. Cryptologia. 14(4): 289-303. [10] Shannon, C. 1949. Communication Theory of Secrecy Systems. Bell System Technical Journal. 28: 656-715. --- Terry Ritter ritter at io.com From wcs at anchor.ho.att.com Sun Apr 17 20:49:36 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 17 Apr 94 20:49:36 PDT Subject: 'Nother MIT talk on crypto... Message-ID: <9404180348.AA14728@anchor.ho.att.com> Hal writes: > From: hughes at ah.com (Eric Hughes) > > Micali's "fair" cryptosystem is a much better key surrender system > > than Clipper, but it still allows non-intended recipients for a > > message. > > For this reason, I don't like it either. > "Abstract. We show how to construct public-key cryptosystems that are > _fair_, that is, strike a good balance, in a democratic country, > between the needs of the Government and those of the Citizens." > When I first heard of this so-called "Fair" (one of the most misused > words in political debate) system, my reaction was to snort in derision. But it's just putting us and the government on a _level playing field_, isn't it? That's all we're asking for! ... ... ... Yeah, right. Like tariffs backed by armed thugs. Don't know about democracies, but in a free country what the government needs is a good reminder of who's in charge of whom, since the citizens would be expected to know that already. And even in a democracy, if N-1 of the citizens decide that they want to know your key, they can decide to hire the rubber-hose guys after the fact if you don't cooperate. Bill Stewart, who just had to sign a purely voluntary form telling the government how much money they can have in the purely voluntary income tax system which gives the Democractically elected government the money they Democratically decide to spend. Or something like that. From wcs at anchor.ho.att.com Sun Apr 17 21:10:58 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 17 Apr 94 21:10:58 PDT Subject: rng, anyone? Message-ID: <9404180409.AA16376@anchor.ho.att.com> Eric et al write: > >> There is a problem with generating random numbers by repeated > >> iterations of a hash function when these numbers will be used to > >> simulate an encrypted message body. > >Try xoring the output with a secret value between MD5 hashes. > That'll work. Take the seed as the secret value, and take the first > hash as the first block. Or you can delete some bits from the MD5, or, since MD5 takes more input than it gives output, append a secret value to the MD5 before rehashing. From wcs at anchor.ho.att.com Sun Apr 17 21:14:26 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 17 Apr 94 21:14:26 PDT Subject: Laundering money through commodity futures Message-ID: <9404180413.AA16624@anchor.ho.att.com> Pat Farrell writes: > On the OP-Ed page of the WSJ a week ago thursday (page A14) is an article > that describes a way to make a $100,000 bribe look like extrodinary luck > in the cattle futures market. > [ shady broker registers both sides of the trade, gives the bribee > the winning side and the briber the losing side. ] Yeah. To somebody's comment > Slick my immediate reaction had been to add the word .... Willie! Bill From wcs at anchor.ho.att.com Sun Apr 17 21:17:39 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 17 Apr 94 21:17:39 PDT Subject: Clipper Comparisons for non-geeks Message-ID: <9404180416.AA16670@anchor.ho.att.com> > Well, one way I've described the clipper to a non-computer literate > person is to have them imagine a situation where the government > required that you gave them a copy of your housekey, and, if you > decided to get a safe-deposit-box, they would get a copy of that, too. Yep. And your car keys. And your bicycle lock. And the bag you deposit your store's money at the bank in. And of course, once non-Clipper crypto becomes illegal, if they can't find the escrow key for your car, they'll just confiscate it - after all, you were parking it on a public street. From tcmay at netcom.com Sun Apr 17 21:56:14 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 17 Apr 94 21:56:14 PDT Subject: Clipper Comparisons for non-geeks In-Reply-To: <9404180416.AA16670@anchor.ho.att.com> Message-ID: <199404180457.VAA16329@netcom12.netcom.com> > Yep. And your car keys. And your bicycle lock. And the bag you > deposit your store's money at the bank in. And of course, > once non-Clipper crypto becomes illegal, if they can't find the escrow > key for your car, they'll just confiscate it - after all, you were > parking it on a public street. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I was tempted to respond to Bill Stewart's point here with one of my typical spoof press releases, patterned after the Chicago Housing Authority (not the name of a band) door-to-door search for weapons. But, alas, I lack the energy tonight to craft such a post, and, besides, you'd all know immediately it was a fake. (Or would you?) The point Bill makes is a valid one. If the State is your landlord, and that (supposedly) gives the State the right to bypass normal Constitutional protections, then why does this same logic not apply (and why won't it be applied increasingly in the future) to frisks of those walking on public streets, driving on public roads, etc? (I know the Supremes have ruled on cases invoving search and seizure on buses, etc., so we're not in a vacuum here. My point is not a legalistic one, but one based on the Chicago case.) Speaking of landlords, when I was renting I certainly had no expectation that the landlord had any "rights" to invite the police in to inspect my place for guns, drugs, or other such "contraband." Was I mistaken? (I'm not saying a landlord can't enter the premises...it depends on the rental agreement. Most landlords give warning. Some may snoop. But I think letting in the cops, without a warrant, is still an illegal act. I could be wrong.) [A practical policy to head off the Chicago situation is this: Even if the State is the landlord, the role of the State as landlord and as Police should be kept separate. An even better policy, of course, is for the State to get out of the business of being a landlord!] With so much of our world increasingly being owned by the State (the consequence of a dollar being taxed many times in its life is that the State ends up controlling lots of land, lots of highways, facilities, military bases, courthouses, schools, etc. Eventually they may get it all.), this "we can frisk you because now you're on our turf" approach may put a de facto ending to the Bill of Rights. Unless it is stopped, of course. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From blancw at microsoft.com Sun Apr 17 22:25:36 1994 From: blancw at microsoft.com (Blanc Weber) Date: Sun, 17 Apr 94 22:25:36 PDT Subject: Warrentless Search Message-ID: <9404180426.AA28907@netmail2.microsoft.com> From: Jeff Davis Another facet of human nature one can trust is 75% of the population will follow a direct order without much question, given the person issuing the order appears to have the authority to do so. ...... It only takes a matter of seconds to organize a concerted team effort to aid the victim- because I am the responsible person. They are not accountable for their actions anymore in their minds, I am. This isn't civilization, it's gregarious herd instinct ;) ................................................. This isn't herd instinct; it's innocence & ignorance. If someone can recognize the situation for what it is and has knowledge of what is required, they will proceed to contribute according to their informed judgement. If they are not sufficiently familiar with the meaning of what they are facing, then they will be amenable to guidance or to the appearance of knowledgeable authority. If you seem to know what the right thing which needs to be done to correct a problematic situation, they will accept your commands; but if it is recognizable that you don't know what you are talking about or what is apropos, you will lose their following. Blanc From unicorn at access.digex.net Sun Apr 17 22:40:26 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 17 Apr 94 22:40:26 PDT Subject: Does the List Have a Political Ideology? Message-ID: <199404180540.AA26403@access3.digex.net> -> But discussing politics here is not at all banned--how could it be? Politics comes up a lot, including the Clipper debate and all the recent discussions. <- I couldn't, even by a stretch, make a case for the topic at hand and its connection to crypto. :) From mimir at illuminati.io.com Sun Apr 17 22:47:33 1994 From: mimir at illuminati.io.com (Al Billings) Date: Sun, 17 Apr 94 22:47:33 PDT Subject: Does the List Have a Political Ideology? In-Reply-To: <199404180118.SAA11504@mail.netcom.com> Message-ID: On Sun, 17 Apr 1994, Timothy C. May wrote: > Robin Hanson's "AltInst" list exists to discuss "alternative > institutions." "Libernet" is for the hard-core libertarians, though > most people I know can no longer stand to be on it. What is the subscription address for AltInst? -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Al Billings aka Grendel Grettisson | Internet: mimir at illuminati.io.com | | Nerd-Alberich - Lord of the Nerd-Alfar | Sysop of The Sacred Grove | | Admin for Troth, the Asatru E-mail List| (206)322-5450 | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From johns at macadam.mpce.mq.edu.au Mon Apr 18 00:33:46 1994 From: johns at macadam.mpce.mq.edu.au (John Savage) Date: Mon, 18 Apr 94 00:33:46 PDT Subject: Which remailers like to handle anon mail? Message-ID: <9404180731.AA19132@macadam.mpce.mq.edu.au> I have been trying to form a picture of the anonymous remailer services available to subscribers to USENET newsgroups. Here is the current list of mail-to-news gateways (obtained by executing finger remailer.list at chaos.bsu.edu): alt.test.usenet at decwrl.dec.com / yes, works for me alt.test at news.demon.co.uk / " " alt.test at news.cs.indiana.edu / " " alt-test at pws.bull.com X host unknown alt-test at ucbvax.berkeley.edu alt-test at cs.utexas.edu / works; discourages anon mail also, soda.berkeley.edu /works well I would appreciate a few details, if anyone can assist, please: Is pws.bull.com no longer in existence?, as I get "unknown host". Is this a list of all the public gateways that exist in the whole world??? Which of these sites welcomes anon mail for anon posting? Anyone know? (apart from soda) To cross-post to 2 newsgroups, I believe the standard method is: mail alt-test at cs.utexas.edu CC: misc-test at cs.utexas.edu So, can I cross post to a 3rd group by using BCC: misc-misc at cs.utexas.edu? And, does this mean that 3 groups is the upper limit for cross-posting? (I know soda has no upper limit, but I'm asking about the others.) There are plenty of Cypherpunks anonymous remailers available for the net to use, but it seems to me that they satisfy only one-half of the requirement -- we also need a number of obliging mail-to-news gateways if anonymous news is going to be a solid proposition. Awaiting your answers with great interest! - johns at macadam.mpce.mq.edu.au From albright at scf.usc.edu Mon Apr 18 00:49:55 1994 From: albright at scf.usc.edu (Julietta) Date: Mon, 18 Apr 94 00:49:55 PDT Subject: Terra Libre? In-Reply-To: <9404180138.AA16108@bilbo.suite.com> Message-ID: <199404180749.AAA25271@nunki.usc.edu> > > > > I recently received some junk mail from a group/company called Terra > Libre (I think that's their name). Anybody know anything about them. > >From their mailing it seems like they would be very interested in the > privacy technology this list promotes. > > > Jim_Miller at suite.com > > What did they have to say that related to privacy issues? (I'm getting curiouser and curiouser about these things!!) -- Julie - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Julie M. Albright "Passions elevate the soul to great things" Ph.D Student Department of Sociology University of Southern California albright at usc.edu * * * Fight Big Brother- Oppose Clipper * * * _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __ _ From albright at scf.usc.edu Mon Apr 18 01:26:48 1994 From: albright at scf.usc.edu (Julietta) Date: Mon, 18 Apr 94 01:26:48 PDT Subject: IRS vs. privacy In-Reply-To: <9404172342.AA18634@vail.tivoli.com> Message-ID: <199404180826.BAA26826@nunki.usc.edu> > > There was a neat piece on NPR Friday about why it's a bad idea > to evade filing Federal tax returns. Among the spine-tingling > techniques used to pinpoint tax cheats: > > * [This blew my socks off] The IRS has subscription data > for many national magazines. Thus, if they know you're > getting Time & Newsweek & Barron's and USNews but they > see no tax return, they nab you. hahah! Maybe this is another reason not to let Safeway get you in their database- I guess the IRS wouldn't quite believe you not filing a tax return if they were to see you buying bottles of Dom Perignon champagne!! Big Brother truly *is* watching you, I guess!! -- Julie - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Julie M. Albright "Passions elevate the soul to great things" Ph.D Student Department of Sociology University of Southern California albright at usc.edu * * * Fight Big Brother- Oppose Clipper * * _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __ Julie M. Albright "Passions elevate the soul to great things" Ph.D Student Department of Sociology University of Southern California albright at usc.edu * * * Fight Big Brother- Oppose Clipper * * * _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __ _ From albright at scf.usc.edu Mon Apr 18 01:33:50 1994 From: albright at scf.usc.edu (Julietta) Date: Mon, 18 Apr 94 01:33:50 PDT Subject: 'Nother MIT talk on crypto... In-Reply-To: <199404172045.AA04481@access3.digex.net> Message-ID: <199404180833.BAA26901@nunki.usc.edu> Peter writes: > I saw the talk Micali gave on his Fair Crypto systems at Crypto > 92. Someone asked him about governmental abuse and he said > (I approximate), "Well, you have to trust them. That's why > they're called trustees." > > ahahahahhaahahahah!!! --Julie - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Julie M. Albright "Passions elevate the soul to great things" Ph.D Student Department of Sociology University of Southern California albright at usc.edu * * * Fight Big Brother- Oppose Clipper * * _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ From rjc at gnu.ai.mit.edu Mon Apr 18 01:36:42 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Mon, 18 Apr 94 01:36:42 PDT Subject: Does the List Have a Political Ideology? In-Reply-To: <199404180118.SAA11504@mail.netcom.com> Message-ID: <9404180836.AA29915@geech.gnu.ai.mit.edu> Timothy C. May writes: > > Black Unicorn writes: > Unfortunately, there are few other forums for this kind of discussion. > The Extropians list used to have this kind of discussion, though it > was mixed in with all kinds of other stuff--and I hear that list > currently has 80 subscribers (Harry or Ray can tell us the facts), > which is about 12% of what Cypherpunks has, so the discussion universe > may be too small for comfort. Actually, we still have 340+ subscribers, but only 80 or so paid subscribers. I have delayed switching on the auto-deletion of people who haven't paid up because Tanya is still receiving checks and hasn't fully updated the list software database yet. If I did turn it on now, a lot of people who have sent their money in might get accidently deleted 'cause their account hasn't been updated yet. I prefer smaller lists anyway. The people who have paid are obviously more intererested in Extropianism than the free riders. This means that a) most of the subscribers are now participants/interested and not lurkers b) higher signal-to-noise Cypherpunks has a mucher larger distribition, but what percentage contributes to discussions? (this is not an attaack on cpunks) However, if 50% of cpunks were coding, a lot more would get done. Incidently Tim, since you left, the list volume has dropped off a lot. About 1/3 to 1/4 of its previous volume (about 3-10 messages a day vs 30-50) > A few other groups and mailing lists exist, also, but the problem is > that they're all "competing in the same memetic space." Most of the > groups are low-volume, so the discussions rarely take off. One of the reason the extropians list persists is that its memetric space has a high number of dimentions. Cryptography, politics, lifeextension, economics, math, space, physics, philosophy etc. If people are bored with math one week, they discuss philosophy the next. > So, Black Unicorn, where else will you find another group that has this mix > of folks, this combination of crypto expertise and political acumen? Dare I mention it? ;-) -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc at gnu.ai.mit.edu | politics is the implementation of faith. -- From frissell at panix.com Mon Apr 18 03:02:46 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 18 Apr 94 03:02:46 PDT Subject: IRS vs. privacy Message-ID: <199404181002.AA06504@panix.com> M >The IRS loves the current digital cash systems, such as ATM cards, M >because they let them spy on your bank account. :) M >digital-cash!=anonymous-transactions M > The existence of ATM networks gives the IRS no info that they didn't have in, say, 1965 except your physical movements if you use them a lot. If you used to cash or use a lot of checks in the past, they could "follow" you that way as well. What *does* give them (and everyone else) extra powers are the new "voice mail" account information systems that use the SS# as a PIN. Anyone can use those to spy on your account. As always, accounts not in your True Name or in another country are much harder to link to you. DCF In 1985, while he was dying of AIDS, Roy Cohen had almost $1.5 million in judgments against him -- half in favor of the IRS and half in favor of civilian creditors. Meanwhile, he lived in an Upper East Side townhouse, used a house in the Hamptons, and flew Concorde back and forth to Europe frequently. Being judgment proof means never having to say you're sorry. --- WinQwk 2.0b#1165 From perry at snark.imsi.com Mon Apr 18 04:14:02 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 18 Apr 94 04:14:02 PDT Subject: Laundering money through commodity futures In-Reply-To: <9404160625.AA00695@toad.com> Message-ID: <9404181111.AA03079@snark.imsi.com> gnu at toad.com says: > I wonder if anonymous digital cash will really consist of shares in > frozen orange juice futures... [quotes article from Risks] The article in Risks was largely bullshit. In the real world, you can't predict futures prices well enough to do what he proposed. The person who wrote it has obviously heard rumors but never got enough details and never figured it out on his own. He's obviously never actually thought about the real problem -- in practice you can never predict which ticket will win -- if you could you'd become a billionare in the futures markets. The way people tend to do this sort of thing in reality is that they find a friendly broker who'll write a pair of tickets and then switch them if necessary. In practice, this is traceable if anyone investigates. This used to be a trick often practiced to move money into a tax-deferred retirement account -- one would write two tickets, and take the loss against one's personal account and the gain against one's personal pension fund. This scheme was also used to defer capital gains near a year end by creating an offsetting loss -- write two tickets, sell the loser (so you can claim the loss) and then wait to sell the winner for a few weeks until the New Year has come. The IRS finally caught on and people stopped doing it. Coincidently, this sort of scheme was at its height in the late '70s -- precisely the time it was used by Tyson to bribe Hillary Clinton. Perry From werner at mc.ab.com Mon Apr 18 06:12:46 1994 From: werner at mc.ab.com (tim werner) Date: Mon, 18 Apr 94 06:12:46 PDT Subject: Laundering money through commodity futures Message-ID: <199404181312.JAA12251@sparcserver.mc.ab.com> >Date: Sun, 17 Apr 1994 19:37:02 -0700 (PDT) >From: Sandy Sandfort >On Sun, 17 Apr 1994, Eric Hughes wrote: > >> . . . [quotes from another poster] >> You still need infinite pockets with transaction costs of zero. >> . . . [blah, blah, blah] > >Almost everyone posting on this subject keeps forgetting that this isn't >an exercise in probablity theory. I believe Eric's point was a little off, anyway. The bank at Monte Carlo was broken using exactly the method which he was attempting to discredit. A man went to the casino with several suitcases full of money and proceeded to play roulette using the progressive betting strategy. Eventually he broke the bank. That's when casinos started imposing house limits on the tables. I don't think this story is apocryphal. With no house limit, I think it is far more likely that someone with *lots* of money will break the bank than it is that, say, 'red' will come up 30 times in a row. I don't think the commodity exchanges have the same sort of limits set up. Not that they can't change the rules on you in mid-stream. Remember what happened to Bunky Hunt? tw p.s.: Kids, don't try this scheme at the casino. With house limits, progressive betting strategies are just systems for giving money to the casino. From werner at mc.ab.com Mon Apr 18 06:28:48 1994 From: werner at mc.ab.com (tim werner) Date: Mon, 18 Apr 94 06:28:48 PDT Subject: Clipper Comparisons for non-geeks Message-ID: <199404181328.JAA12317@sparcserver.mc.ab.com> >From: tcmay at netcom.com (Timothy C. May) >Date: Sun, 17 Apr 1994 21:57:23 -0700 (PDT) >Speaking of landlords, when I was renting I certainly had no >expectation that the landlord had any "rights" to invite the police in >to inspect my place for guns, drugs, or other such "contraband." Was I >mistaken? (I'm not saying a landlord can't enter the premises...it >depends on the rental agreement. Most landlords give warning. Some may >snoop. But I think letting in the cops, without a warrant, is still an >illegal act. I could be wrong.) In Ohio, they have to give 24 hrs notice before coming in, unless they smell smoke or gas, or there is some other clear evidence of an emergency situation. Not sure about what they can do if they come in because of an emergency and find you practicing unsafe sex, or something. >With so much of our world increasingly being owned by the State (the >consequence of a dollar being taxed many times in its life is that the >State ends up controlling lots of land, lots of highways, facilities, >military bases, courthouses, schools, etc. Eventually they may get it >all.), this "we can frisk you because now you're on our turf" approach >may put a de facto ending to the Bill of Rights. I'm not too worried about protection from the state in this case. That's what the Bill of Rights is about, and I'm certain these warrantless searches will fail any Constitutionality test precisely because the property is government owned. The scary thing has been our general erosion of a right to privacy from private enterprise. For instance, most big companies now routinely make urinating in a jar a requirement for employment. It's much easier for a private entity to get away with something like that than for the government. tw From perry at snark.imsi.com Mon Apr 18 07:06:03 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 18 Apr 94 07:06:03 PDT Subject: Laundering money through commodity futures In-Reply-To: <199404181312.JAA12251@sparcserver.mc.ab.com> Message-ID: <9404181401.AA03320@snark.imsi.com> tim werner says: > I believe Eric's point was a little off, anyway. The bank at Monte Carlo > was broken using exactly the method which he was attempting to discredit. > > A man went to the casino with several suitcases full of money and proceeded > to play roulette using the progressive betting strategy. Eventually he > broke the bank. That's when casinos started imposing house limits on the > tables. I don't think this story is apocryphal. In that case, please provide the time, place, and location -- also provide references to original sources so that we can look it up ourselves. Anyone who believes martingales work is invited to try simulating them by computer. You will find that they aren't effective. > I don't think the commodity exchanges have the same sort of limits set up. You don't know anything about the commodities market, then. There are limits on how large a contract position you can hold, and they are there specifically to prevent attempts at market corners. Perry From SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil Mon Apr 18 07:19:31 1994 From: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil (SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil) Date: Mon, 18 Apr 94 07:19:31 PDT Subject: Sgt Russell Message-ID: <9404181419.AA11944@toad.com> Sea06 does not fund the USMC. That is merely the gateway that I use out at Fallbrook Naval Weapons Station. I am funded by MARCORSYCOM out of Quantico. I work at MCTSSA on Camp Pendleton. I hope this helps to inform you. Sgt Darren Harlow - Computer Security MCTSSA, Camp Pendleton Internet: harlow%isb%mctssa at nwsfallbrook3.nwac.sea06.navy.mil or another slower and less reliable: harlow at mqg1.usmc.mil "The views expressed are my own, and always will be..." From iann at ntl.com Mon Apr 18 07:30:37 1994 From: iann at ntl.com (Ian Robert Nandhra) Date: Mon, 18 Apr 94 07:30:37 PDT Subject: Cypher software on CD Message-ID: <199404181338.OAA20175@ntl.com> Hi, Does anyone nkow a source of Cyper/Crypto software, documentation etc on CD-ROM?? Thanks! Ian From jims at Central.KeyWest.MPGN.COM Mon Apr 18 07:30:44 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell - KD4CKQ) Date: Mon, 18 Apr 94 07:30:44 PDT Subject: Warrantless searches -- A sign of things to come? In-Reply-To: <940417163514.20221886@SCSUD.CTSTATEU.EDU> Message-ID: <9404181430.AA22279@Central.KeyWest.MPGN.COM> Slightly reformatted, but the content is faithfully reproduced: > > On Sun, 17 Apr 94 13:39:39 > paul at hawksbill.sprintmrn.com (Paul Ferguson) wrote: > > >A Page 1 story in The Washington Post Sunday (94.04.17) reads, ... [warrantless searches of housing project] ... > Anyway, the point is, these people aren't safe in their own homes. Then the cops need to sting/watch these guys until they catch them committing these felonies and throw them in jail, not invade the privacy of a citizen cuz they think it's right. If the cops were watching that neighborhood then the child couldn't have been sniped without the shooter getting bagged. It is a poorly chosen solution to the police force's inability to do their job well due to fear and/or underfunding. > Slightly related is the fact that I live on my school's campus in the > residence halls. If the resident advisors feel there is probable cause for > something and decides to do a room search, I can do nothing about it ... > BUT NO WARRANT WAS SERVED! Does that mean I can get the ACLU up the school's > ass? If the school says they can do that because I pay to live on their > property, then why can't the CHA do what they want? Ah, but you see, you moved into the dorm (and signed a paper) saying you would follow the school's rules. These rules included uncool search and seizure and are allowed since you are not in a home... it's similar to a hotel's right to do room service when you're out at the pool. The people of CHA didn't forfeit the right to being secure in their homes. (Apartments count as a home) They moved in with no such waivers. Therefore they are afforded the same rights as a person with a house or living in an apartment owned by, say you. They may fall under tenant / landlord laws, but they are very protective of the tenant. EX: Unless there is imminent damage to the place (broken water pipe or such) then the landlord must give 2 days notice to do an inspection or pest control or whatever he thinks he needs in there for. Take care Jim -- Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com Key West, FL 33041 CIS: 71061,1027 (305) 293-8100 "We keep coding and coding and coding..." From julf at penet.fi Mon Apr 18 07:31:32 1994 From: julf at penet.fi (Johan Helsingius) Date: Mon, 18 Apr 94 07:31:32 PDT Subject: Autentication gadgets Message-ID: <199404181430.AA28278@milou.eunet.fi> I remember seeing some discussion about the security gadgets people from Bell Labs, amonst others, used for logging in from remote sites. It was a simple credit-card-calculator-like challenge-response device. Any pointers? Julf From hughes at ah.com Mon Apr 18 07:46:55 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 18 Apr 94 07:46:55 PDT Subject: Laundering money through commodity futures In-Reply-To: <199404181312.JAA12251@sparcserver.mc.ab.com> Message-ID: <9404181439.AA01188@ah.com> >I believe Eric's point was a little off, anyway. The bank at Monte Carlo >was broken using exactly the method which he was attempting to discredit. I was talking about a mathematical model only. The model doesn't apply to rigged trades or to two players, both with finite resources. If you have as much money as the bank, you can break the bank. Eric From jims at Central.KeyWest.MPGN.COM Mon Apr 18 08:18:02 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell - KD4CKQ) Date: Mon, 18 Apr 94 08:18:02 PDT Subject: CHA housing mess Message-ID: <9404181517.AA23701@Central.KeyWest.MPGN.COM> > > Speaking of landlords, when I was renting I certainly had no > expectation that the landlord had any "rights" to invite the police in > to inspect my place for guns, drugs, or other such "contraband." Was I > mistaken? (I'm not saying a landlord can't enter the premises...it > depends on the rental agreement. Most landlords give warning. Some may > snoop. But I think letting in the cops, without a warrant, is still an > illegal act. I could be wrong.) I can speak only for Kentucky law, but of that I speak firsthanded. If a landlord knows you are dealing drugs, he can call the cops. The police have no extra rights and they must treat it as if the tenant owns the place. They can't say "We're here to look around cuz the owner says we can". This applies to any crime. In KY, rental agreements for apartments (Not for dorms at schools) do not give the landlord any extra "search" rights. Even if the lease says you can go in at will the laws of the state require 2 days written notice unless the property is in imminent danger of being damaged (fire, water leaks, etc...) Also, if the cops come to the landlord and say "Jobob is suspected of having drugs, we want to go in... where's the key" without a warrant the landlord is prohibited from letting them in. Only with the tenant's permission or a warrant is a landlord legally allowed to permit access to an apartment. Disclaimer: Again, this is KY law and your mileage may vary in other states. Also, I am not a lawyer (of course) but this information is taken from VERY close relationship with the apartment renting business (and not just reading my lease and assuming from there.) For what it's worth ... Jim -- Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com Key West, FL 33041 CIS: 71061,1027 (305) 293-8100 "We keep coding and coding and coding..." From smb at research.att.com Mon Apr 18 08:19:55 1994 From: smb at research.att.com (smb at research.att.com) Date: Mon, 18 Apr 94 08:19:55 PDT Subject: Autentication gadgets Message-ID: <9404181519.AA13102@toad.com> I remember seeing some discussion about the security gadgets people from Bell Labs, amonst others, used for logging in from remote sites. It was a s imple credit-card-calculator-like challenge-response device. Any pointers? Sure... We use either an AT&T smart card or the Digital Pathways Securenet Key. We started using the latter because they don't sell (expensive) host software, so they'll disclose the information you need to roll your own host end software. A list of some other authenticator vendors can be found in ftp://ftp.cert.org/pub/cert_advisories/CA-94:01.ongoing.network.monitoring.attacks Btw -- the comment in there about the Securenet Key not being exportable from the U.S. is wrong, even though it does use DES. It's an authentication device not readily usable for secrecy, so our beloved government has deigned to permit its sale to furriners. From julf at penet.fi Mon Apr 18 08:25:23 1994 From: julf at penet.fi (Johan Helsingius) Date: Mon, 18 Apr 94 08:25:23 PDT Subject: Autentication gadgets In-Reply-To: <9404181519.AA13102@toad.com> Message-ID: <199404181524.AA00340@milou.eunet.fi> > Any pointers? > > Sure... Thanks! Julf From sandfort at crl.com Mon Apr 18 08:29:54 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 18 Apr 94 08:29:54 PDT Subject: Clipper Comparisons for non-geeks In-Reply-To: <199404180457.VAA16329@netcom12.netcom.com> Message-ID: C'punks, On Sun, 17 Apr 1994, Timothy C. May wrote: > . . . Speaking of landlords . . . > But I think letting in the cops, without a warrant, is still an > illegal act. I could be wrong.) Happens all the time. As long as the landlord's entry is legal, so is the cops'. > . . . > With so much of our world increasingly being owned by the State . . . > this "we can frisk you because now you're on our turf" approach > may put a de facto ending to the Bill of Rights. Reminds me of when I used to ride public transit through the Presidio, a military reservation in San Francisco. As the bus entered the Presidio, I would usually say to whomever I was sitting with, "you are now leaving the United States." When the expressed puzzlement, I would point out a sign that said something like: You are now entering a military reservation. You are subject to search at the discretion of military authority. Now be advised, the bus just passed through the Presidio from one section of "Free San Francisco" to another. Apparently though, the Constitution ended at the gate for everyone--including those in transit. S a n d y From sandfort at crl.com Mon Apr 18 08:43:42 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 18 Apr 94 08:43:42 PDT Subject: Laundering money through commodity futures In-Reply-To: <199404181312.JAA12251@sparcserver.mc.ab.com> Message-ID: C'punks, On Mon, 18 Apr 1994, tim werner wrote: > . . . > I believe Eric's point was a little off, anyway. The bank at Monte Carlo > was broken using exactly the method which he was attempting to discredit. > > A man went to the casino with several suitcases full of money and proceeded > to play roulette using the progressive betting strategy. Eventually he > broke the bank. That's when casinos started imposing house limits on the > tables. I don't think this story is apocryphal. Actually, I think it is. In all casinos that I've heard about, the "bank" is just an amount that each game is allowed to lose in a given period of time. If roulette table #1 has a bank of $10,000 and it loses more than that amount, the bettor has "broken" the bank. Whoopdeedoo. Great for casino publicity, but not that big a deal for the casino in the overall scheme of things. It is exactly stories like the one you repeat that keep the rubes coming back to the tables. S a n d y From werner at mc.ab.com Mon Apr 18 08:54:20 1994 From: werner at mc.ab.com (tim werner) Date: Mon, 18 Apr 94 08:54:20 PDT Subject: Laundering money through commodity futures Message-ID: <199404181554.LAA13178@sparcserver.mc.ab.com> >Date: Mon, 18 Apr 1994 10:01:52 -0400 >From: "Perry E. Metzger" >tim werner says: >> A man went to the casino with several suitcases full of money and proceeded >> to play roulette using the progressive betting strategy. Eventually he >> broke the bank. That's when casinos started imposing house limits on the >> tables. I don't think this story is apocryphal. > >In that case, please provide the time, place, and location -- also >provide references to original sources so that we can look it up >ourselves. I took a probability class in the early '70s. The prof explained the progressive betting system and told us the Monte Carlo story. As I recall, it took place in the late 1700s. That's all I can remember, except that he made it clear the system was not guaranteed to work even with no house limit unless you have unlimited funds. Just that someone actually did break the bank at Monte Carlo. I have used the system twice and won both times. The second time I almost got burned when red came up 6 times in a row. On the 7th time I had $320 riding on black and it came up black. My profit on the 7 spins: $5. I was only 1 spin away from the house limit. If it had come up red, I could have bet $640 on black one more time, but that would have been the end. The limit was $1250. I almost switched the $320 to red. After that experience I decided to do some analysis of the system, and finally managed to convince myself of something that I should have known all along: the house limits are set so that you will lose the same amount of money in the long run if you bet progressively as you will if you just bet $5 on black each time. Next time I get to a library I will see if I can find out anything else about it, if you are really interested. >> I don't think the commodity exchanges have the same sort of limits set up. > >You don't know anything about the commodities market, then. That's not entirely true. I do know that the commodities market is another place where you can lose a lot of money real quick. :) Actually, when I said 'the same sort of limits', what I meant was limits that are specifically designed to ensure that you will lose eventually, like they have at casinos. For instance, the house limit at a casino is generally such that you can only double your bet 7 times (e.g., $1250 limit on a $5 table, or $500 limit at a $2 table). Is the same sort of low limit placed on commodities trades? tw From perry at snark.imsi.com Mon Apr 18 08:58:35 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 18 Apr 94 08:58:35 PDT Subject: Laundering money through commodity futures In-Reply-To: <199404181554.LAA13178@sparcserver.mc.ab.com> Message-ID: <9404181558.AA03574@snark.imsi.com> tim werner says: > >In that case, please provide the time, place, and location -- also > >provide references to original sources so that we can look it up > >ourselves. > > I took a probability class in the early '70s. The prof explained the > progressive betting system and told us the Monte Carlo story. As I recall, > it took place in the late 1700s. That's all I can remember, Urban Legend time, anyone? Sorry, Tim, but this really doesn't cut it. In any case, I defy you to actually demonstrate that you can successfully launder any significant amount of money with the scheme you have described. Perry From joshua at cae.retix.com Mon Apr 18 09:07:00 1994 From: joshua at cae.retix.com (joshua geller) Date: Mon, 18 Apr 94 09:07:00 PDT Subject: Laundering money through commodity futures Message-ID: <199404181606.JAA01108@sleepy.retix.com> > C'punks, > On Mon, 18 Apr 1994, tim werner wrote: > > I believe Eric's point was a little off, anyway. The bank at Monte Carlo > > was broken using exactly the method which he was attempting to discredit. > > > > A man went to the casino with several suitcases full of money and proceeded > > to play roulette using the progressive betting strategy. Eventually he > > broke the bank. That's when casinos started imposing house limits on the > > tables. I don't think this story is apocryphal. > Actually, I think it is. In all casinos that I've heard about, the "bank" > is just an amount that each game is allowed to lose in a given period of > time. If roulette table #1 has a bank of $10,000 and it loses more than > that amount, the bettor has "broken" the bank. Whoopdeedoo. Great for > casino publicity, but not that big a deal for the casino in the overall > scheme of things. It is exactly stories like the one you repeat that > keep the rubes coming back to the tables. there was a popular song in the (1910's? 1920's?) called 'the man who broke the bank at monte carlo' and I do recall reading (in a book of sports records of all places) that this was based on the exploits of a real guy (the reason the tale appeared in a book of sports records was because of the level of endurance the guy showed; he stayed at the table 18 - 24 hours a day while he was gambling). I don't recall any of the particulars, or how much he took from the casino (and was it roulette or baccarat?), or even his name but I am pretty sure this was a true story. josh From rarachel at prism.poly.edu Mon Apr 18 09:14:03 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Mon, 18 Apr 94 09:14:03 PDT Subject: State=Landlord In-Reply-To: <199404180457.VAA16329@netcom12.netcom.com> Message-ID: <9404181558.AA13360@prism.poly.edu> Whoa! Since when is the state your landlord? Wait a second, when the settlers moved out west, didn't they own the land they claimed, or did the state reserve the right to reclaim it from them? (I know that they can take away whatever they want from you, by force or otherwise, but where is it written that they explicitly have the right to invade your property without a warrant?) From perry at snark.imsi.com Mon Apr 18 09:26:17 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 18 Apr 94 09:26:17 PDT Subject: Laundering money through commodity futures In-Reply-To: <199404181606.JAA01108@sleepy.retix.com> Message-ID: <9404181625.AA03639@snark.imsi.com> joshua geller says: > there was a popular song in the (1910's? 1920's?) called 'the man who > broke the bank at monte carlo' and I do recall reading (in a book of > sports records of all places) that this was based on the exploits of a > real guy (the reason the tale appeared in a book of sports records was > because of the level of endurance the guy showed; he stayed at the table > 18 - 24 hours a day while he was gambling). I don't recall any of the > particulars, or how much he took from the casino (and was it roulette or > baccarat?), or even his name but I am pretty sure this was a true story. Short of actual references, this remains an urban legend. Even if demonstrated, it doesn't necessarily mean anything about the practical application of doubling and similar strategies. Perry From mg5n+ at andrew.cmu.edu Mon Apr 18 09:28:09 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Mon, 18 Apr 94 09:28:09 PDT Subject: Mail-to-usenet (was: Which remailers like to handle anon mail?) In-Reply-To: <9404180731.AA19132@macadam.mpce.mq.edu.au> Message-ID: Well, here's my updated list: group.name at news.demon.co.uk group.name at news.cs.indiana.edu group.name at bull.com group.name at cass.ma02.bull.com group.name at undergrad.math.uwaterloo.ca group.name at magnus.acs.ohio-state.edu group.name at ccs.uwo.ca group.name at julian.uwo.ca group.name.usenet at decwrl.dec.com I took out cs.utexas.edu; I've had a lot of trouble with that one losing posts. They don't bounce, and they don't get posted, they just disappear. After reading a lot of posts on alt.test, I found the ones listed above. If you know of any more, send me mail! Also, you can use charm.magnus.ohio-state.edu, beauty.magnus, top, bottom... they're quarks! uwo.ca by itself doesn't work, you must use ccs or julian. > alt-test at ucbvax.berkeley.edu > soda.berkeley.edu /works well I don't know about these, unless you meant Eric/Sameer's remailer. From sameer at soda.berkeley.edu Mon Apr 18 09:40:23 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Mon, 18 Apr 94 09:40:23 PDT Subject: Mail-to-usenet (was: Which remailers like to handle anon mail?) In-Reply-To: Message-ID: <199404181640.JAA05426@soda.berkeley.edu> > > alt-test at ucbvax.berkeley.edu > > soda.berkeley.edu /works well > > I don't know about these, unless you meant Eric/Sameer's remailer. I don't think ucbvax is a mail->news gateway anymore. remailer at soda.berkeley.edu works, yes. From gtoal at an-teallach.com Mon Apr 18 10:24:12 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 18 Apr 94 10:24:12 PDT Subject: Laundering money through commodity futures Message-ID: <199404181723.SAA07785@an-teallach.com> : > there was a popular song in the (1910's? 1920's?) called 'the man who : > broke the bank at monte carlo' and I do recall reading (in a book of : Short of actual references, this remains an urban legend. Even if : demonstrated, it doesn't necessarily mean anything about the practical : application of doubling and similar strategies. I have a reference to that somewhere, but I'll save us all the bother of looking it up. The song was based on a guy (I think he was an engineer) who noticed a slight imbalance on one of the wheels, giving him a minor advantage which he parlayed up by long and boring repetitive bets on numbers at that side of the wheel. It wasn't a Martingale system. G From rishab at dxm.ernet.in Mon Apr 18 10:27:06 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Mon, 18 Apr 94 10:27:06 PDT Subject: Clipper self-defeating, and voice PGP Message-ID: the LA Times article: "As long as there is a thriving market in commercial cryptography, CLipper is unlikely to be a threat to our privacy or our criminals." Ummm... Isn't the whole govt strategy to flood the market with orders for Clipper, ensuring that due to the economies of scale, any "thriving market" will be for Skipjack? Besides, while the Clipper proposal may not say anything about banning other crypto, DT-2 would force any common carriers wanting to provide 'secure,' encrypted lines as a value addition to use Clipper, or otherwise "ensure the government agency's ability to acquire the plaintext..." True, Clipper even if passed, will probably backfire on the govt, as the public debate it has instigated has done more to raise awareness of other methods (PGP...) and of crypto in general, then we might have been able to do without this provocation. Average citizen-units are likely to stick to plaintext (which is fine - they have none of the false sense of security of Clipper users). Many people, who would like to keep their communications private but never thought of encryption before, may well end up using non-Clipper devices due to the publicity for these due, ironically, to Clipper. However, the government may insist that contractors and others who deal with it use 'standard' encryption, at least for communication with the government; presumably hoping that the substantial number of such organizations will not bother to spend more for alternative encryption for non-governmental use. Free, PC-based voice encryption (voice-PGP etc) may be one way to counter Clipper, though 'ordinary people' would definitely prefer transparently secure phones. Voice-PGP would, of course, have the same patent problems within the US as PGP itself. As an aside, a quick check showed that vanilla PGP encrypts high-entropy files at over 20k/sec (on my 486/33 with many things in the background, excluding key-ring lookup time). As even a Codex FAST transmits high-entropy data (such as encoded speech, or PGP output) at only 2.4 kbytes/sec, and voice can be squeezed into about 1k/sec, PGP code, as it is at the present, is easily fast enough to cope with real-time conversation. The descriptions of voice-crypto that I've seen so far attempt to multiplex voice into a (digital) datastream over a modem. Is anyone working on something more general, that produces an *analog* encrypted audio stream? As voice encryption takes an input that is originally analog, if it were to output analog noise, one could build dictaphone-like gadgets to talk through into even a Clipperphone, in the event that all instrument manufacturers were "suitably incentivized" to use only the Clipper chip. -------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA -------------------------------------------------------------------------------- From rishab at dxm.ernet.in Mon Apr 18 10:27:09 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Mon, 18 Apr 94 10:27:09 PDT Subject: Autobombs - use and misuse Message-ID: rarachel at prism.poly.edu (Arsen Ray Arachelian): > I found this on comp-privacy. Maybe we can use a scheme like this one to send > anti-clipper information over the net... Does toad.com have a usenet news > feed? If so, maybe we can have a program written that scans for keywords > and mails the author of the message some info about cypherpunks and clipper > and digital telespying 2. > > [.....] > > We could also have this program autobomb different articles based on different > keywords. It would be a good idea to also keep a list of names of those who We'll soon start using agents, knowbots et al to look for info of our interest. Autobombers can act as useful 'reverse agents,' that find info that we ought to be interested in, determined from our postings. Very useful, if done in a way that doesn't irritate. However, Paul's description (below) of rtfm keeping track of posters is scary. It's like subscription lists; if I let the Economist give my name to whoever, I might get some interesting info; I might also be junk-bombed, and 'kept track of.' Also: > From: "Paul W. Robinson" > > [description of rtfm autobomber elided] > > > > This sort of practice could be prostituted into to all sorts of > > interesting political correctness tactics by having automated programs > > that watch for comments someone doesn't like and mailing the writer > > complaints. I can imagine a 'Detweiler bomb.' It scans for all occurrences of 'anonymity,' 'remailers,' 'Tim May,' 'reputations,' 'fraud,' and responds with long essays on pseudospoofing and child pornography. Let's see: 'reputations' - 'conspiracies by Them'; 'remailers' - 'that Roman torture thing'; 'Tim May' - 'is really Hal Finney (or was it Nick Szabo?)'; and so on... Using a different anon address (we don't mind using remailers to 'demonstrate their misuse') each time, with an expert system to recreate the original Detweiler writing style. (When not ranting against cypherpunks, LD seems to do quite a bit of useful work; the very detailed anon, privacy and whistle- blowing faqs, or the Net resource list for writers.) Thankfully, it's not *too* hard to build firewall agents to keep junk out. -------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at doe.ernet.in, rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA -------------------------------------------------------------------------------- From juola at bruno.cs.colorado.edu Mon Apr 18 10:27:29 1994 From: juola at bruno.cs.colorado.edu (juola at bruno.cs.colorado.edu) Date: Mon, 18 Apr 94 10:27:29 PDT Subject: Laundering money through commodity futures Message-ID: <199404181727.LAA00320@bruno.cs.colorado.edu> joshua geller says: > there was a popular song in the (1910's? 1920's?) called 'the man who > broke the bank at monte carlo' and I do recall reading (in a book of > sports records of all places) that this was based on the exploits of a > real guy (the reason the tale appeared in a book of sports records was > because of the level of endurance the guy showed; he stayed at the table > 18 - 24 hours a day while he was gambling). I don't recall any of the > particulars, or how much he took from the casino (and was it roulette or > baccarat?), or even his name but I am pretty sure this was a true story. perry metzger responds: Short of actual references, this remains an urban legend. Even if demonstrated, it doesn't necessarily mean anything about the practical application of doubling and similar strategies. Even if someone could come up with references, that *still* doesn't mean much, since it's a probabilistic argument. Like buying lottery tickets -- *someone* has to win, but that doesn't mean that it's reliable enough to use for any practical purpose. Think of it this way. Assume that every year, there are 10,000 people worldwide who visit a casino with the intention of trying to break the bank via a Martingale scheme, and they all play even-money bets. Every year, just fewer than ten of them should manage to win ten successive even-money bets, and earn approximately 1000 times their initial bet. Every hundred years, then, someone should manage to win twenty successive bets and win a million times her stake, and break the bank, and get her picture in all the record books, and everyone can cite her. But that's literally a one-in-a-million chance. Hardly what *I*'d call sound financial planning.... - kitten From pcw at access.digex.net Mon Apr 18 10:50:23 1994 From: pcw at access.digex.net (Peter Wayner) Date: Mon, 18 Apr 94 10:50:23 PDT Subject: Dirty Laundry... Message-ID: <199404181750.AA25465@access3.digex.net> First, forget about thinking like a mathematician, a gambler playing or an upstanding citizen of Wall Street. You are some guy A who wants to move money to some guy B and you want to do it in as untraceable a way as possible. The old standbys, gold and gems, are fine, but they are hard to move safely. Strange business contracts are okay, but they demand some sort of front operation which takes time and money to run effectively. So you turn to the futures market for the first try. Lets say you want to move n dollars. Luckily, both A and B have enough cash and borrowed funds on hand to sustain a loss of up to (2^i)n dollars. Let i=4 for the rest of this example, i.e. 16n dollars of loss reserves. In 15 out 16 times, the progressive doubling system will work. The transaction will be close to untraceable. The only way that anyone would be able to prove that the transaction occured would be if they could assemble both trading records and then match the trades. This can be shielded very effectively by trading in different countries with different exchanges and relying on arbitrageurs to keep the markets in line. In 1 out of the 16 tries, things will go wrong. You might say they would go badly wrong if your a nervous criminal B who is afraid that A is going to screw him. Now you need to get 16 n dollars. But in reality, A and B are back where they were before futures markets were invented. They just need to move 16 times more money. You take a bigger truck to haul the gold. You do some trades with Van Goghs and Rembrants instead of Cassats or Sisleys. In general, many of the transaction costs for security and other stuff are pretty fixed. I like Eric's art example. Just remember that auction houses like Southeby's try to take 10% commissions, but they can be negotiated to be much lower for expensive works. So, if your going to do this, choose i to suit your cash/risks profile. If you have more cash available, then you have a better chance of success. But hey, that's life. I would guess that many corporations are using similar systems to move profits around amount their subsidiaries. One corporate financial officer once bragged to me that he moved a huge amount of cash(~500 milllion) out of a Latin American country to avoid taxes down there. He didn't say how he did it, but I would guess he used a similar system. Notice that both Proctor and Gamble and Dell computers have recently sustained large losses in the futures markets. Maybe they're gambling, maybe they're funnelling money someplace. Who knows? Conspiracy buffs might take notice of the fact that Bobby Inman is on the board of Dell Computers. The WSJ article on the losses at P&G said that corporate treasurers are being pressed to become "profit" centers. I find this hard to believe. Most CEO's are smart enough to know that 1) they're not in the futures gambling business and 2) the futures gambling business is nowhere near as solid as selling soap when you control a large fraction of the market. As further evidence of weirdness, I offer the fact that P&G knew the trade was going bad, but kept the position after many gamblers would have cut their losses. Maybe someone was asleep at the wheel? Maybe something was going on? Who knows. That's the beauty of the system. From tcmay at netcom.com Mon Apr 18 10:54:07 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 18 Apr 94 10:54:07 PDT Subject: Clipper Comparisons for non-geeks In-Reply-To: <199404181328.JAA12317@sparcserver.mc.ab.com> Message-ID: <199404181754.KAA09615@mail.netcom.com> Tim Werner writes: > The scary thing has been our general erosion of a right to privacy from > private enterprise. For instance, most big companies now routinely make > urinating in a jar a requirement for employment. It's much easier for a > private entity to get away with something like that than for the government. Some misplacing of blame here. Don't forget that it is the "War on Drugs," the requirements for getting govenment contracts ("a drug-free workplace"), and even the civil liability laws (where a corporation gets sued into the ground if drugs are involved...), etc., that are causing the current hysteria. I know a lot of heads of companies (sometimes I think I'm the only person who worked in Technology Development at Intel in the 1970s who didn't end up the President of a company!) and their attitude on drug use is that they don't want to be bothered with what their employees (or themselves :-}) do on their own time! But their lawyers tell them the government, the "Drug Czar," and the legal system are making it necessary to implement a "drug and smoking and abusive-language free environment." Corporations left to themselves have little interest in testing for previous drug use....obvious inebriation is another matter. (Being drunk on the job is a firable offense at most companies...but I can recall more than one departmental lunch" at Intel where too much wine and beer was consumed and we returned to work mostly drunk, with our department head standing at the door, passing out dimes for the coffee machine and shaking his head in amusement.) Corporations exist to make money, for the most part. A few are run for ideological reasons, which may involve attempts to snoop or to regulate the off-hours behavior of employees. The response of those concerned should be to _leave_. A fair response. What's so bad about government-corporate ties is that the same crummy policy is then enforced everywhere, and there's no "leaving." --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From cort at ecn.purdue.edu Mon Apr 18 11:25:23 1994 From: cort at ecn.purdue.edu (cort) Date: Mon, 18 Apr 94 11:25:23 PDT Subject: Autobombs - use and misuse In-Reply-To: Message-ID: <199404181824.NAA21097@en.ecn.purdue.edu> [stuff deleted] > I can imagine a 'Detweiler bomb.' It scans for all occurrences of 'anonymity,' > 'remailers,' 'Tim May,' 'reputations,' 'fraud,' and responds with long essays on > pseudospoofing and child pornography. Let's see: 'reputations' - 'conspiracies > by Them'; 'remailers' - 'that Roman torture thing'; 'Tim May' - 'is really Hal > Finney (or was it Nick Szabo?)'; and so on... > Using a different anon address (we don't mind using remailers to 'demonstrate > their misuse') each time, with an expert system to recreate the original > Detweiler writing style. (When not ranting against cypherpunks, LD seems to > do quite a bit of useful work; the very detailed anon, privacy and whistle- > blowing faqs, or the Net resource list for writers.) > [stuff deleted] This reminds me of the "dialect" text filters for LaTeX/groff. I remember late, late one night in my undergrad days in the basement computer room of Purdue EE playing with "valspeak" (valley girl talk) and "brospeak" (jive talk). Most humorous were the highly technical report files after being passed through valspeak.... "....the results of the quantum electro dynamic experiments were, like, gag me with a spoon, unexpected, my Mom, like makes me do the dishes...." I laughed 'til I cried after running the document through valspeak AND THEN through brospeak... "QED Mo-Fo, gag-me!" Seriously though, I am unfamiliar with the technicalities behind *speak, but could guess some sort of substitution table. Is there an expert out there? How tough would it be to make: - detspeak - detweil (cat QED.tex | detweil | mail cypherpunks) !! - weilerize Next we could capture our other prominent personalities! - tcmayspeak (Didn't tmp already try this!?) The filter for Bruce S. could insert typos!! ;) Cort. From matsb at sos.sll.se Mon Apr 18 11:25:54 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Mon, 18 Apr 94 11:25:54 PDT Subject: Laundering money through commodity futures In-Reply-To: <199404180148.SAA13372@mail.netcom.com> Message-ID: On Sun, 17 Apr 1994, Timothy C. May wrote: > The same article mentioned that bribes were often paid to people by > selling them artworks at "artificially low" prices. (The notion that > there is some "true" or "market" price for thinly-traded things like > paintings is at issue here. Many opportunities for tax evasion, money > laundering, and bribes. And not much the government can do about it.) Some 3 years ago the Swedish legislation made it taxable to profit from a private buy-sell art transaction (above a certain profit-percentage, around 50). Art prices fell to 0.25 but that included the general recession of the time (that has not yet recovered, art is still bad business - or a buyers market). See how easy it was to launder money in the 80's: buy a piece of cheap art - 'give' your dirty money to an 'art collector' who then buys it from you at an inflated price and just stores it - who is to tell the value of art? - and the 'collector' is of course a fall-guy with his office in his pockets and no permanent address (except the racing track). Funny, even now I always see a lot of art dealers at the tracks...(trotting is the big thing over here). Buying a winning coupon is still very safe. For a $10000-range one you pay an extra 10%, for bigger ones 5%. //mb From perry at snark.imsi.com Mon Apr 18 12:16:10 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 18 Apr 94 12:16:10 PDT Subject: Dirty Laundry... In-Reply-To: <199404181750.AA25465@access3.digex.net> Message-ID: <9404181915.AA03763@snark.imsi.com> Peter Wayner says: > In 15 out 16 times, the progressive doubling system will work. No, it will not. I invite Mr. Wayner to produce a single demonstration of this system working. A suitable test should be easy to set up. > Notice that both Proctor and Gamble and Dell computers have recently > sustained large losses in the futures markets. Maybe they're gambling, > maybe they're funnelling money someplace. Who knows? Given the sums involved, if the firms wished to launder money in this manner they would not resort to silly martingale schemes but would just bribe a broker to swap tickets. They could not possibly have managed to "double the bet" often enough not to go broke. However, in both cases, I am sufficiently familiar with the events to very seriously doubt that any profits laundering was taking place at all. Perry From talon57 at well.sf.ca.us Mon Apr 18 12:23:38 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Mon, 18 Apr 94 12:23:38 PDT Subject: authentication cards Message-ID: <199404181923.MAA22913@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- I use Secure ID's from security dynamics, and have found them very effective. Security Dynamics One Alewife Center Cambridge, MA 02140-2312 USA phone (617)547-7820 fax (617)354-8836 My account exec is Wayne A Nelson, tell him I sent Ya' Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbLdjtCcBnAsu2t1AQGeywP/Wugl3vZsPNiarfMN8m/ezM/w1MzL9Gx9 yj3A/7EFG0xth3Icb9NEg6V5IHiRttbzgvW8+ZJorT1mG4t6Tih87NhOIrePHhZ+ J9l5/0yvvh3RXB/vPTcqz3ZlkR3C3BRHhqGTcZ+iqmr6ufM/II7j0yfRQWA217D1 Ob2/L27lTlQ= =+o0z -----END PGP SIGNATURE----- From mg5n+ea1e6llvoz70pb6bweqlrmyla4udd80xgn0a0saq03 at andrew.cmu.edu Mon Apr 18 12:24:38 1994 From: mg5n+ea1e6llvoz70pb6bweqlrmyla4udd80xgn0a0saq03 at andrew.cmu.edu (Anonymous) Date: Mon, 18 Apr 94 12:24:38 PDT Subject: Dolphin Encrypt Message-ID: > Real? "Anonymous" here reveals that he has not been keeping up with > the literature. DE was examined critically by Prof. Cipher Deavours > in the October 1993 issue of Cryptologia, who (after studying the C > source code for the encryption algorithm) wrote: "The diffusion Is what you are saying, Mr. Davidson, that "Prof. Cipher Deavours" is sufficient critical examination? This argument boils down to "well, we had this one group look and it and they couldn't break it, therefore, it is secure." > For all we know Eric himself posted that "anonymous" message, so he > could quote him out of context. As I recall, Anonymous seemed to have > (deliberately?) misunderstood the part about the statistical test (and > Eric agrees with him). This is not Eric Hughes. What did I misunderstand about the statistical test? I read about a weak system versus a 2000 byte file, and Dolphin Encrypt versus a 60000 byte file. No description of what the files were was evident. If the authors have such high cryptographic skills, then perhaps they can show the results of differential cryptanalysis (or linear cryptanalysis, etc.) on Dolphin Encrypt, rather than some completely bogus statistical test like the one displayed. From fnerd at smds.com Mon Apr 18 12:30:34 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 18 Apr 94 12:30:34 PDT Subject: FBI Cost-Benefit Message-ID: <9404181855.AA25893@smds.com> Dave Banisar forwards something aparently from CPSR- > Ever since it first proposed "Digital Telephony" legislation in > 1992, the Federal Bureau of Investigation has claimed that > wiretapping enables law enforcement agencies to prevent billions > of dollars in economic loss. Wonder what the value is of the right of everyone to conduct their business as they see fit, and the value of safety from government peeping, and what figures I should cite to justify them. Not to undercut the point, just needed some air. There should be a catalog, maybe a science, of slippery slopes. -fnerd quote me - - - - - - - - - - - - - - - hah. i can do that with my eyes tied behind my hands. -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil Mon Apr 18 12:37:15 1994 From: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil (SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil) Date: Mon, 18 Apr 94 12:37:15 PDT Subject: BEST Inc. Message-ID: <9404181937.AA16438@toad.com> -----BEGIN PGP SIGNED MESSAGE----- I was in a BEST store yesterday, and attempted to pay by check. They asked for ID to verify the check and when I handed them my military ID, they asked for my driver's license instead. I gave them my driver's license and they used it and the magnetic strip on the back of it to verify my check. I noticed on their computer screen that it had all of my info, as in birthdate, address, driver's license number, the routing number for the bank I am with, and my checking account number. They also have notices up that say they index everything by your phone number. I asked them what they were using all of this information for, and they said for their marketing purposes. I was so ticked off that I took back the check, went to an ATM, pulled out cash, and went back and purchased the item with cash. I had to buy the item there, because nowhere else in the local area did they have the item. Just something to keep in mind. Sgt Darren Harlow - Computer Security MCTSSA, Camp Pendleton, USMC Internet: harlow%isb%mctssa at nwsfallbrook3.nwac.sea06.navy.mil Voice: Comm: (619) 725-2970 DSN (Autovon): 365-2970 Fax: Comm: (619) 725-9512 DSN (Autovon): 365-9512 "The views expressed are my own, and always will be..." -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbK2ZGNyHMOkIY2tAQH8rgP/dIC69wxXqdwFpnytRugV3UE/SqRgbQtZ Ufs58S+fs0baETNVD++Q5Dei17bdj4Qt0Mfewy5aXeP3p9+sZ25j3JSDmB07C6g3 6IHaWW0qqpeFsQuzhEb3zmVYizD/DLgTwle+Odc493+8gKHHy0YjAPV52SAVFb5+ o0vS0d99XZs= =bWBg -----END PGP SIGNATURE----- From pcw at access.digex.net Mon Apr 18 12:39:05 1994 From: pcw at access.digex.net (Peter Wayner) Date: Mon, 18 Apr 94 12:39:05 PDT Subject: Dirty Laundry... Message-ID: <199404181938.AA02158@access3.digex.net> >> Notice that both Proctor and Gamble and Dell computers have recently >> sustained large losses in the futures markets. Maybe they're gambling, >> maybe they're funnelling money someplace. Who knows? >Given the sums involved, if the firms wished to launder money in this >manner they would not resort to silly martingale schemes but would >just bribe a broker to swap tickets. They could not possibly have >managed to "double the bet" often enough not to go broke. However, in >both cases, I am sufficiently familiar with the events to very >seriously doubt that any profits laundering was taking place at all. I think you misunderstand what I suggested might possibly have been happening. If a potential launderer guesses the market correctly, then they don't close out their position. They just let it keep losing money because they know that they're piling it up elsewhere. There is no need to do any doubling. Someone else has pointed out a large company in Chile recently lost a small fortune on financial trades. They placed bets on the market and didn't cut their losses. Another potential excursion into hypothetical guessing might suggest that the reason the losses were so big is that they _were_ trying to launder a much smaller amount and they found themselves forced to keep doubling. But, again: who knows? Don't get me wrong. Bribing a broker to swap tickets is an okay system, but it may leave too great a paper trail as the recent news has shown us. From talon57 at well.sf.ca.us Mon Apr 18 12:40:05 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Mon, 18 Apr 94 12:40:05 PDT Subject: warrantless searches Message-ID: <199404181939.MAA02958@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- As a lifetime Chicago resident, let me add my $.02 The CHA projects are a Liberal idea gone bad...People confused solid architectural fact (large buildings can be more cost efficent) with bad social policy. (these people could effectivly solve their own problems, and could live together in effective comunities) The idea of sweeps will never work, they'd have to do it a couple of times a day. I don't even need to go into the unconstitutionality of the whole process. The whole thing boils down to trying to use a simple solution to solve a complex problem, which works for politicians, but no one else. Besides, Handguns are illegal in Chicago, and have been for more than a decade....... Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbLg6tCcBnAsu2t1AQHcwAQAhnr0ipDpj9w66CrnBaSVrjddgYOGDFRe 9vKQeHc4vx3GAKqw5ED7eVwzIO9NwItVZg/OzVvZi3IfZ3zVtCG9gSTalrQI1ZK2 e46lYK5hQi93cj3lh5CPGS5nn0GH6AviZs5BVoWk3kjd2J+KdH6F0YlWhwo+WRVa XsVymZkGps0= =QUH4 -----END PGP SIGNATURE----- From m5 at vail.tivoli.com Mon Apr 18 12:50:14 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 18 Apr 94 12:50:14 PDT Subject: Dolphin Encrypt In-Reply-To: Message-ID: <9404181949.AA23570@vail.tivoli.com> Anonymous writes: > This argument boils down to "well, we had this one group look and > it and they couldn't break it, therefore, it is secure." Hmm... Where have I heard this before? Oh well, it can't have been for any serious encryption system, like something from the government. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From perry at snark.imsi.com Mon Apr 18 12:50:40 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 18 Apr 94 12:50:40 PDT Subject: Dirty Laundry... In-Reply-To: <199404181938.AA02158@access3.digex.net> Message-ID: <9404181950.AA03832@snark.imsi.com> Peter Wayner says: > I think you misunderstand what I suggested might possibly have > been happening. If a potential launderer guesses the market correctly, > then they don't close out their position. They just let it keep > losing money because they know that they're piling it up elsewhere. I see that you have no idea of how futures prices move. What makes you so sure a position isn't going to reverse itself? What makes you think that it will necessarily follow a trend? Ever do any statistical analysis on futures prices? You will find that they do not move in an obvious or predictable manner. A price that drops in the morning might suddenly reverse itself on a dime at noon and rise until one only to plunge again to the close. Some unusual people do pretty well with trading, but the vast majority of people do not. > Someone else has pointed out a large company in Chile recently lost > a small fortune on financial trades. They placed bets on the market > and didn't cut their losses. Actually, you have the wrong country and the wrong situation, but lets ignore that. Rather than hypothesizing, allow me to suggest that you actually demonstrate your money laundering prowess in a live demonstration. Perry From an3747 at anon.penet.fi Mon Apr 18 13:07:52 1994 From: an3747 at anon.penet.fi (an3747 at anon.penet.fi) Date: Mon, 18 Apr 94 13:07:52 PDT Subject: Safeway + Your Privacy Message-ID: <9404181931.AA27868@anon.penet.fi> In <0097D140.1B631720.2317 at Leif.ucs.mun.ca> Bill Garland wrote: > Hey, we have already inadvertently given great power to a centralized > government. We - many of us - well, some of us, well, er, I'm sure > at least Tim May and myself, are just trying to get some of it back, > and not to give them any more. No, you must be thinking of someone else. Tim May acts to _strengthen_ government. Why, just the other day he boasted about _voting_ for them: In Message-Id: <199404140800.BAA23572 at mail.netcom.com> he wrote "Understand that I actually _voted_ [in a government election]... " Voting in their elections is right up there with petitioning them or accepting money from them as their justification for being. When they're challenged, they need only point to these constituencies. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From unicorn at access.digex.net Mon Apr 18 13:09:24 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 18 Apr 94 13:09:24 PDT Subject: Warrantless searches -- A sign of things to come? Message-ID: <199404182009.AA03915@access3.digex.net> > BUT NO WARRANT WAS SERVED! Does that mean I can get the ACLU up the school's > ass? If the school says they can do that because I pay to live on their > property, then why can't the CHA do what they want? Ah, but you see, you moved into the dorm (and signed a paper) saying you would follow the school's rules. These rules included uncool search and seizure and are allowed since you are not in a home... it's similar to a hotel's right to do room service when you're out at the pool. <- What your talking about is the difference between a lease and a license. Dorm "agreements" generally avoid the terms of art that make an agreement a lease. This is one of the reasons that they are called "Housing agreements." The fact that you do not have a leasehold on the property is one of the legal catches to allow your constitutional rights against search and seizure to be avoided. In fact many of the protections that are afforded leaseholders are denied those who merely have a "license." Such is NOT the case with the majority of government based housing. You cannot SIGN AWAY your rights in most cases. The exceptions are numerous, but a clause in a lease that says "the owner may search and seize whatever he likes" is hardly one of them. -uni- (Dark) From pcw at access.digex.net Mon Apr 18 13:20:56 1994 From: pcw at access.digex.net (Peter Wayner) Date: Mon, 18 Apr 94 13:20:56 PDT Subject: Dirty Laundry... Message-ID: <199404182020.AA04865@access3.digex.net> I'm perfectly willing to do a "live" demonstration of money laundering using the futures markets. In your last private letter, you suggested that we use real money. I see no reason to do for two reasons: 1) Commission costs and other fees are prohibitive for the small amount of money that I have. Plus, why would I want to spend all that money just to prove a point to you? 2) I see no reason to go out and borrow money for what is essentially an academic exercise. This is a game for the rich. If you've only got to move $10,000 then cash and Fed Ex is fine. So you are welcome to add all of the margin requirements and stuff and we'll work it out on paper. (I'll even sweat a bit for real, if you want.) Make out a list of the transaction costs and margin requirements and I'll come up with a target sum to transfer. Then we can figure out the risk strategy to pursue. The only problems I can see in doing this well is finding a source of futures prices. I don't have a live feed and I don't have the time in my day to sit on a terminal waiting for the right moment.(I've wasted enough on this argument.) Closing prices are okay, but they are not as efficient as using all of the noise in the market during the day. Oh, I wanted to point out one other fact about swapping tickets: It's illegal. But it is not clear that it is illegal to just place bets on both sides of the market. From juola at bruno.cs.colorado.edu Mon Apr 18 13:23:50 1994 From: juola at bruno.cs.colorado.edu (juola at bruno.cs.colorado.edu) Date: Mon, 18 Apr 94 13:23:50 PDT Subject: Dirty Laundry... Message-ID: <199404182023.OAA07105@bruno.cs.colorado.edu> Peter Wayner says: > In 15 out 16 times, the progressive doubling system will work. No, it will not. I invite Mr. Wayner to produce a single demonstration of this system working. A suitable test should be easy to set up. Should be no trouble at all; I would do it myself except that I'm trying to write a dissertation. In the interest of "fairness," I suggest the following (without looking at the numbers). Most major newspapers, including the WSJ, list the prices of various sorts of futures. I suggest someone simply check the closing prices of a half dozen futures (gold, silver, oil, wheat, corn, and pick two at your convenience) on the 1st of January, 1993. Flip a coin for whether person A or person B does the buying of $10,000 worth of futures, then recheck the price on 1 Feb. If B makes $500 or more, assume the laundering has worked -- if not, double the investment and recheck on 1 Mar. If the Martingale scheme works, at least 5 out of the 6 should have successfully transferred the money by 1 Dec.... - kitten From rees at cs.bu.edu Mon Apr 18 14:01:55 1994 From: rees at cs.bu.edu (David Rees) Date: Mon, 18 Apr 94 14:01:55 PDT Subject: Roulette Message-ID: <199404182101.RAA05759@csa.bu.edu> The Eudaemonic Pie by Thomas A. Bass (Houghton Mifflin Company, Boston, 1985), in chapter 6, discusses the various systems used in beating roulette. It gives the names and dates of people who have beaten the system through the use of martingales, biased wheels, and computers. An interesting book, highly recommended that you check it out. -Dave From unicorn at access.digex.net Mon Apr 18 14:05:24 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 18 Apr 94 14:05:24 PDT Subject: warrantless searches Message-ID: <199404182105.AA08193@access3.digex.net> The idea of sweeps will never work, they'd have to do it a couple of times a day. I don't even need to go into the unconstitutionality of the whole process. The whole thing boils down to trying to use a simple solution to solve a complex problem, which works for politicians, but no one else. Besides, Handguns are illegal in Chicago, and have been for more than a decade....... <- Well not exactly. It is illegal to possess an unlicensed handgun in Chicago, and Chicago has not issued any new licenses in a decade. An account from a friend of mine went something like this. He had a workshop on the near west side and kept a .32 inside with him. The .32 was obviously unlicensed. Long and short, he ended up at "Gun Court." The process went something like this: If the defendant's skin color was lighter than the tan wall, a small fine ($100) was imposed. Other defendants were given hefty fines and some jail time. Note that the first category was never asked about past records, the second were always asked about past records. The point is this: Even if sweeps work, they won't "Work." Even the judges don't seem to think that getting gun holders off the street is a cure. Or they don't care one way or the other. I do agree that this is just Bayer for cancer. I grow tired of bearing the burden of some flunkies ideas of social engineering. Like I said before. If it's an emergency, declare one and suspend the constitution. Otherwise, come up with a real solution. It's amazing to me that administrations can lop all the low income housing into large poorly built high rises and then complain that crime is too excessive. -uni- (Dark) From perry at snark.imsi.com Mon Apr 18 14:12:21 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 18 Apr 94 14:12:21 PDT Subject: Dirty Laundry... In-Reply-To: <199404182020.AA04865@access3.digex.net> Message-ID: <9404182112.AA04248@snark.imsi.com> Peter Wayner says: > I'm perfectly willing to do a "live" demonstration of money laundering > using the futures markets. In your last private letter, you suggested > that we use real money. I see no reason to do for two reasons: > > 1) Commission costs and other fees are prohibitive for the small > amount of money that I have. Plus, why would I want to spend all that > money just to prove a point to you? Several hours ago I offered in private mail to conduct a bet with you in a jurisdiction that permits such bets -- I suggested that $10,000 might make it worth your while. > 2) I see no reason to go out and borrow money for what is essentially > an academic exercise. This is a game for the rich. If you've only got > to move $10,000 then cash and Fed Ex is fine. Well, the return on the bet would be quite handsome -- IF YOU ARE RIGHT. (I believe one can make such bets in England -- anyone know for sure?) Given that laundering, say, $50,000 successfully would cost almost nothing other than interest costs IF YOU ARE RIGHT, the return of $10,000 on your interest costs IF YOU ARE RIGHT would be extremely nice -- on the order of thousands of percent. IF YOU ARE RIGHT, of course. > The only problems I can see in doing this well is finding a source of > futures prices. I assure you that will be the least of your problems. You can get prices all day long from most brokers, and if you knew anything at all about the futures market (you must, since you've said so much about it thus far) you'd know that you can set orders with your broker to be triggered off by a particular price being crossed. You needn't watch the market all day long. > Oh, I wanted to point out one other fact about swapping tickets: It's > illegal. But it is not clear that it is illegal to just place bets > on both sides of the market. Thats fine, but you can't successfully launder money using your technique so its not suprising that its legal. Perry From CCGARY at MIZZOU1.missouri.edu Mon Apr 18 15:01:59 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Mon, 18 Apr 94 15:01:59 PDT Subject: Science frauds Message-ID: <9404182201.AA18534@toad.com> Gun control is people control. The war on drugs is the war on citizens. Kill the Clipper (anti-privacy) chip. The following article appeared in the April 18, 1994 edition of THE SPOTLIGHT newspaper. The article is by Paul V. Sheridan. (Paul Sheridan is president of Dr. Detroit Motorsports in Detroit, Michigan. His articles have appeared in numerous periodicals.) The SPOTLIGHT is a weekly mail order newspaper. Their subscription address: THE SPOTLIGHT 300 Independence Ave. SE Washington, D.C. 20003 current (4/17/94) trial subscription $19.94 for 30 weeks. Since I have just sort or grabbed one of their whole articles, I should be "nice" & do a free advertisement for them. ******* BEGIN ************ DANGER FROM SPRAY CANS & AIR CONDITIONERS A HOAX? "Nature is full of the unknown. In the United States a remarkable discovery was made. Waterside mud contains bacteria that breaks down CFC's; products not found in nature. Such discoveries should humble us. But yet there are people so sure of their knowledge of nature, they make all sorts of predictions. They're like high priests of arrogance; only concerned with money, fame and power." Prologue to the European film: Fair Skin - Stay In If a contest were held to award the most scientifically baseless, politically oppressive, morally bankrupt, economically destructive environmental farce, the hands-down winner would be the banning of chloroflurocarbons (CFCs, such as freon). Whenever a major action is being dictated, especially at the national level, you should ask yourself, "Who benefits?" If your answer includes arrogant "scientists," trendy politicians & faceless corporate bureau- crats, you can safely assume that scandal is not far behind. Obviously these do-gooders will proclaim that you are going to benefit because they are doing you a big favor; one you don't remember requesting. If you're starting to feel queasy, good. INCREDIBLE When I began studying the theory that CFCs were affecting the ozone layer, I found less & less, not more, credibility. What I did find how- ever is that people who will make money on this scandal support it, & choose to deny or ignore the facts. This trend continues at an accel- erating pace. We have already been programmed to assume that the so-called replace- ments will cost 10 times as much as CFCs. We have seen CFC costs jump from 50 cents per pound to $10 per pound or more as supplies are pur- posely diminished. We are about to scrap billions of dollars in un- amortized CFC-based equipment, & spend billions more on equipment dedicated to the new refrigerants since they are not compatible. Auto- motive customers have experienced their "repair" bill jump from $25 to $1,000 as retrofits become the only way to retain air conditioning. A similar scenario will begin to emerge for home & office air-condit- ioning systems. A review by SPOTLIGHT readers should include the following questions: * The Rowland/Molina theory seeks to convince you that chlorine from CFCs is responsible for "destruction of the ozone layer." If this is true, why did Mother Nature evolve oceans that emit an average of 600 million tons per year: 80,000 times the chlorine theoretically supplied by CFCs? What about volcanoes such as Mount Erebus, which emits an average of 1,000 tons of chlorine each day? When Mount Pinatubo re- cently erupted, 10 million tons of chlorine were ejected. Chlorine from this planet's 6,500 volcanoes has been deposited directly into the strat osphere for billions of years. Why weren't natural sources even men- tioned in the theory? Do natural sources of chlorine deplete Nobel Prizes? * Why are the major chemical companies pushing for a ban of CFCs? What is the status of the international patent rights to CFC pro- duction? Is it merely a coincidence that the scheduled ban of CFCs coincides with the expiration of the patents? Is it coincidence that the companies that are shoving this ban down your throat are the very same companies that hold the "approved" patents? Is there any correlation between the business plans of selected chemical companies, & the sub- sequent emergence & widespread media promotion of this theory? * Gordon Dobson, the father of atmospheric science, discovered seasonal fluctuation of the Antarctic ozone layer in 1956 (long before the more recent alarms raised by the supposed discovery of this phenom- enon in the 1980's). Why is this natural phenomenon never discussed? Why is the implication given that CFCs were not widely used when Dobson made his historic observations? What is the significance of the Scandinavian claim that their research on ozone layer fluctuations dates back to 1925, when CFCs had not yet been invented? * If the ozone layer is being "depleted," why has the ultraviolet ra- diation reaching the Earth's surface been declining for the last 50 years? * Why the Tazieff Resolution? Why would hundreds of respected scient- tists sign a document that states that the CFC/ozone layer issue is a fraud? Why is this resolution avoided like the plague by the American news media & the EPA? Why is the Tazieff resolution hidden from the American public? * Why did Vice President Al Gore fire William Happer? Dr. Happer, of the Department of Energy, was pursuing a scientific review of avail- able data. He was also proposing more accurate instrumentation to ensure credible conclusions. Did Happer mistakenly assume that his job was science as opposed to trendy politics? What does this incident indicate about the ethical stature of the present administration? Has Gore decided that the scientific method should be replaced by political correctness? * Dr. Sherwood Rowland, the co-inventor of this global warming theory, has been openly accused of scientific fraud by members of the American Association for the Advancement of Science (AAAS). Why has the AAAS concealed these accusations & the resultant petition to review his part- icipation in Ozonegate? INVESTIGATION NEEDED * Why was H.R. 291 introduced? This legislation calls for a complete investigation of Ozonegate & will probably result in criminal proceed- ings. Why haven't our friends in the news media told you about H.R. 291? * The original design criteria for refrigerant chemicals was that it be durable, non-flammable, non-corrosive & non-toxic. After 20 years of development & testing, & more than 40 years of use, CFCs have completely proven themselves. By stark contrast, R-134, the replacement material, is flimsy, explosive, corrosive & downright poisonous. Recognizing that they themselves will not be routinely exposed to this unproven chemical, what criteria did the EPA use to pronounce from their ivory towers that R-134 was "acceptable?" If this new family of chemicals is "acceptable" why did Germany recently ban R-123 due to its toxicity? I called the EPA (202-233-9155) & requested their human toxicity studies on R-134. Under the Toxic Substance Control Act, the EPA is required to release these findings. They flatly refused my requests. The important issue for SPOTLIGHT readers is the health risk imposed on our automotive technicians who will unknowingly be exposed to a substance that is at least 100 times more carcinogenic than the CFCs they replace. The general public will also be exposed to these dangerous chemicals in their cars, home air conditioners & refrigerators. The EPA desper- ately does not want you to know the details contained in the toxicity studies. The 15th century Europeans were told of sea monsters at the edge of a flat earth. In truth, the market share of silks & spices enjoyed by the major traders were being threatened by the smaller mariners. Similar to the lies told when the earth was flat, Americans are being told that "The ship has sailed...it's too late." That money-making ploy did not work for the greedy merchant houses of the 15th century, & SPOTLIGHT readers need to ensure that Ozonegate doesn't work today. An excellent start is to write to your congress- person & demand that they support H.R. 291. ****** END *************** Well fellow Cypherpunks, what do we make of this? Many of us had thought that we had gone plenty far by being anarchists or minarchists. Apparently that is not far enough in order to oppose those that push us around & lie to us. This article implies that we must also be anti mass media & largely anti large corporation as well. In the matter of corporations we must at least be dubious of their intentions & truth- fulness. This article also serves as a model of big corporate, mass media, & state collusion in the victimization of their people. If the article is true, then how can the mass media be anything but corrupt? Another possibility arises: Do we have a science & technology that in a number of crucial areas is controlled as well? Are large cor- porations withholding science & tech from us? There have been rumors for years that the oil corporations buy up patents & small innovative companies to keep competing technologies off the market. I find a number of clues that this is true: ----------------------------------------------------------------- 1. The internal combustion engine. This type engine has been with us for more than 50 years - much elaborated on & refined but basically the same turkey. I believe that it is still approx. 25% efficient. Correct me if I'm wrong. Its deficiencies are legendary. This is 1994, why do we still have this primitive? There is talk that we now have cheap, efficient hydrogen generating processes. And if I'm correct, we can now safely store hydrogen as an iron titanium hydride. That could enable the use of engines with virtually nothing but water & energy as its products. 2. Electrical storage. Our storage technology for electricity seems to be primitive. 3. The Sun gives us an astronomical amount of free energy but we are still mostly inept at capturing it. 4.Fifteen years or so ago, there was a high budget program funded by the Federal govt. for large corporations to find a cheap way to get petroleum products without petroleum. This was at the time of the Arab oil embargo & was considered of great importance. Hadn't anyone ever heard of the FISCHER-TROPSCH reaction. We have lots of coal! Excerpt follows: from the book, ORGANIC CHEMISTRY, by K. Peter C. Vollhardt University of California, Berkeley. Published by W. H. Freeman & Company. "Another catalytic reaction of synthesis gas that furnishes alcohols, but only as by-products, is the cobalt- or iron-mediated formation of hydrocarbons usable as fuels & oils. This reaction was discovered at about the turn of the century & developed in Germany beginning in the 1920s. Its application enabled that country to supply its energy (part- icularly gasoline) needs from coal during the 2nd World War, when its supply of petroleum was virtually shut off. The process is known as the FISCHER-TROPSCH reaction: Co or Fe,pressure, 200-350C n CO + (2n +1) H2 _____________________________> CnH2n+2 + n H2O At the height of production, in 1943, more than 500,000 tons of hydro- carbon & other products (gasoline, diesel fuel, oils, waxes, & deter- gents) were made in Germany by this process. Currently(1987), South Africa is the only country that satisfies a substantial amount of its fuel needs by use of the Fischer-Tropsch reaction." Synthesis gas (a mixture of CO & H2) is produced by a cheap, simple industrial process from the gasification of coal in the presence of water. 5. The medical industry. Cancer rates are going up in spite of gigantic amounts of money spent on research. We run into one health calamity after another. The FDA is busy trying to outlaw alternative health methods & currently have laws against free speech on health claims even when backed up by research. The FDA only wants health speech that it has certified. Incidentally, remember Tryptophan - a naturally occurring amino acid that was was good for many things including insomina & jangeled nerves. After the Tryptophan scare, Trytophan was outlawed by the FDA. This in spite of the fact that it was proved that ONE Japanese company had produced ONE bad batch of Tryptophan & that was THE SINGLE CULPRIT in the "tryptophan sickness". The reason that tryto- phan was pulled off the market was that it was TOO GOOD at doing what wa claimed for it & too safe. It was cutting into the pharmaceutical companies sales of dangerous drugs that competed with it. Serious alternative health enthusiasts are aware of many other state atrocities involving non-medical health methods. Nothing succeeds like failure! - At least for a government protected monopoly. The medical/pharmaceutical industry continues to receive a higher percentage of the U.S. national product. My diagnosis: the condition of the medical/pharmaceutical industry improves; the patients are failing. ----------------------------------------------------------------- We who oppose the oppressive state must be alert for attacks from other quarters. The state is aided & abetted by a corrupt & lying mass media. At times the people are duped by large corporations acting in concert with the state & the mass media. Caution & independence must be used against several quarters simultaneously. This is an outrage! It reminds me of the old Soviet Union in which only a few percentage points of the people were in the Communist Party & therefore most of the population did not expect decent treatment or the truth. It is also remindful of the Feudal system in which a small minority ruled & took while the majority were exploited. Of course, there were explanations why this cruel structure was right. In the U.S., the population is proud of its freedom & its knowledge while being terribly politically ignorant. Are we that far removed from the old Soviet Union & the Feudal rule? Are the American masses both lied to & exploited systematically as the masses have been for thousands of years. It seems to me that in the U.S., the masses have gotten a much easier life due to some technological innovations & that the RULE BY LIE has gotten so much more sophisticated. In justice to the American political founders, I concede that for approximately the first 120 years the American masses enjoyed remarkable freedom. However, for the last 90 years the control thugs have been slowly re-capturing us. We have given away our lost power by giving away our responsibility. We have believed that the big dogs have gotten to where they are by being better than we, by being smarter, & by working harder. We also have a weakness with gullibility. We have a difficult time believing that a high status person could consistly & often lie to us. Possibly, that is a kind of genetic weakness of the masses: inability to disbelieve high status people. I do not wish to leave us without hope. We now have the INTERNET! - A people's mass media where everything does not pass though a crooked chokepoint. We now may easily & quickly exchange news with people all over the world. We also have public key cryptography! This guarantees our ability to conduct conversations all over the world & be as private as we wanna be! Records & private writings may be kept in effectively unbreakable strong cryptography. With these tools we may be able to break the yoke of the state & its collaborating establishment. Cypherpunk, Gary Jeffers PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKKK! BBBEEEAAATTTT STATE! Interested in getting strong cryptography packages for free? Interested in putting your math, cryptography, or computer programming skills to use in writing a technology to free the world from its oppressors? Contact Cypherpunks at toad.com. From ph at netcom.com Mon Apr 18 15:55:25 1994 From: ph at netcom.com (Peter Hendrickson) Date: Mon, 18 Apr 94 15:55:25 PDT Subject: Dirty Laundry... In-Reply-To: <9404182112.AA04248@snark.imsi.com> Message-ID: <199404182256.PAA23399@mail.netcom.com> > Peter Wayner says: >> I'm perfectly willing to do a "live" demonstration of money laundering >> using the futures markets. In your last private letter, you suggested >> that we use real money. I see no reason to do for two reasons: >> >> 1) Commission costs and other fees are prohibitive for the small >> amount of money that I have. Plus, why would I want to spend all that >> money just to prove a point to you? > Several hours ago I offered in private mail to conduct a bet with you > in a jurisdiction that permits such bets -- I suggested that $10,000 > might make it worth your while. >> 2) I see no reason to go out and borrow money for what is essentially >> an academic exercise. This is a game for the rich. If you've only got >> to move $10,000 then cash and Fed Ex is fine. > Well, the return on the bet would be quite handsome -- IF YOU ARE > RIGHT. (I believe one can make such bets in England -- anyone know for > sure?) Given that laundering, say, $50,000 successfully would cost > almost nothing other than interest costs IF YOU ARE RIGHT, the return > of $10,000 on your interest costs IF YOU ARE RIGHT would be extremely > nice -- on the order of thousands of percent. IF YOU ARE RIGHT, of > course. This system can be tested with a small amount of capital. Only two contracts will be in play at any time. So, you need only put up margin for two contracts. This is feasible for less than $10,000. When cash moves the wrong way, it can be funnelled back to the right broker. At the end of the game, we can review the brokerage statements to see if the money ended up where it was supposed to. Those who doubt Mr. Metzger's analysis should be able to find backers who will supply this small amount of working capital. I would guess that Mr. Metzger would be willing to allow his critics to pool their resources, should some turn coward or plead poverty. Peter From pgf at srl.cacs.usl.edu Mon Apr 18 15:58:57 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Mon, 18 Apr 94 15:58:57 PDT Subject: Science frauds Message-ID: <199404182254.AA15854@srl03.cacs.usl.edu> Uh, Gary, the reason noone's started more research into getting oil from coal is that it's cheaper to get oil from oil. While we are too dependent on foreign sources right now, the price of oil has never been cheaper than now and could go up probably a lot and not raise the price of gas much compared to how much taxes and inflation have raised it since 1972. Look, I'm tired, and this is cypherpunks. I'm willing to discuss energy policy, etc., over on extropians at extropy.org anytime you're willing to fork over the money to access it (if I have time; I often don't). But anyway, you might want to check out that recent NOVA episode, "The World Is Full Of Oil." Phil From collins at newton.apple.com Mon Apr 18 16:02:59 1994 From: collins at newton.apple.com (Scott Collins) Date: Mon, 18 Apr 94 16:02:59 PDT Subject: 15 out of 16 times... Message-ID: <9404182130.AA19221@newton.apple.com> It has been known since before I was born (see the very readable "Lady Luck, the theory of probability" by Warren Weaver, 1963, Doubleday/Anchor LoC CC# 63-8759) that the value (i.e., here 'cost') of this game is infinite. This is described by a correlary of the law of large numbers wherein (quoting from Weaver, emphasis his): By making the number _N_ of trials large enough, you can make as near unity (certainty) as you desire the probability that the actual number _m_ of successes will _deviate from_ the ex- pected number _np_ _by as much as you please_. Note that, effectively, this law applies _before_ the one that lets you win an expected number of trials. This is why the person with the greater bankroll can win even in the face of sub-optimal 'odds'; why Las Vegas still exists; why gamblers still go broke; and why they go broke quicker with the doubling system. If it is not a question of probability, i.e., both parties _know_ the commodity will perform in a particular way... then this does not apply. However, to the extent that they are uncertain --- it does (in spades). Scott Collins | "That's not fair!" -- Sarah | "You say that so often. I wonder what your basis 408.862.0540 | for comparison is." -- Goblin King ................|.................................................... BUSINESS. fax:974.6094 R254(IL5-2N) collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2D Cupertino, CA 95014 ..................................................................... PERSONAL. 408.257.1746 1024:669687 catalyst at netcom.com From pgf at srl.cacs.usl.edu Mon Apr 18 16:08:15 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Mon, 18 Apr 94 16:08:15 PDT Subject: Cypherpunks/extropians list political ideology discussion... Message-ID: <199404182303.AA15894@srl03.cacs.usl.edu> I just thought I'd interject that the discussion here on laundering money on the futures market might be a lot more appropriate over on the extropians mailing list than here on cypherpunks. I don't mean to be a "stick to topic" fascist or anything, and I realize a lot of the participants in this discussion currently have problems with the extropians list at present, but come to think of it, these people (and there are, as far as I can tell, more than just two or three) probably have between them the time or means to set up their own "extropians list for people tired of ExI's list" mailing list and this might be an appropriate means for getting off-topic discussions off of cypherpunks. Comments? Phil From jeremy at crl.com Mon Apr 18 16:50:54 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Mon, 18 Apr 94 16:50:54 PDT Subject: Autentication gadgets In-Reply-To: <199404181430.AA28278@milou.eunet.fi> Message-ID: On Mon, 18 Apr 1994, Johan Helsingius wrote: > > I remember seeing some discussion about the security gadgets people from Bell > Labs, amonst others, used for logging in from remote sites. It was a simple > credit-card-calculator-like challenge-response device. Any pointers? > > Julf A similar one they use at the white house uses a card system. The card has an internal clock that is synchronized once to a clock on the system. The card uses a special algorithm that changes the password every second or so in sync with the main system. When you plug into the system, it reads your card, and if it is in sync, then you are allowed access. _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From unicorn at access.digex.net Mon Apr 18 16:52:39 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 18 Apr 94 16:52:39 PDT Subject: Empower: Message-ID: <199404182352.AA19269@access3.digex.net> Could someone give me a brief summary of Empower's cryptography strength? Is there a password cracker? -uni- (Dark) From blancw at microsoft.com Mon Apr 18 17:14:46 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 18 Apr 94 17:14:46 PDT Subject: Cypherpunks/extropians list political ideology discussion... Message-ID: <9404182316.AA25614@netmail2.microsoft.com> From: "Phil G. Fraering" I just thought I'd interject that the discussion here on laundering money on the futures market might be a lot more appropriate over on the extropians mailing list than here on cypherpunks. ................................... No, don't do that - I'm having fun watching these guys go back & forth. And I want to see who wins. Mr. Right, winner of the Dirty Laundry contest. Besides, no one's mentioned any missing random numbers or anything. . . . Blanc From collins at newton.apple.com Mon Apr 18 17:16:28 1994 From: collins at newton.apple.com (Scott Collins) Date: Mon, 18 Apr 94 17:16:28 PDT Subject: my remailer taking some (mild) heat [LONG] Message-ID: <9404182156.AA20614@newton.apple.com> For your edification: I run a remailer. Someone used it to post copyrighted material. I was contacted to help resolve the issue. The person who contacted me, Brad Templeton, was neither abusive nor unreasonable, but he did express some interesting attitudes. I am reposting the dialogue here. My added comments begin with '#'. I must emphasize that I sympathize with Mr. Templeton and bear him no ill will. I am interested in his views---and your reaction to his views---of remailers, their legality, and future. ##### Brad Templeton wrote: ##### Somebody posted an AP Wire story to comp.org.eff.talk using your remailer. We'll need to know who it was or have you contact them so we can get them to make amends for the copyright violation. Thanks. ##### I responded:: ##### Brad, # I included his initial message here This is distressing to me. I don't run a remailer to abet infringers of copy (or other) rights. I certainly do not condone this action. Unfortunately, there is little I can do after the fact. My remailer is not the sort that requires a priori relationships. If a message has the right sort of header, the remailer sends it on its way ... no questions asked. I never see any mail that passes through my remailer. I keep no logs, the efficacy of which would be compromised in any case by remailer chaining or encryption. I can block remailing to or from any particular address, but my remailer is incapable of taking action based on content. I am sorry that I can neither tell you who it was, nor contact them ... not because I don't wish to, but because I am unable to. I will happily assist you in any way that I am able. What follows is my public policy with respect to the remailer. It details my capabilities and attitude. # I included my remailer policy here, which most of you have seen. # E-mail me privately for copies. I hope this is of some assistance to you. ##### Brad Templeton wrote:: ##### I understand your policy, and I suspect that down the road that while anon remailers will continue to exist and serve a purpose, those that allow people to break laws behind them (defamation and copyright, and possibly kiddie-porn in particular) will have to shut down. The law is clear on this. If a newspaper publishes libel, the newspaper is liable with the writer, and fully liable if they hide the writer's name. You'll be in that boat, and shutting down or logging after the fact won't do you much good. I think the right answer is a remailer that logs, allows replies (like the finet one) and which opens up in the case of illegal postings, or any other postings that don't follow its rules. It might say that it demands a warrant, for example. What you're doing is of little value. Anybody can post anon to USENET anyway, if they don't care about replies. I am surprised you would take the risk to add no functionality. ##### I responded: ##### Brad, My immediate advice to you is to send mail to the same distribution that the illegal material followed, requesting contact from the sender. This would have the same enforcability of reply as Julf's remailer. People rarely mail things to lists they don't themselves read, so it is likely to be read by the intended. As I said before, I will help you in any way that I can. I understand that, lacking a perpetrator, I am the next visible target for your ire ... so I am taking your comments as predictions about society (as I'm sure you intended) rather than personal comments (as so many people are wont to read into e-mail these days). # I included his first two paragraphs here. My remailer is not a newspaper; rather it resembles the post-office, a phone switch, or the hole in the tree trunk in "To Kill a Mockingbird". All of these allow communication with some amount of anonymity selected by the sender (up to and including `no return address`). Newspapers have editors. There is a presumption of knowledge over their content. _Of course_ one sues such a publication for libel or error---they have advertised their control over their publication so that readers may trust in its verity and appropriateness. One _must_ sue when such a trusted publication causes damages. Angry people can 'cement over the hole', but it won't be because my remailer broke either faith or law. >I think the right answer is a remailer that logs, Any phrase that starts with 'the right answer is' is questionable. If there were a 'right answer' for communication we would only need one of: newspapers, phones, tv's, postcards, conversations in the hall, pounding a broom handle on the ceiling, short-wave radio, ad infinitum. The right media depends on the situation and the people involved. >allows replies (like the finet one) My remailer allows replies; the sender need only include a return address (possibly encrypted) exactly like the US Post Office. My service is completely different from the finet one. Julf's system requires its own machine and huge space resources for mapping tables. Such a system is beyond my resources. >and which opens up in the case of illegal postings, or >any other postings that don't follow its rules. My service conforms to this statement. I was---and am now---happy to help you resolve this issue to the best of my ability. I won't support, condone, or abet illegal activity; however, I can't and won't spy on law abiding users on the slim chance that I could detect illegal activity a priori. I will enact restrictions that prevent illegal activity whenever I can do so without impacting citizens (e.g., I can block addresses, etc.). >What you're doing is of little value. It is unfortunate that your only contact with my remailer was of little (in fact negative) value to you. In in another situation you---as other people certainly do---might value it highly. >Anybody can post anon to USENET anyway, if they don't care about replies. My remailer makes no provisions for posting to usenet. It is simply a remailer; it can do nothing that sendmail cannot do. >I am surprised you would take the risk to add no functionality. One if by land; two if by the information super-highway. We're all together in this, ##### Brad Templeton wrote: ##### I thought it was for netnews, that is what I saw. Actually, anybody can do anon E-mail as well, but fewer know how. You are not a newspaper, but I truly believe you are taking on all the liability for bad things in the material remailed. ##### The End? ##### Scott Collins | "That's not fair!" -- Sarah | "You say that so often. I wonder what your basis 408.862.0540 | for comparison is." -- Goblin King ................|.................................................... BUSINESS. fax:974.6094 R254(IL5-2N) collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2D Cupertino, CA 95014 ..................................................................... PERSONAL. 408.257.1746 1024:669687 catalyst at netcom.com From ph at netcom.com Mon Apr 18 17:45:51 1994 From: ph at netcom.com (Peter Hendrickson) Date: Mon, 18 Apr 94 17:45:51 PDT Subject: 15 out of 16 times... In-Reply-To: <9404182130.AA19221@newton.apple.com> Message-ID: <199404190046.RAA17586@mail.netcom.com> > This is described by a correlary of the law of large numbers wherein > (quoting from Weaver, emphasis his): > By making the number _N_ of trials large > enough, you can make as near unity (certainty) > as you desire the probability that the actual > number _m_ of successes will _deviate from_ the ex- > pected number _np_ _by as much as you please_. > Note that, effectively, this law applies _before_ the one that lets you win > an expected number of trials. This is why the person with the greater > bankroll can win even in the face of sub-optimal 'odds'; why Las Vegas > still exists; why gamblers still go broke; and why they go broke quicker > with the doubling system. Actually, the casinos win in Las Vegas because the odds of almost every bet are in their favor. (Occasionally some blackjack bets are good for the customer. I believe that's the only exception.) Larger capital allows you to affect the distribution of winnings, but not whether or not the underlying bet is a good one. Employment of this strategy means most outcomes will be slightly positive with a small chance of a loss. The loss will be large. Every casino, in effect, takes on the whole world. As all the bets are independent, it doesn't matter if they are played by one player or by a new player every time. The world has much more capital. Yet the casinos consistently win. > If it is not a question of probability, i.e., both parties _know_ the > commodity will perform in a particular way... then this does not apply. > However, to the extent that they are uncertain --- it does (in spades). There is a way in which the futures markets can be used for quietly and inexpensively transferring money, even if you can't predict future prices. Let's say a second payment channel exists. However, it is expensive in terms of cost, privacy, or hassle. It also has the property that the cost of transferring $10,000 is the same as transferring $100,000. Most of the time, when you play the futures markets you can get some amount of money to transfer. Once in awhile it doesn't work, so you use the second, expensive, payment channel. Peter From eagle at deeptht.armory.com Mon Apr 18 18:05:35 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Mon, 18 Apr 94 18:05:35 PDT Subject: Thank You Anonymous Source Message-ID: <9404181805.aa20530@deeptht.armory.com> -----BEGIN PGP SIGNED MESSAGE----- I recieved your white # 10 envelope with the Oakland post mark 15 April. Thank you for its contents, "another urgent activist," whom ever you are. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbMrjl/ScHuGXWgVAQEmxwQAyXh4sn3CZryVtf1gc1YD7BU/aTFF88v7 yABLaqxzSGRIHt3L6AFRG0+zVe47P2jDgfNQh2YFrWhsJ+jteZ9JSN3klRS/E4/O eCPI7SLt3+mZSZTjQvykI66Ux0kS77zamFNlu6pTxkljYS0ZvLuyGehFC4ClOjyr u5BH8rNnhVQ= =VcIV -----END PGP SIGNATURE----- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From mg5n+ at andrew.cmu.edu Mon Apr 18 18:12:38 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Mon, 18 Apr 94 18:12:38 PDT Subject: More mail-to-usenet gateways Message-ID: group.name at paris.ics.uci.edu group.name at cs.dal.ca group.name at ug.cs.dal.ca I'm sure there must be many, many more such gateways out there, if you know of any, send them my way so I can put them in the listing. If you think you have one, but aren't sure, try this: post a message to alt.test via your mail software (configured to your local machine) and CC: it to me, so I can see the name to the mail-to-news gate. Thanks! From CCGARY at MIZZOU1.missouri.edu Mon Apr 18 18:29:25 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Mon, 18 Apr 94 18:29:25 PDT Subject: Science fraud Message-ID: <9404190129.AA21055@toad.com> Phil Fraering writes >Uh, Gary, the reason noone's started more research into getting >oil from coal is that it's cheaper to get oil from oil. While we >are too dependent on foreign sources right now, the price of oil >has never been cheaper than now and could go up probably a lot and >not raise the price of gas much compared to how much taxes and >inflation have raised it since 1972. Phil, currently a barrel of oil is a little under $17. That would make a gallon of gas less than 40 cents if it could be refined, distributed, & retailed at no cost. I realize that is just about "dirt cheap". Still, the Fischer-Tropsch reaction is over 90 years old & Germany fueled its part in World War II with it. By now, you would think that we could squeeze oil out of coal "dirt cheap". Its been more that 50 years ago that Germany ran its war effort on this process. I agree with you that it would be very hard to beat the price of oil. Still, the world handles its war machine as though oil were quite precious. You should cure the world of this illusion! Ok - admittedly, an oil embargo that was differentially placed on some nations & not on others would raise the manufacturing & shipping costs of the embargoed nations & put them in a bad trade position. >Look, I'm tired Phil, if I had known my article would just tire & annoy you, I never would have writ it! > and this is cypherpunks. Agreed. My article is not well coupled with the official topic of cypherpunks & it would not be a good thing to tie up too much of cypherpunks bandwith with it. I had hoped to do a quick hit & run with it with cypherpunks & post it on other lists as well. I must give you credit, Phil. It was a damd cagey move on your part to do a bad review on a part of my post & say nothing good about my post at all. As we all know, nothing kills a thread faster than that! And then to give me shit about wasting Cypherpunk bandwith - the ICING ON THE CAKE! Phil is on top of things. I am admonished! Unless someone says something to provoke or encourage this thread, I'm dropping it from Cypherpunks. > I'm willing to discuss >energy policy, etc., over on extropians at extropy.org anytime you're >willing to fork over the money to access it (if I have time; I >often don't). I've dropped out of the Extropian's list. Its all I can do to keep up with just this list. Also, I don't want to pay the money & I don't approve of the way the fools hounded Tim May. Phil, I must also disagree with the way you handled your criticism of my post. You panned part of it & then seemed imply that you had fully reviewed it with that. >But anyway, you might want to check out that recent NOVA episode, >"The World Is Full Of Oil." Thanks for the tip. You & NOVA are probably right. The world is probably up to its ass in oil. There is some speculation that oil was not derived from fossilized plant life. On a more serious note, I value the time & bandwith of the Cypher- punks. I posted the post here because I believe that it has rare & valuable information that Cypherpunks would be interested in. Hopefully, I have not wasted much of many Cypherpunks time. Yours Truly, Gary Jeffers From eagle at deeptht.armory.com Mon Apr 18 18:41:39 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Mon, 18 Apr 94 18:41:39 PDT Subject: NARA e-mail standards (fwd) Message-ID: <9404181841.aa21954@deeptht.armory.com> Forwarded message: From hfinney at shell.portal.com Mon Apr 18 19:01:14 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 18 Apr 94 19:01:14 PDT Subject: Laundering money through commodity futures Message-ID: <199404182045.NAA29865@jobe.shell.portal.com> Sorry for adding to this arguably non-cp thread: There is some ambiguity in the discussion of martingales and double-your-bet schemes in general. Most people think in terms of doubling when they *LOSE* their bet. This puts them in the ludicrous position Tim Werner described of having to bet $320 to win $5. How could this strategy break a bank? Your bets will average far larger than your winnings. If the table had a bank limit of $10,000, you'd have to have many times this in your suitcase. A more efficient strategy would probably be just to bet $10,000 at the beginning. If you really want to "break the bank", a more likely strategy would be to double your bets when you *WIN*. Most of the time you will eventually lose, and so you will see a steady loss. But eventually you will exceed the table "bank" limit, and the casino will not be able to pay off your bet - you will have broken the bank. Of course, this was stupid of you, since statistically this will only happen as often as your total losings add up to what your total winnings would have been. If there is some "bank" limit on how large the bets are that the casino will pay off, then you will actually get less than you should have. Hal From evidence at netcom.com Mon Apr 18 19:03:43 1994 From: evidence at netcom.com (Evidence Inc.) Date: Mon, 18 Apr 94 19:03:43 PDT Subject: Warrantless searches -- A sign of things to come? In-Reply-To: <9404181430.AA22279@Central.KeyWest.MPGN.COM> Message-ID: The easiest solution is to include a provision in the rental agreement stating that you won't possess firearms in the apartment. In addition, include a provision that indicates that the tenant wil consent to any search requested by the landlord. You could even make these provision optional, such that any tenant can decline to agree to them by checking the appropriate box. (Most tenants in such projects probably won't bother to read them anyway). Once agreed to, if a tenant refuses to consent to a search, they can be evicted for breaching the rental agreement. If they consent, and guns are found, they can likewise be evicted. No criminal prosecution need ever be initiated.... I'm not sure that all states would permit searches even under these circumstances, but its a basic rule of 4th amendment law that you can consent to warrantless searches. Getting the consent up front, especially where it could be refused, would eliminate the problem of warrantless searches. Of course, if you refused consent, the landlords might just watch you a little more closely... Comments? ------------------------------------------------------------------------- Evidence, Inc. | The Internet Cops are watching, Evidence at Nowhere.Nil | aren't they? ------------------------------------------------------------------------- On Mon, 18 Apr 1994, Jim Sewell - KD4CKQ wrote: > > On Sun, 17 Apr 94 13:39:39 > > paul at hawksbill.sprintmrn.com (Paul Ferguson) wrote: > > > > >A Page 1 story in The Washington Post Sunday (94.04.17) reads, > ... [warrantless searches of housing project] ... > > Anyway, the point is, these people aren't safe in their own homes. > > > The people of CHA didn't forfeit the right to being secure in their homes. But they could by signing a waiver, as discussed above.. From evidence at netcom.com Mon Apr 18 19:06:09 1994 From: evidence at netcom.com (Evidence Inc.) Date: Mon, 18 Apr 94 19:06:09 PDT Subject: Mail-to-usenet (was: Which remailers like to handle anon mail?) In-Reply-To: Message-ID: I have had difficulty with Utexas as well when I tried it with *.test groups a month ago. ------------------------------------------------------------------------- Evidence, Inc. | The Internet Cops are watching, Evidence at Nowhere.Nil | aren't they? ------------------------------------------------------------------------- On Mon, 18 Apr 1994, Matthew J Ghio wrote: > I took out cs.utexas.edu; I've had a lot of trouble with that one losing > posts. They don't bounce, and they don't get posted, they just > disappear. After reading a lot of posts on alt.test, I found the ones > listed above. If you know of any more, send me mail! From greg at ideath.goldenbear.com Mon Apr 18 19:09:20 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Mon, 18 Apr 94 19:09:20 PDT Subject: moving money laundering to Extropians list Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Phil Fraering writes: > I just thought I'd interject that the discussion here on laundering > money on the futures market might be a lot more appropriate over on > the extropians mailing list than here on cypherpunks. I'm finding the thread interesting and educational, apart from my suspicion it's about to turn into a flamewar about who [doesn't] want to bet $10K to back a particular position. I seem to remember the list being about "technological defenses for privacy", or some such - money laundering (e.g., anonymized transactions) seems close enough for me. If the Extropians' list is dry these days, perhaps some commerce-oriented Cypherpunks ought to sell them a copy of this thread. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbM3k33YhjZY3fMNAQFrvwQAgLMkQOj6Z6zQDzj+duiBonu1md5RGeuq VjJzNCIRI45HMiY0qzjptJm/mK5it9OAXTTrsQGjxLrPmT6fmyiH/N4g/NGXhNJV 620fbmTOKDvQXTcy8IPcP+yxlTUtdvKIztQvs5yyDtTmRkcL5RSkeRSYpZp/6HNC Dt+8DntfHzM= =/wHA -----END PGP SIGNATURE----- From evidence at netcom.com Mon Apr 18 19:09:43 1994 From: evidence at netcom.com (Evidence Inc.) Date: Mon, 18 Apr 94 19:09:43 PDT Subject: BEST Inc. In-Reply-To: <9404181937.AA16438@toad.com> Message-ID: Simple solution to this problem, especially if you have strong magnets around.... De-magnitize the card. If you are a ham operator, you can use the magnetic mount on the basis of your mobile antenna whip. If you're not, get a big magnet... ------------------------------------------------------------------------- Evidence, Inc. | The Internet Cops are watching, Evidence at Nowhere.Nil | aren't they? ------------------------------------------------------------------------- On Mon, 18 Apr 1994 SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > I was in a BEST store yesterday, and attempted to pay by check. They > asked for ID to verify the check and when I handed them my military ID, they > asked for my driver's license instead. I gave them my driver's license and > they used it and the magnetic strip on the back of it to verify my check. I > noticed on their computer screen that it had all of my info, as in birthdate, > address, driver's license number, the routing number for the bank I am with, > and my checking account number. They also have notices up that say they > index everything by your phone number. I asked them what they were using all > of this information for, and they said for their marketing purposes. I was From tcmay at netcom.com Mon Apr 18 19:11:17 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 18 Apr 94 19:11:17 PDT Subject: Sudaplatov book, McNeil-Lehrer TONIGHT (Monday) Message-ID: <199404190212.TAA07370@mail.netcom.com> It may be too late for the East Coasters, but tonight's McNeil-Lehrer Newshour devotes 30 minutes to the just-released book, "Special Tasks," by Sudaplatov. Sudaplatov was effectively head of SMERSH, which many people think was Ian Fleming's fabrication...it was real, meaining "Death to Spies." Soviet MVD Counterintelligence. His actual title was head of Special Tasks, responsible for spy rings in the U.S. and Germany, assassination of people, etc. Important stuff! Revelations about Oppeheimer, Fermi, Bohr, and Gamov giving assistance to the Soviets, about the death of Trotsky, and about the sabotage of U.S. military bases. I happened to be reading the book today in a local bookshop, and when I got hope Harry Bartholomew, of our list, had left a message alerting me to the McNeil-Lehrer report. Check it out tonight, if you can. Consult your local listings. Many stations air it at 10, others at 11 (the late airings, that is). --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Mon Apr 18 19:19:04 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 18 Apr 94 19:19:04 PDT Subject: moving money laundering to Extropians list In-Reply-To: Message-ID: <199404190220.TAA08181@mail.netcom.com> I certainly agree with Greg Broiles that this thread is appropriate for Cypherpunks: > I'm finding the thread interesting and educational, apart from my > suspicion it's about to turn into a flamewar about who [doesn't] want > to bet $10K to back a particular position. > > I seem to remember the list being about "technological defenses for > privacy", or some such - money laundering (e.g., anonymized transactions) > seems close enough for me. And digital money, offshore markets, Internet casinos, and the like will surely have an effect on how money laundering, asset hiding, and the like will be done. Very apropos to the list. Besides, a new thread on money laundering schemes, one which even touches on the mathematics of martingales (something many more people should work out to their own satisfaction), is a whole lot more interesting than tired old discussions of TEMPEST and whether Clipper is good or bad (the topic is fine, but we've beat it into the ground 37 times and only Dorothy Denning and David Sternlight are known to support it). > If the Extropians' list is dry these days, perhaps some commerce-oriented > Cypherpunks ought to sell them a copy of this thread. Sounds like a good idea to me. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jeremy at crl.com Mon Apr 18 19:26:08 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Mon, 18 Apr 94 19:26:08 PDT Subject: BEST Inc. In-Reply-To: <9404181937.AA16438@toad.com> Message-ID: > > I was in a BEST store yesterday, and attempted to pay by check. They > asked for ID to verify the check and when I handed them my military ID, they > asked for my driver's license instead. I gave them my driver's license and > they used it and the magnetic strip on the back of it to verify my check. I [stuff deleted] >From what I know, there is no law that says you have to keep that magnetic strip up to date. Just have a little meeting between it and Mr. Refridgerator magnet and you could end up with some surprising results. _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From hughes at ah.com Mon Apr 18 20:01:15 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 18 Apr 94 20:01:15 PDT Subject: biometrics Message-ID: <9404190253.AA02325@ah.com> Another authentication problem to ponder. Eric ----------------------------------------------------------------------------- WEIRDNUZ.320 (News of the Weird, March 25, 1994) by Chuck Shepherd Lead Story * In February, the Royal Bank of Scotland announced that it would begin to issue extra check-cashing ID cards to its transvestite customers who request them -- so that they might have separate cards depicting themselves dressed as male and female in order to "avoid embarrassment or difficulties," according to a Bank spokesman. [Globe and Mail-Reuter, 2-25-94] Oops! From rfs at maestro.com Mon Apr 18 17:18:06 1994 From: rfs at maestro.com (Richard F. Strasser) Date: Mon, 18 Apr 1994 20:18:06 -0400 (EDT) Subject: NARA e-mail standards (fwd) Message-ID: I thought that list members might be interested in this note, which was posted on another list. Richard F. Strasser ---------- Forwarded message ---------- Date: Mon, 18 Apr 94 10:40:51 EDT From: Florey/AAIQ To: ace-mg at esusda.gov Subject: NARA e-mail standards --------- The following is a converted OFFICEPOWER mail message ---------- To: ace-mg at esusda.gov CC: Subject: NARA e-mail standards New [*] Codes: [ ] Message: Hi, ACE'ers. I'm not sure just who y'all are, but you're surely interested in government records, so you must be OK. I'm an Air Force colonel in the Admin Comm and Records Mgt Div of HQ USAF Information Management. We have been conducting a functional process improvement (FPI) effort on records management since last summer in DoD. Air Force is executive agent. I'll pass my Priority: 2 Delivery Acknowledge [ ] View Acknowledge [ ] From: Florey/AAIQ By: florey at saf3 Attachment [*] -------------------------------- ATTACHMENT ------------------------------ thoughts to you on the questions you asked. They fit right into our study because the constant undercurent of our FPI was a solution to the problem of uncontrolled electronic records--those often created in e-mail that never find their way into the official recordkeeping system. I'll be happy to talk to any of you on the phone about the topic and have some real experts who work for me that can get deep into records in a hurry. I'm in the Pentagon at 703-697-4501. a. What's a federal record? As defined in public law--44 US Code 3301. "Records include all books, papers, maps, photographs, machine readable materials, or other documentary materials, regardless of physical form or characteristics, made or received by an agency of the United States Government under federal law or in connection with the transaction of public business and preserved for appropriate preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the Government or because of the informal value of data in them." As you can see, virtually any official interchange of information dealing with government business is considered a record to be preserved by the agency for varying periods of time. The National Archives and Records Administration approves that length of time for every record in the government thru the agency records managers. E-mail is most often an official record because it deals with government business; few e-mails are so personal that they fail to qualify as a record. b. Implications of managing e-mail records like paper records? You bet. See above--"regardless of physical form..." A record is a record, regardless of media. The content of the information is the key. We are required to manage e-mail records, but truthfully no one is really doing so in the government today. Big problem. There's a court case involving the White House on e-mail records created there. The overall situation was at the heart of our motivation for doing the FPI. We are checking off-the-shelf software that will allow us to manage e-mail records to the same standards we have for paper (or physical) records. c. Is there a possibility that we may have to print out e-mail records just for the requirement of controlling them as records? Well, we gotta do something. All of us are technically breaking the law by not controlling e-mail records. E-mail is official mail; transactions over e-mail fit the definition of a record far more times than not. But what a waste to get all this sophisticated equipment, fire electrons all over the world at a touch of a key, and then have to print out the results on paper just for the record. The answer is to load electronic recordkeeping software onto any e-mail system. The software captures the record into the official system just as if a record were paper and put in its proper place in the filing cabinet. Big cultural change involved. Action officers who create e-mail now have to stop and do their filing chores to put the e-mail into the system. The software does it in a rather painless fashion, but nevertheless it will be a step that none of us are having to endure now. In our FPI, we developed 46 requirements that any automated recordkeeping system would have to meet. We have a multi-service technical team looking at available software in the marketplace; the team spoke with vendors and then with users at their work sites to include industry in Atlanta and Boston and the Canadian government in Toronto. To our surprise, 43 of the requirements are available now--only a couple of artificial intelligence type requirements to make the filing absolutely transparent to the action officer are not yet available. We are on the verge of floating a policy document to the near summit of DoD that states, "no computer system (read LAN and e-mail producers) may be acquired that does not have electronic recordkeeping software. Legacy systems must be so equipped in a couple of years--or such a reasonable time." Our master plan is to acquire the capability to control e-mail type records in an automated fashion without having to convert them to paper. Retrieval, transfer, and eventual destruction of records will be fully automated and never involve paper. In fact, we will want virtually all conventional records (not films, video, and physical records) to be in the electronic system--we want to eliminate tha paper system as much as possible. Records created on a PC are already electronic-- paper mail that will be retained as a record will be scanned into the electronic system. By doing this, we can have fewer and longer retention periods. There will not be the constant stress to move paper records to larger storage facilities where the costs are less than in an office. (such as federal records centers) Retrievable data will be kept on-site for much longer periods of time. Now, a word about the NARA standards. We are getting together as a DoD on 12 May to discuss them, and DoD is hosting an interagency conference on the standards on 19 May. Our (Air Force) position going in is that yes indeed electronic records should be controlled to the same standards as paper records, which sadly we're not doing now, but which the new software will allow us to do. However, we bristle at the suggestion that electronic records should be maintained at a higher level of sophistication than paper records. We disagree that there needs to be an audit trail of when electronic records were read, further dispatched, etc. We have never done that for paper and don't want to start such unnecessary requirements for electronic. We have no idea if someone looks at a paper document in a filing cabinet--we should not be required to keep records (and unfortunately that's what they would be in a seemingly never-ending escalation of creation) of when electronic records are viewed. We presently have that standard only for Top Secret information. The courts are pushing the higher standards because the technology makes it possible and to make it easier to determine "what the President knew and when did he know it?" For the everyday office, this extra creation of records is both excessive and expensive--and not worth the value added. Hopefully, we government records managers can get together to refine the NARA guidelines to an appropriate and workable level. So, if you're not yet blind from reading all of this, I hope my thoughts were helpful. NARA will take the commentary from the corners of government, study them, and publish the final standards within a few months. Then we'll really know how to attack the problem of controlling e-mail type records. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From anonymous at extropia.wimsey.com Mon Apr 18 20:22:01 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Mon, 18 Apr 94 20:22:01 PDT Subject: No Subject Message-ID: <199404190255.AA20803@xtropia> Subject: Any cypherpunks building encrypted phone? >I am working on that exact problem. It is not really that trivial. The >encryption has to handle a lot of data real time. I have a license >agreement for IDEA and am working on RSA. I am thinking of using triple >DES rather than IDEA because of the cost of the IDEA license. That seems reasonable to me. While there is some controversy in the community, I haven't heard anyone I respect say that 3DES is not reasonably secure (i.e, comparable to IDEA). But perhaps I've missed those comments! I think that even a straight DES phone would provide Pretty Good security, provided that it generated a new DES key for every call and swapped that key with the other phone via some type of public key encryption. Whether you use DES or 3DES, I suggest putting a button on the phone that force immediate generation and exchange of a new key. The truly paranoid can then press the button as often as they like. >How much would you pay for a good encrypted phone? At $100, I would probably buy one for myself and several more as gifts for friends I'd like to talk to who would be unlikely to buy them themselves. Above $100, I'd still be willing to buy my own, but there would have to be a significant user community for me to talk to. I suspect it will be difficult to persuade the average non-cypherpunk to pay >>$100 for an encrypted phone that hardly anyone has compatible equipment for. You know, we should really spend some time deciding what kind of exchange protocols would be appropriate here on the list. Wouldn't it be nice if all the various groups out there building hardware and software phones could talk to each other? If we can agree on a spec, this can happen. One other thought--the *TRULY* paranoid will want to build their own phones from a schematic, and they may not want to use custom chips that **might** have a backdoor in them. The ideal phone might be based on CPU's, RAM, and DSP's, with no DES chips or anything like that. Lady Ada From anonymous at extropia.wimsey.com Mon Apr 18 20:22:04 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Mon, 18 Apr 94 20:22:04 PDT Subject: No Subject Message-ID: <199404190256.AA20838@xtropia> Subject: Any cypherpunks building encrypted phone? >I am working on that exact problem. It is not really that trivial. The >encryption has to handle a lot of data real time. I have a license >agreement for IDEA and am working on RSA. I am thinking of using triple >DES rather than IDEA because of the cost of the IDEA license. That seems reasonable to me. While there is some controversy in the community, I haven't heard anyone I respect say that 3DES is not reasonably secure (i.e, comparable to IDEA). But perhaps I've missed those comments! I think that even a straight DES phone would provide Pretty Good security, provided that it generated a new DES key for every call and swapped that key with the other phone via some type of public key encryption. Whether you use DES or 3DES, I suggest putting a button on the phone that force immediate generation and exchange of a new key. The truly paranoid can then press the button as often as they like. >How much would you pay for a good encrypted phone? At $100, I would probably buy one for myself and several more as gifts for friends I'd like to talk to who would be unlikely to buy them themselves. Above $100, I'd still be willing to buy my own, but there would have to be a significant user community for me to talk to. I suspect it will be difficult to persuade the average non-cypherpunk to pay >>$100 for an encrypted phone that hardly anyone has compatible equipment for. You know, we should really spend some time deciding what kind of exchange protocols would be appropriate here on the list. Wouldn't it be nice if all the various groups out there building hardware and software phones could talk to each other? If we can agree on a spec, this can happen. One other thought--the *TRULY* paranoid will want to build their own phones from a schematic, and they may not want to use custom chips that **might** have a backdoor in them. The ideal phone might be based on CPU's, RAM, and DSP's, with no DES chips or anything like that. Lady Ada From sasha at cs.umb.edu Mon Apr 18 20:32:31 1994 From: sasha at cs.umb.edu (Alexander Chislenko) Date: Mon, 18 Apr 94 20:32:31 PDT Subject: Money Laundering through Options market. Message-ID: <199404190332.AA17210@eris.cs.umb.edu> I sent the following to the messages' author rather than the list by mistake; hope it is [still] of some value to the list; If nobody minds (I'm not sure about the forwarding rules here), I'll forward the $laundry thread to the extropian list. -------- --------- ------------- I would recommend transactions in *options*, not in futures. If the option is far out of the money, you can easily get >>95% assurance that the money will go the way you wanted. If you execute several simultaneous transactions in different options (including spreads on opposite sides of the price range, unrelated markets, stop-orders, etc.), the results may be practically guaranteed on the first try. Of course, transactions in related areas, shifted contract positions, etc. will be harder to track than directly balanced transactions, but somehow I doubt that existing schemes, if any, are that obscure. Also, there are not that many commodities/currencies/... with markets large enough to execute $1M+ contracts like that at a time. I'd expect people to use major markets in several transactions not large enough to attract attention of market analysts. With access to the transactions database, one could more or less easily compile a list of traders engaged in such activities and amounts of money transferred. I believe that this way of money laundering is well within understanding of at least some people. The ways of catching them are, probably, too hard for the corresponding agencies, at least organizationally. So the list of suspected offenders may be of pretty high value... which can probably be realized... with some caution. An article claiming that such a list is being compiled may well stop almost all such laundering [ which may kill both futures and options markets ;-) ] I personally would rather wait for more secure anonymous transactions to launder *my* millions though. sasha at cs.umb.edu P.S. I read Hillary Clinton turned $1K into $100K in cattle futures market. Isn't that amazing? P.P.S. I'll bet $10K against $1 that you can't donate *me* $50K like this. Any takers? -------------------------------------------------------------------------- Disclaimer: The above text is pure speculation. I would never do anything mentioned there. From VACCINIA at UNCVX1.OIT.UNC.EDU Mon Apr 18 21:06:00 1994 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Mon, 18 Apr 94 21:06:00 PDT Subject: Secure HTTP, Mosaic Message-ID: <01HBC83X7Q54004DPJ@UNCVX1.OIT.UNC.EDU> Below is the information NCSA/EIT sent me about S-HTTP, you can skip the press release at the end if you have already read it. It was posted to the list a short while ago. Vaccinia at UNCVX1.oit.unc.edu Thank you for your inquiry regarding Secure HTTP. This message provides some details on the protocol and the status of its implementation. The April 12th joint EIT/NCSA/RSA press release regarding Secure Mosaic is included at the end of the message. OVERVIEW OF S-HTTP We have developed a new protocol for dealing with a wide range of cryptographic modes and algorithms in the context of the World-Wide Web, based on the Web's existing HyperText Transfer Protocol (HTTP). We call this protocol "Secure HTTP" or "S-HTTP". This protocol has been designed to enable incorporation of various cryptographic message format standards into Web clients and servers, including, but not limited to PKCS-7, PEM, and PGP. S-HTTP supports interoperation among a variety of implementations, and is backwards compatible with HTTP. S-HTTP aware clients can talk to S-HTTP oblivious servers and vice-versa, although such transactions obviously would not use S-HTTP security features. IMPLEMENTATIONS AND LICENSING EIT will make available freely usable source code for implementing S-HTTP in both clients and servers. These reference implementations of "Secure NCSA Mosaic" and "Secure NCSA HTTPD" will support two crypto engine implementations: via an integrated TIPEM library (offering PKCS-7 support) and via an "outboard" RIPEM application. RSA has agreed to permit the distribution of their TIPEM library, in binary form, without charge in conjunction with the non-commercial distribution of NCSA Mosaic. Implementors of non-commercial clients or servers may wish to use the already available RIPEM system (which is itself based on RSA's RSAREF library). Commercial implementors or distributors of WWW clients and servers are encouraged to pursue licencing arrangements with RSA or their licencees. FEATURES OF S-HTTP S-HTTP does not require client-side public key certificates (or public keys), supporting a symmetric session key operation mode. This is significant because it means that secure, spontaneous transactions can occur without requiring individual users to have an established public key. While S-HTTP will be able to take advantage of a ubiquitious certification infrastructure, its deployment does not require it. S-HTTP supports end-to-end secure transactions, in contrast with current usage of the existing HTTP authorization protocol which requires the client to attempt access and be denied before the security mechanism is employed. Clients may be "primed" to initiate a secure transaction (typically using information supplied in an HTML anchor); this is used to support encryption of fill-out forms, for example. In S-HTTP, no sensitive data need ever be sent over the network in the clear. S-HTTP provides full flexibility of cryptographic algorithms, modes and parameters. Option negotiation is used to allow clients and servers to agree on transaction modes (should the the request be signed? encrypted? both? what about the reply?); cryptographic algorithms (RSA vs. DSA for signing, DES vs. RC4 for encrypting, etc.); and certificate selection (please sign with your "Mastercard certificate"). ABOUT PKCS-7 PKCS-7 is a cryptographic message syntax standard developed by a consortium of companies lead by RSA. PKCS-7 is compatible with the Internet standards for Privacy Enhanced Mail (PEM) in that signed-data and signed-and-enveloped-data content, constructed in a PEM-compatible mode, can be converted into PEM messages without any cryptographic operations. PEM messages can similarly be converted into the PKCS-7 signed-data and signed-and-enveloped-data content types. In other words, PKCS-7 and PEM implementations can interoperate. PKCS-7 has the following advantages: a) PKCS-7 permits transport of 8-bit data (contrast with PEM, which requires Base-64 encoding). b) PKCS-7 can have a signature-less mode of operation. This permits secure messages to be sent from senders who do not have RSA key pairs. Signature is mandatory under PEM. c) PKCS-7 permits more flexibility in certificate format and trust models. d) PKCS-7 is explicitly designed for algorithmic flexibility. New cryptosystems, message digest algorithms and signature schemes can be added just by defining new types. SCHEDULE An "alpha quality" implementation of Secure Mosaic and HTTPD was demonstrated in public on April 12th. The protocol document is to be sent for external review (to RSA, NCSA and TIS) at the end of April. After revision, we plan to submit it as an "experimental protocol" RFC -- by late May, we expect. The reference implementation will be supplied to beta testers (to the protocol reviewers, and selected CommerceNet sponsors). Public release (to CommerceNet participants) is scheduled for September. CommerceNet will operate a certification authority, suitable for operators of S-HTTP servers (open to CommerceNet participants), beginning at that time. We expect that NCSA will make the reference implementation available to the Internet community soon after. Periodic progress reports will be reported to Internet mailing lists (such as PEM-DEV), and available on the EIT and CommerceNet Web servers (URL's http://www.commerce.net/ and http://www.eit.com/). ORIGINAL PRESS RELEASE Secure NCSA Mosaic Establishes Necessary Framework for Electronic Commerce on the Internet PALO ALTO, Calif., April 12, 1994 -- Enterprise Integration Technologies (EIT), the National Center for Supercomputing Applications (NCSA) at the University of Illinois and RSA Data Security today announced agreements to jointly develop and distribute a secure version of NCSA Mosaic, the popular point-and-click interface that enables easy access to thousands of multimedia information services on the Internet. The announcement was made in conjunction with the launch of CommerceNet, a large-scale market trial of electronic commerce on the Internet. Under the agreements, EIT will integrate its Secure-HTTP software with public key cryptography from RSA into NCSA Mosaic Clients and World Wide Web (WWW) servers. WWW is a general-purpose architecture for information retrieval comprised of thousands of computers and servers that is available to anyone on Internet. The enhancements will then be made available to NCSA for widespread public distribution and commercial licensing. Jay M. Tenenbaum, chief executive officer of EIT, believes secure NCSA Mosaic will help unleash the commercial potential of the Internet by enabling buyers and sellers to meet spontaneously and transact business. "While NCSA Mosaic makes it possible to browse multimedia catalogs, view product videos, and fill out order forms, there is currently no commercially safe way to consummate a sale," said Tenenbaum. "With public key cryptography, however, one can authenticate the identity of trading partners so that access to sensitive information can be properly accounted for." This secure version of NCSA Mosaic allows users to affix digital signatures which cannot be repudiated and time stamps to contracts so that they become legally binding and auditable. In addition, sensitive information such as credit card numbers and bid amounts can be securely exchanged under encryption. Together, these capabilities provide the foundation for a broad range of financial services, including the network equivalents of credit and debit cards, letters of credit and checks. In short, such secure WWW software enables all users to safely transact day-to-day business involving even their most valuable information on the Internet. According to Joseph Hardin, director of the NCSA group that developed NCSA Mosaic, over 50,000 copies of the interface software are being downloaded monthly from NCSA's public server -- with over 300,000 copies to date. Moreover, five companies have signed license agreements with NCSA and announced plans to release commercial products based on NCSA Mosaic. "This large and rapidly growing installed base represents a vast, untapped marketplace," says Hardin. The availability of a secure version of NCSA Mosaic establishes a valid framework for companies to immediately begin large-scale commerce on the Internet." Jim Bidzos, president of RSA, sees the agreement as the beginning of a new era in electronic commerce, where companies routinely transact business over public networks. "RSA is proud to provide the enabling public key software technology and will make it available on a royalty-free basis for inclusion in NCSA's public distribution of NCSA Mosaic," said Bidzos. RSA and EIT will work together to develop attractive licensing programs for commercial use of public key technology in WWW servers." At the CommerceNet launch, Allan M. Schiffman, chief technical officer of EIT, demonstrated a working prototype of secure NCSA Mosaic, along with a companion product that provides for a secure WWW server. The prototype was implemented using RSA's TIPEM toolkit. "In integrating public key cryptography into NCSA Mosaic, we took great pains to hide the intricacies and preserve the simplicity and intuitive nature of NCSA Mosaic," explained Schiffman. Any user that is familiar with NCSA Mosaic should be able to understand and use the software's new security features. Immediately to the left of NCSA's familiar spinning globe icon, a second icon has been inserted that is designed to resemble a piece of yellow paper. When a document is signed, a red seal appears at the bottom of the paper, which the user can click on to see the public key certificates of the signer and issuing agencies. When an arriving document is encrypted, the paper folds into a closed envelope, signifying that its information is hidden from prying eyes. When the user fills out a form containing sensitive information, there is a 'secure send' button that will encrypt it prior to transmission. Distribution of Public Keys To effectively employ public-key cryptography, an infrastructure must be created to certify and standardize the usage of public key certificates. CommerceNet will certify public keys on behalf of member companies, and will also authorize third parties such as banks, public agencies, industry consortia to issue keys. Such keys will often serve as credentials, for example, identifying someone as a customer of a bank, with a guaranteed credit line. Significantly, all of the transactions involved in doing routine purchases from a catalog can be accomplished without requiring buyers to obtain public keys. Using only the server's public key, the buyer can authenticate the identity of the seller, and transmit credit card information securely by encrypting it under the seller's public key. Because there are far fewer servers than clients, public key administration issues are greatly simplified. Easy Access to Strong Security To successfully combine simplicity of operation and key administration functions with a high level of security that can be accessible to even non-sophisticated users, significant changes were necessary for existing WWW security protocols. EIT developed a new protocol called Secure-HTTP for dealing with a full range of modern cryptographic algorithms and systems in the Web. Secure-HTTP enables incorporation of a variety of cryptographic standards, including, but not limited to, RSA's PKCS-7, and Internet Privacy Enhanced Mail (PEM), and supports maximal interoperation between clients and servers using different cryptographic algorithms. Cryptosystem and signature system interoperation is particularly useful between U.S. residents and non-U.S. residents, where the non-U.S. residents may have to use weaker 40-bit keys in conjunction with RSA's RC2 (TM) and RC4 (TM) variable keysize ciphers. EIT intends to publish Secure-HTTP as an Internet standard, and work with others in the WWW community to create a standard that will encourage using the Web for a wide variety of commercial transactions. Availability EIT will make Secure NCSA Mosaic software available at no charge to CommerceNet members in September and NCSA will incorporate these secure features in future NCSA Mosaic releases. Enterprise Integration Technologies Corp., of Palo Alto, Calif., (EIT) is an R&D and consulting organization, developing software and services that help companies do business on the Internet. EIT is also project manager of CommerceNet. The National Center for Supercomputer Applications (NCSA), developer of the Mosaic hypermedia browser based at the University of Illinois in Champaign, Ill., is pursuing a wide variety of software projects aimed at making the Internet more useful and easier to use. RSA Data Security, Inc., Redwood City, Calif., invented Public Key Cryptography and performs basic research and development in the cryptographic sciences. RSA markets software that facilitates the integration of their technology into applications. Information on Secure NCSA Mosaic can be obtained by sending e-mail to shttp-info at eit.com. Press Contact: Nancy Teater Hamilton Communications Phone: (415) 321-0252 Fax: (415) 327-4660 Internet: nrt at hamilton.com From qjones at infi.net Mon Apr 18 21:07:41 1994 From: qjones at infi.net (Wayne Q Jones) Date: Mon, 18 Apr 94 21:07:41 PDT Subject: Sgt Russell In-Reply-To: <9404181419.AA11944@toad.com> Message-ID: Quantico, CIA funny farm....oh and FBI too...sorry many LURPS around now?? On Mon, 18 Apr 1994 SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil wrote: > Sea06 does not fund the USMC. That is merely the gateway that I use > out at Fallbrook Naval Weapons Station. I am funded by MARCORSYCOM out of > Quantico. I work at MCTSSA on Camp Pendleton. I hope this helps to inform > you. > > Sgt Darren Harlow - Computer Security > MCTSSA, Camp Pendleton > Internet: harlow%isb%mctssa at nwsfallbrook3.nwac.sea06.navy.mil > or another slower and less reliable: harlow at mqg1.usmc.mil > "The views expressed are my own, and always will be..." > **************************************************************************** Qjones at infi.net She kissed me- I felt the hot blush * * Qjones at larry.wyvern.com Of raging passion incinerate my heart * **************************************************************************** From collins at newton.apple.com Mon Apr 18 21:25:13 1994 From: collins at newton.apple.com (Scott Collins) Date: Mon, 18 Apr 94 21:25:13 PDT Subject: 15 out of 16 times (math, not laundry) Message-ID: <9404190216.AA04828@newton.apple.com> >Actually, the casinos win in Las Vegas because the odds of almost >every bet are in their favor. In most cases the odds favor the house---I never claimed otherwise---and that certainly speeds up the inevitable process of cash extraction. >Larger capital allows you to affect the distribution of winnings, but >not whether or not the underlying bet is a good one. If the difference in bankrolls exceeds a tolerance related to the `odds', the quality of the bet is immaterial. The direct implication of the weak law of large numbers is: a) the longer you play, the more certain you will experience a `run of bad luck'; b) the party with less money goes broke waiting for their `run of bad luck' to end. When one part goes broke, the game is over, even if the distribution of winnings does not match the theoretical expectations (and in the case of going broke, it can't ... or you wouldn't have played). >Every casino, in effect, takes on the whole world. As all the bets >are independent, it doesn't matter if they are played by one player or >by a new player every time. The world has much more capital. Yet the >casinos consistently win. No. The whole world doesn't go broke as a unit. Individuals stop playing, leaving their money in an unexpected distribution, when they _personally_ go broke. In fact, most gambling decisions are related in some way to cash resources of the participants. For example, I propose a hypothetical game where you (the player) flip a fair coin. If it comes up heads on the first toss, I pay you $2; game over. If it comes up heads on the second, I pay you $4; game over. $8, $16... How much would you pay me (the house) to play this game? The theoretical value is infinite; you could win any amount of money at this game -- 1/2 the time $2 dollars, 1/4 of the time $4, 1/8 of the time $8... expectations = Sum_{n \goesto \infty}{n \over n}. Let's say I'm an actual casino, and could reasonably pay out winnings up to but not beyond $4.3 billion. You should pay no more $33 for a chance at that money. Derivation as an exercise for the reader. Consider this from the perspective of the house. The house is using the Martingale system against you, doubling its bet every time it loses until it gets that $33. That means that to launder $33, one party could conceivably lose $4.3billion. Obviously no mathematicians work at my casino. They all left to persue jobs that ensure a paycheck. These are _not_ my personal conclusions. This is sound, if disturbing, probability theory---known for at least 250 years. This particular effect goes by many names including "Gambler's Ruin". Given the odds, and the respective bankrolls, you can calculate the probability that any given party will go broke in extended play. The problem of "Duration of Play" was solved by Bernoulli and published posthumously in 1713. Scott Collins | "That's not fair!" -- Sarah | "You say that so often. I wonder what your basis 408.862.0540 | for comparison is." -- Goblin King ................|.................................................... BUSINESS. fax:974.6094 R254(IL5-2N) collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2D Cupertino, CA 95014 ..................................................................... PERSONAL. 408.257.1746 1024:669687 catalyst at netcom.com From ebrandt at jarthur.cs.hmc.edu Mon Apr 18 21:31:44 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Mon, 18 Apr 94 21:31:44 PDT Subject: Laundering money through commodity futures In-Reply-To: <199404181723.SAA07785@an-teallach.com> Message-ID: <9404190431.AA24428@toad.com> > The song was based on a guy (I think he was an > engineer) who noticed a slight imbalance on one of the wheels [...] Claude Shannon, for one, though not in the 20's. Taking advantage of the imbalance is a little more complicated than betting on one side of the wheel, but ascii diagrams are tedious to make. Roy Walford made some money on roulette, too. Eli ebrandt at hmc.edu From phred at well.sf.ca.us Mon Apr 18 22:07:47 1994 From: phred at well.sf.ca.us (Fred Heutte) Date: Mon, 18 Apr 94 22:07:47 PDT Subject: Sudaplatov book, McNeil-Lehrer TONIGHT (Monday) In-Reply-To: <199404190212.TAA07370@mail.netcom.com> Message-ID: <9404182207.ZM15362@well.sf.ca.us> I suggest you take Sudaplatov with a LARGE grain of salt. The memoirs of ex-spies are replete with self-serving truths, important omissions and deliberate misinterpretations to meet political goals. Don't forget the 'security' establishments on both sides of the Former Cold War have scores to settle, clients to stroke and budgets to fill. Ask yourself this: why should he tell the truth *now*, and how much is he likely to tell? In regard to Oppenheimer and the like, I suggest treating all observations with care. Remember that the national security state apparatus starting growing in earnest after World War II but suspicion of foreign influence goes back to the labor movement of the 1870s, and the art of the smear was perfected certainly by the time of the Palmer Raids about 1920. My very limited knowledge of Oppenheimer and others of that era is that it is highly unlikely they provided much of strategic value to the Russians. Otherwise incidental contact at the political or scientific levels was used effectively after World War II to destroy careers on both sides of the Iron Curtain (re-read Darkness At Noon for the mirror image). If I may summarize: the one thing we must learn from the last 100 years is that the least trustworthy in our society are those we have deeded the most trust (knowingly or not). But then, it's hardly a new thing after all. The Latin phrase says it most clearly: Quis custodiet custodies? From HALVORK at dhhalden.no Mon Apr 18 23:26:14 1994 From: HALVORK at dhhalden.no (Halvor Kise jr.) Date: Mon, 18 Apr 94 23:26:14 PDT Subject: my remailer taking some (mild) heat [LONG] Message-ID: <729C2F7B0F@sofus.dhhalden.no> This is disturbing news! I'm sorry for any spelling errors here. Please read on! > ##### I responded:: ##### > > Brad, > > # I included his initial message here > > This is distressing to me. I don't run a remailer to abet infringers of > copy (or other) rights. I certainly do not condone this action. > Unfortunately, there is little I can do after the fact. My remailer is not > the sort that requires a priori relationships. If a message has the right > sort of header, the remailer sends it on its way ... no questions asked. I > never see any mail that passes through my remailer. I keep no logs, the > efficacy of which would be compromised in any case by remailer chaining or > encryption. I can block remailing to or from any particular address, but > my remailer is incapable of taking action based on content. I am sorry > that I can neither tell you who it was, nor contact them ... not because I > don't wish to, but because I am unable to. Would this guy told Brad if he could? I'll newer use that remailer again! > I will happily assist you in any way that I am able. What follows is my > public policy with respect to the remailer. It details my capabilities and > attitude. [....] > ##### Brad Templeton wrote:: ##### > > I understand your policy, and I suspect that down the road that while > anon remailers will continue to exist and serve a purpose, those that allow > people to break laws behind them (defamation and copyright, and possibly > kiddie-porn in particular) will have to shut down. I think appinions change from here you live. I live kind of close up to Russia (Live in Norway). Norway is a sosialistic(?) country and we actually had the World War II here, so we have felt, and can see what the freedom of speach is. So Imagine that I am an Albanian citisen(?) and have some disturbing news about the Albanian goverment. I post this news to the world through this remailer. Wouldn't I be breaking a law by doing this? Yes, I would! Use your brains! Wouldn't this news be of importance for the world? And to you trigger-happy americans: What if the news about the invasion of Quwait came from Iraq trough an anon remailer? Wasn't that of "importance for the world"?? Or did you americans loose so many lives for nothing? The world is at war! And I would allow nearly any action to distribute information! Eaven if this means that sombody is using my remailer to break the law by distributing copyrighted information. [....] > > I think the right answer is a remailer that logs, allows replies (like > the finet one) and which opens up in the case of illegal postings, or > any other postings that don't follow its rules. It might say that > it demands a warrant, for example. Ok, if the police come and wake my up an morning with an warrant, they might still need me to get the information they are looking for. (I like encryption!) If the warrant was about kiddy-porn I might give the police what they wanted, but not before I saw the warrant! If they wanted some politicaly mail from Russia/Albania I would rather low-level formated my harddisk! This Brad-person didn't bring a warrant! So I would have told him to put his nose somhere else! Sorry but my world is black an white (At least a norwegian saying!) Look at the Subject again. "my remailer taking some (mild) heat" If you dont know how to handle the mild heat, how would you handle the glowing heat? I'm sorry if this was a little to hard on some of you, but this is my appinion. Regards, Halvor Kise jr. (which is putting an remailer up soon) -- * MEMENTO MORI * _____________________________________________________ | Halvor Kise jr. * halvork at sofus.dhhalden.no | | * halvork at gyda.dhhalden.no | | Ostfold * halvork at frodo.dhhalden.no | | Regional College * Student at | | N-1757 Halden * Computer Science | | * | | | | Finger halvork at sofus for PGP-key | ----------------------------------------------------- From mg5n+eae5nx0i73d8g76rma9ilx7ngs1mk7ddo1tw570wp3w at andrew.cmu.edu Mon Apr 18 23:44:02 1994 From: mg5n+eae5nx0i73d8g76rma9ilx7ngs1mk7ddo1tw570wp3w at andrew.cmu.edu (Anonymous) Date: Mon, 18 Apr 94 23:44:02 PDT Subject: Clipper == _chosen_ plaintext attack on cypherpunks? Message-ID: In <94Mar30.211225edt.12125 at cannon.ecf.toronto.edu>, SINCLAIR DOUGLAS N wrote, in reply to Bill Stewart: > > The proposed standards I've seen on the net say you can't encrypt > > *after* using Clipper, because that makes Clipper key-theft useless. > > On the other hand, encryption with real systems before encrypting with > > Clipper is undetectable until after they decrypt the Clipper, so it's > > hard to enforce except on people who are already suspects, > > and is unlikely to be convenient to implement (for interoperability) > > on some of the major Clipper targets, like cellphones and fax machines. > > Makes sense, doesn't it? When the whitehouse guy said that encryption > below clipper was legal but not above, we thought he was confused. However, > we ACKed it with an NSA employee, and he confirmed it. His reasoning went > like this: encryption below clipper can't be stopped, since one can just > splice a cryptdec into the phone line. Encryption on top of clipper is > impossible since the clipper phone will only accept audio input. No > word on how that would effect clipper modems. This explanation struck me as phony. No NSA employee would be so naive as to actually believe that "Encryption on top of clipper is impossible since the clipper phone will only accept audio input" and clearly the NSA had thought about how easy it would be to "splice a cryptdec". Then it struck me what Clipper/LEAF really does, it provides plaintext for a _chosen_ plaintext attack on other cryptosystems. Most of us tend to ignore chosen-plaintext attacks as being too impractical. How would we ever be able to get the adversary to send lots of plaintext of our (not his) chosing, we wonder. Now suppose that No Such Agency is really years ahead of the rest of the world in exploiting chosen plaintext to break all kinds of stuff, including (say) DES. They've unleashed DES upon the world, and now they're sort of regretting it. If only they could get us crypto-weenies ^H^H^H^H^H^H^H^H^H cypherpunks to send a few thousand choice pieces of chosen plaintext. Hmmmm. How could they do that? Final question: Am I the last person on this list to have thought of this, (namely, clipper as a chosen plaintext attack on other cryptosystems)? From eagle at deeptht.armory.com Tue Apr 19 01:09:26 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Tue, 19 Apr 94 01:09:26 PDT Subject: Lay Chilly Jones Message-ID: <9404190109.aa07188@deeptht.armory.com> -----BEGIN PGP SIGNED MESSAGE----- From: Wayne Q Jones Subject: re: Sgt Russell To: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil >Quantico, CIA funny farm....oh and FBI too...sorry many LURPS around now?? Jesus Christ Jones- get off Darren's back. Cyberspace is spook central. Learn how to live with it. If you don't get your head together, you'll go off the deep end like Detweiler. This is hard ball with the big boys. If you're not up to the game, take a break. And Darren, that's what you get for living in California. I quit using CA driver's licenses when they went to the strip. As I said via private email, welcome aboard. I don't care what you do. You're a participant in the common lot of humankind, as are we all. Carry on cypherpunks. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbORO1/ScHuGXWgVAQE3KAP+JyxHkNO7jSkKHbvTittb0z5fokyUNEi9 scQw4YMhTmydlE66joeJjRsWsHrQuN/hBVDRgEQwQBpdjCTY2wvD+HJeucTeBA8H +LWTxn5KhsBCe6RifVIHKPRA/FfnSfrj3hmyEi7hAU0fEFISjtKZgQ/rEiEvfE+z A3GWd9eU5Bc= =uJnZ -----END PGP SIGNATURE----- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From jester at grex.cyberspace.org Tue Apr 19 01:26:19 1994 From: jester at grex.cyberspace.org (Thomas Riggley) Date: Tue, 19 Apr 94 01:26:19 PDT Subject: BEST Inc. In-Reply-To: Message-ID: On Mon, 18 Apr 1994, Jeremy Cooper wrote: > > > > I was in a BEST store yesterday, and attempted to pay by check. They > > asked for ID to verify the check and when I handed them my military ID, they > > asked for my driver's license instead. I gave them my driver's license and > > they used it and the magnetic strip on the back of it to verify my check. I > > [stuff deleted] > > >From what I know, there is no law that says you have to keep that > magnetic strip up to date. Just have a little meeting between it and Mr. > Refridgerator magnet and you could end up with some surprising results. Is this true? I am a NY state resident. I am under the impression that altering either the bar code or the mag strip on the back of my license would be as illegal as say changing the picture (Not that this is possible in with the new NY licenses). I do not know the legality behind this but I am aware that altering a license in ANYWAY is illegal. Although what you are suggesting is VERY difficult to prove, it is still I would think illegal. Unless anyone has any legal information to the contrary.... I would also guess that these states that have the mag strips on their license also have fines for non-oprative strips. If they do not, I am sure the law will be created so enough! -Tom From greg at ideath.goldenbear.com Tue Apr 19 01:50:33 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Tue, 19 Apr 94 01:50:33 PDT Subject: British child porn used steganography (forwarded msg) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Forwarded message (from Cyberia-L, law/computers discussion list): > Date: Mon, 18 Apr 1994 14:48:45 -0400 > Message-Id: <9404181818.AA23764 at mail.wm.edu> > From: efn!ideath!uunet!mail.wm.edu!thardy (Trotter Hardy) > Subject: Secret porn in .EXE files > An e-mail acquaintance of mine in the U.K., Phillip Boyd, has > related to me that someone in England has been arrested for the > distribution of pornographic materials. Apparently the > "materials" are secreted within a DOS .exe file in such a way > that the file can still run normally as a program, but those who > know how, can decipher the pornographic contents. > Here is Phillip's description: > ------------------------------------------------------------ > A research assistant at the University of Birmingham has just > been arrested for distributing Child Pornography through the > Internet: apparently wrapped up in innocuous .exe files which > really work and do something else if you don't know what they > are. The general view is that such distribution is pretty > well unstoppable. > Apparently it was the FBI who found him out and reported to > West Midlands Police here. He was a research assistant in > the Department of Metallurgy. No further details, it will > probably be months before he comes to trial. > ----------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbOV/n3YhjZY3fMNAQF8AAQAlVVuIT614fgE1Iphy1xWBuMkF9uGlHp4 r+Uga6lVH40wR4XPKFgCmdsQaYj9EfFuQFaM2jFVGWlQaqix59hu10TnOQbPJYC6 XQtLNSVwuHylNSnotXl9Ta3CCOmRJj8o0sAoPpioWeD2LZO97l9DlKRgLeGUVbmJ t6wBAQHaGQY= =V3OC -----END PGP SIGNATURE----- From eagle at deeptht.armory.com Tue Apr 19 02:24:02 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Tue, 19 Apr 94 02:24:02 PDT Subject: Magnetic Strip Accidents Message-ID: <9404190223.aa08704@deeptht.armory.com> -----BEGIN PGP SIGNED MESSAGE----- From: Thomas Riggley >Is this true? I am a NY state resident. I am under the impression that >altering either the bar code or the mag strip on the back of my license >would be as illegal as say changing the picture (Not that this is possible As Barlow told me during an unrelated incident, "Christ, *shit* happens, eh?" One of the main reasons I don't live in NY or CA is they have so many laws. If you can't find a way around the system, or to slip through the cracks, you'll just have to goose-step along to the bitter end. If the internet becomes the surveillance system the intelligence communities envision, there may be a law against sitting on the toilet sideways and a means to enforce it. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbOijl/ScHuGXWgVAQEyGAP/XKNFu2rBDwz7l1/r+yeTW6nDhpGTyRA6 i8hBCnPHkxUP09aZT4EZcwBZOVPlyBDYDbkynPcP0yC3KRQ3Q/P+vjvfmdqfOP9u CqQaWC1UepRXpbuX2MYgkLg9f+4xa8xy3Fh9vbVGyhxySZtAWj9KAx85eQuaOOfa MUIghXkRPjI= =1QzN -----END PGP SIGNATURE----- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From cat at soda.berkeley.edu Tue Apr 19 04:40:59 1994 From: cat at soda.berkeley.edu (Erich von Hollander) Date: Tue, 19 Apr 94 04:40:59 PDT Subject: how do i do this with pgp? Message-ID: <199404191140.EAA09491@soda.berkeley.edu> i'm writing a lot of perl scripts that need to interact with pgp. however, i have not found an easy way of getting a passphrase to pgp from a script. i realize of course that this is for security; pgp only wants things typed in from a keyboard. however, there are plenty of times when automated processing is desired, and security of the key does not need to be perfect. in these cases, the only way (it seems to me) to get pgp to work is to setenv PGPPASS, which is really terrible security. is there a better way to do this? will there be some easier way in future versions of pgp, like being able to read the passphrase from stdin? e From rees at cs.bu.edu Tue Apr 19 05:16:25 1994 From: rees at cs.bu.edu (David Rees) Date: Tue, 19 Apr 94 05:16:25 PDT Subject: Money Laundering thru roulette Message-ID: <199404191216.IAA04248@csa.bu.edu> In the book I mentioned earlier, "Th Eudamonic Pie", it mentions a scheme by which a person can always break even while playing roulette. Seems to me that this is exactly what is asked for. If anyone wants it, I'll type in the appropriate portion and send it to the list. --Dave From bill at kean.ucs.mun.ca Tue Apr 19 06:18:03 1994 From: bill at kean.ucs.mun.ca (Bill Garland) Date: Tue, 19 Apr 94 06:18:03 PDT Subject: BEST Inc. Message-ID: <0097D2F9.F687E5A0.8202@NOAH.UCS.MUN.CA> To: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil >> >> I was in a BEST store yesterday, and attempted to pay by check. They >> asked for ID to verify the check and when I handed them my military ID, they >> asked for my driver's license instead. I gave them my driver's license and >> they used it and the magnetic strip on the back of it to verify my check. I > >[stuff deleted] > >From what I know, there is no law that says you have to keep that >magnetic strip up to date. Just have a little meeting between it and Mr. >Refridgerator magnet and you could end up with some surprising results. What is not clear here is whether the information that comes up on the point-of-sale terminal is encoded on the card or is in their "neat little database" on the network into which they are tuned. I don't know, but I guess this might mean that the paper driver's licences we use here in the back woods are soon to go the way of the buggy whip. The military ID should have been enough - I would assume that, especially in the largest armed force ever assembled by man, it is easier to fake a drivers licence than a military id. But I've been wrong before... If the info is on the card, follow the refrigerator magnet idea if you don't want them to cash your cheque. Or do as the Sarge did. Then, instead of having a record that you purchased Pentouse Letters on April 14 at 10:33 pm in Mac's Milk on the corner of Broadway and 110th, they have a record of your withdrawal of 50 bucks from the atm and a picture in their video database as you did the withdrawal. Six of one, half a dozen of the other. If the info is in the database, and it is (even though _this_ pos terminal may not have access to it) then - well, if you object to this, keep up with cp and other fora, get yourself some fake or anonymous id's (?), write code, use pgp, become judgement proof, move and don't set up forwarding addresses, have your id killed, etc. Bill Garland, whose .sig just vanished From warlord at MIT.EDU Tue Apr 19 06:33:00 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Tue, 19 Apr 94 06:33:00 PDT Subject: how do i do this with pgp? In-Reply-To: <199404191140.EAA09491@soda.berkeley.edu> Message-ID: <9404191332.AA05378@toxicwaste.media.mit.edu> Clearly you have not read the application note in the documentation that came with PGP. The appnote clearly states: > There is a better way of doing this in PGP 2.2, which is an > environment variable called "PGPPASSFD". If this is set, it means > that the FIRST thing PGP will do is read the pass phrase from this > file descriptor. So, for example, one can set PGPPASSFD to "0" > (zero), and then PGP will read the pass phrase from stdin as the first > thing. -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord at MIT.EDU PP-ASEL N1NWH PGP key available From jims at Central.KeyWest.MPGN.COM Tue Apr 19 06:41:30 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell - KD4CKQ) Date: Tue, 19 Apr 94 06:41:30 PDT Subject: Warrantless searches -- A sign of things to come? Message-ID: <9404191341.AA01558@Central.KeyWest.MPGN.COM> > The easiest solution is to include a provision in the rental agreement [... that allows searches and agrees to no-firearms ...] > I'm not sure that all states would permit searches even under these > circumstances ... > Comments? Are there any lawyers that can comment with certainty? I'm not qualified to answer this point. (I did post since it was my original point that is being referred to. My opinion is that a landlord can not further limit that which the state laws protect... but that is opinion) This topic may have merit here since it started as (forgive the paraphrase) "We want to make cyber laws and here is the stupidity that is happening in the real world... we have a lot of work ahead of us." Anyone care to offer an opinion on this discussion's merit here? Jim -- Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com Key West, FL 33041 CIS: 71061,1027 (305) 293-8100 "We keep coding and coding and coding..." From SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil Tue Apr 19 06:58:02 1994 From: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil (SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil) Date: Tue, 19 Apr 94 06:58:02 PDT Subject: Sgt Russell Message-ID: <9404191357.AA07348@toad.com> Wayne, I am sorry that my being on this list is offensive to you. I joined this list to learn about cryptography. If anything, I would think that you would want to help a new person get up to speed. If you can't grow up and treat other people like human beings, maybe you ought to take yourself off of the list and go play with your private key by yourself. My job is important to me. Learning about cryptography is going to help me protect my systems and my messages. I have no desire to eavesdrop on what you or anyone else is doing on this list. I merely want to learn, and possibly contribute to the threads on the list. I have received several responses from people on the list and really appreciate that. I hope this helps to clarify my position on this list. Sgt Darren Harlow - Computer Security MCTSSA, Camp Pendleton, USMC Internet: harlow%isb%mctssa at nwsfallbrook3.nwac.sea06.navy.mil or another less reliable & slower: harlow at mqg1.usmc.mil Voice: Comm: (619) 725-2970 DSN (Autovon): 365-2970 Fax: Comm: (619) 725-9512 DSN (Autovon): 365-9512 PGP Public key available upon request "The views expressed are my own, and always will be..." From VACCINIA at UNCVX1.OIT.UNC.EDU Tue Apr 19 07:10:36 1994 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Tue, 19 Apr 94 07:10:36 PDT Subject: Secure HTTP/Mosaic Message-ID: <01HBCT4VHWUQ004CIF@UNCVX1.OIT.UNC.EDU> This is the info I got back after inquiring about S-HTTP from EIT/NCSA, skip the press release at the end if you have already seen it. I note, that PGP is one of the cryptographic message formats supported. Cool. Vaccinia at uncvx1.oit.unc.edu Thank you for your inquiry regarding Secure HTTP. This message provides some details on the protocol and the status of its implementation. The April 12th joint EIT/NCSA/RSA press release regarding Secure Mosaic is included at the end of the message. OVERVIEW OF S-HTTP We have developed a new protocol for dealing with a wide range of cryptographic modes and algorithms in the context of the World-Wide Web, based on the Web's existing HyperText Transfer Protocol (HTTP). We call this protocol "Secure HTTP" or "S-HTTP". This protocol has been designed to enable incorporation of various cryptographic message format standards into Web clients and servers, including, but not limited to PKCS-7, PEM, and PGP. S-HTTP supports interoperation among a variety of implementations, and is backwards compatible with HTTP. S-HTTP aware clients can talk to S-HTTP oblivious servers and vice-versa, although such transactions obviously would not use S-HTTP security features. IMPLEMENTATIONS AND LICENSING EIT will make available freely usable source code for implementing S-HTTP in both clients and servers. These reference implementations of "Secure NCSA Mosaic" and "Secure NCSA HTTPD" will support two crypto engine implementations: via an integrated TIPEM library (offering PKCS-7 support) and via an "outboard" RIPEM application. RSA has agreed to permit the distribution of their TIPEM library, in binary form, without charge in conjunction with the non-commercial distribution of NCSA Mosaic. Implementors of non-commercial clients or servers may wish to use the already available RIPEM system (which is itself based on RSA's RSAREF library). Commercial implementors or distributors of WWW clients and servers are encouraged to pursue licencing arrangements with RSA or their licencees. FEATURES OF S-HTTP S-HTTP does not require client-side public key certificates (or public keys), supporting a symmetric session key operation mode. This is significant because it means that secure, spontaneous transactions can occur without requiring individual users to have an established public key. While S-HTTP will be able to take advantage of a ubiquitious certification infrastructure, its deployment does not require it. S-HTTP supports end-to-end secure transactions, in contrast with current usage of the existing HTTP authorization protocol which requires the client to attempt access and be denied before the security mechanism is employed. Clients may be "primed" to initiate a secure transaction (typically using information supplied in an HTML anchor); this is used to support encryption of fill-out forms, for example. In S-HTTP, no sensitive data need ever be sent over the network in the clear. S-HTTP provides full flexibility of cryptographic algorithms, modes and parameters. Option negotiation is used to allow clients and servers to agree on transaction modes (should the the request be signed? encrypted? both? what about the reply?); cryptographic algorithms (RSA vs. DSA for signing, DES vs. RC4 for encrypting, etc.); and certificate selection (please sign with your "Mastercard certificate"). ABOUT PKCS-7 PKCS-7 is a cryptographic message syntax standard developed by a consortium of companies lead by RSA. PKCS-7 is compatible with the Internet standards for Privacy Enhanced Mail (PEM) in that signed-data and signed-and-enveloped-data content, constructed in a PEM-compatible mode, can be converted into PEM messages without any cryptographic operations. PEM messages can similarly be converted into the PKCS-7 signed-data and signed-and-enveloped-data content types. In other words, PKCS-7 and PEM implementations can interoperate. PKCS-7 has the following advantages: a) PKCS-7 permits transport of 8-bit data (contrast with PEM, which requires Base-64 encoding). b) PKCS-7 can have a signature-less mode of operation. This permits secure messages to be sent from senders who do not have RSA key pairs. Signature is mandatory under PEM. c) PKCS-7 permits more flexibility in certificate format and trust models. d) PKCS-7 is explicitly designed for algorithmic flexibility. New cryptosystems, message digest algorithms and signature schemes can be added just by defining new types. SCHEDULE An "alpha quality" implementation of Secure Mosaic and HTTPD was demonstrated in public on April 12th. The protocol document is to be sent for external review (to RSA, NCSA and TIS) at the end of April. After revision, we plan to submit it as an "experimental protocol" RFC -- by late May, we expect. The reference implementation will be supplied to beta testers (to the protocol reviewers, and selected CommerceNet sponsors). Public release (to CommerceNet participants) is scheduled for September. CommerceNet will operate a certification authority, suitable for operators of S-HTTP servers (open to CommerceNet participants), beginning at that time. We expect that NCSA will make the reference implementation available to the Internet community soon after. Periodic progress reports will be reported to Internet mailing lists (such as PEM-DEV), and available on the EIT and CommerceNet Web servers (URL's http://www.commerce.net/ and http://www.eit.com/). ORIGINAL PRESS RELEASE Secure NCSA Mosaic Establishes Necessary Framework for Electronic Commerce on the Internet PALO ALTO, Calif., April 12, 1994 -- Enterprise Integration Technologies (EIT), the National Center for Supercomputing Applications (NCSA) at the University of Illinois and RSA Data Security today announced agreements to jointly develop and distribute a secure version of NCSA Mosaic, the popular point-and-click interface that enables easy access to thousands of multimedia information services on the Internet. The announcement was made in conjunction with the launch of CommerceNet, a large-scale market trial of electronic commerce on the Internet. Under the agreements, EIT will integrate its Secure-HTTP software with public key cryptography from RSA into NCSA Mosaic Clients and World Wide Web (WWW) servers. WWW is a general-purpose architecture for information retrieval comprised of thousands of computers and servers that is available to anyone on Internet. The enhancements will then be made available to NCSA for widespread public distribution and commercial licensing. Jay M. Tenenbaum, chief executive officer of EIT, believes secure NCSA Mosaic will help unleash the commercial potential of the Internet by enabling buyers and sellers to meet spontaneously and transact business. "While NCSA Mosaic makes it possible to browse multimedia catalogs, view product videos, and fill out order forms, there is currently no commercially safe way to consummate a sale," said Tenenbaum. "With public key cryptography, however, one can authenticate the identity of trading partners so that access to sensitive information can be properly accounted for." This secure version of NCSA Mosaic allows users to affix digital signatures which cannot be repudiated and time stamps to contracts so that they become legally binding and auditable. In addition, sensitive information such as credit card numbers and bid amounts can be securely exchanged under encryption. Together, these capabilities provide the foundation for a broad range of financial services, including the network equivalents of credit and debit cards, letters of credit and checks. In short, such secure WWW software enables all users to safely transact day-to-day business involving even their most valuable information on the Internet. According to Joseph Hardin, director of the NCSA group that developed NCSA Mosaic, over 50,000 copies of the interface software are being downloaded monthly from NCSA's public server -- with over 300,000 copies to date. Moreover, five companies have signed license agreements with NCSA and announced plans to release commercial products based on NCSA Mosaic. "This large and rapidly growing installed base represents a vast, untapped marketplace," says Hardin. The availability of a secure version of NCSA Mosaic establishes a valid framework for companies to immediately begin large-scale commerce on the Internet." Jim Bidzos, president of RSA, sees the agreement as the beginning of a new era in electronic commerce, where companies routinely transact business over public networks. "RSA is proud to provide the enabling public key software technology and will make it available on a royalty-free basis for inclusion in NCSA's public distribution of NCSA Mosaic," said Bidzos. RSA and EIT will work together to develop attractive licensing programs for commercial use of public key technology in WWW servers." At the CommerceNet launch, Allan M. Schiffman, chief technical officer of EIT, demonstrated a working prototype of secure NCSA Mosaic, along with a companion product that provides for a secure WWW server. The prototype was implemented using RSA's TIPEM toolkit. "In integrating public key cryptography into NCSA Mosaic, we took great pains to hide the intricacies and preserve the simplicity and intuitive nature of NCSA Mosaic," explained Schiffman. Any user that is familiar with NCSA Mosaic should be able to understand and use the software's new security features. Immediately to the left of NCSA's familiar spinning globe icon, a second icon has been inserted that is designed to resemble a piece of yellow paper. When a document is signed, a red seal appears at the bottom of the paper, which the user can click on to see the public key certificates of the signer and issuing agencies. When an arriving document is encrypted, the paper folds into a closed envelope, signifying that its information is hidden from prying eyes. When the user fills out a form containing sensitive information, there is a 'secure send' button that will encrypt it prior to transmission. Distribution of Public Keys To effectively employ public-key cryptography, an infrastructure must be created to certify and standardize the usage of public key certificates. CommerceNet will certify public keys on behalf of member companies, and will also authorize third parties such as banks, public agencies, industry consortia to issue keys. Such keys will often serve as credentials, for example, identifying someone as a customer of a bank, with a guaranteed credit line. Significantly, all of the transactions involved in doing routine purchases from a catalog can be accomplished without requiring buyers to obtain public keys. Using only the server's public key, the buyer can authenticate the identity of the seller, and transmit credit card information securely by encrypting it under the seller's public key. Because there are far fewer servers than clients, public key administration issues are greatly simplified. Easy Access to Strong Security To successfully combine simplicity of operation and key administration functions with a high level of security that can be accessible to even non-sophisticated users, significant changes were necessary for existing WWW security protocols. EIT developed a new protocol called Secure-HTTP for dealing with a full range of modern cryptographic algorithms and systems in the Web. Secure-HTTP enables incorporation of a variety of cryptographic standards, including, but not limited to, RSA's PKCS-7, and Internet Privacy Enhanced Mail (PEM), and supports maximal interoperation between clients and servers using different cryptographic algorithms. Cryptosystem and signature system interoperation is particularly useful between U.S. residents and non-U.S. residents, where the non-U.S. residents may have to use weaker 40-bit keys in conjunction with RSA's RC2 (TM) and RC4 (TM) variable keysize ciphers. EIT intends to publish Secure-HTTP as an Internet standard, and work with others in the WWW community to create a standard that will encourage using the Web for a wide variety of commercial transactions. Availability EIT will make Secure NCSA Mosaic software available at no charge to CommerceNet members in September and NCSA will incorporate these secure features in future NCSA Mosaic releases. Enterprise Integration Technologies Corp., of Palo Alto, Calif., (EIT) is an R&D and consulting organization, developing software and services that help companies do business on the Internet. EIT is also project manager of CommerceNet. The National Center for Supercomputer Applications (NCSA), developer of the Mosaic hypermedia browser based at the University of Illinois in Champaign, Ill., is pursuing a wide variety of software projects aimed at making the Internet more useful and easier to use. RSA Data Security, Inc., Redwood City, Calif., invented Public Key Cryptography and performs basic research and development in the cryptographic sciences. RSA markets software that facilitates the integration of their technology into applications. Information on Secure NCSA Mosaic can be obtained by sending e-mail to shttp-info at eit.com. Press Contact: Nancy Teater Hamilton Communications Phone: (415) 321-0252 Fax: (415) 327-4660 Internet: nrt at hamilton.com From reagle at umbc.edu Tue Apr 19 07:16:34 1994 From: reagle at umbc.edu (Joseph M. Reagle Jr.) Date: Tue, 19 Apr 94 07:16:34 PDT Subject: BEST Inc. In-Reply-To: <9404181937.AA16438@toad.com> Message-ID: On Mon, 18 Apr 1994 SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil wrote: > I was in a BEST store yesterday, and attempted to pay by check. They > asked for ID to verify the check and when I handed them my military ID, they > asked for my driver's license instead. I gave them my driver's license and > they used it and the magnetic strip on the back of it to verify my check. I > noticed on their computer screen that it had all of my info, as in birthdate, > address, driver's license number, the routing number for the bank I am with, > and my checking account number. They also have notices up that say they > index everything by your phone number. I asked them what they were using all > of this information for, and they said for their marketing purposes. I was > so ticked off that I took back the check, went to an ATM, pulled out cash, > and went back and purchased the item with cash. I had to buy the item there, > because nowhere else in the local area did they have the item. Just > something to keep in mind. I used to work at Best, and as far as I could tell it is so that they may send the fliers to your house. _They_ are so dogged because the higher ups require each store to get so many new 'data sets', so we used to enter in dummy values, addresses of friends/relatives or ourselves multiple times. Somebody at the Corp level knew I'm sure, but it kept the managers off the sales/register people's backs. Regards, | *finger for UMBC:ACM info* Joseph M. Reagle Jr.| "I do not know such stuff!" reagle at gl.umbc.edu | - Chew, Blade Runner. From sdw at meaddata.com Tue Apr 19 07:57:55 1994 From: sdw at meaddata.com (Stephen Williams) Date: Tue, 19 Apr 94 07:57:55 PDT Subject: warrantless searches In-Reply-To: <199404181939.MAA02958@well.sf.ca.us> Message-ID: <9404191459.AA16266@jungle.meaddata.com> > As a lifetime Chicago resident, let me add my $.02 > ... > Besides, Handguns are illegal in Chicago, and have been for more > than a decade....... > > > > Brian Williams > Extropian > Cypherpatriot I was in Chi. a couple of years ago and happened to run into a guy just getting home that had a handgun strapped to his belt in plain view. Is there a license for this or must you be a private eye/police/security for this? I doubt it was illegal, unless he was just asking for trouble. It was in a reasonably bad neighborhood on the East side. (Ahem, made a wrong turn...) I know that in OH there are some interesting laws: I had a lawyer friend who wore a gun even when he went out drinking in bars because of the types of clients he represented. Supposedly the local police had cleared it or something based on some legal exception. (In Ohio, there are signs posted in bars that having a handgun in a licensed liquor establishment has such and such mandatory sentence.) sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From nates at netcom.com Tue Apr 19 07:58:10 1994 From: nates at netcom.com (Nate Sammons) Date: Tue, 19 Apr 94 07:58:10 PDT Subject: Talk on privacy this weekend in Boulder Message-ID: <199404191459.HAA16802@netcom13.netcom.com> I caught this one and though there might be some takers... ------------------------------------------------------------------------ Date: Fri, 15 Apr 1994 11:37:39 +22305931 (MDT) From: Virnoche Mary To: Tim Schoechle Subject: Privacy Program/Please forward to anyone interested The 18th Regional Conference on the History and Philosophy of Science PRIVACY AND NEW INFORMATION TECHNOLOGIES April 21 - 23, 1994 University of Colorado at Boulder Hale Science Building Thursday _____________________________________________________________ April 21 7:00 - 9:00 p.m. Images in Popular Culture I: "The Conversation" Hale 270 Feature film with Gene Hackman, John Cazale, Cindy Williams, Teri Garr, Harrison Ford and Robert Duvall Friday _________________________________________________________________ April 22 2:30 - 4:00 p.m. Welcome: Dean Charles R. Middleton Hale 230 Arts and Sciences Keynote Windows into the Soul: Privacy in Address: an Age of High Technology Dr. Gary T. Marx University of Colorado, Sociology 4:00 - 5:30 p.m. Session I Libraries, Privacy, and Hale 230 New Information Technology Panelists: David Fagerstrom Science Library "Security and Database Searches" Debbie Hollis Government Documents "Altering Government Text" Scott Seaman Circulation "Circulation and Patron Confidentiality" Moderator: Jen Owen University of Colorado, Sociology 5:30 - 7:00 p.m. Dinner Break 7:00 - 8:45 p.m. Images in Popular Culture II: "Sliver" Hale 270 Feature film with Sharon Stone, William Baldwin, and Tom Berenger 8:45 - 9:45 p.m. Refreshments and Discussion of films Hale 270 Discussion Leader: Charlotte Kunkel University of Colorado, Sociology Saturday ________________________________________________________________ April 23 9:00 - 9:55 a.m. Session II Medical Records: Hale 270 Are They Really Private? Speaker: Sheri Alpert George Mason University, Public Policy Discussants: Linda Fox, J.D. Associate Counsel, Eleanor Roosevelt Institute Mary Virnoche University of Colorado, Sociology Moderator: Mary Cornell, RRA President,Colorado Health Information Management Association 10:00 - 10:55 a.m. Session III Coming Soon Hale 270 to a Society Near You? Panelists: Tim Schoechle University of Colorado, Telecommunications "Smart Homes" Dave Hunter President, BI Inc. "Electronic Location Monitoring" Professor Omar K. Moore Responsive Environment Foundation Inc. "Interactive Multi-Dimensional Technologies" Don Eberle, J.D. Attorney in private practice 11:00 - 12:15 p.m. Session IV Newer Media Technologies, Hale 270 Privacy, and Media Practitioners Speaker: Professor Jerome Aumente Rutgers University Journalism Resources Institute Discussants: Professor Michael Tracey University of Colorado Journalism and Mass Communication Roger Fidler Knight-Ridder Director of New Media and the Information Design Lab Martin Taschdjian US West Moderator: Professor Brenda J. Allen University of Colorado, Communications 12:15 - 1:30 p.m. Lunch 1:30 - 2:45 p.m. Session V Electronic Media and the Hale 270 Transformation of Law Speaker: Professor Ethan Katsh University of Amherst Discussants: Professor Michael Strine University of Colorado, Political Science Professor Barbara Bintliff, J.D. University of Colorado Law Library Director Moderator: Professor Cal Jillson University of Colorado, Political Science 2:45 - 4:00 p.m. Session VI Cryptography and the Clipper Chip Hale 270 Speaker: Dr. Dorothy Denning Georgetown, Computer Science Discussants: Ken Klingenstein Director, Computer Network Services University of Colorado Phil Zimmerman Software Consultant, Boulder Moderator: Dr. William Moninger National Oceanic and Atmospheric Administration (NOAA) 4:15 - 5:30 p.m. Session VII What is to be Done? Hale 270 Reflections from the Front Line. Marc Rotenberg, J.D. Computer Professionals for Social Responsibility (CPSR) Former counsel to the Senate Judiciary, Washington, D.C. Discussants: Professor Robert Trager University of Colorado Journalism and Mass Communication Sandra McCray, J.D., L.L.M. University of Colorado, Telecommunications Moderator: Scott Allman University of Colorado, Philosophy Sponsors: The Department of Sociology and its Center for the Social Study of Information Technology, The School of Journalism and Mass Communication, The Keller Center for the Study of the First Amendment, The Telecommunications Interdisciplinary Program Committee, and the Center for Values and Social Policy. Contacts: Professor Gary T. Marx Mary Virnoche Department of Sociology Department of Sociology 492-6427 492-3312 ------------------------------------------------------------------------ -nate -- +--------- | Nate Sammons PGP Key and fingerprint via finger. | Clipper == Big Brother Inside. Question Authority. Encrypt everything. +--------- From f_griffith at ccsvax.sfasu.edu Tue Apr 19 08:09:12 1994 From: f_griffith at ccsvax.sfasu.edu (f_griffith at ccsvax.sfasu.edu) Date: Tue, 19 Apr 94 08:09:12 PDT Subject: Warrantless searches -- A sign of things to come? Message-ID: <9404191509.AA08962@toad.com> > >The easiest solution is to include a provision in the rental agreement >stating that you won't possess firearms in the apartment. In addition, >include a provision that indicates that the tenant wil consent to any >search requested by the landlord. You could even make these provision >optional, such that any tenant can decline to agree to them by checking >the appropriate box. > >(Most tenants in such projects probably won't bother to read them anyway). > I thought the administration had backed off the original proposal because of the uproar and had gone to the search waiver provision in the rental agreement (don't know if they included the firearms part). It appears that we're still at a point where enough protest from the informed part of the populace can have an effect. From joshua at cae.retix.com Tue Apr 19 08:15:05 1994 From: joshua at cae.retix.com (joshua geller) Date: Tue, 19 Apr 94 08:15:05 PDT Subject: Sgt Russell Message-ID: <199404191514.IAA01328@sleepy.retix.com> Sgt Darren Harlow writes: > Wayne, > I am sorry that my being on this list is offensive to you. I joined > this list to learn about cryptography. If anything, I would think that you > would want to help a new person get up to speed. If you can't grow up and > treat other people like human beings, maybe you ought to take yourself off of > the list and go play with your private key by yourself. > My job is important to me. Learning about cryptography is going to > help me protect my systems and my messages. I have no desire to eavesdrop on > what you or anyone else is doing on this list. I merely want to learn, and > possibly contribute to the threads on the list. I have received several > responses from people on the list and really appreciate that. I hope this > helps to clarify my position on this list. I don't see any reason why sgt. harlow shouldn't be as welcome as anyone else on the list. there are a large number of people in the military, and any generalization drawn about them is likely to be false (of course all generalizations are false, but that is another matter). for those who enjoy paranoia, I would point out that sgt. harlow is not the only person on this list with past or present military associations. josh From whitaker at dpair.csd.sgi.com Tue Apr 19 08:29:51 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Tue, 19 Apr 94 08:29:51 PDT Subject: Intolerance on the list (was Re: Sgt Russell) In-Reply-To: <9404191357.AA07348@toad.com> Message-ID: <9404190827.ZM6626@dpair.csd.sgi.com> On Apr 19, 6:50am, SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac wrote: > Subject: re: Sgt Russell Who is Sgt Russell? The person who started this thread (Wayne Q Jones) should read his messages more carefully. I believe he saw my response to Sgt. Harlow's information request and didn't read it carefully: I work for Silicon Graphics, not the USMC. > Wayne, > I am sorry that my being on this list is offensive to you. I joined > this list to learn about cryptography. [text elided] Sgt. Harlow, Wayne Jones speaks only for himself. I speak only for myself. Your .sig line declares that you know you only speak for yourself, too, and I find that declaration admirable. You are certainly welcome to participate in the discussions here. Bear in mind that there _are_ a range of political opinions here, ranging from radical libertarian (me and quite a few others) to various flavors of political authoritarian (a minor subset, I think). I suspect - I do not know the fellow - that Mr. Jones is undergoing short spasms of Poor Impulse Control, his being an immediate anti-authoritarian reaction that isn't taking into account that you are an individual acting on your own initiative. To put it gently, I'm not fond of authoritarian organizations... especially government ones. However, I'm ex-military, myself, and this might be what helps me moderate my approach to particular people. You will find that issues of encryption and data protection are enormously _political_ issues. That is, their application profoundly alters what it means to live amonst other people. You may be somewhat - understandably - puzzled at the reactions of certain people on the list, and wonder what all the fuss is about. Please don't be put off further enquiry! You should consider, if you haven't already done it, reading some of the excellent cypherpunks political pieces by list participants such as Timothy May, Duncan Frissell, Sandy Sandfort and others. You might also take at Chuck Hammill's "From Crossbows to Cryptography". Even if you don't agree with the views expressed therein, I would lay money on the bet that you will know far more about the broader issues of cryptography and data security than will your nominal superiors. > If anything, I would think that you > would want to help a new person get up to speed. If you can't grow up and > treat other people like human beings, maybe you ought to take yourself off of > the list and go play with your private key by yourself. > You have my agreement on this. > My job is important to me. Learning about cryptography is going to > help me protect my systems and my messages. I have no desire to eavesdrop on > what you or anyone else is doing on this list. I merely want to learn, and > possibly contribute to the threads on the list. I have received several > responses from people on the list and really appreciate that. I hope this > helps to clarify my position on this list. > Your motivations seem clear enough to me. Dig in! Enjoy yourself here, and I look forward to your participation. I'm sure I'm not the only list participant who would go further, and elicit your _active_ participation. It would be a treat to know, from a solid source such as yourself, how routine security issues are handled in an operational military environment. Thanks for your time, Russell > Sgt Darren Harlow - Computer Security > MCTSSA, Camp Pendleton, USMC > >-- End of excerpt from SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac -- Russell Earl Whitaker whitaker at sgi.com Silicon Graphics Inc. Technical Assistance Center, Mountain View CA (415) 390-2250 ================================================================ #include From werner at mc.ab.com Tue Apr 19 08:41:16 1994 From: werner at mc.ab.com (tim werner) Date: Tue, 19 Apr 94 08:41:16 PDT Subject: warrantless searches Message-ID: <199404191541.LAA22240@sparcserver.mc.ab.com> >From: sdw at meaddata.com (Stephen Williams) >Date: Tue, 19 Apr 1994 10:59:22 -0400 (EDT) > >I know that in OH there are some interesting laws: I had a lawyer >friend who wore a gun even when he went out drinking in bars because >of the types of clients he represented. Supposedly the local police >had cleared it or something based on some legal exception. (In Ohio, >there are signs posted in bars that having a handgun in a licensed >liquor establishment has such and such mandatory sentence.) That must be southern Ohio. I never saw any signs like that in Cleveland, although I gotta admit it's been a few years since I've been in a bar. :) tw From jim at rand.org Tue Apr 19 08:49:18 1994 From: jim at rand.org (Jim Gillogly) Date: Tue, 19 Apr 94 08:49:18 PDT Subject: Sgt Russell In-Reply-To: Message-ID: <9404191549.AA18376@mycroft.rand.org> > Wayne Q Jones writes: > Quantico, CIA funny farm....oh and FBI too...sorry many LURPS around now?? Gee, Wayne, it isn't like this is some sort of super-secret underground hack/phreak conspiracy list. If you want to set up a conspiracy, try a more hostile version of majordomo. I've got a security clearance, and sometimes I work with classified material. I'm also the editor of The Cryptogram's "Cipher Exchange" column, I'm a reasonably noisy opponent of escrowed encryption, an enthusiastic amateur cryptanalyst, and a user of both licensed and unlicensed PGP. And have contributed money to Phil's defense fund. And I write code, including the first DES code that was put in the public domain and exported (although I didn't export it myself...). If you have a proposed litmus test for cypherpunk membership, let's hear it. Personally, I welcome the participation of people who have a clue, no matter who they work for or with. Jim Gillogly Highday, 28 Astron S.R. 1994, 15:42 From lefty at apple.com Tue Apr 19 08:54:13 1994 From: lefty at apple.com (Lefty) Date: Tue, 19 Apr 94 08:54:13 PDT Subject: Sgt Russell Message-ID: <9404191553.AA11520@internal.apple.com> > I am sorry that my being on this list is offensive to you. I joined >this list to learn about cryptography. If anything, I would think that you >would want to help a new person get up to speed. If you can't grow up and >treat other people like human beings, maybe you ought to take yourself off of >the list and go play with your private key by yourself. I wouldn't worry about Wayne: other than an annoying propensity to toss around TLAs in such a way as to make it fairly clear that he doesn't really know what he's talking about, and a strong case of inappropriate paranoia, I suspect he's generally harmless. Annoying, tedious and occasionally laughable; but generally harmless. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil Tue Apr 19 08:56:18 1994 From: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil (SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil) Date: Tue, 19 Apr 94 08:56:18 PDT Subject: Intolerance on the list (was Re: Sgt Russell) Message-ID: <9404191556.AA09919@toad.com> Forwarded to: inet[cypherpunks%toad.com at pucc.princeton.edu] cc: Comments by: SGT DARREN S. HARLOW at ISB@MCTSSA -------------------------- [Original Message] ------------------------- Russell, I appreciate your letter to me. My political views are very conservative. I know that this puts off a number of people, but we are each entitled to our own opinion. I feel that we do need a government in power, but that they have a limited role in our society. If we didn't have at some ruling power in control, the country would be in total anarchy and we would be taken over by some intolerate country. The beauty of our system of government protects our rights. We need a military to protect everyone's ass in this country. I feel that the government infringes to much on other peoples rights in this country as it is, especially with the current president. At least with a conservative government in control, they want to keep the money and the power in the hands of the people. The use of cryptography within our system, IMHO, is to allow us a right to privacy. Personally I feel that the Clipper chip, is a severe infringement upon our rights, and I do NOT support its use. Notice that I use PGP and not PEM or DES. If someone is smart enough to use RSA, then they deserve to be able to talk in privacy. I know that it can be used for alterior motives, but that is the risk with any tool that is available for use. I hope this helps to explain my opinions a bit better. I welcome you comments. BTW, where are those political pieces that people have written. I would like to look at them, to further educate myself. Sgt Darren Harlow - Computer Security MCTSSA, Camp Pendleton, USMC Internet: harlow%isb%mctssa at nwsfallbrook3.nwac.sea06.navy.mil or another less reliable & slower: harlow at mqg1.usmc.mil Voice: Comm: (619) 725-2970 DSN (Autovon): 365-2970 Fax: Comm: (619) 725-9512 DSN (Autovon): 365-9512 PGP Public key available upon request "The views expressed are my own, and always will be..." From hfinney at shell.portal.com Tue Apr 19 09:07:15 1994 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Tue, 19 Apr 94 09:07:15 PDT Subject: Press Release on Secure NCSA Mosiac Message-ID: <199404191608.JAA03753@jobe.shell.portal.com> > This secure version of NCSA Mosaic allows users to affix digital signatures > which cannot be repudiated and time stamps to contracts so that they become > legally binding and auditable. In addition, sensitive information such as > credit card numbers and bid amounts can be securely exchanged under > encryption. Together, these capabilities provide the foundation for a broad > range of financial services, including the network equivalents of credit and > debit cards, letters of credit and checks. I doubt that these electronic financial instruments will be designed to offer new protections to individual privacy. As more commerce moves onto the net, opportunities for database linking will multiply drastically. In such an environment, electronic dossiers of buying and spending habits will be far easier to develop. > To effectively employ public-key cryptography, an infrastructure must be > created to certify and standardize the usage of public key certificates. > CommerceNet will certify public keys on behalf of member companies, and will > also authorize third parties such as banks, public agencies and industry > consortia to issue keys. So once again we have the command-and-control style key certificate hierarchy. Everyone is neatly ordered and positioned in the structure. A place for everyone and everyone in his place. > Such keys will often serve as credentials, for > example, identifying someone as a customer of a bank, with a guaranteed > credit line. I suppose it goes without saying that the kinds of privacy-protecting credentials we have been discussing are not what is being discussed here. Rather, we have more authentication, more registration, more tracking of every electronic financial move we make. > Significantly, all of the transactions involved in doing routine purchases > from a catalog can be accomplished without requiring buyers to obtain public > keys. Using only the server's public key, the buyer can authenticate the > identity of the seller, and transmit credit card information securely by > encrypting it under the seller's public key. Because there are fewer servers > than clients, public key administration issues are greatly simplified. Evidently the "commerce" that is being planned here does not anticipate much demand for encryption of messages from sellers to buyers; rather, the important thing is encryption in the opposite direction to protect those credit card numbers. This also, of course, limits RSA's financial commitment in making its technology available; my reading is that end-users get only the ability to validate signatures for free, and that getting to use their own keys will involve royalty payments. > Secure-HTTP enables incorporation of a variety of cryptographic standards, > including, but not limited to, RSA's PKCS-7, and Internet Privacy Enhanced > Mail (PEM), and supports maximal interoperation between clients and servers > using different cryptographic algorithms. I was pleased to see that in their later message they added support for PGP to this list, although it seems that they are still thinking mostly in terms of "officially sanctioned" systems: > Cryptosystem and signature system > interoperation is particularly useful between U.S. residents and non-U.S. > residents, where the non-U.S. residents may have to use weaker 40-bit keys in > conjunction with RSA's RC2 and RC4 variable keysize ciphers. This is outrageous! Where on earth did they get the idea that non-U.S. residents have access only to 40 bit keys and RC2/RC4? As though the only encryption the rest of the world has is whatever the U.S. government deigns to let cross its borders? What an insult to the rest of the world. And what an attempt at self-deception to pretend that these export controls are effective. I sincerely doubt that the international network community will accept such a limitation in what claims to be an international standard. The one good thing that may come from this initiative is that more people will be using and relying on encryption. Given the widespread skepticism about the government in this country, it will be that much harder to get a Clipper-like program into place. But the initiative does clearly show the pernicious effects of the combined restrictions of the RSA patents and the NSA export controls. Together [RN]SA provides a structured, ordered system which provides the minimal possible privacy necessary for electronic commerce. Far more is possible, but is un- likely under the current legal regime. Hal From hfinney at shell.portal.com Tue Apr 19 09:25:35 1994 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Tue, 19 Apr 94 09:25:35 PDT Subject: CRYPTO: Money laundering and traceability Message-ID: <199404191626.JAA05318@jobe.shell.portal.com> (In honor of the Extropians list discussion elsewhere in this thread I include an Extropians-style message prefix.) An issue related to money laundering is money traceability. I posted something on this a couple of weeks ago but I have a little more information now. We are inclined to believe that with cryptographically anonymous digital cash, "money laundering" will be trivial. A simply sends the cash to B, and there is no way for the bank or anyone else to link the two together. While this is basically true with existing digital cash proposals, there is one kind of linkage that is possible. A knows and can recognize the cash which B holds. A and the bank could cooperate so that if B goes to the bank to deposit his cash (or deposits it electronically into an account linked to his True Name), B's anonymity can be broken. This has good aspects and bad aspects. On the good side, it should make robbery and extortion harder. If you are forced at gunpoint to enter your PIN into your cash smartcard, transferring cash to the robber's "electronic purse" (love that name), then later you can call the bank and report the numbers of the stolen cash. When the robber tries to deposit it, he can be caught. Similarly, this could be a boon to law enforcement "sting" operations. When the feds pay off the anonymous assassin-for-hire or kidnapper, and he goes to deposit the cash, again he can be caught. The other side of the coin, though, is that despotic governments can use these tools to control and restrict what their people can do. If the revolutionaries try to use cryptography to isolate and protect each cell from the others, traceable cryptocash may expose them. Keith Henson posted the start of an interesting story he was writing last year, about some eco-activists using cryptography for protection as they worked to sabotage some polluter. This kind of dramatic scenario might become less possible with traceable cash. (It's possible that some banks would allow truly anonymous accounts, so that even if the cash were recognized as it was turned in, the robber would not be caught. Still, the bank could refuse to honor the money in this case, preventing the criminal from profiting by his misdeeds.) The new information I mentioned comes from a paper by David Chaum in the Eurocrypt 92 proceedings: "Transferred Cash Grows in Size," by Chaum and Torben Pryds Pederson. Chaum considers off-line cash systems where the money does not necessarily have to be returned to the bank after each transaction. His main conclusion is, as the title suggests, that the cash must grow in size at each step. But a secondary conclusion is that under the right circumstances a payor can always recognize his cash at a later point, even after it has passed through many hands. Chaum describes these circumstances as the case where the payor has infinite computing power, but it appears that the same effect would be possible if the bank cooperated with the payor, as would be likely in the kinds of cases I mentioned earlier. The fundamental problem is the impossibility of having the cash be "re-blinded" as it passes from Alice to Bob (after it was "blinded" as Alice withdrew it from the bank). If this kind of multiple blinding were possible, so that neither Alice nor the Bank could recognize the money that Bob holds, multiple-spending could not be detected. Chaum's arguments appear to apply to virtually any electronic cash system which can prevent double-spending. They suggest that traceable cash will be the rule in any digicash system. People planning their future lives of crime under the new regime will need to take this into account. Hal From perry at snark.imsi.com Tue Apr 19 09:29:33 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Tue, 19 Apr 94 09:29:33 PDT Subject: Sgt Russell In-Reply-To: <9404191549.AA18376@mycroft.rand.org> Message-ID: <9404191629.AA06128@snark.imsi.com> Jim Gillogly says: > > > Wayne Q Jones writes: > > Quantico, CIA funny farm....oh and FBI too...sorry many LURPS around now?? > > Gee, Wayne, it isn't like this is some sort of super-secret underground > hack/phreak conspiracy list. If you want to set up a conspiracy, try a > more hostile version of majordomo. Frankly, "Wayne Q. Jones" has thus far posted virtually nothing but the flakiest junk. Certain other new members of the list (a certain poster from armory.com in particular) also strike me as being less than widely valued. Strikingly, these people feel gravely insulted when one points out the fact that their posts read like random text generators driven off of markov chains, the statistics for which were derived from bad xeroxes handed out by drooling individuals on the streetcorner who rave about the aliens who are remote controlling us through our shoelaces. Perry From mmarkley at microsoft.com Tue Apr 19 09:34:13 1994 From: mmarkley at microsoft.com (Mike Markley) Date: Tue, 19 Apr 94 09:34:13 PDT Subject: Another invasion of privacy Message-ID: <9404191535.AA11853@netmail2.microsoft.com> There was an AP story yesterday about how several states are using prisoners to input data about traffic accidents and such into databases. I believe the state that they focused on was Arkansas. An attorney received a phone call that his SSN was being sold by prisoners that had gotten it from an accident report. The state allows people to use their SSN as their drivers license number. This prisoners also have access to everything else on the report, your license number, your home address and potentially your work and home phone number. Does anybody know what other states are using prisoners for this type of work? I'm about ready to cut up all my credit cards and start paying cash for everything that I buy. Mike. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Mike Markley || The opinions here do not represent the mmarkley at microsoft.com || opinions of my employer. Attempts to || associate the two are pointless. "I want to look at life, In the available light" - Neil Peart - From wcs at anchor.ho.att.com Tue Apr 19 09:51:53 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 19 Apr 94 09:51:53 PDT Subject: Laundering money through commodity futures Message-ID: <9404191645.AA14159@anchor.ho.att.com> One problem with using bet-doubling systems to pay bribes with, whether it's in the futures market or in the casino, is that you not only have to convince the bribee to accept the bribe and participate in a money-laundering process, you have to get him to be willing to accept a few powers of two losses before receiving the bribe. If the bribe is small relative to the liquidity of the bribee, that's fine, as long as you've got enough trust between you that the bribee isn't worried about you walking away when you've won n*2**4 and she's lost it. But if you're trying to bribe, say, an enterprising southern lawyer whose husband's a politician, with a high fraction of her net worth, she's *not* going to be in a position to cover your bets for n*16 even if she *does* trust you. On the other hand, finding an enterprising broker to switch owners of futures contracts for a small extra commission may not be so hard. From GERSTEIN at SCSUD.CTSTATEU.EDU Tue Apr 19 09:52:58 1994 From: GERSTEIN at SCSUD.CTSTATEU.EDU (GERSTEIN at SCSUD.CTSTATEU.EDU) Date: Tue, 19 Apr 94 09:52:58 PDT Subject: BEST Inc. Message-ID: <940419125222.20224cb9@SCSUD.CTSTATEU.EDU> -------------- On Tue, 19 Apr 1994 04:15:01 Thomas Riggley wrote: >On Mon, 18 Apr 1994, Jeremy Cooper wrote: > >> > >> > I was in a BEST store yesterday, and attempted to pay by check. They >> > asked for ID to verify the check and when I handed them my military ID, they >> > asked for my driver's license instead. I gave them my driver's license and >> > they used it and the magnetic strip on the back of it to verify my check. I >> >> [stuff deleted] >> >> >From what I know, there is no law that says you have to keep that >> magnetic strip up to date. Just have a little meeting between it and Mr. >> Refridgerator magnet and you could end up with some surprising results. > > Is this true? I am a NY state resident. I am under the impression that >altering either the bar code or the mag strip on the back of my license >would be as illegal as say changing the picture (Not that this is possible >in with the new NY licenses). I do not know the legality behind this but >I am aware that altering a license in ANYWAY is illegal. Although what >you are suggesting is VERY difficult to prove, it is still I would think >illegal. Unless anyone has any legal information to the contrary.... > > I would also guess that these states that have the mag strips on >their license also have fines for non-oprative strips. If they do not, I >am sure the law will be created so enough! > -Tom For what it's worth, you can de-magnetize anything you want just by going to the store. I work at a pharmacy, and they have "inventory control tags" on some of the "hotter" items. When someone wants to buy one of these items, we put the tag (actually just a magnetized strip) on a special pad that demagnetizes it (and ATM and credit cards that are put on it too :)) Also, since I live on a university campus in New Haven, security is a big thing here. We now must use ADT keycards as well as physical keys to get into the buildings. The first semester they were used, I blitzed three of them just by carying it with me all the time. We never found the reason, but I think it has something to do with the fact that I'm around computers all day. (Incidentally, there were reports of peoples credit cards being wiped by these things as well as them setting off theft detectors at record stores). Just another 0.02� for the pot..... adam "After this, nothing will shock me." ---------- "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 4, 1994 From fhalper at pilot.njin.net Tue Apr 19 10:14:44 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Tue, 19 Apr 94 10:14:44 PDT Subject: Key Servers Message-ID: <9404191714.AA22317@pilot.njin.net> Does anyone have a current list of Key Servers. I have tried several and all are either "temporarily" shut down or it is an unknown address. I just need an address for one. Thanks, Reuben Halper Montclair High -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi16KosAAAEEAMUwRni4a9+GbuAhHDLcBWK60hCJUYxhr2hYokpELAhx0ejp 2fq61Tu9Hjn051CN8Xy5nu6sv2ODfG/t59l4DJSb5pirQaII3zaX0rMX0ydwGDoW YakL4ow1lNY+d/k14KpIuUW404+fNuNhIGSkdVLQIfbOgh0preK7/P44AKvdABEB AAG0JlJldWJlbiBIYWxwZXIgPGZoYWxwZXJAcGlsb3Qubmppbi5uZXQ+iQCVAgUQ Lam+x9xF3PzIgw7tAQHPogP/VmoF5AHJNBFlpxl1tvHAzrMLE8nkpengs94Y8zmF 1r5+hk0TaYeEEUzYf1QNfflya5md3WKeXnI3WhO2SRpdH953AD/tNmxw2LLEegat 5sI1XNPuNqxeompiHFRnCz4dI14qjDvRwnPay187/Q5q2F3m0nP8qA6wgl59mDq3 FuCJAJUCBRAteitx4rv8/jgAq90BARTHBACh99OJtGXATm01BUa+u6WHU5CBc2FN F5z29RpTA/JTrgUhn4qeZ19iCIlhe1wi0D3QQH0wN7FrMp6onMw49KFU05/KLDLb JSWdCzjbl/wPEG8z//O6+Pqzj+ZcNM9Rm0b08/QdVoQZMljXkl19Gq2P/D4ceewe WAKePQ2ciFdNbw== =K4ez -----END PGP PUBLIC KEY BLOCK----- From werner at mc.ab.com Tue Apr 19 10:53:19 1994 From: werner at mc.ab.com (tim werner) Date: Tue, 19 Apr 94 10:53:19 PDT Subject: Sgt Russell Message-ID: <199404191753.NAA22759@sparcserver.mc.ab.com> >Date: Tue, 19 Apr 1994 12:29:25 -0400 >From: "Perry E. Metzger" > >Strikingly, these people feel gravely insulted >when one points out the fact that their posts read like random text >generators driven off of markov chains, the statistics for which were >derived from bad xeroxes handed out by drooling individuals on the >streetcorner who rave about the aliens who are remote controlling us >through our shoelaces. It's not our shoelaces, it's invisible wires in our heads, that's how they put the thoughts there, they couldn't possibly be doing it through our shoelaces, get real. tw From rees at cs.bu.edu Tue Apr 19 10:56:33 1994 From: rees at cs.bu.edu (David Rees) Date: Tue, 19 Apr 94 10:56:33 PDT Subject: Money Laundering thru Roulette Message-ID: <199404191756.NAA28412@csa.bu.edu> As several people asked for the reference to the guy who perfected a system for playing roulette in which one "neither wins or loses", he was Marcel Duchamp and it happened in 1924. This is on page 126 of the Eudaemonic Pie by Thomas Bass. Of course, as several people pointed out, there are a large number of ways to break even in roulette. So if you have bad money that needs laundered, why not bet evenly on red and black each time. Or even easier, buy 10,000 dollars worth of chips and then cash them in immediately. New and different money on demand. I get the impression though that I am missing something in the discussion since no one has mentioned something like this and that merely replacing the money isn't the objective here. --Dave From tcmay at netcom.com Tue Apr 19 11:16:58 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 19 Apr 94 11:16:58 PDT Subject: Money Laundering thru Roulette In-Reply-To: <199404191756.NAA28412@csa.bu.edu> Message-ID: <199404191818.LAA29917@mail.netcom.com> Maybe I'm just mistunderstanding the point David Rees is making: > Of course, as several people pointed out, there are a large number > of ways to break even in roulette. So if you have bad money that > needs laundered, why not bet evenly on red and black each time. Or even > easier, buy 10,000 dollars worth of chips and then cash them in immediately. > New and different money on demand. > I get the impression though that I am missing something in the > discussion since no one has mentioned something like this and that merely > replacing the money isn't the objective here. No, converting one wad of, say, $100,000 into another wad of $100,000 is not the goal. Let us suppose "Hillary" (much more interesting than our usual cryptographic stand-in, Alice) want to be able to spend $100,000 given to her by a friend at Tyson Foods in exchange for regulatory favors. He gives her a wad of $100,000. She takes this wad to Las Vegas (or, now, to the nearby Mississippi River gambling boats) and "exchanges" it. What has been accomplished? Nothing, except the comparatively trivial change in serial numbers (which _can_ be an issue if the bills are marked, as in a sting, but this is rarely an issue). This is a _kind_ of money laudering, as is literally running currency through washer-dryer cycles (yes, this is done), but this is not the common meaning of "laundering," and the one which we're focussing on here. No, one of the main goals of money-laundering is to make the bribe/whatever money appear to be "legitimately earned," so that taxes may be paid on it (yes) and the money then used for other investments, buying houses, etc. "Legitimately earned" can mean won in Las Vegas, or in cattle futures, etc. Hence the schemes here. (In Hillary's case, suddenly having $100K that the IRS and other agencies can find no "paper trail" for would be evidene of bribery, for example. I suppose Hillary could claim it came out of her mattress, where she'd been saving money for years, but I doubt this would fly.) U.S. casinos are closely watched for this kind of thing, of course. I wonder if the IRS looks suspiciously at money won at the casinos on Paradise Island, Bahamas? Or elsewhere. And, germane to our list, the "Internet Casino" that Nick Szabo and others have talked about someday building. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hughes at ah.com Tue Apr 19 11:17:58 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 19 Apr 94 11:17:58 PDT Subject: CRYPTO: Money laundering and traceability In-Reply-To: <199404191626.JAA05318@jobe.shell.portal.com> Message-ID: <9404191810.AA03630@ah.com> >Chaum's arguments appear to apply to virtually any electronic cash >system which can prevent double-spending. They suggest that traceable >cash will be the rule in any digicash system. That's true for transferable and off-line cash systems. The same argument doesn't hold for on-line systems. There you can have an exchange protocol to deposit a piece of digicash and immediately rewithdraw it, blinding it again in the process. There need be no account with the bank for this to happen. Eric From catalyst-remailer at netcom.com Tue Apr 19 11:22:51 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Tue, 19 Apr 94 11:22:51 PDT Subject: Press Release on Secure NCSA Mosiac Message-ID: <199404191823.LAA12419@mail.netcom.com> Hal wrote: > I suppose it goes without saying that the kinds of privacy-protecting > credentials we have been discussing are not what is being discussed here. No, but hopefully the standard can be extended (officially or unofficially) to include them, even if only a relatively small fraction of organisations will use the privacy-protection extensions initially. Hopefully once some organisations are doing so they'll have a real competitive advantage over those who want to collect marketing data. >This is outrageous! Where on earth did they get the idea that non-U.S. >residents have access only to 40 bit keys and RC2/RC4? Don't worry - as soon as it hits the streets in Europe I'm sure a number of us will be ripping out the RC4 code and implementing real encryption systems instead.... (assuming it comes as source code, otherwise we'll have to upgrade the normal Mosaic source instead once the standard is settled). Overall, I think it's a good thing, and hey, at least it isn't using Clipper ! From pdn at dwroll.dw.att.com Tue Apr 19 11:34:55 1994 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Tue, 19 Apr 94 11:34:55 PDT Subject: Remailer Musings In-Reply-To: <9404182156.AA20614@newton.apple.com> Message-ID: <9404191721.AA27685@ig1.att.att.com> -----BEGIN PGP SIGNED MESSAGE----- Hello, all! The recent posting by Scott Collins about his remailer and the copyright incident illustrates several problems with the remailer system as I see it. I'll keep this brief, but I have a basic, low-level problem with all the remailers I have seen so far - until this issue is resolved, I will never have any faith in any remailer system whatsoever. Every one of the remailers I have seen in operation so far provides a 'real' address to the target system. That is, when (not if) someone is irritated by an anonymous posting, they have only to look in the message header to get an address for their hate mail, legal action, mailbombs, etc. This essentially co-opts the remailer operator along with the anonymous poster with regard to content. (Yes, yes, I *know* that the remailers are supposed to be 'anonymous Post Offices.') As Scott Collins' message explained, *he* (the remailer operator) is taking the heat for the alleged copyright violation, and his correspondent is not terribly impressed with Scott's protestations of innocence. Since Scott indicated that he keeps no logs, he is the sole target; this is grossly unfair to an individual who is trying to provide a service. (Yes, yes, 'Life ain't fair,' but sooner or later you're going to run out of martyrs who are willing to take the fall for abuses of their remailers...) Converseley, there may exist a set of remailer operators that *do* keep logs for the express purpose of dodging the bullet in cases like Scott's; if a message went through that generated enough heat, that sort of remailer operator would waste no time in compromising the poster's identity to get out of the hot seat. In my mind, then, the solution to these problems requires remailers that leave *no trace* of message origins, including the address of the remailer itself. If this is not possible, then I for one will employ other means for anonymous communication. This is not intended to present any specific remailer operator or group of operators in a bad light; in fact, I was particularly impressed by Scott's indication that he did not keep logs. I throw out these thoughts in the hope that they will be considered by the authors of remailer software. - -- ........................................................................ Philippe D. Nave, Jr. | Strong Crypto: Don't leave $HOME without it! pdn at dwroll.dw.att.com | Denver, Colorado USA | PGP public key: by arrangement. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbQJTgvlW1K2YdE1AQHcjwP6A/tU0zqYq49uh737+BsPMru+YKzWdri5 hgZHxi7r8+yLJKrntqRXUyKGCB2W6dBQ+n6jeOzb6/yXxbYTZ+8nLBpCi2f4ruVb 8j+wbiASs2XTwQv/Vdqfgflpjc28xKRudmZMDOhrf5k8Mh4VLQqAr9vZ6jOyIZRY mZCnJt6BW/U= =lnKI -----END PGP SIGNATURE----- From mech at eff.org Tue Apr 19 11:47:15 1994 From: mech at eff.org (Stanton McCandlish) Date: Tue, 19 Apr 94 11:47:15 PDT Subject: LP Press Release about Digital Telephony Act and Clipper (fwd) Message-ID: <199404191845.OAA29674@eff.org> Forwarded message: Date: Tue, 19 Apr 1994 00:58:37 -0400 (EDT) From: Libertarian Party Headquarters Subject: LP Press Release about Digital Telephony Act and Clipper To: eff at eff.org NEWS FROM THE LIBERTARIAN PARTY 1528 Pennsylvania Avenue SE Washington DC 20003 For immediate release: April 18, 1994 For additional information: Bill Winter, Director of Communications (202) 543-1988 Libertarian Party Announces Opposition to Digital Telephony Act Calling it a "serious infringement of civil liberties and a gross violation of property rights," the Libertarian Party National Committee unanimously voted to oppose the Digital Telephony and Communications Act of 1994. At their quarterly meeting in Kansas City, Missouri, the governing body of America's third-largest political party charged that "the Digital Telephony Act would make furnishing the FBI with easy wiretapping capability the overriding priority for designers of telephone equipment and related software." "It is a lie to call this legislation a 'Privacy Improvement Act,'" said Bill Evers, the National Committee member from California who sponsored the resolution. The Digital Telephony Act, noted the resolution, "requires telephone, cable television, and computer network companies to ensure that the government can conduct surveillance while private communication is going on. It requires the installation of surveillance-facilitating software in telephone switching equipment to expose personal information - such as telephone-calling patterns, credit card purchases, banking records, and medical records - to the view of the government." "Such personal information should be the private property of either the company that assembles it or the individual to whom it pertains," said Evers. Libertarians also oppose the Digital Telephony Act because it "would require a fundamental re-engineering of the communications infrastructure at great expense to American taxpayers, and to the owners of private communications systems," said Evers. The Libertarian National Committee also unanimously voted to oppose the National Security Agency's Escrowed Encryption Standard - the so-called Clipper Chip system - or any "government policies promoting or requiring specific encryption methods for civilian use." The party also urged the "repeal of the U.S. ban on export abroad of Clipper-free encryption devices produced by American companies." "Government-mandated encryption standards will foster indiscriminate surveillance of private communications by the government," charged Evers. The resolution said "the Clinton Administration plans to induce American manufacturers to install government-readable encryption devices in every telephone, fax machine, and computer modem made in the United States." "The Clinton Administration is explicitly denying that the American people have the right to communicate in private," said Evers. By contrast, he said, "The Libertarian Party has long upheld the civil liberties of the American citizen." Approximately 120 Libertarians serve in elected and appointed office around the country, including four State Representatives in New Hampshire and two mayors in California. The Libertarian Party platform calls for vigorous defense of the Bill of Rights, free enterprise, civil liberties, free trade, and private charity. # # # The Libertarian Party America's third largest political party 1528 Pennsylvania Avenue SE (202) 543-1988 Washington DC 20003 Internet: LPHQ at digex.net ***Send email or call 1-800-682-1776 for free information package by mail*** From kkirksey at world.std.com Tue Apr 19 12:06:35 1994 From: kkirksey at world.std.com (Ken B Kirksey) Date: Tue, 19 Apr 94 12:06:35 PDT Subject: BEST Inc. Message-ID: <199404191906.AA01286@world.std.com> -----BEGIN PGP SIGNED MESSAGE----- >Simple solution to this problem, especially if you have strong magnets >around.... De-magnitize the card. > >If you are a ham operator, you can use the magnetic mount on the basis of >your mobile antenna whip. If you're not, get a big magnet... > Or a bulk tape eraser from Radio Shack. They've a thousand household uses! No home should be without one! :-) Ken +===========================================================================+ | Ken Kirksey kkirksey at world.std.com Mac Guru & Developer | +---------------------------------------------------------------------------+ | When the going gets tough, the tough hide under the table. | | -Edmund Blackadder | -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbQwAesZNYlu+zuBAQEeoQQAieN3U5lMrpk24APiEkFQi42oG65ZE8RX My/fEoNolwMnwIh9MkWQeBjfSx8Ixzwcq3vSla2XgWw6UcXxExvxzSUc1IM38zN1 p1qpoDwBatdonZoua7G3mlrxRgxEVMLCakO3aM9HNj4QTNpjJFDWSv5wzLDwBPaX ptmZjAgT+mo= =rqQB -----END PGP SIGNATURE----- From m1tca00 at FRB.GOV Tue Apr 19 12:12:33 1994 From: m1tca00 at FRB.GOV (Tom Allard) Date: Tue, 19 Apr 94 12:12:33 PDT Subject: Warrentless Search In-Reply-To: <9404180426.AA28907@netmail2.microsoft.com> Message-ID: <9404191909.AA25916@mass6.FRB.GOV> - -------- Blanc Weber writes: [...] > This isn't herd instinct; it's innocence & ignorance. If someone can > recognize the situation for what it is and has knowledge of what is > required, they will proceed to contribute according to their informed > judgement. If they are not sufficiently familiar with the meaning of > what they are facing, then they will be amenable to guidance or to the > appearance of knowledgeable authority. > > If you seem to know what the right thing which needs to be done to > correct a problematic situation, they will accept your commands; but if > it is recognizable that you don't know what you are talking about or > what is apropos, you will lose their following. Stanley Milgraine experiments: Subjects were told they were participating in a "learning" study, and a confederate was strapped into a chair and electrodes were attached (the subject did not know that the confederate was always in the chair and was led to believe that they could have been in the chair). The subject is then taken to an adjacent room and the confederate is given tasks to perform. When the confederate made an error, the subject was instructed to administer an electric shock, with increasing voltage as the study progressed. The results were astounding. ALL subjects continued to administer shocks after the confederate began screaming from the other room. When he began kicking at the wall, some subjects would stop. Most (90%, I believe) would continue when the examiner would tell them that the study would be invalidated if they refused. A follow-up study explained the details of the study to new subjects. They were told about the confederate and let in on the "secret", and then asked how far they would've gone if they were the subject (they were not told the actual results). NONE of the subjects said they would have continued with the experiment through the end, even though 75% (I believe) of the real subjects did. This is mostly from memory, but the experiment is widely cited in Psych texts. This shows that, in real situations, people will follow herd instincts and obey orders. rgds-- TA (tallard at frb.gov) [awaiting approval of new disclaimer] pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6 DE 14 25 C8 C0 E2 57 9D -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbQCRaAudFplx0TNAQGhQwQAmVYZO5GR5kbhxBM7dM6nc383QytxJtI/ D6OOHIsoTlxHUfjgDdvmxaMXqCrW2arGcb5SPtJkQMjByn5ptx1zG33B5efMOC5W Oa1BHN8wJlHM8KXO7xPWd0J6hm5uKm4ijR6NC6mv9JyEUKvMr9PbkDYqUG15RFOY GyTFJ2IZgzg= =1lIL -----END PGP SIGNATURE----- From tcmay at netcom.com Tue Apr 19 12:19:32 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 19 Apr 94 12:19:32 PDT Subject: Money Laundering thru Roulette Message-ID: <199404191920.MAA07182@mail.netcom.com> I neglected to cc: the list on this reply to David Rees, and he was kind enough to send me back the message so I could post it here. This is me speaking: > > Maybe I'm just misunderstanding the point David Rees is making: > > > Of course, as several people pointed out, there are a large number > > of ways to break even in roulette. So if you have bad money that > > needs laundered, why not bet evenly on red and black each time. Or even > > easier, buy 10,000 dollars worth of chips and then cash them in immediately. > > New and different money on demand. > > I get the impression though that I am missing something in the > > discussion since no one has mentioned something like this and that merely > > replacing the money isn't the objective here. > > No, converting one wad of, say, $100,000 into another wad of $100,000 > is not the goal. > > Let us suppose "Hillary" (much more interesting than our usual > cryptographic stand-in, Alice) want to be able to spend $100,000 given > to her by a friend at Tyson Foods in exchange for regulatory favors. > > He gives her a wad of $100,000. She takes this wad to Las Vegas (or, > now, to the nearby Mississippi River gambling boats) and "exchanges" > it. What has been accomplished? Nothing, except the comparatively > trivial change in serial numbers (which _can_ be an issue if the bills > are marked, as in a sting, but this is rarely an issue). > > This is a _kind_ of money laudering, as is literally running currency > through washer-dryer cycles (yes, this is done), but this is not the > common meaning of "laundering," and the one which we're focussing on here. > > No, one of the main goals of money-laundering is to make the > bribe/whatever money appear to be "legitimately earned," so that taxes > may be paid on it (yes) and the money then used for other investments, > buying houses, etc. "Legitimately earned" can mean won in Las Vegas, > or in cattle futures, etc. Hence the schemes here. > > (In Hillary's case, suddenly having $100K that the IRS and other > agencies can find no "paper trail" for would be evidene of bribery, > for example. I suppose Hillary could claim it came out of her > mattress, where she'd been saving money for years, but I doubt this > would fly.) > > U.S. casinos are closely watched for this kind of thing, of course. I > wonder if the IRS looks suspiciously at money won at the casinos on > Paradise Island, Bahamas? Or elsewhere. > > And, germane to our list, the "Internet Casino" that Nick Szabo and > others have talked about someday building. > > --Tim May > > > -- > .......................................................................... > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at netcom.com | anonymous networks, digital pseudonyms, zero > 408-688-5409 | knowledge, reputations, information markets, > W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. > Higher Power: 2^859433 | Public Key: PGP and MailSafe available. > "National borders are just speed bumps on the information superhighway." From ebrandt at jarthur.cs.hmc.edu Tue Apr 19 12:45:30 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Tue, 19 Apr 94 12:45:30 PDT Subject: Money Laundering thru Roulette In-Reply-To: <199404191756.NAA28412@csa.bu.edu> Message-ID: <9404191945.AA14376@toad.com> > Of course, as several people pointed out, there are a large number > of ways to break even in roulette. So if you have bad money that > needs laundered, why not bet evenly on red and black each time. I'm afraid roulette's not a fair game. When it comes up neither red nor black, you're out both bets... casinos gotta live too. Eli ebrandt at hmc.edu From ecarp at netcom.com Tue Apr 19 12:47:21 1994 From: ecarp at netcom.com (Ed Carp) Date: Tue, 19 Apr 94 12:47:21 PDT Subject: Remailer Musings In-Reply-To: <9404191721.AA27685@ig1.att.att.com> Message-ID: On Tue, 19 Apr 1994, Philippe Nave wrote: > Every one of the remailers I have seen in operation so far provides a > 'real' address to the target system. That is, when (not if) someone is > irritated by an anonymous posting, they have only to look in the message > header to get an address for their hate mail, legal action, mailbombs, etc. > This essentially co-opts the remailer operator along with the anonymous > poster with regard to content. (Yes, yes, I *know* that the remailers are > supposed to be 'anonymous Post Offices.') As Scott Collins' message > explained, *he* (the remailer operator) is taking the heat for the alleged > copyright violation, and his correspondent is not terribly impressed with > Scott's protestations of innocence. Since Scott indicated that he keeps > no logs, he is the sole target; this is grossly unfair to an individual > who is trying to provide a service. (Yes, yes, 'Life ain't fair,' but > sooner or later you're going to run out of martyrs who are willing to > take the fall for abuses of their remailers...) I disagree with Brad's interpretation. For example, if I photocopy a book and anonymously snail mail it to people, do you think the postal service is going to take the fall? Nope - they are just a carrier, and are not responsible for content. Like the common carriers - they just receive a message and pass it along. They aren't responsible for message content. If Brad Templeton's view of the world was the prevailing (or correct) one, then every common carrier in the country, including Ma Bell and the US Postal Service, would not exist, because they would've been sued out of existence long ago. Of course, this situation illustrates yet another interesting twist on the old "denial of service" attacks... I understand Brad's interest in making money from Clarinet's product (and I don't have a problem with him making money), but I think that this "scare tactic" is going a bit too far in protecting corporate revenue. -- Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From gtoal at an-teallach.com Tue Apr 19 12:48:21 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Tue, 19 Apr 94 12:48:21 PDT Subject: Sgt Russell Message-ID: <199404191941.UAA25623@an-teallach.com> : From: joshua geller : I don't see any reason why sgt. harlow shouldn't be as welcome : as anyone else on the list. there are a large number of people : in the military, and any generalization drawn about them is : likely to be false (of course all generalizations are false, but : that is another matter). for those who enjoy paranoia, I would : point out that sgt. harlow is not the only person on this list : with past or present military associations. Quite right. This is ex Signals-Officer 23434072 Toal, G saying 'Roger out to you hello Charlie Papa come in over.' :-) G From smb at research.att.com Tue Apr 19 12:49:53 1994 From: smb at research.att.com (smb at research.att.com) Date: Tue, 19 Apr 94 12:49:53 PDT Subject: Money Laundering thru Roulette Message-ID: <9404191949.AA14490@toad.com> There was a more interesting case in, I believe, Australia. Someone who wanted to bribe a politician instead libeled him. The politician sued, and they ``settled'' out of court. From ph at netcom.com Tue Apr 19 12:52:25 1994 From: ph at netcom.com (Peter Hendrickson) Date: Tue, 19 Apr 94 12:52:25 PDT Subject: 15 out of 16 times (math, not laundry) In-Reply-To: <9404190216.AA04828@newton.apple.com> Message-ID: <199404191953.MAA18206@mail.netcom.com> >>Actually, the casinos win in Las Vegas because the odds of almost >>every bet are in their favor. > In most cases the odds favor the house---I never claimed otherwise---and > that certainly speeds up the inevitable process of cash extraction. >>Larger capital allows you to affect the distribution of winnings, but >>not whether or not the underlying bet is a good one. > If the difference in bankrolls exceeds a tolerance related to the `odds', > the quality of the bet is immaterial. > The direct implication of the weak law of large numbers is: a) the longer > you play, the more certain you will experience a `run of bad luck'; b) the > party with less money goes broke waiting for their `run of bad luck' to > end. When one part goes broke, the game is over, even if the distribution > of winnings does not match the theoretical expectations (and in the case of > going broke, it can't ... or you wouldn't have played). >>Every casino, in effect, takes on the whole world. As all the bets >>are independent, it doesn't matter if they are played by one player or >>by a new player every time. The world has much more capital. Yet the >>casinos consistently win. > No. The whole world doesn't go broke as a unit. Individuals stop playing, > leaving their money in an unexpected distribution, when they _personally_ > go broke. Pretend the casino is run out of a church. "Parishioners" arrive and enter a confessional to place their bets. The "priest" cannot see who is placing each bet. Each "parishioner" plays until he or she is broke. "Parishioners" arrive at a steady rate and will do so indefinitely. How can the "priest" tell who is broke and who isn't? Why should he care? The chance of the "church" to win or lose is the same on every bet, regardless of who places it. > In fact, most gambling decisions are related in some way to cash resources > of the participants. For example, I propose a hypothetical game where you > (the player) flip a fair coin. If it comes up heads on the first toss, I > pay you $2; game over. If it comes up heads on the second, I pay you $4; > game over. $8, $16... How much would you pay me (the house) to play this > game? The theoretical value is infinite; you could win any amount of money > at this game -- 1/2 the time $2 dollars, 1/4 of the time $4, 1/8 of the > time $8... expectations = Sum_{n \goesto \infty}{n \over n}. > Let's say I'm an actual casino, and could reasonably pay out winnings up to > but not beyond $4.3 billion. You should pay no more $33 for a chance at > that money. Derivation as an exercise for the reader. Consider this from > the perspective of the house. The house is using the Martingale system > against you, doubling its bet every time it loses until it gets that $33. > That means that to launder $33, one party could conceivably lose > $4.3billion. Obviously no mathematicians work at my casino. They all left > to persue jobs that ensure a paycheck. What you have constructed is an outcome where the house is almost certain to make a miniscule amount, but has a slim chance of a massive loss. This is not what "making money" means. Think about what the return on investment is likely to be. I don't think you will find an "inevitable process of cash extraction". That only occurs if the odds favor of the house. > These are _not_ my personal conclusions. This is sound, if disturbing, > probability theory---known for at least 250 years. This particular effect > goes by many names including "Gambler's Ruin". Given the odds, and the > respective bankrolls, you can calculate the probability that any given > party will go broke in extended play. The problem of "Duration of Play" > was solved by Bernoulli and published posthumously in 1713. I think you may be misapplying your reading. Duration of play is interesting, but I hope the actual issue is making money. They are not the same thing. This can be very confusing. I've seen two professional mathematicians and a futures textbook make this mistake. Peter From jeremy at crl.com Tue Apr 19 13:00:47 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Tue, 19 Apr 94 13:00:47 PDT Subject: BEST Inc. In-Reply-To: Message-ID: On Tue, 19 Apr 1994, Thomas Riggley wrote something that caused Jeremy Cooper to write: > > >From what I know, there is no law that says you have to keep that > > magnetic strip up to date. Just have a little meeting between it and Mr. > > Refridgerator magnet and you could end up with some surprising results. > > Is this true? I am a NY state resident. I am under the impression that > altering either the bar code or the mag strip on the back of my license > would be as illegal as say changing the picture (Not that this is possible > in with the new NY licenses). I do not know the legality behind this but > I am aware that altering a license in ANYWAY is illegal. Although what > you are suggesting is VERY difficult to prove, it is still I would think > illegal. Unless anyone has any legal information to the contrary.... > > I would also guess that these states that have the mag strips on > their license also have fines for non-oprative strips. If they do not, I > am sure the law will be created so enough! > -Tom The mag strips are only for ease of use. They contain the same info that is on the front of our liscence. Earlier on there was a discussion about how you can really piss cops off if your card doesn't read, because they have to write it all down by hand. Also, what we they do if you accidentaly erased that strip, arrest you? Many people are ignorant of the fact that magnetism erases the info on that stripe. Is it your fault if the stripe losses even one bit of information that might cause it to read incorrectly? _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From julf at penet.fi Tue Apr 19 13:13:57 1994 From: julf at penet.fi (Johan Helsingius) Date: Tue, 19 Apr 94 13:13:57 PDT Subject: Sgt Russell In-Reply-To: <199404191514.IAA01328@sleepy.retix.com> Message-ID: <199404192013.AA08974@milou.eunet.fi> > for those who enjoy paranoia, I would > point out that sgt. harlow is not the only person on this list > with past or present military associations. Have to agree. I, of all persons, would prefer not to mention my scandalous career in the Finnish Defence Forces. But my commanding officer didn't like the ray-bans... Julf From hfinney at shell.portal.com Tue Apr 19 13:16:46 1994 From: hfinney at shell.portal.com (Hal) Date: Tue, 19 Apr 94 13:16:46 PDT Subject: CRYPTO: Money laundering and traceability Message-ID: <199404192017.NAA23184@jobe.shell.portal.com> From: hughes at ah.com (Eric Hughes) > > >Chaum's arguments appear to apply to virtually any electronic cash > >system which can prevent double-spending. They suggest that traceable > >cash will be the rule in any digicash system. > > That's true for transferable and off-line cash systems. The same > argument doesn't hold for on-line systems. There you can have an > exchange protocol to deposit a piece of digicash and immediately > rewithdraw it, blinding it again in the process. There need be no > account with the bank for this to happen. This is a good point, although I think on-line systems are unlikely to be used for payments to private individuals such as in the scenarios I mentioned, because of the cost of accessing a centralized database for every transaction. In any case, this suggests that it might be unwise to carry cash issued by such a bank, because of your vulnerability to robbery. Chaum even considered (in another paper) the threat of being coerced into withdrawing cash from a bank in such a way that you don't see the blinded cash. He had an approach where you would get all of your "blinding certificates" when you opened your account, and these would be the only things you could use to blind cash. So any stolen cash could always be recognized. I suppose one risk is that the robber exchanges the cash so quickly that the robbee has no chance to warn the bank; and once exchanged the cash is certainly anonymous. Perhaps banks would instigate some minimum time for handling an exchange in order to protect their cash holders from this threat. Hal From jeremy at crl.com Tue Apr 19 13:17:31 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Tue, 19 Apr 94 13:17:31 PDT Subject: Warrentless Search In-Reply-To: <9404191909.AA25916@mass6.FRB.GOV> Message-ID: > Stanley Milgraine experiments: > > Subjects were told they were participating in a "learning" study, > and a confederate was strapped into a chair and electrodes were > attached (the subject did not know that the confederate was always > in the chair and was led to believe that they could have been in > the chair). The subject is then taken to an adjacent room and the > confederate is given tasks to perform. When the confederate made > an error, the subject was instructed to administer an electric shock, > with increasing voltage as the study progressed. > > The results were astounding. ALL subjects continued to administer > shocks after the confederate began screaming from the other room. > When he began kicking at the wall, some subjects would stop. Most > (90%, I believe) would continue when the examiner would tell them > that the study would be invalidated if they refused. > > A follow-up study explained the details of the study to new subjects. > They were told about the confederate and let in on the "secret", and > then asked how far they would've gone if they were the subject (they > were not told the actual results). NONE of the subjects said they > would have continued with the experiment through the end, even though > 75% (I believe) of the real subjects did. This is a little confusing, could you please repost it without so many ambiguous pronouns? (like 'they' in the fourth line of paragraph 1 for example) _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From jims at Central.KeyWest.MPGN.COM Tue Apr 19 13:20:05 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell - KD4CKQ) Date: Tue, 19 Apr 94 13:20:05 PDT Subject: Intolerance on the list Message-ID: <9404192019.AA10656@Central.KeyWest.MPGN.COM> >> My job is important to me. Learning about cryptography is going to >> help me protect my systems and my messages. I have no desire to eavesdrop on >> what you or anyone else is doing on this list. I merely want to learn, and > > Your motivations seem clear enough to me. Dig in! Enjoy yourself here, and I > look forward to your participation. I also agree with Russell. Although the organization for which you work may be unnerving to some, they should be willing to give you a shot at being an ok kinda guy as a freethinking individual. Besides that, has anyone considered this: If the good Sargeant here gets his system secured with PGP and Uncle Sam (via the President's efforts) says everything else is bad, you must use clipper... wouldn't it be good ammo to say 'Hey guys! Site x.y.z is secured to military satisfaction by using PGP. Clipper is somewhat weak and you even admit it by not allowing it to secure classified info. I think it would be great ammo in blowing up the Information Super-Highway-Patrol. Keep asking your questions and thinking freely! Jim -- Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com Key West, FL 33041 CIS: 71061,1027 (305) 293-8100 "We keep coding and coding and coding..." From 68954 at brahms.udel.edu Tue Apr 19 13:21:36 1994 From: 68954 at brahms.udel.edu (Grand Epopt Feotus) Date: Tue, 19 Apr 94 13:21:36 PDT Subject: BEST Inc. In-Reply-To: <0097D2F9.F687E5A0.8202@NOAH.UCS.MUN.CA> Message-ID: On Tue, 19 Apr 1994, Bill Garland wrote: > the point-of-sale terminal is encoded on the card or is in their > "neat little database" on the network into which they are tuned. > > In my area the drivers liscence don't have magnetic strips or anything like that. It is also a common practice to forge Military IDs which are easier marks since there is a large airforce base nearby with af kids galore. Something like Adobe or some other decent photo-shop, graphic editing software and a good laser printer and scanner can basically make you almost any ID you want when you know where to get the needed supplies from. You can by the special laminating material etc.. and then do a bit of computer art and you have yourself a new fake ID. Look in like Loopmaniacs catalogs and other similiar publications ofr sources for blanks. > I don't know, but I guess this might mean that the paper driver's > licences we use here in the back woods are soon to go the way of > the buggy whip. The military ID should have been enough - I would > assume that, especially in the largest armed force ever assembled > by man, it is easier to fake a drivers licence than a military id. > But I've been wrong before... Mil IDs are easy, BUT supposedly they are coming out with newer ones that would be very difficult and would wipe out most of the little guys making the fakes. > > If the info is on the card, follow the refrigerator magnet idea > if you don't want them to cash your cheque. Or do as the Sarge did. > Then, instead of having a record that you purchased Pentouse Letters > on April 14 at 10:33 pm in Mac's Milk on the corner of Broadway > and 110th, they have a record of your withdrawal of 50 bucks from > the atm and a picture in their video database as you did the > withdrawal. Six of one, half a dozen of the other. > Or do as I do, which is easy for me considering i don;'t have too much income or t5ansactions going on since I am relatively young, unestablished etc.. which is to put it in a savings account without an ATM card and then cash my checks at a local mini-mart, and do all transactions with cash afterwards. Sure I cant get anything for investing etc.. but my cash-flow is low enough that it makes little difference to me. The problem with this is that in order to subsrice to services and such that require a check or credit number I can either get my parents to do it, or find another method that doesnt connect to me. > If the info is in the database, and it is (even though _this_ > pos terminal may not have access to it) then - well, if you object > to this, keep up with cp and other fora, get yourself some fake > or anonymous id's (?), write code, use pgp, become judgement proof, > move and don't set up forwarding addresses, have your id killed, etc. > This is a topic I am interested in giving the light of recent events with Big Bro moving in. Is there any precedence for the use of technology for killing your old ID, or generating a good fake or anonymouse one(false, but not deep)? Even at only nineteen I am sure that I have mucho info in databases around the nation and elsewhere, not criminal or anything sjust your standard marketing databases and such. Hell I can barely program and im on mailing lists for Borland programming conventions. All of this from becoming a favored customer at B.Dalton and Waldenbooks. That's just the beggening I am sure. Our school here uses Social Security numbers as student ID numbers. As cypherpunks can anyone suggst ways to protect yourself from such encroachment thru technology, sicne that is the main topic here. In case some people just kill this thread before getting to the bottom of this post, since it has dicresses abit from the original point, Ill post another seperate post listing some of my ideas on this topic of protecting your privacy from such things, tho it is a continuous thread in this list. > Bill Garland, > whose .sig just vanished > You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary---- From mccoy at ccwf.cc.utexas.edu Tue Apr 19 13:33:55 1994 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Tue, 19 Apr 94 13:33:55 PDT Subject: Money Laundering thru Roulette In-Reply-To: <9404191945.AA14376@toad.com> Message-ID: <199404192033.PAA26146@tramp.cc.utexas.edu> Eli writes: [the betting thread goes on and on and on... :)] > > > Of course, as several people pointed out, there are a large number > > of ways to break even in roulette. So if you have bad money that > > needs laundered, why not bet evenly on red and black each time. > > I'm afraid roulette's not a fair game. When it comes up neither red > nor black, you're out both bets... casinos gotta live too. It gets even trickier. Roulette in the U.S. has even worse odds than in Europe because of addition of 00 (another number that causes all the even/odd, red/black, etc bets to lose) The closest one comes to an even money bet in a casino is betting "No Pass" in craps, and constantly betting No Pass will make you somewhat unpopular at the table... jim From hughes at ah.com Tue Apr 19 13:59:15 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 19 Apr 94 13:59:15 PDT Subject: CRYPTO: Money laundering and traceability In-Reply-To: <199404192017.NAA23184@jobe.shell.portal.com> Message-ID: <9404192051.AA04015@ah.com> >This is a good point, although I think on-line systems are unlikely to >be used for payments to private individuals such as in the scenarios I >mentioned, because of the cost of accessing a centralized database for >every transaction. The cost of communications on the internet is extremely low, and the cost of doing a single database query is also. An initial cost for facilities only should be able to start out, right now today, at less than 2 cents per transaction. Eric From eagle at deeptht.armory.com Tue Apr 19 14:04:16 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Tue, 19 Apr 94 14:04:16 PDT Subject: S Milgram & Authority Response Message-ID: <9404191404.aa03360@deeptht.armory.com> -----BEGIN PGP SIGNED MESSAGE----- >This shows that, in real situations, people will follow herd instincts >and obey orders. >rgds-- TA (tallard at frb.gov) Milgram had 66% go to the end of the board with the subjects believing they had killed a person with electric shock. I saw him present the paper. I asked him at the end, placing ethical questions aside, what he felt the most important finding of this research was. He paused thoughtfully, and said: We better be DAMN careful who we put in authority in this country. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbRG11/ScHuGXWgVAQG+yQQAzEXu8jNbhMTXebcgEBuqlA9OCv9we2fK NnyfE8w+TVACgikfzWg2yMWVx99zdrx5g3dlbNvkgz9qhR7tdzLmuh0pRmbN8/gP MUm4B+siLmyeSp5qk9eAxvz9WttcLk5oy0+VCPFcv4EgNRp1Ce67YM4/A5uGqDP9 FyDIvssiWTQ= =+yb+ -----END PGP SIGNATURE----- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From pdn at dwroll.dw.att.com Tue Apr 19 14:08:23 1994 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Tue, 19 Apr 94 14:08:23 PDT Subject: Remailer Musings In-Reply-To: Message-ID: <9404192107.AA19456@ig1.att.att.com> -----BEGIN PGP SIGNED MESSAGE----- Ed Carp writes : > > On Tue, 19 Apr 1994, Philippe Nave wrote: > > > [concern about traceability of messages sent through remailers, and > > involvement of remailer operators in investigations] > > > I disagree with Brad's interpretation. For example, if I photocopy a > book and anonymously snail mail it to people, do you think the postal > service is going to take the fall? Nope - they are just a carrier, and > are not responsible for content. Like the common carriers - they just > receive a message and pass it along. They aren't responsible for message > content. If Brad Templeton's view of the world was the prevailing (or > correct) one, then every common carrier in the country, including Ma Bell > and the US Postal Service, would not exist, because they would've been > sued out of existence long ago. > The analogy comparing an anonymous remailer to the Postal Service breaks down at a key point, I think. The USPS is not held liable if I Xerox a book and mail it to someone, but the Postal Inspectors *are* expected to cooperate fully with law enforcement interests when such behavior is investigated. If we limit the discussion to content alone, there is not really any difference between an anonymous remailer and Netcom - if I send something I shouldn't through both systems, neither would logically be held responsible for the content. [This distinction was muddled in my original posting; the following is an attempt to clarify my position. A thousand pardons...] The anonymous remailer is supposed to be (as its name implies) a method for transferring data from one point to another with no identifying labels as to the origin of the data. Removing the original poster's ID and (essentially) replacing it with the remailer operator's ID does not accomplish a whole lot, in my view. When questions are raised about objectionable postings, the Internet community actually follows the 'Post Office' analogy closely, expecting the 'postmaster' to assist in the investigation. *This* is where the remailer operator becomes a martyr; the very nature of the remailer paradigm precludes the collection of data that would aid the investigation. We can debate whether it is reasonable for the Internet community to expect this sort of help, but we ourselves saw nothing wrong with asking (for example) Detweiler's postmaster to get his ravings off the Net. So, then, the remailer operator must walk an ethical tightrope - since the remailer is not truly anonymous (in the sense that messages simply *cannot* be traced), the operator must balance the ideal of anonymous communication against the realities of Internet connectivity. If I want to communicate anonymously without worrying about attacks on the remailer operator, it would seem that *complete* anonymity is required. Then, messages could be encrypted and bounced among remailers without exposure to the 'Achilles' Heel' address of the last remailer in the chain. - -- ........................................................................ Philippe D. Nave, Jr. | Strong Crypto: Don't leave $HOME without it! pdn at dwroll.dw.att.com | Denver, Colorado USA | PGP public key: by arrangement. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbRHagvlW1K2YdE1AQEy6QQAxNuAdN9BYfiB8C7KmeNl3UeTUP2lE5K/ HQE+2AQzY7VdHGYSmPEevqneUqYhyKTu8QfM+M9hcIaNH4VyU1Y54ylqs+zKU+E5 WXYkJPH6/6a648ZAmM3jRi+mX1tNr4qIZGAiHMN7Nm0eNkYNkEuxEh05uYqkjKa3 67cddDb/NOM= =IgsE -----END PGP SIGNATURE----- From mg5n+ at andrew.cmu.edu Tue Apr 19 14:09:45 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 19 Apr 94 14:09:45 PDT Subject: Remailers In-Reply-To: <729C2F7B0F@sofus.dhhalden.no> Message-ID: "Halvor Kise jr." wrote: (with reference to Scott Collins catalyst-remailer): > Would this guy told Brad if he could? I'll newer use that > remailer again! I think you're missing the point. He doesn't keep logs so that nobody can try to force him to reveal someone's identity. It provides a very convienient excuse. :) And it certainly reinforces my trust in the remailer to protect my anonymnity. > I think appinions change from here you live. I live kind of close > up to Russia (Live in Norway). Norway is a sosialistic(?) country > and we actually had the World War II here, so we have felt, and > can see what the freedom of speach is. So Imagine that I am an > Albanian citisen(?) and have some disturbing news about the > Albanian goverment. I post this news to the world through this > remailer. Wouldn't I be breaking a law by doing this? Yes, I > would! Use your brains! Wouldn't this news be of importance > for the world? And to you trigger-happy americans: What if the > news about the invasion of Quwait came from Iraq trough an > anon remailer? Wasn't that of "importance for the world"?? > Or did you americans loose so many lives for nothing? The > world is at war! And I would allow nearly any action to > distribute information! Eaven if this means that sombody is > using my remailer to break the law by distributing > copyrighted information. This is the reason that we have tried so hard to get remailers all over the world. Unfortunatly, with one exception, all our remailers are in the United States. If someone was sending copyrighted material through my remailer, and the AP got upset about it, they could do a lot to harass me, as I'm sure they have contacts with people at this university, since they are a large American-based news agency and have offices in this area. If some Albanian or Norweigen government person started complaining, I could basically tell them to take a hike (or less idiomatically, ignore them and tell them to go away). They certainly aren't going to take a trip across the Atlantic just to come over here and make trouble for me because of a few politically incorrect messages, and I doubt they could seriously interest the government here with their own polticial problems. This is why I strongly encourage you to set up a remailer in Norway. If we can have many remailers distributed throughout the world, the chances of political pressures threatening the remailers is diminished. From talon57 at well.sf.ca.us Tue Apr 19 14:18:38 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Tue, 19 Apr 94 14:18:38 PDT Subject: re; intolerance on the list Message-ID: <199404192118.OAA24741@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- Well, now that the issue of Marines on the list is settled, perhaps the good SGT could share some non classified knowledge of the USMC's extensive use of Banyan Vines. For those who didn't know, during Desert storm every Marine tank was a Banyan server, the self healing nature of this network proved very effective, in fact "Stormin Norman" gave it credit as one of the three key assets we had. Brian Williams Extropian Cypherpatriot Ex-Marine Current NRA/ILA and other nasty stuff "Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth "When the going gets weird, the weird turn pro" - Dr Hunter S Thompson -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbRJztCcBnAsu2t1AQGAEAQAg9z4ddgWqHz6EWQjCGj6dA8o6gFV3YVp q7UhK6EFzqYhhaIxXoI0z/Bvhdw+r4ZRYySXC4y0tcAYFns5mbj1Z3SB5BAytN4l FySoWWjylIRYShwLBO8pmbxF1m/SqZJWkAn9bu17uLAHSlJHxZxbhhqi1q1HtOnW ZFoaWBjs8nU= =Viyp -----END PGP SIGNATURE----- From ecarp at netcom.com Tue Apr 19 14:19:09 1994 From: ecarp at netcom.com (Ed Carp) Date: Tue, 19 Apr 94 14:19:09 PDT Subject: Remailer Musings In-Reply-To: <9404192107.AA19456@ig1.att.att.com> Message-ID: I understand your objections, but think about it this way: nothing in the world says that you have to put a return address on the envelope. Nothing in the world says that you have to present any form of ID in order to drop a letter into a postal box. Sure, the postal inspectors have to "cooperate", but if you drop a letter with no return address into a box, how could they trace it back to you? Are people going to say to the US postal folks, "hey, it's *your* fault that they didn't put a return address on their envelope!" I think not. Similarly, I think that anonymous remailers, like the post office, ma bell, etc., are common carriers. You can't have it both ways - either you are a common carrier and exercise no editorial control over what goes through your remailer, or you are a publisher, and are held to a certain degree of legal responsibility. Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From ecarp at netcom.com Tue Apr 19 14:20:46 1994 From: ecarp at netcom.com (Ed Carp) Date: Tue, 19 Apr 94 14:20:46 PDT Subject: Warrentless Search In-Reply-To: Message-ID: This was the famous Millikan experiment in the 50's (60's?). The Exploratorium has a pretty graphic piece of footage from the original experiment. It shows how much some (most) people have to conform to some sort of authority. Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From forsythe at fiji.oc.nps.navy.mil Tue Apr 19 14:27:17 1994 From: forsythe at fiji.oc.nps.navy.mil (Carl R. Forsythe) Date: Tue, 19 Apr 94 14:27:17 PDT Subject: TIS/PEM Message-ID: <9404192127.AA27166@fiji.oc.nps.navy.mil> Our site is preparing to implement the PEM package from Trusted Information systems. The package is available to US/Canadian users from ftp.tis.com Any comments on this package would be appreciated. It appears to use a licensed version of RSAREF. But I just got the docs, so I can't say much else about it. "Sometimes we get lost in the darkness, The dreamers learn how to steer by the stars" ******************************************************************** ** Carl R. Forsythe ** Naval Postgraduate School ** ** forsythe at oc.nps.navy.mil ** Monterey, California ** ** crforsyt at nps.navy.mil ** Office Phone (408)-656-2836 ** ******************************************************************** Any view presented in this text is purely my own and not that of the United States Government, The Department of Defense, The Department of the Navy or The Naval Postgraduate School. PGP Key available by finger. From lefty at apple.com Tue Apr 19 14:36:19 1994 From: lefty at apple.com (Lefty) Date: Tue, 19 Apr 94 14:36:19 PDT Subject: S Milgram & Authority Response Message-ID: <9404192135.AA17966@internal.apple.com> >-----BEGIN PGP SIGNED MESSAGE----- > > >>This shows that, in real situations, people will follow herd instincts >>and obey orders. > >>rgds-- TA (tallard at frb.gov) > >Milgram had 66% go to the end of the board with the subjects believing >they had killed a person with electric shock. I saw him present the paper. >I asked him at the end, placing ethical questions aside, what he felt the >most important finding of this research was. He paused thoughtfully, and >said: > > We better be DAMN careful who we put in authority in this country. Really? When was this, precisely? -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From pcw at access.digex.net Tue Apr 19 14:43:43 1994 From: pcw at access.digex.net (Peter Wayner) Date: Tue, 19 Apr 94 14:43:43 PDT Subject: More futures trading analysis... Message-ID: <199404192143.AA07277@access2.digex.net> Here is a paper analysis based on my phone calls to a few brokerage firms and a forage through the stack of old newspapers. If anyone has the time to read through the rest of it, I would appreciate it if you could alert me to any errors in either judgement or execution. Here are the prices for the June S&P 500 Index Futures. These contracts have a value of $500 times the cost of the index when they expire in June. That means the person who bought the contract gets $500 times the index value.The person who sold a contract would have to pay that amount. The clearing house is responsible for making sure the money gets from one place to another. If the contract expired on April 6, for instance, then it would be worth $224,025. Here are some prices gathered from a stack of newspapers waiting to be recycled. They show the S+P 500 date open high low close open-close range March 25 1994 464.70 466.50 459.80 459.95 -4.75 (+1.80 - 4.80) March 29 1994 461.35 461.35 451.00 451.65 -9.70 (+0.00 -10.35) March 31 1994 451.85 453.60.445.60 446.15 -5.70 (+1.75 - 6.25) April 4 1994 435.80 441.75 434.75 439.25 +3.45 (+5.95 - 1.05) April 6 1994 448.45 451.00 440.80 447.25 -1.20 (+2.55 - 8.35) April 7 1994 447.10 452.00 445.90 450.50 +3.40 (+4.90 - 1.20) April 8 1994 450.60 450.95 444.95 447.25 -3.35 (+0.35 -5.65) April 11 1994 447.25 450.90 446.30 450.45 +3.20 (+2.65 -0.95) April 14 1994 446.05 448.00 442.90 445.95 -0.10 (+1.95 -3.15) April 18 1994 446.05 447.80 440.70 442.40 -3.65 (+1.75 -5.35) {There are other days out there, but the newspapers were thrown away or whatever.} In practice, you can usually buy futures contracts by only putting up 5% of the current value of the contract. You can (and usually want to) put up more because the banks and brokerage houses want that amount available to cover losses. You need to maintain 5% of the current value. That means that if the price goes the wrong way and you have less than 5% on hand you have to add more money to your account. This is known as a margin call. Let's assume: Assume that the market will move at least +/- 3 points in a day. Assume that the market isn't moving too fast so you're able to close out a position moving the wrong direction at 3 points off. (There is not as much need to really worry about this because the money isn't disappearing. It's just moving in the wrong way too fast to stop it.) If you want to move $50,000 in _one_ day by opening the transaction in the morning and closing it in the evening, then you would need to move 34 contracts. The 10% margin requirements for these 34 contracts would mean that you must have about $800,000 on hand to cover losses. The cost of borrowing $800,000 for a day at a 10% annual rate is about $220 in interest. Let's assume that the market inefficiencies are about .10 to open the position and .10 to close the position. That means that the difference between the price you buy the futures and the price you sell them is different by .10 in the morning and .10 in the evening. (.10 in the wrong way.) That means you could lose $3400 in trading costs if you can't execute the 34 contract trades successfully at the same price. This gives me the following approximate transaction costs: Day 1 Commissions $200 x 2 on 34 Contr. (guess) Interest Costs $220 x 2 on $800,000 Market Inefficiencies $1700 x 2 --------- 4240 Chance of Succeeding: 50%. So if things go wrong: Day 2 Commissions $400 x 2 on 68 Contr. (guess) Interest Costs $420 x 2 on $1,600,000 Market Inefficiencies $3400 x 2 --------- $8480 Assume you guess that the market will move correctly: 50%. That means you will have moved the $50,000 by now in 75% of the cases. But if things still go wrong: Day 3 Commissions $800 x 2 on 136 Contr. (guess) Interest Costs $840 x 2 on $3,200,000 Market Inefficiencies $6800 x 2 --------- $16920 Assume you guess that the market will move correctly: 50%. That means you will have moved the $50,000 by now in 87.5% of the cases. If these conservative calculations are correct, then it is possible to move $50,000 for $4240n in all but 2^{-n} of the cases. Note, there were about 60,000 S&P 500 contracts traded in the average day. I would guess that even 544 contracts wouldn't make a too much of a difference. Especially since half would be buying and the other half would be selling. There are many places where these numbers may be off, but I believe that I've erred on the side of extreme conservatism by putting up 10% of the contracts' value. Many people who do day trading have low margin requirements. As you can see, the net profits or loss in the day was never more than 3% in the days I included. And the list included a big trading day when the market lost plenty. I've also assumed that the market inefficiences would always move against me. In one sense, this is probably fair because brokers are known to buy a contract and then resell it to a customer for a fraction more. This leads me to the following conclusions: *) It is not cheap to do this well. You could do it for less with some more risk. *) It may take very good timing to execute the straddle effectively. The market inefficiencies are the biggest cost. Being a floor broker may be essential. *) If you can open the position at the same price i.e buy and sell the contracts at the same price, then you've got a good deal. I would appreciate any questions or comments about the details in this very approximate estimate. -Peter Wayner From unicorn at access.digex.net Tue Apr 19 14:52:35 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 19 Apr 94 14:52:35 PDT Subject: BEST Inc. Message-ID: <199404192152.AA17128@access3.digex.net> If the info is on the card, follow the refrigerator magnet idea if you don't want them to cash your cheque. Or do as the Sarge did. Then, instead of having a record that you purchased Pentouse Letters on April 14 at 10:33 pm in Mac's Milk on the corner of Broadway and 110th, they have a record of your withdrawal of 50 bucks from the atm and a picture in their video database as you did the withdrawal. Six of one, half a dozen of the other. [Deletions] If the info is in the database, and it is (even though _this_ pos terminal may not have access to it) then - well, if you object to this, keep up with cp and other fora, get yourself some fake or anonymous id's (?), write code, use pgp, become judgement proof, move and don't set up forwarding addresses, have your id killed, etc. Bill Garland, whose .sig just vanished <- What might be really useful is a list of the different measures used on all the states ID's. For example: Maryland uses a magnetic strip, Digitized Photo and a bar code. All that is printed on a credit card like card and not laminated. Military ID's are green and white paper with a polaroid and a signiture, normal lamination. Illinois is a normal lamination with a complete photo within, no bar code or strip, no digitized photo record. Anyone want to further the list? I wouldn't mind compiling the information. What seems key and most attractive to those who are willing to go through the trouble, is identifying the states that use limited measures, espeically avoiding the magnetic strip and digitized photo states, and getting your license(s) in the states that are "behind the times." -uni- (Dark) From SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil Tue Apr 19 15:05:24 1994 From: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil (SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil) Date: Tue, 19 Apr 94 15:05:24 PDT Subject: Banyan Vines / USMC Message-ID: <9404192205.AA17337@toad.com> The Banyan Vines network was used extensively in Desert Storm/Shield/Sweep. Before the network was in place, people were using a single channel radio relay box called the Hadron. It was capable of being used with the KY-57 (crypto) on the PRC-77 (single channel radio), as well as satcom (PSC-3). Once the network was up and in place. Internet shots were coordinated with Quantico, VA, so that the supply cycles, and requests could be sent in real time. Not every Marine tank was a Banyan server, networks were installed down to the regiment HQ level. Remote shots were done over MUX lines with KG-84 as the crypto, on a four wire leased circuits. This allowed for secure communications within the theater of operations, as well as unclassified communications with the rear (stateside). A number of different ways are available to the Marine Corps to talk to remote spots, and new ways are being found all of the time. If there is further interest, I would be more than happy to post further to the list. Sgt Darren Harlow - Computer Security MCTSSA, Camp Pendleton, USMC Internet: harlowd at nwsfallbrook3.nwac.sea06.navy.mil or another less reliable & slower: harlow at mqg1.usmc.mil Voice: Comm: (619) 725-2970 DSN (Autovon): 365-2970 Fax: Comm: (619) 725-9512 DSN (Autovon): 365-9512 PGP Public key available upon request "The views expressed are my own, and always will be..." From gtoal at an-teallach.com Tue Apr 19 15:05:27 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Tue, 19 Apr 94 15:05:27 PDT Subject: Warrentless Search Message-ID: <199404192203.XAA29076@an-teallach.com> : From: Ed Carp : This was the famous Millikan experiment in the 50's (60's?). The Erm... wasn't that the one where people were suspended between two electric plates and the voltage adjusted so they *wouldn't* get a shock? ;-) G Nee hee Neddie! Shot in the cringe! From killbarny at aol.com Tue Apr 19 15:11:41 1994 From: killbarny at aol.com (killbarny at aol.com) Date: Tue, 19 Apr 94 15:11:41 PDT Subject: Black Net Message-ID: <9404191802.tn50196@aol.com> Has anyone heard of BlackNet? BlackNet is in the business of buying, selling, trading, and otherwise dealing with information in all its many forms. Through PGP and anonymous remailers, the folks at BlackNet plan to create a huge black market in data: trade secrets, processes, production methods, nanotechnology, privacy databases, and chemical manufacturing. The only way to get in is to find a BlackNet-oriented message (one with the BlackNet PGP key), then respond to it, using anonymous remailers and PGP. It might be found in or . If anyone knows about this [or their address/key], please send. From pgf at srl.cacs.usl.edu Tue Apr 19 15:23:30 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Tue, 19 Apr 94 15:23:30 PDT Subject: Sgt Russell Message-ID: <199404192218.AA17398@srl03.cacs.usl.edu> Just wondering, but if Sgt. Russell is kicked off the list, how will we ever convert the military? Don't we want them on our side in the coup? Smiley to taste, Phil From juola at bruno.cs.colorado.edu Tue Apr 19 15:26:38 1994 From: juola at bruno.cs.colorado.edu (juola at bruno.cs.colorado.edu) Date: Tue, 19 Apr 94 15:26:38 PDT Subject: Remailer Musings Message-ID: <199404192226.QAA04862@bruno.cs.colorado.edu> I disagree with Brad's interpretation. For example, if I photocopy a book and anonymously snail mail it to people, do you think the postal service is going to take the fall? Nope - they are just a carrier, and are not responsible for content. Like the common carriers - they just receive a message and pass it along. They aren't responsible for message content. If Brad Templeton's view of the world was the prevailing (or correct) one, then every common carrier in the country, including Ma Bell and the US Postal Service, would not exist, because they would've been sued out of existence long ago. On the other hand, part of the rules of being a common carrier are that one is *required* to cooperate with appropriate authorities to prevent this sort of abuse and to catch said abusers if/when it happens. I suspect that Mr. Templeton's lawyer could make a case that by setting up a remailer where one cannot "trace calls," one is violating the requirements of being a common carrier, and thus is responsible for content. - kitten From pgf at srl.cacs.usl.edu Tue Apr 19 15:30:18 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Tue, 19 Apr 94 15:30:18 PDT Subject: Banyan vine use by US Marine Corps... Message-ID: <199404192225.AA17420@srl03.cacs.usl.edu> This is a reply to Sgt. Harlow's message about Banyan Vines: Of all the methods the military uses, they are all jammable by one means or another given enough effort, right? There's no totally non-blockable means of communication available to the military or civilian sectors, is there? Trying to get back on topic, Phil From juola at bruno.cs.colorado.edu Tue Apr 19 15:33:39 1994 From: juola at bruno.cs.colorado.edu (juola at bruno.cs.colorado.edu) Date: Tue, 19 Apr 94 15:33:39 PDT Subject: Remailer Musings Message-ID: <199404192233.QAA05155@bruno.cs.colorado.edu> Ed Carp sez : I understand your objections, but think about it this way: nothing in the world says that you have to put a return address on the envelope. Nothing in the world says that you have to present any form of ID in order to drop a letter into a postal box. Sure, the postal inspectors have to "cooperate", but if you drop a letter with no return address into a box, how could they trace it back to you? Are people going to say to the US postal folks, "hey, it's *your* fault that they didn't put a return address on their envelope!" I think not. Yes, but that's not what anonymous remailers *do*. Anonymous remailers accept mail that comes in an envelope *with a return address* and repackage it in a different envelope without a return address. So, yes, in a way, it *is* the analogical Post Office's fault that the letter arrived without a return address. Similarly, I think that anonymous remailers, like the post office, ma bell, etc., are common carriers. You can't have it both ways - either you are a common carrier and exercise no editorial control over what goes through your remailer, or you are a publisher, and are held to a certain degree of legal responsibility. But if one is a common carrier, one is required to assist. The whole remailer paradigm is designed to prevent such assistance. Therefore, by running a remailer, you are stating that you are *not* willing to assist the appropriate authorities, i.e. that you are not a common carrier. Or so a lawyer could claim. - kitten From sandfort at crl.com Tue Apr 19 15:34:52 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 19 Apr 94 15:34:52 PDT Subject: BEST Inc. In-Reply-To: Message-ID: C'punks, On Tue, 19 Apr 1994, Jeremy Cooper wrote: > . . . > The mag strips are only for ease of use. They contain the same info that > is on the front of our liscence. Earlier on there was a discussion about > how you can really piss cops off if your card doesn't read, because they > have to write it all down by hand. > > Also, what we they do if you accidentaly erased that strip, arrest you? > Many people are ignorant of the fact that magnetism erases the info on > that stripe. Is it your fault if the stripe losses even one bit of > information that might cause it to read incorrectly? Say, does anyone have a magnetic strip reader/writer? It might have some intersting uses, don't you think? ^^^^^^ S a n d y From jamiel at sybase.com Tue Apr 19 15:36:00 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Tue, 19 Apr 94 15:36:00 PDT Subject: Black Net Message-ID: <9404192231.AA29108@ralph.sybgate.sybase.com> At 6:02 PM 04/19/94 -0400, killbarny at aol.com wrote: >Has anyone heard of BlackNet? BlackNet is in the business of buying, selling, >trading, and otherwise dealing with information in all its many forms. The most recent Phrack (45) had an ad from them. If this is not what you saw (and you think the info you saw is not related to the phrack bit), let me know- I was assuming it was a wet dream of a few 15 year olds. From pgf at srl.cacs.usl.edu Tue Apr 19 15:36:09 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Tue, 19 Apr 94 15:36:09 PDT Subject: Side question on money laundering... Message-ID: <199404192231.AA17439@srl03.cacs.usl.edu> This may sound like a stupid question to most of y'all, but Tim brought up the Internet Casinos concept in one of his statements following-up to the money laundering thread, so I thought I'd ask: Given that even I, in my isolated little backwater of South Louisiana, find myself withing 20 miles of a casino, is it possible that the market is saturating to the point where an internet casino would not neccesarily be a good idea? If there is real anonymous untraceable digital cash for money laundering with, will "real" casinos see their profits decline as digital money sucks away that part of their business? PHil From pgf at srl.cacs.usl.edu Tue Apr 19 15:43:48 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Tue, 19 Apr 94 15:43:48 PDT Subject: cryptophone ideas Message-ID: <199404192239.AA17456@srl03.cacs.usl.edu> Lady Ada writes: >The ideal phone might be based on CPU's, RAM, and DSP's, with no >DES chips or anything like that. Have you seen the prices of used original NeXT equipment lately, or just the prices of single system boards from back in the 68030 era? Anyway, why do you need a DSP? I have read in several places that DSP's are going to be "replaced" by the CPU as time goes on and the CPUs just get more and more powerful. Phil From eagle at deeptht.armory.com Tue Apr 19 15:44:35 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Tue, 19 Apr 94 15:44:35 PDT Subject: Milgram & Authority Message-ID: <9404191544.aa08791@deeptht.armory.com> -----BEGIN PGP SIGNED MESSAGE----- From: lefty at apple.com (Lefty) Subject: Re: S Milgram & Authority Response >said: > > We better be DAMN careful who we put in authority in this country. Really? When was this, precisely? Lefty (lefty at apple.com) March/April 1976- I'd just gotten divorced and the bullet hole in my abdomen was healing quite nicely. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbRekV/ScHuGXWgVAQE10AQAz7y6jFSZ42OuCyrSAcc7LrNjNq4hcay9 Yg6nmJD/DxOBX4Nl4y8qATD+7TDX9KBX0QFy18i7JUvU9oMU2cAYVq3ZOrB8CaZv PIfkU7uK7KgRP0oYyUop+Ea1Wfa+/QLrKFyKhwW1xRN3RMmWfxNRfkunMxXUng9P EW1Cz4RezKQ= =3/1J -----END PGP SIGNATURE----- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From unicorn at access.digex.net Tue Apr 19 15:56:08 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 19 Apr 94 15:56:08 PDT Subject: Warrantless searches -- A sign of things to come? Message-ID: <199404192255.AA22833@access3.digex.net> Are there any lawyers that can comment with certainty? I'm not qualified to answer this point. (I did post since it was my original point that is being referred to. My opinion is that a landlord can not further limit that which the state laws protect... but that is opinion) <- The test to distinguish a Leasehold from a License is whether the control exercised by the occupant over the premises is so great as to make the occupant a tenant, or so small as to make the occupant a licensee. Key factor inculudes the intent of the parties in determining the the consequences of the landlord tennant relationship. _Cook v. University Plaza_, 427 N.E.2d 405 (Ill. 1981). The intent is usually determined by the language of the agreement and the focus is on certain key words that estlablish a leasehold. ONLY A TENANT HAS A POSSESSORY INTEREST IN THE LAND. Thus: Only a tenant can bring actions like ejectment, tresspass, nusiance. One should note that arguebly the Fair Housing Act does not kick in until one has a possessory interest in the land and the relationship can be characterized as a landlord tennant one. Private clubs, dwellings for religious purposes and others are exempt from the act. Public housing commissions may adopt "desirability standards" to determine elgibility, but this right stops short of discrimination even to the extent that criminal records, while they may go to desireability, may not be used as a bar from public housing. _Manigo v. New York City Housing Authority_, 51 Misc. 2d 829 (1966). There is upon the tenant a duty not to use the premises for Illegal purposes. (Gambling, prostitution etc.) Argueably this might include violations of the Chicago handgun laws, but the connection between possession of a handgun and the use of the leasehold estate seem to me, thin. At the very least, the presence of a leasehold brings about basic protections and non-discrimination protections in particular into existance. The license that a student may hold upon a dorm does not trigger such protections under landlord tenant law, although remedies may exist elsewhere. Because a leasehold is partly a conveyance and partly a contract, the denial of the Right to possess firearms in general is unenforceable in so far as it constitutes a infringement upon the constitutional right. Such a prohibition in a license agreement, while not per se legal is at least not protected in the same way. The move of property law to a theory of contract, that is the move to allow the private parties of landlord and tennant to agree on issue s normally separate from a housing agreement, does not enable the tenant to give up certain rights. "When owners grant rights of access to their property to others, they are not unconditionally free to revoke such access." 40 Stan. L. Rev. 611 (1988). "Property rights serve human values. They are recognized to that end and are limited by it. Title to real property cannot include dominion over the destiny of persons the owner permits to come upon the premises." _State v. Shack_, 58 N.J. 297, 277 A.2d 369 (1971). In so far as restrictions in a lease include rights that can be estlablished by state or federal constitutions or other law, they are unenforceable. -uni- (Dark) From SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil Tue Apr 19 15:56:29 1994 From: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil (SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil) Date: Tue, 19 Apr 94 15:56:29 PDT Subject: Banyan vine use by US Marine Corps... Message-ID: <9404192256.AA18516@toad.com> Yes, the means are jammable. However, if the network is jammed, there are other ways around this, that really can't be discussed within this forum. Sgt Darren Harlow - Computer Security MCTSSA, Camp Pendleton, USMC Internet: harlowd at nwsfallbrook3.nwac.sea06.navy.mil or another less reliable & slower: harlow at mqg1.usmc.mil Voice: Comm: (619) 725-2970 DSN (Autovon): 365-2970 Fax: Comm: (619) 725-9512 DSN (Autovon): 365-9512 PGP Public key available upon request "The views expressed are my own, and always will be..." From jamiel at sybase.com Tue Apr 19 15:57:31 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Tue, 19 Apr 94 15:57:31 PDT Subject: Remailer Musings Message-ID: <9404192257.AA09181@ralph.sybgate.sybase.com> At 4:26 PM 04/19/94 -0600, juola at bruno.cs.colorado.edu wrote: >X-Authentication-Warning: bruno.cs.colorado.edu: Host localhost didn't use >HELO protocol Just thought I'd let you know about this heading, in case you are debugging anything... >Subject: Re: Remailer Musings >Date: Tue, 19 Apr 94 16:26:24 MDT >From: juola at bruno.cs.colorado.edu >On the other hand, part of the rules of being a common carrier are that >one is *required* to cooperate with appropriate authorities to prevent >this sort of abuse and to catch said abusers if/when it happens. I >suspect that Mr. Templeton's lawyer could make a case that by setting >up a remailer where one cannot "trace calls," one is violating the >requirements of being a common carrier, and thus is responsible for >content. > > - kitten I wonder how this would jive with the factoid someone on this list (don't have the original handy) found a while back about the court ruling in favor of the right to operate under an alias in (constitutionally?) protected, at least in terms of publishing, etc.? I remember the case happening in L.A., I think. Anyway, what are the odds a case could be made that my 'anonymous identity' "fooperson" is a legal pseudonym? Stretching it some, but a possibility, and one case where similarities with publishing can work in favor of privacy. jamie -- "Sure, people mistake me for straight, but when I do get someone in bed,that's when being a femme *really* pays off." -Bryna Bank, on Butch/Femme jamie lawrence jamiel at sybase.com From perry at snark.imsi.com Tue Apr 19 16:03:59 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Tue, 19 Apr 94 16:03:59 PDT Subject: Milgram & Authority In-Reply-To: <9404191544.aa08791@deeptht.armory.com> Message-ID: <9404192303.AA07260@snark.imsi.com> Jeff Davis says: > Really? > When was this, precisely? > > Lefty (lefty at apple.com) > > March/April 1976- I'd just gotten divorced and the bullet hole in > my abdomen was healing quite nicely. Really? I was under the impression his stuff had been published substantially before that date -- certainly that seems to be a quite late year for him to have been presenting a paper on it. Perry From pgf at srl.cacs.usl.edu Tue Apr 19 16:04:18 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Tue, 19 Apr 94 16:04:18 PDT Subject: Press Release on Secure NCSA Mosiac Message-ID: <199404192259.AA17531@srl03.cacs.usl.edu> Another question entirely: Might it be better just to use some sort of stream cypher that works by XOR'ing the stream against a large one-time pad where the used parts are deleted as it goes along? I'm thinking currently of telnet-level applications or larger-level ones based on telnet like HTTP (I know, technically there are better descriptions of HTTP and the like). It would be easy to pre-distribute the one-time pads via PGP or RSA. This has the advantage of not locking the whole infrastructure into a single public key system. Phil From unicorn at access.digex.net Tue Apr 19 16:04:18 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 19 Apr 94 16:04:18 PDT Subject: Money Laundering thru Roulette Message-ID: <199404192304.AA23351@access3.digex.net> There was a more interesting case in, I believe, Australia. Someone who wanted to bribe a politician instead libeled him. The politician sued, and they ``settled'' out of court. Interesting also that in some states judgements are non-taxible. :) From pgf at srl.cacs.usl.edu Tue Apr 19 16:08:41 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Tue, 19 Apr 94 16:08:41 PDT Subject: Black Net Message-ID: <199404192304.AA17552@srl03.cacs.usl.edu> >I was assuming it was a wet dream of a few 15 year olds. (ROTFL). He. Hehe. Hehehehahahahahahaha... pgf From unicorn at access.digex.net Tue Apr 19 16:15:47 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 19 Apr 94 16:15:47 PDT Subject: ID list Message-ID: <199404192315.AA24108@access3.digex.net> WOw. I have recieved 4 replies in 2 hours. I propose the following for the list of ID types: Please incude the date and month of the card issuance, so it can be included in the list. Many people have states that let licenses go for 5 years so outdated information is a problem. The greatest concerns are the digitized photo, the magnetic strip and the bar code. Please include a yes/no for each of these at least. The type of card (laminated... not laminated... etc) is also helpful. I'm amazed at the response. The identity of contributers will not be put on the list, and anonymous submissions are encouraged. -uni- (Dark) From jims at Central.KeyWest.MPGN.COM Tue Apr 19 16:18:05 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell - KD4CKQ) Date: Tue, 19 Apr 94 16:18:05 PDT Subject: Privacy and the lack thereof. In-Reply-To: <199404192152.AA17128@access3.digex.net> Message-ID: <9404192317.AA12080@Central.KeyWest.MPGN.COM> > > Then, instead of having a record that you purchased Pentouse Letters > on April 14 at 10:33 pm in Mac's Milk on the corner of Broadway > and 110th, they have a record of your withdrawal of 50 bucks from > the atm and a picture in their video database as you did the > withdrawal. Six of one, half a dozen of the other. I had this thought earlier today: What if the infamous "THEY" want to track your actions. They have reason to believe you live in Chicago and just bought a gun to take back home. This being illegal they would like to nail you. You, however, have read this list and are a bit on the "shady" side of the law and bought the gun with cash and a fake name/id. Safe at last, or are you? What if "they" analyzed all the ATM machines in that general area and got a report of everyone who withdrew Gun_Price + 0-to-100 dollars. (Spending money). They could narrow it down and eventually, since they suspect you anyway, get your pix from the ATM video camera. Take this to the gun man and you're id'd. My point? Does everyone do what I do... carry little cash and when you want to buy something with cash go to a machine and take it out within an hour of your purchase? It seems to me if this is typical then we need to look at changing that habit since it can lead someone to you, albeit with great difficulty. Jim -- Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com Key West, FL 33041 CIS: 71061,1027 (305) 293-8100 "We keep coding and coding and coding..." From sdw at meaddata.com Tue Apr 19 16:24:06 1994 From: sdw at meaddata.com (Stephen Williams) Date: Tue, 19 Apr 94 16:24:06 PDT Subject: cryptophone ideas In-Reply-To: <199404192239.AA17456@srl03.cacs.usl.edu> Message-ID: <9404192325.AA27297@jungle.meaddata.com> > > > Lady Ada writes: > > >The ideal phone might be based on CPU's, RAM, and DSP's, with no > >DES chips or anything like that. > > Have you seen the prices of used original NeXT equipment lately, > or just the prices of single system boards from back in the 68030 > era? > > Anyway, why do you need a DSP? I have read in several places that > DSP's are going to be "replaced" by the CPU as time goes on and the > CPUs just get more and more powerful. > > Phil This seems like a strange comment since DSP's are general purpose processors that are optimized for a certain range of price/performance. Actually, I've been seeing hints that most systems will start augmenting the main processor with DSP's to solve the realtime / multiprocessing problem. Zyxel modems have 2 DSP's + a 68000. I've been reading up on them recently... sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From lefty at apple.com Tue Apr 19 16:28:31 1994 From: lefty at apple.com (Lefty) Date: Tue, 19 Apr 94 16:28:31 PDT Subject: Remailer Musings Message-ID: <9404192326.AA20064@internal.apple.com> >>On the other hand, part of the rules of being a common carrier are that >>one is *required* to cooperate with appropriate authorities to prevent >>this sort of abuse and to catch said abusers if/when it happens. I >>suspect that Mr. Templeton's lawyer could make a case that by setting >>up a remailer where one cannot "trace calls," one is violating the >>requirements of being a common carrier, and thus is responsible for >>content. > >I wonder how this would jive with the factoid someone on this list (don't >have the original handy) found a while back about the court ruling in favor >of the right to operate under an alias in (constitutionally?) protected, at >least in terms of publishing, etc.? I remember the case happening in L.A., >I think. Anyway, what are the odds a case could be made that my 'anonymous >identity' "fooperson" is a legal pseudonym? Stretching it some, but a >possibility, and one case where similarities with publishing can work in >favor of privacy. I believe it was stated (correctly, according to my understanding) that one may use any pseudonym, as long as the intention in using it is not to commit a crime. Copyright infringement _is_, like it or not, a crime. There is not, to the best of my knowledge, any such thing as "a legal pseudonym". -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From lefty at apple.com Tue Apr 19 16:53:07 1994 From: lefty at apple.com (Lefty) Date: Tue, 19 Apr 94 16:53:07 PDT Subject: Black Net Message-ID: <9404192347.AA20459@internal.apple.com> >At 6:02 PM 04/19/94 -0400, killbarny at aol.com wrote: >>Has anyone heard of BlackNet? BlackNet is in the business of buying, selling, >>trading, and otherwise dealing with information in all its many forms. > > >The most recent Phrack (45) had an ad from them. If this is not what you >saw (and you think the info you saw is not related to the phrack bit), let >me know- I was assuming it was a wet dream of a few 15 year olds. Do _not_ mess with those BlackNet folks. You'll wind up face-down in a landfill, and spend eternity playing pinochle with Jimmy Hoffa. Trust Me On This. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From collins at newton.apple.com Tue Apr 19 16:58:18 1994 From: collins at newton.apple.com (Scott Collins) Date: Tue, 19 Apr 94 16:58:18 PDT Subject: 15 out of 16 times (math, not laundry) Message-ID: <9404192201.AA13670@newton.apple.com> >Pretend the casino is run out of a church. "Parishioners" arrive and >enter a confessional to place their bets. The "priest" cannot see who >is placing each bet. Each "parishioner" plays until he or she is >broke. "Parishioners" arrive at a steady rate and will do so >indefinitely. Let me just make sure I understand what you mean. I believe you are saying: Conjecture A: A.1 As parishoners play and leave, the division of wealth approaches the `odds' of the game. Thus if the odds are .51 house (of God), .49 parishoner, then eventually the house will end up with 51 cents out of every dollar `played'. Just as it would if the church were playing against one very wealthy parishoner (i.e., the `world'). A.2 Since there are a large number of parishoners, enough games can always be played to make the distribution match the odds. If this is _not_ what you mean to say then I apologize for missing your point; read no further---just send me explanations to clear up my mis-understanding. If Conjecture A is accurate statement of your belief, then please step across this line. ---------- Let me walk through your model, one parishoner at a time. Please read this with an open mind; it could be true. >Each "parishioner" plays until he or she is broke. Lets say the odds of the game are .51 to .49. Each parishoner has $100. Each parishoner plays until broke. At some point in play, the distribution of wealth with respect to _that player_ may be arbitrarily close to c=$51, p=$49. What, though, is the distribution at the _end_ of that game? Since each game only ends when the p=$0, the distribution is c=$100, p=$0. On to the next parishoner. After the 9th, but before the 10th parishoner, the distribution must be c=$900, p[10]=$100. It can't be worse than that for the church, or we wouldn't have moved on to the 10th parishoner. It can't be better for the player because each has only $100 to wager. After the n'th, c=$100n, p[n+1]=$100. Conjecture A predicts that as n, the number of players, goes to infinity, c, the fraction of money won by the church, approaches C, the probability the church will win a single trial. But in fact, the model shows that as n approaches infinity, c goes to 1. Where could one disagree with this interpretation of the model? a. Maybe the church has 10 confessionals, or 1000, or 10,000. Serializing the players might be a `paper' advantage to the church that doesn't occur in reality. b. Players can have any amount of money, not just $100 dollars. c. What if the church goes broke? (a) Imagine that the church has at most k confessionals, and thus can play no more than k simultaneous games. Fill all k. All other players are waiting in line for an open spot. The next parishoner can't play until an existing player goes broke. The distribution of wealth during play by the (k-1+10)th player is exactly as before, except now it is +/-$100(k-1). (b) has no impact. As above, at the end of each game the fraction of money won by the church with respect to that player is 1 (assuming it's the player and not the church that `went out'). (c) If the church goes broke, all bets are off, literally but not figuratively. The distribution of wealth is c=0, P=1 (P for all players as opposed to p for a single player). This also does not match the expectation of .51. >The chance of the "church" to win or lose is the same on every >bet, regardless of who places it. That is true. But the only way the player can realize his mathematical expectations is if he is allowed to continue playing even after he is out of money (i.e., so he can climb back out of the hole). Ok, the first player goes out, but the infinity of players after him can make up for that, right? Wrong, because on his way to winning back the first players money, if the second player goes broke, _his_ game is over. Now its up the third guy, ad infinitum (literally)..... just because the series is infinite doesn't mean the sum is. No set of players, all of whom go broke, break the church. Therefore, for the series to end it must be instigated by a set of players that includes at least one who doesn't go broke (i.e., the church goes broke instead). In fact, a single player who doesn't go broke ends the series without any help from other players. Thus, to stem the tide of pious donations (i.e., the church's winnings), a single player with enough money to `outlast' the church is required. Hope you found this interesting but not insulting, Scott Collins | "That's not fair!" -- Sarah | "You say that so often. I wonder what your basis 408.862.0540 | for comparison is." -- Goblin King ................|.................................................... BUSINESS. fax:974.6094 R254(IL5-2N) collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2D Cupertino, CA 95014 ..................................................................... PERSONAL. 408.257.1746 1024:669687 catalyst at netcom.com From 71722.2374 at CompuServe.COM Tue Apr 19 17:05:56 1994 From: 71722.2374 at CompuServe.COM (Neal M. Goldsmith) Date: Tue, 19 Apr 94 17:05:56 PDT Subject: Hello Message-ID: <940420000225_71722.2374_DHR40-1@CompuServe.COM> My friend has been forwarding some of your material to me. I'd like to learn more about what you do. Is there some overview piece describing your varied interests. Are you a you or a group? Thanks, Neal From gtoal at an-teallach.com Tue Apr 19 17:11:16 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Tue, 19 Apr 94 17:11:16 PDT Subject: ID list Message-ID: <199404200002.BAA02720@an-teallach.com> : Please incude the date and month of the card issuance, so it can be : included in the list. Many people have states that let licenses : go for 5 years so outdated information is a problem. : The greatest concerns are the digitized photo, the magnetic strip : and the bar code. Please include a yes/no for each of these at least. : The type of card (laminated... not laminated... etc) is also helpful. I missed the original request. Are you asking about driving licenses? My current one was issued in 1979 and expires in 2029. American bartenders find it rather confusing :-) Green paper, no photo at all, digitized or otherwise. G From mkj at world.std.com Tue Apr 19 17:13:36 1994 From: mkj at world.std.com (Mahatma Kane-Jeeves) Date: Tue, 19 Apr 94 17:13:36 PDT Subject: IRS vs. privacy Message-ID: <199404200013.AA06984@world.std.com> > * [This blew my socks off] The IRS has subscription data > for many national magazines. Thus, if they know you're > getting Time & Newsweek & Barron's and USNews but they > see no tax return, they nab you. That's a valuable data point. Here's another, in a quote I saved almost a decade ago from an article in COMPUTERWORLD, Sept. 1985: "In an effort to identify people who fail to file tax returns, the Internal Revenue Service is matching its files against available lists of names and addresses of U.S. citizens who have purchased computers for home use. The IRS continues to seek out sources for such information. This information is matched against the IRS master file of taxpayers to see if those who have not filed can be identified." In another issue of COMPUTERWORLD around the same time (which unfortunately I did not save), I recall an article about an IRS computerized system which tracked all positive and negative stories about the IRS in the media. The article implied that the huge and expensive system represented a cost-no-object assault on freedom of the press. Officials at the IRS, however, were quoted as saying that the intent of the system was merely to evaluate and guide IRS public relations efforts; an IRS spokesperson admitted that the system could be used for intimidation, but said "...that's not our intention." Also, the 4-11-94 issue of Forbes magazine features a good article about the growing IRS practices of computer data-matching and profiling of citizens. It's the issue with the cover that says (in big block print): "You Know Who You Are, and So Do We". From gtoal at an-teallach.com Tue Apr 19 17:20:17 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Tue, 19 Apr 94 17:20:17 PDT Subject: Privacy and the lack thereof. Message-ID: <199404200012.BAA02913@an-teallach.com> : From: Jim Sewell - KD4CKQ : name/id. Safe at last, or are you? What if "they" analyzed all the : ATM machines in that general area and got a report of everyone who : withdrew Gun_Price + 0-to-100 dollars. (Spending money). They could : narrow it down and eventually, since they suspect you anyway, get your : pix from the ATM video camera. Take this to the gun man and you're id'd. It's worse than that if they're on the ball. All they have to do is match up the serial numbers on the bills you spent in the shop with the ones fed into the ATM at whatever banks you got money from. I don't know for sure about the US, but in the UK bills are tracked with OCR at various points in the banking chain. Worse, many ATMs in the early days insisted on brand new notes thatr didn't jam, so the serial numbers were often sequential and *definitely* on file somewhere. Anyway, if they just want your picture for ID, it doesn't have to be from the most recent bank transaction. People's pictures are floating around all over nowadays unfortunately. You can be sure your passport picture is on file and almost certainly digitised nowadays, but there are lots of other places you'll show up - buss pass, bank card, graduation photo, annual class photo, last time you entered the country through customs - it's very hard to avoid getting your picture on file. Anyway, in real life it would be the other way round - the gun shop would have your pic on tape from the security camera, and the feds would be the one to ID you from that video, not the shop owner. G From joshua at cae.retix.com Tue Apr 19 17:31:08 1994 From: joshua at cae.retix.com (joshua geller) Date: Tue, 19 Apr 94 17:31:08 PDT Subject: Black Net Message-ID: <199404200026.RAA01538@sleepy.retix.com> lefty writes: >some random person writes: >>killbarny at aol.com wrote: >>>Has anyone heard of BlackNet? BlackNet is in the business of buying, selling, >>>trading, and otherwise dealing with information in all its many forms. >>The most recent Phrack (45) had an ad from them. If this is not what you >>saw (and you think the info you saw is not related to the phrack bit), let >>me know- I was assuming it was a wet dream of a few 15 year olds. >Do _not_ mess with those BlackNet folks. You'll wind up face-down in a >landfill, and spend eternity playing pinochle with Jimmy Hoffa. >Trust Me On This. a friend of mine told me he was going to sell some information to BlackNet. I don't know if he did or not, but he ... changed ... in a strange way. his speech patterns became different. he started dressing differently, and his shirt bulged in the back, I have never seen anything quite like it before. his house burned down mysteriously sometime after that. I saw him riding in tha back of a black lincoln, talking with this guy who looked ... wrong. josh From sinclai at ecf.toronto.edu Tue Apr 19 17:38:14 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Tue, 19 Apr 94 17:38:14 PDT Subject: BEST Inc. In-Reply-To: Message-ID: <94Apr19.203759edt.14786@cannon.ecf.toronto.edu> > Say, does anyone have a magnetic strip reader/writer? It might have some > intersting uses, don't you think? ^^^^^^ A mag-strip may be copied from one card to another with a steady hand and a dubbing tape deck. I'd hazard instead one could read the data into a computer via a sound card and edit it to taste. Then drop it back on that or another card by the same method. This works for things like library photo-copy cards. I don't know if others, like bank cards, require a stronger field to write. Also, there are probably checksums or hashes on bank/ID cards. From fhalper at pilot.njin.net Tue Apr 19 17:40:16 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Tue, 19 Apr 94 17:40:16 PDT Subject: Black Net Message-ID: <9404200040.AA10958@pilot.njin.net> Does anyone actually believe Blacknet exists this is about the umpteenth time I have heard about some kind of Blackmarket internet traders that are very had to find. It sounds like something out of that Gibson book "Virtual Light" Reuben Halper -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi16KosAAAEEAMUwRni4a9+GbuAhHDLcBWK60hCJUYxhr2hYokpELAhx0ejp 2fq61Tu9Hjn051CN8Xy5nu6sv2ODfG/t59l4DJSb5pirQaII3zaX0rMX0ydwGDoW YakL4ow1lNY+d/k14KpIuUW404+fNuNhIGSkdVLQIfbOgh0preK7/P44AKvdABEB AAG0JlJldWJlbiBIYWxwZXIgPGZoYWxwZXJAcGlsb3Qubmppbi5uZXQ+iQCVAgUQ Lam+x9xF3PzIgw7tAQHPogP/VmoF5AHJNBFlpxl1tvHAzrMLE8nkpengs94Y8zmF 1r5+hk0TaYeEEUzYf1QNfflya5md3WKeXnI3WhO2SRpdH953AD/tNmxw2LLEegat 5sI1XNPuNqxeompiHFRnCz4dI14qjDvRwnPay187/Q5q2F3m0nP8qA6wgl59mDq3 FuCJAJUCBRAteitx4rv8/jgAq90BARTHBACh99OJtGXATm01BUa+u6WHU5CBc2FN F5z29RpTA/JTrgUhn4qeZ19iCIlhe1wi0D3QQH0wN7FrMp6onMw49KFU05/KLDLb JSWdCzjbl/wPEG8z//O6+Pqzj+ZcNM9Rm0b08/QdVoQZMljXkl19Gq2P/D4ceewe WAKePQ2ciFdNbw== =K4ez -----END PGP PUBLIC KEY BLOCK----- From sinclai at ecf.toronto.edu Tue Apr 19 17:41:05 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Tue, 19 Apr 94 17:41:05 PDT Subject: Banyan vine use by US Marine Corps... In-Reply-To: <9404192256.AA18516@toad.com> Message-ID: <94Apr19.204036edt.13986@cannon.ecf.toronto.edu> > Yes, the means are jammable. However, if the network is jammed, > there are other ways around this, that really can't be discussed within this > forum. The British military has carrier pigeons for such an eventuality. They've also have doves. Sick, eh? From evidence at netcom.com Tue Apr 19 18:00:19 1994 From: evidence at netcom.com (Evidence Inc.) Date: Tue, 19 Apr 94 18:00:19 PDT Subject: BEST Inc. In-Reply-To: <199404191906.AA01286@world.std.com> Message-ID: On final comment about this, it is illegal in many states to deface your driver license "willfully." Thus, if you were to demagnatize the strip intentionally, you would likely be committing a crime. Of course, if your mom used the refrigerator magnet to put your DL on the 'fridge after you left in on the kitchen table during breakfast and that inadvertantly de-mag'd your DL, there probably is no crime. Remember, you must be proven guilty. In such a circumstance, the only way anyone could prove that you were guilty is if you admitted to it. ------------------------------------------------------------------------- Evidence, Inc. | The Internet Cops are watching, Evidence at Nowhere.Nil | aren't they? ------------------------------------------------------------------------- "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you..... AT&T" ------------------------------------------------------------------------- ^^^^ Someone posted this here and I liked it so much I adopted it as my tagline.... Any objections? Send them to Evidence at nowhere.nil.. On Tue, 19 Apr 1994, Ken B Kirksey wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > >Simple solution to this problem, especially if you have strong magnets > >around.... De-magnitize the card. > > > >If you are a ham operator, you can use the magnetic mount on the basis of > >your mobile antenna whip. If you're not, get a big magnet... > > > > Or a bulk tape eraser from Radio Shack. They've a thousand household > uses! No home should be without one! :-) > > Ken > > +===========================================================================+ > | Ken Kirksey kkirksey at world.std.com Mac Guru & Developer | > +---------------------------------------------------------------------------+ > | When the going gets tough, the tough hide under the table. | > | -Edmund Blackadder | > > -----BEGIN PGP SIGNATURE----- > Version: 2.3a > > iQCVAgUBLbQwAesZNYlu+zuBAQEeoQQAieN3U5lMrpk24APiEkFQi42oG65ZE8RX > My/fEoNolwMnwIh9MkWQeBjfSx8Ixzwcq3vSla2XgWw6UcXxExvxzSUc1IM38zN1 > p1qpoDwBatdonZoua7G3mlrxRgxEVMLCakO3aM9HNj4QTNpjJFDWSv5wzLDwBPaX > ptmZjAgT+mo= > =rqQB > -----END PGP SIGNATURE----- > From jamesf at apple.com Tue Apr 19 18:02:33 1994 From: jamesf at apple.com (Jim Franklin) Date: Tue, 19 Apr 94 18:02:33 PDT Subject: Banyan vine use by US Marine Corps... Message-ID: <9404200101.AA10582@apple.com> I don't know how I got onto this list, or many others to which I seem to suddenly belong, but I'd be eternally grateful if you removed me from this one. thanks, jim From gtoal at an-teallach.com Tue Apr 19 18:17:46 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Tue, 19 Apr 94 18:17:46 PDT Subject: Black Net Message-ID: <199404200109.CAA04527@an-teallach.com> : Does anyone actually believe Blacknet exists this is about the umpteenth time : I have heard about some kind of Blackmarket internet traders that are very had : to find. It sounds like something out of that Gibson book "Virtual Light" : Reuben Halper I guess there's a lot of new people on this list :-) Why don't you post something here with this key then... [wasabi.io.com] -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCPAixusCEAAAEEAJ4/hpAPevOuFDXWJ0joh/y6zAwklEPige7N9WQMYSaWrmbi XJ0/MQXCABNXOj9sR3GOlSF8JLOPInKWbo4iHunNnUczU7pQUKnmuVpkY014M5Cl DPnzkKPk2mlSDOqRanJZCkyBe2jjHXQMhasUngReGxNDMjW1IBzuUFqioZRpABEB AAG0IEJsYWNrTmV0PG5vd2hlcmVAY3liZXJzcGFjZS5uaWw+ =Vmmy -----END PGP PUBLIC KEY BLOCK----- Type bits/keyID Date User ID pub 1024/A19469 1993/08/15 BlackNet 1 key(s) examined. See what sort of reply you get. Heh heh heh. G (Tim, don't go to bed early tonight, you might be getting some mail...) From gtoal at an-teallach.com Tue Apr 19 18:39:13 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Tue, 19 Apr 94 18:39:13 PDT Subject: Banyan vine use by US Marine Corps... Message-ID: <199404200137.CAA05060@an-teallach.com> : I don't know how I got onto this list, or many others to which I seem to : suddenly belong, but I'd be eternally grateful if you removed me from this one. What's probably happened is that someone has forged a subscription to a mailing list or two in your name. This is a fairly common net prank. Who have you annoyed recently? G PS The chances of catching the person from the mailer logs of the various lists you have been subscribed to is small but it's worth asking the people in charge if the original subscription request can still be found. Often there will be clues in the header as to where the forgery came from. (Eric, are you listening?) From nobody at soda.berkeley.edu Tue Apr 19 18:41:16 1994 From: nobody at soda.berkeley.edu (Tommy the Tourist) Date: Tue, 19 Apr 94 18:41:16 PDT Subject: BlackNet Message-ID: <199404200140.SAA02223@soda.berkeley.edu> -----BEGIN PGP MESSAGE----- Version: 2.3 hIwCHO5QWqKhlGkBA/9ntWBcGjKRDaylUbaOsVV++uf7N2GKC7kbx81+3lnBfi14 dZnHqWmYfYb5ybJnAOJbAclVvYTJIZxdicA9a9Ep55Whj7zrdCfpDclAOet3eJG/ 49OrGnTyL/ZOyxb8TBodwXR8f7xKwmepoMx87wF0LGSy4OuZXYQZfZmwm7tNd6YA AAjndumh/NtASPVx/yA0uitYULgAwbNjfLQNaXBM3Ti6n0w7bnRMJPkMU2+s6n++ +kI+tbLKt4PES3QXF2qQ0Ts1DMGFuwd3YBh5o9qwEom9RXRMTE+5oYwpn0ESYtfS Oi/mnXLqCA5X/cNvQkgngwOffIOqQ8c90C3F5bx+72G+dHcAi8tc+4SPaAzRW9ol nxWU78fh7ECNga3CjTkLgADhUzb1JGAtWMhvKnoDWDsp+1Fbf6cvluAlRAFtwZR4 6yqsGngJwEEkYpsxGLrIlakMS+xDQjgYeb7h5we8rYufZInJITF/BaaTyj2VeVYU M/ucUGm0o1GwaxdLsecV4wAhGKmQWZ1MyM1CWxSN5xE1ZApCreUAc1INOnRfWl3d LeKcfzEqnycyltneyVQ/J0pRiFFNQerRaenr7/QOJGexWqPG7t1e/mHthVgyxC0u Bcq+wdWFdNBQhPEXF0Y5TVlpJlPVvZxFVS7HQUTFXMMHnMh/b5B4dmWrsjZOghbN gPv6dbZoYgNUQsnfU5GuXtMKmh3DGJM13b958scjmW+zomovZqe/Z1QaPHnDJwY4 tdDJclLJAGw59jXHr7jouBjWhYYmsXTnOH0+fb9UMtE8Biai6Pq3/ncYCWUEtIxV jdBo6qQzT9wo+cWgLgXRnTOecLV/VlME4RIbujsQHhz1AFTSJvV2C9JRCL5JhwvL 9Ap8nFhfjPbo2xzGKJScNebWoVi9qsQjUO42OsVi6OL6BHXNvvtx6sODBwsZkRcq Hg6kdodt1CUzraIFVw34HACHjdj/4KIFP9kKd7br46eN+9ItSJ4TYrDCoJ1SIetH omJ5WaQ+zhgGY4KXpbyYmDxfqaXKxB8kt7+7e6xt/P6drQu+/A+ZweD2lPK6zKE8 32Gvrj1sdOOxl5+z4nlW4TyEoWYUGIdfKy/AJWKfOTGESTZM9og83Xqy87lj9HRw vw9NEYZ9XT94T95eQJM3iqgC5P3SaVT7ssB/5ycKabWS0dD5QIkhW+Q4xyDd+Yan HsJHvED3W/vDrKsk5kkYU5GevyDmEPg/acU4eZouNnTO4lRz4LXgsGIi35YO7DvL jAyVyAzbEJtmXcP3+C2IoDhdzBCJ+jUWZP8MtHrWrq7sQ9Jbe2TTe720mSeARHk2 VEcPTFFa1+NC6v0fiVmHvzOBc6E13l4QGCepufX0gxZHZb5WQGDKCc97bCz3rD6q bJbRJ95zefey++nrq3XfyEZ+bfx+aRUkA/bDj6AOAPh6pSlMlj3elegWy25QRWim +fEi3Q1Mfb+w6wgohf3V3ZLlwsSOwRpinYa7C2wkUT4aHg6HMW3vH/NbumLWfv34 nqSNuaSzX/IuioHAd5Fwl8iZZi/ji2dtivvd4hZ0fgF50BXzHCABqLAW6T2TYMr/ OITvF0LEGiadjCgkfnFRSzEYxW1cFAlNiVmP+ueQpIe+mKP52I9z3lczdAl6mNxy MQoh0rUavaXphKFjOQ3u+pt3nggHFTglnNjbb6IK+rn4A9pF+4a5w/BpF+2GgWed TBu7pY57zX0XpkHxZZ75dhzT5vMvFmcdODZTdlxxJputG4S1+P3L2uIp8yPVQe9m +6+EC5X3Aid4lHGrOe0i+IczcNUQ+D5ZLHBrj7IAtzcbKJLi7gLwkDByCqbCcVVJ uTZSBHlZgdw7bp6zKXLDfIHn42URgwI52AC8GZ1FbjWeFCdzuL9adUTPvGsMhcxJ HAoh7Rq72eJ2TBe7oi69JwAlLxR8kK3xExGrTy4blzHqMti2sne2LfT9kWxEDRLe o+y0WvZVhjH8qSKdBrL2JJDgKuWCECGLff8zm2mZcSQhHI2ZUwvC41uatpdsaUdx kAVEMMiY0e5pF5ukUg7xT5I9Y0qSqt7pbGB8idkzusRos2Be5vw4ZJeyBxoKulUj zQZmJKSbe/Ojejcwb46+ip1o4wus8Mli1MAujEnKgLj+D/9Ihzgj2/7Is9IP7W33 D+622fhDwJ8edy0MQtYMHAWQ11PbcOeeu3dbTORC+R68MGREdgv3DekCjify1iiT YTmlu+MHaCdTzhrCeKS/zzJGLz+6QZAP6HmZOVoIRmR0j5Qt/WEpJb+2DE7kjeW7 3ENbYprr1OULHhOfSQJhyJtDwWs/RG3azXW3i0ONIu3gNLQxJs8QOlPwBQDUQA8S pV8O/qslpQDEZSfSx/VMg9RdtXUqST/P3GuwV6sYWRFIshWuV563ds4HdJFxMJPu 5lSxYp+9eH+eYq4ZBhtzaV8Do5GxI/BSQ2O4axhyY+b3RTbhmSnomI2mOnwQx8Lp 6SH8oF0hDkdZzwGEde9vVCOpRJYf6P2qRz1zzdO9Ey1R/CCH1K2TLv3UnxzijpaI j9zl9xGHBiY2HLDwCeKu7jYPyKTXZyQ5JYyfGalB72nJvGxazkYfUWoUsnewB7+j V3XFyZFqmzqyyTsQZ1eOsVRFAJeb1YOT6U38JC0Ic4IYdyfW1qOSUzgp3GE1aFm+ p5+R5JYLkOUXzhT0wyHuDIEKbrJPVUMS7k6mnVbb3U0cKlGvss+0q0l3UXtOZo00 QUph9WhFweJoHkjoH50pAE0DK+SbH7C5u89zmr2PsEYmxYEldBQxdeJKyaS++131 m4IcfTrfo3awhIg0fcB3vBAlyYWYelmjiPiGZLOxxylydm5ZRF4P1LMJ2isW6QHj 5vqtVXIJXpBgF9XYOvcCrU2JbJeHKmjS57f3r0sJwxFUnAogQe4eT6L4DfroW4rB 6HOdFv515MbAz/FiL5S5Ix/YT5XixwPG6uvof2HG+Y0y5g3d8whVQicplgE8+gt0 P7VdlP5JEiVc3Z3zkgUetklIQ5CQ6ItsCnTA8vMQMdaPrMb4SJJYzsN0Sqg+b+69 9oT+rVuDUVpxpbfm1lFps2AgkywXD720sxYjjHYA9XgzuFpQTts7jAdaySY9Degy ueKfTs70iLArlShlTqhwN+8lH17xUnJJIXQJlEtgOEirGdrvxeGiXn5BIC5XJmiF 1+NclT6dSmSZbharXdGvGG9T937W4uc2L28= =OQxE -----END PGP MESSAGE----- ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 7 lines: :: Response-Key: key1 ====Encrypted-Sender-Begin==== MI at UPK]5,.,7),)JND-3:V2TNU+?^3/1F!^=ZYA$<89[2;4KRE#:&@PV&AE3S 3I&0V]DN$FA*& Just some sage advice for newbies: Stay away from Blacknet unless your a serious customer. Ames was a major Blacknet user. I don't think the authorities will take a bright view of anyone posting about it publically. On the otherhand, if you have legitimate information to pass, and want money for it, and don't mind taking quick and speedy trips to other jurisdictions in disguise, go for it! -uni- (Dark) From ecarp at netcom.com Tue Apr 19 19:30:28 1994 From: ecarp at netcom.com (Ed Carp) Date: Tue, 19 Apr 94 19:30:28 PDT Subject: Banyan vine use by US Marine Corps... In-Reply-To: <9404192256.AA18516@toad.com> Message-ID: On Tue, 19 Apr 1994 SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil wrote: > Yes, the means are jammable. However, if the network is jammed, > there are other ways around this, that really can't be discussed within this > forum. Oh, yeah? You might be surprised... ;) If you have clearance and need-to-know for that sort of thing, and it's classified, then yes, you can't discuss it. But that doesn't mean that others can't discuss it. But I think we talked about that several months ago... From blancw at microsoft.com Tue Apr 19 19:35:21 1994 From: blancw at microsoft.com (Blanc Weber) Date: Tue, 19 Apr 94 19:35:21 PDT Subject: The Herd Instinct & Response to Authority Message-ID: <9404200136.AA08012@netmail2.microsoft.com> From: Tom Allard "This shows that, in real situations, people will follow herd instincts and obey orders." Herd instincts: of following together in large numbers, what the rest of the cows are doing or go where the rest of the herd is headed. The experiments on test subjects were done with individuals who were not aware of what others were doing in the same situation, so they could not have been imitating anyone's behavior. So it was a demonstration of something else, that being mostly their state of ignorance, or their deficient knowledge (of morality, of pain, of the meaning of what they see, hear, etc.). I would suspect that this was because they grew up without sufficient opportunity to exercise independent judgement or develop their own self-directing abilities. I think "herd instincts" are in the eyes of the beholder. >From Jeff Davis: (from an earlier post) "I am prone to action on instinct." [so he said...] "We better be DAMN careful who we put in authority in this country." Blanc From ecarp at netcom.com Tue Apr 19 19:38:33 1994 From: ecarp at netcom.com (Ed Carp) Date: Tue, 19 Apr 94 19:38:33 PDT Subject: BEST Inc. In-Reply-To: <94Apr19.203759edt.14786@cannon.ecf.toronto.edu> Message-ID: On Tue, 19 Apr 1994, SINCLAIR DOUGLAS N wrote: > A mag-strip may be copied from one card to another with a steady hand and > a dubbing tape deck. I'd hazard instead one could read the data into > a computer via a sound card and edit it to taste. Then drop it back on that > or another card by the same method. Wasn't there a movie several years ago that had as the plot a couple o college age folks making Visa/MC cards by the same method? From an3747 at anon.penet.fi Tue Apr 19 19:51:33 1994 From: an3747 at anon.penet.fi (an3747 at anon.penet.fi) Date: Tue, 19 Apr 94 19:51:33 PDT Subject: Safeway + Your Privacy Message-ID: <9404200234.AA25278@anon.penet.fi> In <0097D140.1B631720.2317 at Leif.ucs.mun.ca> Bill Garland wrote: > Hey, we have already inadvertently given great power to a centralized > government. We - many of us - well, some of us, well, er, I'm sure > at least Tim May and myself, are just trying to get some of it back, > and not to give them any more. No, you must be thinking of someone else. Tim May acts to _strengthen_ government. Why, just the other day he boasted about _voting_ for them: In Message-Id: <199404140800.BAA23572 at mail.netcom.com> he wrote "Understand that I actually _voted_ [in a government election]... " Voting in their elections is right up there with petitioning them or accepting money from them as their justification for being. When they're challenged, they need only point to these constituencies. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From afabbro at umich.edu Tue Apr 19 19:57:48 1994 From: afabbro at umich.edu (This Space For Rent) Date: Tue, 19 Apr 94 19:57:48 PDT Subject: slow.penet.fi Message-ID: I've found anon.penet.fi to be VERY slow lately, remails taking on the order of 3-5 days, which makes it impossible to use. Of course, like the rest of them, it's free and a service to the Net and a needed utility, so I'm not going to complain. However, it has forced me to look elsewhere and find faster ones... I did write to help@ and ask if there was a problem...for the general benefit of cryptogensia everywhere, here's the reply I got: ---------- Forwarded message ---------- Date: Thu, 14 Apr 1994 19:34:47 +0200 (EET DST) From: Mari (Black Panther) Sepp{ To: This Space For Rent Subject: Re: Slow Remail > How long is mail from anon.penet.fi supposed to take? People were > telling me that it was taking a while, so I test e-mail myself something > on 10:00AM local time on the 8th. Just received it at 4:30AM here on the > 10th, which means it took nearly two days. Is this normal? Some users have flooded the server with hundreds and hundreds of messages. That slows the server down greatly (posting and e-mailing times up to 3 days). Some messages might have even disappeared because these hundreds of messages fill up the diskspace and there is no more room for new messages. Be patient. Sorry about the inconvenience, Zarr Andrew Fabbro If laws are outlawed, weltschmerz at umich.edu only outlaws will University of Michigan have laws. Fnord. _____________________________________________________________ Finger afabbro at churchst.ccs.itd.umich.edu for PGP public key. PGPprint: 87 41 65 E0 C2 51 9F E5 A9 44 ED A6 6B 16 76 9E NSA bait: assassinate uranium dreamland CIA p.o.e. zimmerman From greg at ideath.goldenbear.com Tue Apr 19 20:10:58 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Tue, 19 Apr 94 20:10:58 PDT Subject: Remailer Musings Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Jamie Lawrence writes: > >From: juola at bruno.cs.colorado.edu > >On the other hand, part of the rules of being a common carrier are that > >one is *required* to cooperate with appropriate authorities to prevent > >this sort of abuse and to catch said abusers if/when it happens. I > >suspect that Mr. Templeton's lawyer could make a case that by setting > >up a remailer where one cannot "trace calls," one is violating the > >requirements of being a common carrier, and thus is responsible for > >content. > I wonder how this would jive with the factoid someone on this list (don't > have the original handy) found a while back about the court ruling in favor > of the right to operate under an alias in (constitutionally?) protected, at > least in terms of publishing, etc.? I remember the case happening in L.A., > I think. Anyway, what are the odds a case could be made that my 'anonymous > identity' "fooperson" is a legal pseudonym? Stretching it some, but a > possibility, and one case where similarities with publishing can work in > favor of privacy. This sounds like the quote/cite I posted recently. (Talley v. Calif., 362 US 60, 64-65). The LA City Attorney suggested that the ordinance (which prohibited distribution of handbills without a "true name and address") was intended to prevent fraud, false advertising, and libel - but the ordinance was not drafted to mention those evils, and there was no legislative history presented to support that reading. The majority opinion and Harlan's concurrence explicitly declined to rule on the constitutionality of a more narrowly drawn ordinance which would have addressed those concerns while protecting publishers/distributors from fear of reprisal against unpopular opinion. In any event, the opinion is 34 years old, and I don't know shit about the First amendment. I passed that on to the list not as a statement about what the law is today, but as something to keep in mind next time Detweiler or one of his cohorts mentions that "only criminals think anonymity is good." On the other hand, I'm curious about Brad Templeton's little excursion into the [limits of] liability for electronic publishers. I wonder if he'd consider himself liable if he unwittingly published copyrighted material without permission. Does anyone have a cite to support the notion that common carriers are obligated to assist in the identification of users of their services? I received annoying phone calls for a period of time, and the local phone company (US West) said they'd only get involved once I had an "incident number" (or some such) from the police department, and that information gathered would only be released to the police. I suppose if I actually filed a civil suit against the harassing party (even as a John Doe?) I could then use the discovery process to compel them to release their relevant records - but that's not really the scenario that Brad and 'kitten' seem to imagine. Also, seems like Mike Godwin mentioned last time we talked about the common carrier stuff that one doesn't just become a common carrier by virtue of wanting to be one, or even by acting like one - I think some sort of legislative/administrative action was necessary ..? It's been tossed around on the net that 'UUNET is a common carrier' - a semi-recent post from Tamara Bowman, UUNET staff member, said that UUNET has "enhanced service provider" status, which is not the same thing. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbSXq33YhjZY3fMNAQFJ3wQAiIe8z1A91OPnogT0cibgR/7ZWZGRm36Y S9Lf261OFio5itX8XQEwu6OFToCUwE89mqAT0uG3BqZj4z9pqOACaR6rgXvVYvES ximoWVSvbnyg6/M0iOT8L2I6WFFPS7rlhC1MdCYPou/MX8R45PNcQgQLNDrEbwCi QzomVJslOYA= =dMjm -----END PGP SIGNATURE----- From mg5n+ at andrew.cmu.edu Tue Apr 19 20:11:19 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 19 Apr 94 20:11:19 PDT Subject: Sgt Russell In-Reply-To: <199404192013.AA08974@milou.eunet.fi> Message-ID: <0hh9oC_00WB00BuFMP@andrew.cmu.edu> Julf writes: > > for those who enjoy paranoia, I would > > point out that sgt. harlow is not the only person on this list > > with past or present military associations. > > Have to agree. I, of all persons, would prefer not to mention > my scandalous career in the Finnish Defence Forces. But my > commanding officer didn't like the ray-bans... And if he was posting via anon.penet.fi, we probably never would have thought to ask. :) From greg at ideath.goldenbear.com Tue Apr 19 20:20:24 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Tue, 19 Apr 94 20:20:24 PDT Subject: Remailer Musings Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Lefty writes: > I believe it was stated (correctly, according to my understanding) that one > may use any pseudonym, as long as the intention in using it is not to > commit a crime. I believe the standard is "intent to *defraud*". > Copyright infringement _is_, like it or not, a crime. Only in some cases; and that's not fraud. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbSZqH3YhjZY3fMNAQFjZwP+NEGnXgS56yTJXPS64bOD1zmIPoeIx4q4 B8ffh2uEUPyDg3uq/cjLPCrVZX49squK9KP+ynA5afnydMRuHhRbge3s+4R5Fa7J /+F3Z/aE1m5g7AdxGsx6rK9OGYSVnkgXuDoYFGdTKskI8DTb8ixUjaewc2vwZHFx SXxt3HMZXLs= =MGS5 -----END PGP SIGNATURE----- From merriman at metronet.com Tue Apr 19 20:37:33 1994 From: merriman at metronet.com (David Merriman) Date: Tue, 19 Apr 94 20:37:33 PDT Subject: My Key(s), FWIW Message-ID: <199404200337.AA11326@metronet.com> For What It's Worth (damn little, I suspect :-), here's my PGP public key; 'finger' me for verification/fingerprint/RIPEM. Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - finger merriman at metronet.com for PGP/RIPEM Public Keys and Fingerprints -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCNAi12VeYAAAEEAOqndSk+w1iAtW1nJDtdajTZEZEOuMjeKoFbXWuMK8H93Ckx Ba6c0Z8+STXtscP2WWKwRUVcrM0iZa2X4/7Z/Brl31aaA4DT6AVoxet3CLY0JUfi FciusBFCfPB6wfDdwABLZAzTd49YDyWI/Fq0MlNJ3JAeTFwhPeJ9eOnzcfP1AAUR tCVEYXZlIE1lcnJpbWFuIDxtZXJyaW1hbkBtZXRyb25ldC5jb20+iQCVAgUQLZxj 0Jmg14VGv4TFAQFNsQP+JdRjafESlDYmLvgmQqxZUE90lct/EIy5C8sIDT7vFt1f FI5PLtFg1xlxl8thrBjfff9GYKOt2WSw6Uw144OCNnIw5l93QR3ueSXWmHqowJ6c Hp8batrO/X3InNj6IDx6bolZzv6+lBz2XimE2SvYXCdU+7OA4CYxMQ6nfPwErdU= =h8jX -----END PGP PUBLIC KEY BLOCK----- From eagle at deeptht.armory.com Tue Apr 19 20:45:33 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Tue, 19 Apr 94 20:45:33 PDT Subject: Milgram & Authority (+Ethics) Message-ID: <9404192045.aa22103@deeptht.armory.com> -----BEGIN PGP SIGNED MESSAGE----- From: "Perry E. Metzger" Jeff Davis says: >> March/April 1976- I'd just gotten divorced and the bullet hole in >> my abdomen was healing quite nicely. >Really? I was under the impression his stuff had been published >substantially before that date -- certainly that seems to be a quite >late year for him to have been presenting a paper on it. Stanley Milgram reorganized the very foundations of ethical human research with his experimental procedure. He was very active in structuring ethical human experimentation for years. That's why my question was phrased, "ethical questions aside..." Some o' y'all don't know much about folks, do ya. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbSk/F/ScHuGXWgVAQFqyQP+Ke5zrKbag3M/j6rjJsJbDe9nxDt67L1U po3QKjJmb3xRIUiqOXtyWSsnkMS9pcDgkxBb8CivMcDAR4tTGRgqw4UZf3GCnhYR bmX+4X9bZ6iimA23ItoEhAIGdNP0NouauuHvcVtqNZuntg64Y0c5UvcF9hS4pihq 5wmVH0G3gGE= =DS0i -----END PGP SIGNATURE----- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From wcs at anchor.ho.att.com Tue Apr 19 21:26:41 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 19 Apr 94 21:26:41 PDT Subject: Milgram & Authority (+Ethics) Message-ID: <9404200425.AA02070@anchor.ho.att.com> Jeff Davis says: > >> March/April 1976- I'd just gotten divorced and the bullet hole in > >> my abdomen was healing quite nicely. > >Really? I was under the impression his stuff had been published > >substantially before that date -- certainly that seems to be a quite > >late year for him to have been presenting a paper on it. > > Stanley Milgram reorganized the very foundations of ethical human research > with his experimental procedure. He was very active in structuring ethical > human experimentation for years. That's why my question was phrased, "ethical > questions aside..." > > Some o' y'all don't know much about folks, do ya. Jeff, Perry isn't questioning your description of Milgram's experiments, he was questioning the dates - '76 seems awfully late for that work to have been new and exciting (as opposed to old and exciting.) (Yes, that may imply he's questioning your credibility, or delving into deeper philosophical questions like whether you're really just another incarnation of Detweiler :-) On the other hand, it may be that the time you heard Milgram speaking wasn't the *first* time he'd given his talk - he's probably spoken on the topic a few gazillion times, especially if he's talking to college audiences... From jeremy at crl.com Tue Apr 19 21:29:55 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Tue, 19 Apr 94 21:29:55 PDT Subject: Privacy and the lack thereof. In-Reply-To: <9404192317.AA12080@Central.KeyWest.MPGN.COM> Message-ID: > My point? Does everyone do what I do... carry little cash and when you > want to buy something with cash go to a machine and take it out within an > hour of your purchase? It seems to me if this is typical then we need to > look at changing that habit since it can lead someone to you, albeit with > great difficulty. This is exactly the point behind time delayed remailers. _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From VACCINIA at UNCVX1.OIT.UNC.EDU Tue Apr 19 21:29:56 1994 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Tue, 19 Apr 94 21:29:56 PDT Subject: VAX remailer? Message-ID: <01HBDNBB69ZM004L0N@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- I have recently come into possesion of a VAX account which I would like to run a remailer thru. I have gotten a variety of code from soda which I have little comprehension of. Does hal's instructions contain instructions in ASCII? Mine don't seem to. Other remailers seem to only work on UNIX machines. Our VAX has VMAIL and, I guess, VMSMAIL. If someone could tell me if it is possible to run a remailer out of a VAX account (no root) and steer me toward some code that has instructions on how to set it up, it would be nice. I am a bit clueless on this so some tutoring might be needed. I do have access to various compilers. Please respond by private mail, if I can get this going I'll let you all know. Scott G. Morham !The First, VACCINIA at uncvx1.oit.unc.edu! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbSglD2paOMjHHAhAQGYogQAoGO5vK5Wy/pCT9jjNCqx4Q66Vl8JX3Pc JS4tcXFJecmLCIFAeTFpD1hZ+HBfwe28Mm//kuv2ZkZYlG9E+FohPeUqcuXJzqnF rSlSG0hxfQN5C0HlvYusJz1Aad0GG9aeG1MKRD7DGxMAPZqHlsfM8OmGHo+EUx3j +F5UxApRAmk= =LbPC -----END PGP SIGNATURE----- From jeremy at crl.com Tue Apr 19 21:35:26 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Tue, 19 Apr 94 21:35:26 PDT Subject: BEST Inc. In-Reply-To: <94Apr19.203759edt.14786@cannon.ecf.toronto.edu> Message-ID: > A mag-strip may be copied from one card to another with a steady hand and > a dubbing tape deck. I'd hazard instead one could read the data into > a computer via a sound card and edit it to taste. Then drop it back on that > or another card by the same method. An even better device to use is an old 1/4" reel-to-reel tape deck. Most stripes are exactly 1/4" long, and cassette decks are only 1/8". You can splice a piece of 1/4" tape onto your card perfectly. (After removing the pervious one). _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From wcs at anchor.ho.att.com Tue Apr 19 21:42:03 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 19 Apr 94 21:42:03 PDT Subject: cryptophone ideas Message-ID: <9404200440.AA02524@anchor.ho.att.com> Phil Fraering writes: > Lady Ada writes: > >The ideal phone might be based on CPU's, RAM, and DSP's, with no > >DES chips or anything like that. ... > Anyway, why do you need a DSP? I have read in several places that > DSP's are going to be "replaced" by the CPU as time goes on and the > CPUs just get more and more powerful. For full-scale general-purpose computers with post-Pentium CPUs, it's probably more cost-effective to do any number-crunching in the CPU, though you can get a lot of crunchons for $25-50 of DSP these days (if you're willing to add the cost of the I/O interfaces for it.) Any extra price-performance you gain by skipping it makes the whole system faster, and if you need real-time audio-hacking you can handle the extra OS overhead if your OS is well-designed. However, for a cheaper single-purpose device like a fancy-processing phone (whether crypto or high-quality speakerphone or whatever), the main activities are modeming, A/D conversion, bit-crunching (mostly signal-processing flavors), and some call-setup signalling. A/D converters live on chips, DSPs are real good at digital signal processing, modems chips are cheap and software on DSPs is another approach, and the call-setup logic can fit on almost anything as long as you've got some spare ROM space; your design sophistication and cost analysis will tell you whether you want to do it on an 8086 (or similar flavor of cheap microcontroller), which has enough horsepower to do 10 kb/s of crypto in its spare time, or whether to add some program complexity to the DSP instead (popular if you're building ASICs). Several of AT&T's DSPs have a miminal operating system built in which lets you switch between different programs easily during processing (I think it's non-preemptive, so you have to plan a bit in your code, but it only burns about 5% of CPU for typical applications.) # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465 From jeremy at crl.com Tue Apr 19 21:47:55 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Tue, 19 Apr 94 21:47:55 PDT Subject: Magnetic Stripes Message-ID: It may be difficult to reproduce some magnetic cards because the recording pattern is not purely left to right. Some cards take more of an approach like the VHS system, where every frame (or byte) is recorded in diagonal stripes across the surface: / / / / / / / / instead of - - - - - - - - _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From wcs at anchor.ho.att.com Tue Apr 19 22:00:20 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 19 Apr 94 22:00:20 PDT Subject: Side question on money laundering... Message-ID: <9404200459.AA03225@anchor.ho.att.com> > If there is real anonymous untraceable digital cash for money > laundering with, will "real" casinos see their profits decline > as digital money sucks away that part of their business? "Real" casinos are safe unless some state takes the appalling, disgusting, absolutely un-American step of (gasp!) re-legalizing gambling. Fortunately, most states now depend on the tide of money flowing in from convenience-store lottery sales enough that they won't allow competition for immoral filthy lucre (except of course from Bingo at religious institutions and firehalls). Even New Jersey has state lotteries (though they had to agree to keep their payouts lower than the Mafia's in order to be allowed to operate :-) I suspect purely legal Internet gambling would either have to go off-shore, or convince governments not to be hypocritical about their monopolies. However, aside from the addictive nature of gambling for some people, it may be hard for Internet casinos to compete with the rooms full of blinkenlights and jackpot buzzers, Elvis impersonator conventions, cheap drinks from tastefully-dressed waitresses, high-roller comps at hotels, and the lovely Atlantic City beach-front. They'd probably have to resort to things like charging for extra bullets in video games or phasor charges in net-trek, or letting you buy clues in puzzle-style games. It's a whole new market opportunity, if you're into that sort of thing, but you may be able to compete for a different style of customer, which is a good thing in a net full of mathematicians with automated card-counting programs who *won't* play against stacked odds just because you've tried to keep them from understanding the rules of craps. Just my .02 zorkmids. Bill From hfinney at shell.portal.com Tue Apr 19 22:18:32 1994 From: hfinney at shell.portal.com (Hal) Date: Tue, 19 Apr 94 22:18:32 PDT Subject: slow.penet.fi Message-ID: <199404200519.WAA07442@jobe.shell.portal.com> Afabbro quotes someone in Finland saying, re anon.penet.fi: > Some users have flooded the server with hundreds and hundreds of messages. > That slows the server down greatly (posting and e-mailing times up to 3 days). > Some messages might have even disappeared because these hundreds of messages > fill up the diskspace and there is no more room for new messages. I wonder if this could be a concerted denial-of-service attack. Julf's remailer has had the highest profile of any, and he certainly has his share of enemies. Maybe somebody figured it was easy to shove a few thousand messages a day his way. This makes the server slower and less convenient for others to use, as well as putting an extra load on the trans-Atlantic links just for anonymous messages. It also could cost someone some money which could be blamed on Penet. This could be an attractive strategy for an enemy of anonymity. Hal From wcs at anchor.ho.att.com Tue Apr 19 22:18:41 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 19 Apr 94 22:18:41 PDT Subject: Remailer Musings Message-ID: <9404200517.AA04049@anchor.ho.att.com> Philippe Nave suggests that an anonymous remailer should do more than delete the originator's origin from a message, it should also try to hide its own origin. In some networking protocols, you can do an ok job of that - dialup networks that don't validate origins, for instance, though even there the Phone Company may be able to trace who called whom. With other protocols, you can't cover your tracks very well - TCP/IP messages do carry their originator's IP address, and there's no way you can stop the receiving mailer from logging your address even if you lie to it when generating mail headers; some mailers not only log your address, but refuse to accept connections if you're lying. So they're going to find you anyway, if they're determined enough; the strength in the remailer system comes from the service provided by the remailer itself, and having the remailer forge its address on outgoing connections may annoy the people it connects to as much as being a remailer in the first place. Remailers become much more effective when you have a bunch of them in multiple countries, which makes it much harder for governments to pressure operators, especially if they want to avoid publicity. On the other hand, copyright laws are a sticky situation; Europe and the US operate under common conventions, and there may be more the US can do in, say, Finland for copyright violations than they can do for gambling or income tax evasion for a remailer at credit-suisse.com.ch . Bill From tcmay at netcom.com Tue Apr 19 22:35:01 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 19 Apr 94 22:35:01 PDT Subject: Fixing "Flooding" with Pretty Good Digital Postage Message-ID: <199404200536.WAA04824@netcom9.netcom.com> Hal Finney writes: > I wonder if this could be a concerted denial-of-service attack. Julf's > remailer has had the highest profile of any, and he certainly has his share > of enemies. Maybe somebody figured it was easy to shove a few thousand > messages a day his way. This makes the server slower and less convenient for > others to use, as well as putting an extra load on the trans-Atlantic links > just for anonymous messages. It also could cost someone some money which > could be blamed on Penet. This could be an attractive strategy for an enemy > of anonymity. (Hal knows this, but for those who are new....) Charging some small amount remailing effectively fixes this problem...if someone want to flood a site with thousands of letters a day, and each one costs them 10 or 20 cents, the remailer site makes a tidy profit, which can then be used to buy more machines, a T1 link or two, etc. This "digital postage" could be a simpler subset of digital money, e.g., collections of numbers which are bought it advance and which can be used once and only once. Anonymity comes in various ways, such as by trading with others (lots of issues here, but not unsolvable ones, I think). "Pretty Good Digital Postage" would solve a lot of these problems, as well as making the remailer economy more normal, more market-driven. (Ultimately, we want "Mom and Pop remailers," with incentives.) No central authority needs to force this to happen, nor to set postage rates. Let those who wish to remail "for free" continue to do so, let those who set their rates too high be taught a lesson in market economics, and let the invisible hand work its magic. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From eagle at deeptht.armory.com Tue Apr 19 23:00:55 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Tue, 19 Apr 94 23:00:55 PDT Subject: Public Hearings (Clip & DT!) Message-ID: <9404192300.aa28345@deeptht.armory.com> From: Stanton McCandlish Subject: Clipper/DigTel Hearings Date: Tue, 19 Apr 1994 19:33:27 -0400 (EDT) To: eff-activists at eff.org (eff-activists mailing list) This will be in tomorrow's EFFector Online: Subject: Upcoming Congressional Hearings on Clipper and Digital Telephony ------------------------------------------------------------------------- Congressional hearings on the Administration's Clipper/Skipjack initiative, and the FBI's draft Digital Telephony surveillance bill, and their implications for privacy and First Amendment rights, are to be held April 27 and May 3, 1994. Sen. Patrick Leahy (D-VT), of the Senate Judiciary's Technology and the Law Subcommittee, has expressed skepticism of the Clipper encryption scheme, and has called for hearings to examine the problems of this proposal and its implementation. This effort is due in part to all of you who played a vital role by responding to EFF's grassroots campaign to raise fundamental questions about security and free speech issues in relation to the White House proposal. The Senate hearing will be held on April 27, 1994, 9:30am EDT, Hart Building Rm. 216, and should feature testimony from the Digital Security and Privacy Working Group (a broad coalition of industry and public interest organizations, including EFF), Trusted Information Systems' Steve Walker, Whitfield Diffie of Sun Microsystems, a representative of the Justice Dept. (possibly Atty. Gen. Janet Reno), NSA Director Adm. Mike McConnell, and Ray Kammer of NIST. For more information, contact Beryl Howell at the Senate Judiciary Committee: +1 202 224 3406 (voice), +1 202 224 9516 (fax) Note: this is the full Committee's fax, so address faxes to "Berly Howell, Technology and the Law Subcommittee" or delivery may be delayed. Following the Senate Hearings, the House Science, Space and Technology Subcommittee on Technology, Evironment and Aviation will be holding a hearing to address related civil liberties issues of both the Clipper scheme and the FBI "Digital Telephony" proposal, which so far remains unsponsored. The hearing will be chaired by Rep. Tim Valentine (D-NC), and is scheduled for May 3, 1994, 1pm EDT, Rayburn Building Rm. 2318. Witnesses will include Ray Kammer of NIST, NSA's Clint Brooks, representatives from industry in a panel that will include USTA and TIA, expert witnesses Dorothy Denning and David Farber, and EFF's Jerry Berman on behalf of DPSWG. FBI appears not to be making a showing. The House hearing is being held "to review the Administration's policies and legislative proposals dealing with electronic survellance, privacy and security, ...the adequacy of the Computer Security Act in protecting goverment computer systems", and "the Administration's proposed Digital Telephony legislation and decision to promulgate a voluntary federal encryption standard". Futher information can be provided by Tony Clark of the Subcommittee at +1 202 225 8115 (voice), +1 202 225 7815 (fax) -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From tcmay at netcom.com Tue Apr 19 23:06:38 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 19 Apr 94 23:06:38 PDT Subject: BlackNet--the Truth In-Reply-To: <9404200040.AA10958@pilot.njin.net> Message-ID: <199404200607.XAA07978@netcom9.netcom.com> One of several such questions or comments: > Does anyone actually believe Blacknet exists this is about the umpteenth time > I have heard about some kind of Blackmarket internet traders that are very had > to find. It sounds like something out of that Gibson book "Virtual Light" > Reuben Halper I don't have time right now to dig up my last couple of explanations of this experiment, so let me summarize for the new folks. I'm not enclosing the original BlackNet "prospectus" here, as it has been circulated several times, including a posting to 100 newsgroups by L. Detweiler a short time ago. If you simply _have_ to have it, it's around. 1. I authored BlackNet last summer, as an experiment, and as a "proof of principle" for a discussion at a Palo Alto nanotechnology group. Several list members were there. 2. Hence the emphasis on nanotechnology and the like. That was picked so as to strike a resonant chord with the nannites. 3. I anonymously e-mailed copies to several people I expected to be in attendance, so as to encourage some interest, and so they could see how such things might really develop (black markets for nanotech weapons and other developments). 4. The numbers are real. I generated the BlackNet key, for the address, and I can of course read the traffic posted to BlackNet. Communication is by anonymous pool (a la Myron Cuperman's pools) or by posting anonymously into a publically-readable group (same idea). If BlackNet were real, I would of course not be admitting my connection to it. (However, to reiterate: it is real in the sense that the "parts work." That is, it is not just a Potemkin protocol.) 5. Somebody, not me, took his e-mail copy and anonymously e-mailed it to the Cypherpunks list, around last August-September. It caused only a minor stir. On the Extropians list, I also did a follow-up--this time intentional--announcing that "BlackNet Investigations" was announcing its anonymous dossier service. You can imagine the implications. (I confessed to this experiment a mere few days later, as it looked like some were going along with the joke, adding their own comments about being "shocked, simple shocked" at what they found in their dossiers, while others were growing more and more worried. I think it was Eric Hughes who dubbed this "guerilla ontology.") 6. From Cypherpunks, Detweiler posted it to more than a hundred newsgroups, where the reaction was puzzled, confused, and angry. This was largely the reason he finally had his colostate account yanked. 7. Since then, it continues to bounce around. Oak Ridge National Labs was one of several places that had it (minus the PK block at the end) and had warned their employeess to be "on the lookout" for it and for evidence of theis kind of cyberespionage. And so that's the story. --Tim May (If you don't hear from me the next couple of days you can assume I was taken away by the Men in Black to the Area 51 Surveillance Center, or that I am off at the Asilomar Microcomputer Workshop.) From mech at eff.org Tue Apr 19 23:14:36 1994 From: mech at eff.org (Stanton McCandlish) Date: Tue, 19 Apr 94 23:14:36 PDT Subject: What the heck is this? Optical noise encryption? Message-ID: <199404200614.CAA17953@eff.org> Anyone know anything about this? How secure is this? If you have to have 2 "identical" lasers to pull this off, sounds like this would not be very secure, since there must be a pretty wide margin of error (I mean, how "identical" can 2 lasers be?) ____ from EduPage ____ OPEN SECRET Instead of using mathematical codes to scramble and unscramble messages, Georgia Tech physicists are devising a way of sending a message with electronic noise generated by a flickering laser. By connecting identical lasers over fiber optics, the same random pattern of noise is generated at both the sending and receiving end, and the receiving simply subtracts the noise to uncover the message. (Atlanta Journal-Constitution 4/7/94 E2) __ end _______________ -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From joshua at cae.retix.com Tue Apr 19 23:29:58 1994 From: joshua at cae.retix.com (joshua geller) Date: Tue, 19 Apr 94 23:29:58 PDT Subject: Privacy and the lack thereof. Message-ID: <199404200629.XAA01606@sleepy.retix.com> >> Does everyone do what I do... carry little cash and when you >>want to buy something with cash go to a machine and take it out within an >>hour of your purchase? no. josh From eagle at deeptht.armory.com Tue Apr 19 23:41:38 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Tue, 19 Apr 94 23:41:38 PDT Subject: Phase Cancelling Noise (What the heck is this) Message-ID: <9404192341.aa00062@deeptht.armory.com> -----BEGIN PGP SIGNED MESSAGE----- Message-Id: <199404200614.CAA17953 at eff.org> Subject: What the heck is this? Optical noise encryption? >Anyone know anything about this? How secure is this? If you have to have >2 "identical" lasers to pull this off, sounds like this would not be very >secure, since there must be a pretty wide margin of error (I mean, how >"identical" can 2 lasers be?) The noise can be phase cancelled. Dan Healy did it all the time in '74 with the Wall of Sound double microphone set up for Grateful Dead. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbTOCl/ScHuGXWgVAQHBhwQAkjGFC7Yjtjvo85jHTzcBFPvFOhSWM0Md gCGZ4aBr1VsjdG/NcP8/x6xuymZL8/qdk1ihHSyPv3Ev6EJBqBI28PMVCEl99p9+ xlObDyKnBNt8PowKpEeLBB7uMecN2hdMJ/DZM4r9H7rOaXKshraPQDG6mr32rGho Pd/WMM1NsGg= =uPJe -----END PGP SIGNATURE----- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From rarachel at prism.poly.edu Tue Apr 19 23:51:54 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Tue, 19 Apr 94 23:51:54 PDT Subject: anti-clipper autobomber In-Reply-To: Message-ID: <9404200639.AA22713@prism.poly.edu> Ouch! I'm sorry I asked. I won't bother finding out anything else about Serdar, thanks. :-) I don't have any time to waste on megalomaniacs. Can someone convince him to "share" his software? If not, we can write our own. :-) From mimir at illuminati.io.com Wed Apr 20 01:17:13 1994 From: mimir at illuminati.io.com (Al Billings) Date: Wed, 20 Apr 94 01:17:13 PDT Subject: Privacy and the lack thereof. In-Reply-To: <199404200629.XAA01606@sleepy.retix.com> Message-ID: On Tue, 19 Apr 1994, joshua geller wrote: > >> Does everyone do what I do... carry little cash and when you > >>want to buy something with cash go to a machine and take it out within an > >>hour of your purchase? > > no. I do this often. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Al Billings aka Grendel Grettisson | Internet: mimir at illuminati.io.com | | Nerd-Alberich - Lord of the Nerd-Alfar | Sysop of The Sacred Grove | | Admin for Troth, the Asatru E-mail List| (206)322-5450 | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From bart at netcom.com Wed Apr 20 01:56:33 1994 From: bart at netcom.com (Harry Bartholomew) Date: Wed, 20 Apr 94 01:56:33 PDT Subject: CMU's digicash Message-ID: <199404200857.BAA07806@mail.netcom.com> From: info at ivory.educom.edu (E-D-U-P-A-G-E) Subject: E-d-u-p-a-g-e 04/19/94 Date: Tue, 19 Apr 1994 21:12:53 -0400 ... SMALL CHANGE ON THE NET Researchers at Carnegie Mellon University are developing NetBill, a computerized system for tracking and billing users for small transactions, such as a ten-cent charge per document. The developers hope NetBill will evolve into a universal accounting system on the Internet. (Chronicle of Higher Education 4/20/93 A31) From cdodhner at indirect.com Wed Apr 20 03:30:19 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Wed, 20 Apr 94 03:30:19 PDT Subject: Privacy and the lack thereof. In-Reply-To: <9404192317.AA12080@Central.KeyWest.MPGN.COM> Message-ID: On Tue, 19 Apr 1994, Jim Sewell - KD4CKQ wrote: > name/id. Safe at last, or are you? What if "they" analyzed all the > ATM machines in that general area and got a report of everyone who > withdrew Gun_Price + 0-to-100 dollars. (Spending money). They could > narrow it down and eventually, since they suspect you anyway, get your > pix from the ATM video camera. Take this to the gun man and you're id'd. > > My point? Does everyone do what I do... carry little cash and when you > want to buy something with cash go to a machine and take it out within an > hour of your purchase? It seems to me if this is typical then we need to > look at changing that habit since it can lead someone to you, albeit with > great difficulty. Jim, I am so glad I am not as paranoid as you. It would make my life a very distubing and scarry place to be. I am also glad that you *are* that paranoid, because I wouldn't have thought of that and it's the kind of thing that at least needs to be _mentioned_ in any serious discussion of security, privacy, anonymity, etc... even if it is hard to do anything to deter such a determined and powerfull (hopefully imaginary) opponent. Next time I make an illegal puchase, I'll be sure to have my picture taken at an ATM 10 miles away *at the same time* as the purchase is being made. If 'the infamous they' attempt such a corrolation, they will discover proof posotive that I did *not* make said purchase! Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ From perry at snark.imsi.com Wed Apr 20 04:18:29 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 20 Apr 94 04:18:29 PDT Subject: Black Net In-Reply-To: <9404200040.AA10958@pilot.njin.net> Message-ID: <9404201118.AA07877@snark.imsi.com> Frederic Halper says: > Does anyone actually believe Blacknet exists this is about the > umpteenth time I have heard about some kind of Blackmarket internet > traders that are very had to find. It sounds like something out of > that Gibson book "Virtual Light" The March 21st issue of "Cyberspace Intelligence Weekly" reports that Blacknet may be selling portions of (but sadly not complete) specifications to the Skipjack algorithm. Rumor has it that they are physically based on the island of Sonsorol in the western Pacific. Perry From cat at soda.berkeley.edu Wed Apr 20 04:25:20 1994 From: cat at soda.berkeley.edu (Erich von Hollander) Date: Wed, 20 Apr 94 04:25:20 PDT Subject: remailer@soda Message-ID: <199404201125.EAA01778@soda.berkeley.edu> remailer at soda (formerly hh at soda) now uses pgp's implementatoin of idea for the encrypted response block function, making it much more secure (i hope). the code will soon be released. e From cdodhner at indirect.com Wed Apr 20 04:29:11 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Wed, 20 Apr 94 04:29:11 PDT Subject: BlackNet--the Truth In-Reply-To: <199404200607.XAA07978@netcom9.netcom.com> Message-ID: On Tue, 19 Apr 1994, Timothy C. May wrote: > I don't have time right now to dig up my last couple of explanations > of this experiment, so let me summarize for the new folks. [A very good outline of the history of blacknet followed... deleted to preserve bandwidth.] > And so that's the story. > > --Tim May I have something to add here... since the original blacknet message release, I have encountered about 7 additional blacknet posts... posts presumably not of T.C.May origination. One had to do with some TEMPEST monitoring eqip for sale, one claimed to have knowledge of some major AT&T exec's sexual preferences, yet another was offering pirated software for sale (what a joke!). Each of these posts have had thier own PGP public key attached, and a list of acceptable 'pools'. Upon adding each key to my key ring, they each claim to belong to or whatever (all identicle) but had different key id #s and one was even less than 1024bits! (the pirate warez key if I remember right...) My point being, even if Tim didn't originaly intend for it to be a 'real' thing, some people have taken it to heart. Hell, if I ever have anything shady to buy or sell (me? no, *never*!) I might just roll myself a blacknet key and do it that way myself. On a lighter note, Thanks a billion to everyone who posted a "Blacknet is real, man, stay away from them!" message today, I nearly died laughing. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ From perry at snark.imsi.com Wed Apr 20 04:39:17 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 20 Apr 94 04:39:17 PDT Subject: Milgram & Authority (+Ethics) In-Reply-To: <9404200425.AA02070@anchor.ho.att.com> Message-ID: <9404201139.AA07904@snark.imsi.com> bill.stewart at pleasantonca.ncr.com +1-510-484-6204 says: > On the other hand, it may be that the time you heard Milgram speaking > wasn't the *first* time he'd given his talk - he's probably > spoken on the topic a few gazillion times, especially if he's > talking to college audiences... Mr. Davis has stated that he heard him presenting his paper on the subject, which initially implied that Davis was there when Milgram was presenting the original research. Perry From matsb at sos.sll.se Wed Apr 20 04:41:51 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Wed, 20 Apr 94 04:41:51 PDT Subject: Side question on money laundering... In-Reply-To: <9404200459.AA03225@anchor.ho.att.com> Message-ID: On Wed, 20 Apr 1994 wcs at anchor.ho.att.com wrote: > I suspect purely legal Internet gambling would either have to go off-shore, > or convince governments not to be hypocritical about their monopolies. Perhaps not yet on the Internet but there sure is a lot of ascii-interfaced net.gambling going on internationally. The best example might be the currency market. The major Swedish telecom supplier Telia (until some years ago a monopoly like Ma Bell) recently entered a two- page ad in the biggest papers boasting of their bandwidth capacity ("we already have what the US is planning"). As an example of the usefulness of this technical superiority they announced that Stockholm players on the fast-moving net.markets had some 3-second lead in certain areas that could mean a lot of opportunities. //mb From nobody at soda.berkeley.edu Wed Apr 20 04:58:18 1994 From: nobody at soda.berkeley.edu (Tommy the Tourist) Date: Wed, 20 Apr 94 04:58:18 PDT Subject: blacknet Message-ID: <199404201158.EAA03315@soda.berkeley.edu> As someone who would know, for reasons which I cannot divulge, I can assure you that the second round of blacknet posting was pure bullshit. Perhaps the first round was actually a real thing, but the second round was merely something designed to cause annoyance, I believe. ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 7 lines: :: Response-Key: ideaclipper ====Encrypted-Sender-Begin==== MI@```%!S^P;+]AB?X9TW6\8WR:.P&2'N\0Q?\$?[H)LU*I'JZ5['LLG0QJ!` HF7+LDJLJ%R?^K*"80#@+H[-_HE-PS5;U5P)P0MJ[:LPSD&Y]'P?2/P`` ====Encrypted-Sender-End==== From paul at poboy.b17c.ingr.com Wed Apr 20 05:48:13 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Wed, 20 Apr 94 05:48:13 PDT Subject: Side question on money laundering... In-Reply-To: <199404192231.AA17439@srl03.cacs.usl.edu> Message-ID: <199404201249.AA09593@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- > Given that even I, in my isolated little backwater of South Louisiana, > find myself withing 20 miles of a casino, is it possible that the > market is saturating to the point where an internet casino would not > neccesarily be a good idea? Remember that Louisiana is one of the few states that allows casino gambling, and that even there it's limited to gambling boats. There's probably still a market for a net.casio, provided it offers the following benefits: a) ease of access from remote physical locations (so I can play poker from Alabama or Utah), b) easy conversion between casio digicash and a desired government currency, > If there is real anonymous untraceable digital cash for money > laundering with, will "real" casinos see their profits decline > as digital money sucks away that part of their business? Tim May & others seem to think that money laundering is a small part of casino business and I tend to agree. Anonymous digicash will definitely make money laundering easier for small-scale users. - -Paul - -- Paul Robichaux, KD4JZG | Out the 10Base-T port, through the router, perobich at ingr.com | over the leased line, off the bridge, past Intergraph Federal Systems | the firewall... nothing but net. Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbUknyA78To+806NAQEaXgQA0MFWn5miro8Ijs4fntgu9FaCrYCelLbf 718ZhYkoIyrivo7UWonqL9E+YsKOeRsTtpMI6S0Lx+PKvtjgmW+daDHG3G3pdA/S 3sM+1uCgGXYo0J/tKTL3QESCWW2TXqQLae7bmtEmd4nIVlbuBFE+n+2uXiriTTLS xVsq3yqFXfE= =yrbG -----END PGP SIGNATURE----- From jims at Central.KeyWest.MPGN.COM Wed Apr 20 06:29:39 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell - KD4CKQ) Date: Wed, 20 Apr 94 06:29:39 PDT Subject: Privacy and the lack thereof. Message-ID: <9404201329.AA15320@Central.KeyWest.MPGN.COM> > > Anyway, if they just want your picture for ID, it doesn't have to > be from the most recent bank transaction. People's pictures are > floating around ... Yes, this is true, but a picture from the ATM machine will place you as the one who got the bill instead of the thief that took your card and guessed your PIN. Proof is hard with current levels of tech since you can't prove something of this nature with computer files. Afterall, it may not even be me typing this right now... You'd have to be here to "catch" me to prove it in court (assuming a sane jury :). Take care Jim (Graham, sorry I sent you a second copy in mail... I forgot to check the header before sending. ) -- Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com Key West, FL 33041 CIS: 71061,1027 (305) 293-8100 "We keep coding and coding and coding..." From jims at Central.KeyWest.MPGN.COM Wed Apr 20 06:48:46 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell - KD4CKQ) Date: Wed, 20 Apr 94 06:48:46 PDT Subject: BlackNet--the Truth In-Reply-To: Message-ID: <9404201348.AA15541@Central.KeyWest.MPGN.COM> ... > My point being, even if Tim didn't originaly intend for it to be a 'real' > thing, some people have taken it to heart. ... Or perhaps they are just going along with the joke as they did with the "stay away" messages. -- Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com Key West, FL 33041 CIS: 71061,1027 (305) 293-8100 "We keep coding and coding and coding..." From killbarny at aol.com Wed Apr 20 07:43:40 1994 From: killbarny at aol.com (killbarny at aol.com) Date: Wed, 20 Apr 94 07:43:40 PDT Subject: US ID Manual Message-ID: <9404201040.tn77704@aol.com> The manual below has info on old, current, and proposed info on all D/Ls and IDs. It also contains info on Credit Cards, Alien, Miolitary, and other various types of Federal Identification. There are no PICs of FBI, DEA, CIA, etc--except for 1-800 numbers to confirm who they are. For those that can't find a way to get this, there is the ID Checking Guide for 17.95; send to: Drivers License Guide Co., PO Box 5305-Dept. 94, Redwood City, CA 94063. You can call 1/800-227-8827. This is the one bouncers use at nightclubs. Not as detailed as the one below. For US $149.00, one can purchase the US Identification Manual, on the condition that: 1) Be a previous purchaser of the US ID Manual. 2) Purchase Order or Department letterhead from a government agency or recognized business entity. 3) Proof of licensing with a professional board regulating private investigators, guard services, etc. 4) Xerox of Identification issued to an individual member of a law enforcement department. Send Name, Telephone, Title, Organization, Dept. within Organization, Address, City, State, Zip TO: U.S. Identification Manual, Division Driver's License Guide Company, Dept. 1A 1492 Oddstad Drive Redwood City, CA 94063 From strops at netcom.com Wed Apr 20 07:48:16 1994 From: strops at netcom.com (Joseph Urbanski) Date: Wed, 20 Apr 94 07:48:16 PDT Subject: Remailer Musings In-Reply-To: <9404200517.AA04049@anchor.ho.att.com> Message-ID: On Wed, 20 Apr 1994 wcs at anchor.ho.att.com wrote: > Philippe Nave suggests that an anonymous remailer should do more than > delete the originator's origin from a message, it should also try to > hide its own origin. In some networking protocols, you can do an ok > job of that - dialup networks that don't validate origins, for instance, > though even there the Phone Company may be able to trace who called whom. > With other protocols, you can't cover your tracks very well - > TCP/IP messages do carry their originator's IP address, and there's > no way you can stop the receiving mailer from logging your address > even if you lie to it when generating mail headers; some mailers > not only log your address, but refuse to accept connections if you're lying. > > So they're going to find you anyway, if they're determined enough; > the strength in the remailer system comes from the service provided > by the remailer itself, and having the remailer forge its address on > outgoing connections may annoy the people it connects to as much as > being a remailer in the first place. Remailers become much more > effective when you have a bunch of them in multiple countries, > which makes it much harder for governments to pressure operators, > especially if they want to avoid publicity. > > On the other hand, copyright laws are a sticky situation; > Europe and the US operate under common conventions, and there may > be more the US can do in, say, Finland for copyright violations > than they can do for gambling or income tax evasion for a remailer > at credit-suisse.com.ch . > > Bill > It seems to me the obvious solution to this problem, is for someone (with the means & incentive) to set up remailers in countries outside the jurisdictions of the US (and other countries with similar copyright laws) that simply REFUSE to track points or origin. Yes, the remailer has to be capable of determining point of origin in order to be able to function, but by no means must it be set up to do so. The world is a big place, and don't think it would be too dificult to find a place where the local authorities would have no interest in enforcing US copyright laws. Or maybe we can talk Bill Gates into installing a T1 to antarctica ;-) -Jay ------------------------------------------------------------------------------- PGP Public Key Available via finger. PGP Fingerprint: 11 43 3F CE 63 3A A6 0A FF 71 6E 02 45 DC F4 C0 Joseph J. Urbanski Jr. ------------------------------------------------------------------------------- From trestrab at GVSU.EDU Wed Apr 20 07:50:26 1994 From: trestrab at GVSU.EDU (BETH TRESTRAIL) Date: Wed, 20 Apr 94 07:50:26 PDT Subject: Driver's License info Message-ID: <9403207668.AA766863482@GVSU.EDU> uni writes: >What might be really useful is a list of the different measures >used on all the states ID's. > >For example: > >Maryland uses a magnetic strip, Digitized Photo and a bar code. >All that is printed on a credit card like card and not laminated. >Military ID's are green and white paper with a polaroid and a >signiture, normal lamination. >Illinois is a normal lamination with a complete photo within, >no bar code or strip, no digitized photo record. > >Anyone want to further the list? I wouldn't mind compiling the >information. > Michigan DLs have a Poloroid photo in the lower left corner and are laminated in plastic embossed on the front with the state seal. Jeff trestrab at gvsu.edu From trestrab at GVSU.EDU Wed Apr 20 07:50:29 1994 From: trestrab at GVSU.EDU (BETH TRESTRAIL) Date: Wed, 20 Apr 94 07:50:29 PDT Subject: Remailer Musings Message-ID: <9403207668.AA766863508@GVSU.EDU> kitten writes: >On the other hand, part of the rules of being a common carrier are >that one is *required* to cooperate with appropriate >authorities to prevent this sort of abuse and to catch said >abusers if/when it happens. I suspect that Mr. Templeton's >lawyer could make a case that by setting up a remailer >where one cannot "trace calls," one is violating the >requirements of being a common carrier, and thus is >responsible for content. The PO delivers mail whether or not it has a return address, let alone whether it has a _correct_ return address, so I suspect that Mr. Templeton's lawyer would have to be very creative indeed to pass that analogy by anyone who isn't asleep at the wheel. I think his thinly veiled warnings re: remailer operator legal liability are an attempt to intimidate, as it can get expensive to defend yourself even from a very weak claim ....... just ask Phil Zimmerman. Jeff trestrab at gvsu.edu From trestrab at GVSU.EDU Wed Apr 20 07:50:35 1994 From: trestrab at GVSU.EDU (BETH TRESTRAIL) Date: Wed, 20 Apr 94 07:50:35 PDT Subject: Side question on money laundering... Message-ID: <9403207668.AA766863560@GVSU.EDU> Phil Fraering writes: >Given that even I, in my isolated little backwater of South >Louisiana, find myself withing 20 miles of a casino, is it >possible that the market is saturating to the point where >an internet casino would not neccesarily be a good idea? > >If there is real anonymous untraceable digital cash for money >laundering with, will "real" casinos see their profits decline >as digital money sucks away that part of their business? > The most likely use of the Internet for gambling is for bookmaking, not casino games. Encryption and untraceable digital cash will allow even those "in [an] isolated little backwater of South Louisiana" to compete for biz with the books in Lost Wages, NV and the larger cities. The only real barrier to entry will be capital sufficient to render the risk of ruin insignificant; thats not a _small_ barrier, though. Jeff trestrab at gvsu.edu From trestrab at GVSU.EDU Wed Apr 20 07:50:46 1994 From: trestrab at GVSU.EDU (BETH TRESTRAIL) Date: Wed, 20 Apr 94 07:50:46 PDT Subject: Remailer Musings Message-ID: <9403207668.AA766863588@GVSU.EDU> Lefty writes: >There is not, to the best of my knowledge, any such thing as "a legal >pseudonym". DBAs (doing business as) registrations are "legal psuedonyms", although they don't have any bearing on the discussion at hand. (Just a FYI.) Jeff trestrab at gvsu.edu From talon57 at well.sf.ca.us Wed Apr 20 08:03:12 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Wed, 20 Apr 94 08:03:12 PDT Subject: magnetic card technology Message-ID: <199404201503.IAA22098@well.sf.ca.us> There is an interesting article on Magnetic card technology in Phrack37, I could send it to interested parties. It's about 46k. Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth From frissell at panix.com Wed Apr 20 08:09:53 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 20 Apr 94 08:09:53 PDT Subject: Safeway + Your Privac Message-ID: <199404201509.AA09448@panix.com> To: cypherpunks at toad.com P >Hmmm... In this scenario, wouldn't Safeway wind up eating the bad P >checks? I realize that it would be a royal pain in the ass for the P >victim (the checkbook owner) to sort out the mess, but it would seem to P >me that the victim could prove that he/she didn't sign the checks, P >leaving Safeway in the position of having exchanged groceries for P >worthless paper. In the case of a forged drawer's signature (forged signature of the account holder) on a check, the bank that pays on the forgery is liable. This is because in theory a check is an order to your bank to pay on your order and a forgery is not a valid order from you. If a check is paid based on a forged *endorsement* on the other hand, the transaction can be walked back until the person who first accepted the forged endorsement is stuck with the loss. This is because everyone in the endorsement chain has a claim that is based on the validity of prior endorsements. DCF Privacy 101: If you don't want to answer the questions on the form because they invade your privacy -- don't. If you want to complete the form to get something out of someone -- lie. The best way to lie on a form is to select answers out of the "answerspace" of potential answers that give no useful information about you. Given the complexity of human existance, "answerspace" is large enough that you can usually select "true" answers about you that give no useful information. Name: Whatever Address: Mail Drop Phone Number: Voice Mail SS#:???-??-???? Something vetted by SSN.EXE Last Address: Somewhere Overseas Photo ID: Employment/Student ID Credit Card: Secured VISA card Health Security Card: Sorry, I'm a non-resident alien. *Netiquette Alert -- Signature longer than message.* --- WinQwk 2.0b#1165 From deeb at meceng.coe.neu.edu Wed Apr 20 08:24:06 1994 From: deeb at meceng.coe.neu.edu (Stephen Humble) Date: Wed, 20 Apr 94 08:24:06 PDT Subject: Black Net In-Reply-To: <9404192347.AA20459@internal.apple.com> Message-ID: <9404201521.AA14346@meceng.coe.neu.edu> lefty at apple.com (Lefty) sez: > Do _not_ mess with those BlackNet folks. You'll wind up face-down > in a landfill, and spend eternity playing pinochle with Jimmy Hoffa. Do you have any evidence that the BlackNet people have committed violence against someone, either before or after forming BlackNet? lefty at apple.com (Lefty) sez: > Trust Me On This. Nothing personal, I don't trust anyone. Stephen From jamesf at apple.com Wed Apr 20 08:39:15 1994 From: jamesf at apple.com (Jim Franklin) Date: Wed, 20 Apr 94 08:39:15 PDT Subject: Banyan vine use by US Marine Corps... Message-ID: <9404201539.AA10864@apple.com> Well, it turns out that either there was a mass pranking, or our gateway here at apple had a moment of flatulence, because other coworkers have received random mailing list letters too. Thanks for the info though. jim From juola at bruno.cs.colorado.edu Wed Apr 20 08:59:25 1994 From: juola at bruno.cs.colorado.edu (juola at bruno.cs.colorado.edu) Date: Wed, 20 Apr 94 08:59:25 PDT Subject: Remailer Musings Message-ID: <199404201559.JAA08006@bruno.cs.colorado.edu> Does anyone have a cite to support the notion that common carriers are obligated to assist in the identification of users of their services? I got it at the January '94 USENIX tutorial on Internet and the Law. Given that it's still being taught, it should be no problem for anyone with interest to confirm that. I received annoying phone calls for a period of time, and the local phone company (US West) said they'd only get involved once I had an "incident number" (or some such) from the police department, and that information gathered would only be released to the police. I suppose if I actually filed a civil suit against the harassing party (even as a John Doe?) I could then use the discovery process to compel them to release their relevant records - but that's not really the scenario that Brad and 'kitten' seem to imagine. Um, speaking for myself and not Brad, that's exactly the situation where this sort of thing would be problematic. Copyright infringement is a criminal offence as well as a civil tort. So if Brad (or the newswire) wanted to push it, they could try to haul the remailer operator into court. And if he claimed to be a "common carrier," he's supposed to help. If he's unable (read, unwilling by design) to help, then it's possible that a judge could find that he's not a common carrier and therefore liable. Of course, I'm not a lawyer myself. And the law, in its infinite majesty, can do strange things. I personally believe that remailer operators should be considered to be common carriers, but that's a very tricky proposition to justify in a court. - kitten From perry at snark.imsi.com Wed Apr 20 09:10:34 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 20 Apr 94 09:10:34 PDT Subject: Remailer Musings In-Reply-To: <199404201559.JAA08006@bruno.cs.colorado.edu> Message-ID: <9404201610.AA08273@snark.imsi.com> juola at bruno.cs.colorado.edu says: > If he's unable (read, unwilling by design) to help, then it's possible > that a judge could find that he's not a common carrier and therefore liable. Of course, the phone company is unable (read, unable by design) to help every day -- ask them sometime who called you at 10pm last Tuesday even WITH a court order some time. > Of course, I'm not a lawyer myself. As you yourself note, you aren't. Personally, I'd rather leave this to folks like Mike Godwin who are. Perry From jim at bilbo.suite.com Wed Apr 20 09:16:42 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Wed, 20 Apr 94 09:16:42 PDT Subject: Remailer Musings Message-ID: <9404201609.AA17197@bilbo.suite.com> It might be worthwhile to create a remailer package for a remailer that only sends to other known remailers. People hesitant about running a full service remailer may still be willing to run a behind-the-front-lines remailer. Jim_Miller at suite.com From lefty at apple.com Wed Apr 20 09:22:16 1994 From: lefty at apple.com (Lefty) Date: Wed, 20 Apr 94 09:22:16 PDT Subject: Black Net Message-ID: <9404201621.AA06273@internal.apple.com> >lefty at apple.com (Lefty) sez: >> Do _not_ mess with those BlackNet folks. You'll wind up face-down >> in a landfill, and spend eternity playing pinochle with Jimmy Hoffa. > >Do you have any evidence that the BlackNet people have committed >violence against someone, either before or after forming BlackNet? Pardon my asking, but Who Wants to Know, and Why Should I Tell You? >> Trust Me On This. > >Nothing personal, I don't trust anyone. Suit yourself, but don't have your next-of-kin come crying to me to tell them which batch of Little Friskies you wound up in. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil Wed Apr 20 09:40:24 1994 From: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil (SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil) Date: Wed, 20 Apr 94 09:40:24 PDT Subject: Anonymous Remailers Message-ID: <9404201640.AA06608@toad.com> Since I am new, I have a question concerning remailers. I hear people talking about them, and was wondering what types of systems they are supported on, and how do I get added to one. Thanks, Sgt Darren Harlow - Computer Security MCTSSA, Camp Pendleton, USMC Internet: harlowd at nwsfallbrook3.nwac.sea06.navy.mil or another less reliable & slower: harlow at mqg1.usmc.mil Voice: Comm: (619) 725-2970 DSN (Autovon): 365-2970 Fax: Comm: (619) 725-9512 DSN (Autovon): 365-9512 PGP Public key available upon request "The views expressed are my own, and always will be..." From es5c+ at andrew.cmu.edu Wed Apr 20 09:52:01 1994 From: es5c+ at andrew.cmu.edu (Ethan D Schartman) Date: Wed, 20 Apr 94 09:52:01 PDT Subject: What the heck is this? Optical noise encryption? In-Reply-To: <199404200614.CAA17953@eff.org> Message-ID: <0hhJpdu00awQ43bWUj@andrew.cmu.edu> I don't know much about his "optical noise" encryption, but Scientific American ran an article in the Amatuer Scientist column outlining an encryption scheme involved much the same ideas. Their scheme was to find, and digitize a chaotic source as a carrier signal and then add the information to the signal. Decryption involved subracting the source signal from the encoded one. Information encrypted this way would be positively unbreakable by anyone without the chaotic source, as the whole scheme is entirely random. The biggest problem is of course, transmitting the source in a secure manner. It is not enough to know the configuration of the generator of the source, unless you also the _exact_ initial conditions (which are, of course, impossible). One solution to this problem might be to use a recursive equation to generate a source from a small (one-hundred+ digit) seed, and the number of iterations necessary to reproduce the source. The nice thing about this is that the equation could also be customized, something like: x= (k)(x^2)+a, where "a" and "k" are constants that may be altered, thus providing two methods of encryption. This scheme would also be a solution to the problem of the source being corrupted during transmission (which would ruin any attempts to use it). But the equation and the seed would still have to be transmitted somehow. Hmmm.... you could openly send the seed and the encoded information, and then call the reciever to tell them to convert a given sentence into decimal equivalent...etc From perry at snark.imsi.com Wed Apr 20 09:58:35 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 20 Apr 94 09:58:35 PDT Subject: What the heck is this? Optical noise encryption? In-Reply-To: <0hhJpdu00awQ43bWUj@andrew.cmu.edu> Message-ID: <9404201658.AA08337@snark.imsi.com> Ethan D Schartman says: > One solution to this problem might be to use a recursive equation to > generate a source from a small (one-hundred+ digit) seed, and the > number of iterations necessary to reproduce the source. The nice thing > about this is that the equation could also be customized, something > like: x= (k)(x^2)+a, where "a" and "k" are constants that may be And at this point I've just built an ordinary PRNG+Xor based stream cipher and the usual techniques to break it all apply. All this "encryption with chaos" stuff just adds up to "look at my fancy PRNG", which of course is a game that crypto people have been playing for a long time. I'm starting to get alarm bells go off every time "chaos" is mentioned. Perry From qjones at infi.net Wed Apr 20 10:15:46 1994 From: qjones at infi.net (Wayne Q Jones) Date: Wed, 20 Apr 94 10:15:46 PDT Subject: Sgt Russell In-Reply-To: <9404191357.AA07348@toad.com> Message-ID: EITHER YOU are very thin skin or this is a mock tirade. IF you want to know what I think ask. DOn't assume or put words in my mouth. I know marines are trained to take orders...So LIGHTEN UP *-). The END..\ ]Wayne On Tue, 19 Apr 1994 SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil wrote: > Wayne, > I am sorry that my being on this list is offensive to you. I joined > this list to learn about cryptography. If anything, I would think that you > would want to help a new person get up to speed. If you can't grow up and > treat other people like human beings, maybe you ought to take yourself off of > the list and go play with your private key by yourself. > > My job is important to me. Learning about cryptography is going to > help me protect my systems and my messages. I have no desire to eavesdrop on > what you or anyone else is doing on this list. I merely want to learn, and > possibly contribute to the threads on the list. I have received several > responses from people on the list and really appreciate that. I hope this > helps to clarify my position on this list. > > Sgt Darren Harlow - Computer Security > MCTSSA, Camp Pendleton, USMC > Internet: harlow%isb%mctssa at nwsfallbrook3.nwac.sea06.navy.mil > or another less reliable & slower: harlow at mqg1.usmc.mil > Voice: Comm: (619) 725-2970 DSN (Autovon): 365-2970 > Fax: Comm: (619) 725-9512 DSN (Autovon): 365-9512 > PGP Public key available upon request > "The views expressed are my own, and always will be..." > **************************************************************************** Qjones at infi.net She kissed me- I felt the hot blush * * Qjones at larry.wyvern.com Of raging passion incinerate my heart * **************************************************************************** From qjones at infi.net Wed Apr 20 10:19:33 1994 From: qjones at infi.net (Wayne Q Jones) Date: Wed, 20 Apr 94 10:19:33 PDT Subject: warrantless searches In-Reply-To: <9404191459.AA16266@jungle.meaddata.com> Message-ID: In VA. you only need a permit to carry a concealed weapon. If it is not conealed you are ok.... On Tue, 19 Apr 1994, Stephen Williams wrote: > > > As a lifetime Chicago resident, let me add my $.02 > > > ... > > Besides, Handguns are illegal in Chicago, and have been for more > > than a decade....... > > > > > > > > Brian Williams > > Extropian > > Cypherpatriot > > I was in Chi. a couple of years ago and happened to run into a guy > just getting home that had a handgun strapped to his belt in plain > view. Is there a license for this or must you be a private > eye/police/security for this? I doubt it was illegal, unless he was > just asking for trouble. > > It was in a reasonably bad neighborhood on the East side. (Ahem, made > a wrong turn...) > > I know that in OH there are some interesting laws: I had a lawyer > friend who wore a gun even when he went out drinking in bars because > of the types of clients he represented. Supposedly the local police > had cleared it or something based on some legal exception. (In Ohio, > there are signs posted in bars that having a handgun in a licensed > liquor establishment has such and such mandatory sentence.) > > sdw > -- > Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager > LIG dev./sales Internet: sdw at lig.net > OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 > Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together > Newbie Notice: (Surfer's know the score...) > I speak for LIGCo., CCI, myself, and no one else, regardless of > where it is convenient to post from or thru. **************************************************************************** Qjones at infi.net She kissed me- I felt the hot blush * * Qjones at larry.wyvern.com Of raging passion incinerate my heart * **************************************************************************** From qjones at infi.net Wed Apr 20 10:23:51 1994 From: qjones at infi.net (Wayne Q Jones) Date: Wed, 20 Apr 94 10:23:51 PDT Subject: Intolerance on the list (was Re: Sgt Russell) In-Reply-To: <9404190827.ZM6626@dpair.csd.sgi.com> Message-ID: OK Russell, you're next..... This is my response to your Kool-AId tirade... pppphhhhTTT! re: Bill the Cat. **************************************************************************** Qjones at infi.net She kissed me- I felt the hot blush * * Qjones at larry.wyvern.com Of raging passion incinerate my heart * **************************************************************************** From wcs at anchor.ho.att.com Wed Apr 20 10:26:58 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 20 Apr 94 10:26:58 PDT Subject: What the heck is this? Optical noise encryption? Message-ID: <9404201724.AA10742@anchor.ho.att.com> > All this "encryption with chaos" stuff just adds up to "look at my > fancy PRNG", which of course is a game that crypto people have been > playing for a long time. I'm starting to get alarm bells go off every > time "chaos" is mentioned. Yeah. On the other hand, chaotic stuff like Mandelbrot and Julia sets are good for generating lots of pretty pictures to hide steganography under, as long as you leave out the coordinates you're generating from. From qjones at infi.net Wed Apr 20 10:33:13 1994 From: qjones at infi.net (Wayne Q Jones) Date: Wed, 20 Apr 94 10:33:13 PDT Subject: Sgt Russell In-Reply-To: <9404191553.AA11520@internal.apple.com> Message-ID: I see the Left hand of prognosticatory brilliance rears his beetled brow. I'll just key my chaff maker and divert this dum dum missile. On Tue, 19 Apr 1994, Lefty wrote: > > I am sorry that my being on this list is offensive to you. I joined > >this list to learn about cryptography. If anything, I would think that you > >would want to help a new person get up to speed. If you can't grow up and > >treat other people like human beings, maybe you ought to take yourself off of > >the list and go play with your private key by yourself. > > I wouldn't worry about Wayne: other than an annoying propensity to toss > around TLAs in such a way as to make it fairly clear that he doesn't really > know what he's talking about, and a strong case of inappropriate paranoia, > I suspect he's generally harmless. > > Annoying, tedious and occasionally laughable; but generally harmless. > > -- > Lefty (lefty at apple.com) > C:.M:.C:., D:.O:.D:. > > **************************************************************************** Qjones at infi.net She kissed me- I felt the hot blush * * Qjones at larry.wyvern.com Of raging passion incinerate my heart * **************************************************************************** From uri at watson.ibm.com Wed Apr 20 10:34:35 1994 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Wed, 20 Apr 94 10:34:35 PDT Subject: cryptophone ideas In-Reply-To: <199404192239.AA17456@srl03.cacs.usl.edu> Message-ID: <9404201734.AA14063@buoy.watson.ibm.com> > >The ideal phone might be based on CPU's, RAM, and DSP's, with no > >DES chips or anything like that. Probaly CPU is not necessary... > Have you seen the prices of used original NeXT equipment lately, > or just the prices of single system boards from back in the 68030 > era? No. Care to enlighten? > Anyway, why do you need a DSP? I have read in several places that > DSP's are going to be "replaced" by the CPU as time goes on and the > CPUs just get more and more powerful. Since, as somebody has already mentioned, DSP is a CPU optimized for price/performance in digital signal processing, the statement above sounds funny. DSP chips will always be cheaper than general purpose CPUs offering at least comparable performance. -- Regards, Uri uri at watson.ibm.com scifi!angmar!uri N2RIU ----------- From ph at netcom.com Wed Apr 20 10:50:42 1994 From: ph at netcom.com (Peter Hendrickson) Date: Wed, 20 Apr 94 10:50:42 PDT Subject: 15 out of 16 times (math, not laundry) In-Reply-To: <9404192201.AA13670@newton.apple.com> Message-ID: <199404201751.KAA04284@mail.netcom.com> >>Pretend the casino is run out of a church. "Parishioners" arrive and >>enter a confessional to place their bets. The "priest" cannot see who >>is placing each bet. Each "parishioner" plays until he or she is >>broke. "Parishioners" arrive at a steady rate and will do so >>indefinitely. > Let me just make sure I understand what you mean. I believe you are saying: > Conjecture A: > A.1 As parishoners play and leave, the division of wealth approaches the > `odds' of the game. Thus if the odds are .51 house (of God), .49 > parishoner, then eventually the house will end up with 51 cents > out of every dollar `played'. Just as it would if the church were > playing against one very wealthy parishoner (i.e., the `world'). > A.2 Since there are a large number of parishoners, enough games can > always be played to make the distribution match the odds. > If this is _not_ what you mean to say then I apologize for missing your > point; read no further---just send me explanations to clear up my > mis-understanding. If Conjecture A is accurate statement of your belief, > then please step across this line. I agree with both conjectures. > ---------- > Let me walk through your model, one parishoner at a time. Please read this > with an open mind; it could be true. >> Each "parishioner" plays until he or she is broke. > Lets say the odds of the game are .51 to .49. Each parishoner has $100. > Each parishoner plays until broke. > At some point in play, the distribution of wealth with respect to _that > player_ may be arbitrarily close to c=$51, p=$49. What, though, is the > distribution at the _end_ of that game? Since each game only ends when the > p=$0, the distribution is c=$100, p=$0. On to the next parishoner. > After the 9th, but before the 10th parishoner, the distribution must be > c=$900, p[10]=$100. It can't be worse than that for the church, or we > wouldn't have moved on to the 10th parishoner. It can't be better for the > player because each has only $100 to wager. After the n'th, c=$100n, > p[n+1]=$100. > Conjecture A predicts that as n, the number of players, goes to infinity, > c, the fraction of money won by the church, approaches C, the probability > the church will win a single trial. But in fact, the model shows that as n > approaches infinity, c goes to 1. There is a slight difference between what Conjecture A predicts and this statement. Conjecture A predicts that as b, the number of bets, goes to infinity the fraction of bets won will approach C, the probability that the church will win a single trial. > Where could one disagree with this interpretation of the model? You should think about what you mean by "fraction of money". I think there is a seductive error here. In one sense, we mean the amount of money placed on bets, but we also mean the actual bank notes in play. These concepts address two different things. Whether or not banknotes are recycled by the parishioners will not affect the church's winnings. > [...Deleted parts which I think are answered above...] >>The chance of the "church" to win or lose is the same on every >>bet, regardless of who places it. > That is true. But the only way the player can realize his mathematical > expectations is if he is allowed to continue playing even after he is out > of money (i.e., so he can climb back out of the hole). Each parishioner has a high probability of losing their savings and a low probability of winning everything owned by the church. It is possible for any single parishioner to win everything, but it is unlikely. > Ok, the first player goes out, but the infinity of players after him > can make up for that, right? Wrong, because on his way to winning > back the first players money, if the second player goes broke, _his_ > game is over. Now its up the third guy, ad infinitum > (literally)..... just because the series is infinite doesn't mean > the sum is. > No set of players, all of whom go broke, break the church. Therefore, for > the series to end it must be instigated by a set of players that includes > at least one who doesn't go broke (i.e., the church goes broke instead). > In fact, a single player who doesn't go broke ends the series without any > help from other players. > Thus, to stem the tide of pious donations (i.e., the church's > winnings), a single player with enough money to `outlast' the church > is required. The player needs to be lucky. Let's say the church's assets are H dollars. In order for it to lose everything, it has to have a series of bets whose sum is a negative value less than -H. This series has a beginning - the point at which the church's assets dropped below H and moved down to 0. If parishioners play until they win or are broke, the player who took the church below H will be the same player who wins everything. (I am assuming fixed size bets, but the conclusions can be generalized.) This player wins because he or she was fortunate enough to place the first bet in the series. Having more capital means that more bets can be placed. That increases the probability of placing the first bet in the winning series, but does not affect the odds of the church losing everything. > Hope you found this interesting but not insulting, I found it interesting. Your message was written clearly. I've seen this question and similar ones come up again and again in discussions of gambling, trading, and insurance. It would be nice if having a large body of capital would allow one to "make money off the noise", but it isn't so. It has been observed that small traders in the futures markets tend to lose money to large traders. One way this has been explained is that the large traders outlast the small traders with their larger capital and that is how they make money. I think a more likely explanation is that the large traders tend to make good trades. Peter From jim at bilbo.suite.com Wed Apr 20 10:53:10 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Wed, 20 Apr 94 10:53:10 PDT Subject: Press Release on Secure NCSA Mosiac Message-ID: <9404201745.AA18797@bilbo.suite.com> > No, but hopefully the standard can be extended > (officially or unofficially) to include them, even if > only a relatively small fraction of organisations will > use the privacy-protection extensions initially. > Hopefully once some organisations are doing so they'll > have a real competitive advantage over those who want to > collect marketing data. > I find it hard to believe a company that does *not* collect marketing data will have a competitive advantage over a company that *does* collect marketing data. Jim_Miller at suite.com From unicorn at access.digex.net Wed Apr 20 10:55:21 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 20 Apr 94 10:55:21 PDT Subject: Black Net Message-ID: <199404201755.AA12490@access1.digex.net> -> Do you have any evidence that the BlackNet people have committed violence against someone, either before or after forming BlackNet? <- Providing evidence like this publically is about the equivilant of suicide. You really don't know who your dealing with do you? From nobody at shell.portal.com Wed Apr 20 10:57:11 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Wed, 20 Apr 94 10:57:11 PDT Subject: Random number troubles Message-ID: <199404201758.KAA13781@jobe.shell.portal.com> _The Toronto Star_ Wednesday, April 20, 1994 `Computer nerd' outsmarts casino Wins $200,000 pot -- twice in a row MONTREAL (CP) -- Ask Daniel Corriveau how he beat staggering odds to win $400,000 at the Montreal casino and he'll talk about a butterfly flapping its wings in Bejing. After the computer consultant hit a $200,000 jackpot twice in a row playing electronic Keno 10 days ago, the casino shut down the popular lottery-type game and started an investigation. He has yet to collect. "I'm confident I will get the money," Corriveau said. "It's a normal process for the casino to be investigating." Celebrated by Quebecers as a mild-mannered genius who beat the system, the province's latest hero is a computer nerd who claims to have used "chaos theory" to defy mind-numbing odds at the casino. The arcane mathematical concept, which the 40-year old Corriveau found himself expounding on television, is based on the notion that random-looking data aren't so random. One of the theory's axioms is that if a butterfly flaps its wings in Bejing, it will have an effect on the weather system in New York City. The rules of Keno are less esoteric. Placing bets of between $2 and $5, gamblers try to pick some of the 20 numbers that are drawn from an 80-number pool in the computerized game. On April 10, Corriveau managed to pick 19 of 20 numbers twice in a row, a feat not accomplished even once since the casino opened last October. Corriveau said he discovered "a bug in the system" that made the Keno odds more player-friendly. Corriveau visited the casino about a dozen times over four months, writing down the winning sequences of numbers. The brainy bettor plugged the data in to his home computer and put on his thinking cap. "I found the same 19-number sequence twice in 240 draws," he explained, "That proved the weakness in the system." From michael.shiplett at umich.edu Wed Apr 20 11:01:46 1994 From: michael.shiplett at umich.edu (michael shiplett) Date: Wed, 20 Apr 94 11:01:46 PDT Subject: Driver's License info In-Reply-To: <9403207668.AA766863482@GVSU.EDU> Message-ID: <199404201801.OAA12461@totalrecall.rs.itd.umich.edu> "bt" == jeff(???) writes: > uni writes: >> What might be really useful is a list of the different measures >> used on all the states ID's. [other states' info deleted] bt> Michigan DLs have a Poloroid photo in the lower left corner and bt> are laminated in plastic embossed on the front with the state bt> seal. Just last week the Michigan Secretary of State, Richard H. Austin, proposed adding a magstripe to the driver's license. I don't recall hearing information on what data would be stored. Also in Michigan news, the University of Michigan is moving to a single University ID card (there are currently separate ones for housing, staff, etc.). In conjuction with this move, one's University ID number will no longer be one's Social Security number + check digit. For some bizarre reason, however, the soc number still appears on the back of the card--along with a magstripe using the ABA format. A proposal to encode one's digital photgraph was, I believe, not implemented--yet. Oh yeah, the card also has one's signature, but instead of one signing the card before laminating, one signs on a low-res graphics tablet and the digital image is affixed to the card--I don't remember if it appears in the magstripe too. I have the UM score as: + 5 for moving to a non soc-based id number + 1 for not including a digital photo in the magstripe -10 for continuing to print the soc number on the card -10 for continuing to use place a written signature on the card michael From sameer at soda.berkeley.edu Wed Apr 20 11:09:44 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Wed, 20 Apr 94 11:09:44 PDT Subject: Random number troubles In-Reply-To: <199404201758.KAA13781@jobe.shell.portal.com> Message-ID: <199404201809.LAA01567@soda.berkeley.edu> > "I found the same 19-number sequence twice in 240 > draws," he explained, "That proved the weakness in > the system." > Looks to me like a plain ol' weak PRNG. How does chaos theory come into it? From nobody at jarthur.cs.hmc.edu Wed Apr 20 11:11:01 1994 From: nobody at jarthur.cs.hmc.edu (nobody at jarthur.cs.hmc.edu) Date: Wed, 20 Apr 94 11:11:01 PDT Subject: Privacy in the Projects Message-ID: <9404201810.AA08117@toad.com> ********************************************** yo,... check it out. here in the projects--we want privacy to... know what i'm sayin'? and 'punks, keep up the good work with that PCP [Pretty Cool Privacy]. and sarge, be cool, there's a lot of good brothers in the service--Semper Fi! when the infobahn gets to the projects, we'll be waitin' -O.G. ********************************************** L.A. Times 4/19/94 B1 Security Plan Draws Fire by Edward J. Boyer Safety: Public housing residents pan the proposal for metal detectors and gun searches at L.A. projects. President Clinton�s call for tougher security in public housing projects, including metal detectors and random searches, was generally rejected Monday by residents at the Nickerson Gardens project in Watts. "We should not have any more sets of rules than the public at large just because we live in public housing," said Nora King, a past president of the project's Residents Advisory Council. Clinton made his call Saturday in an effort to rid gang-infested housing projects of guns after a federal judge in Chicago blocked authorities from conducting sweeps for weapons. The judge ruled that the sweeps violated constitutional protections against unreasonable searches and seizures. Public housing residents in Chicago requested the sweeps because they are "nearly desperate with conditions as they are," said Housing and Urban Development Secretary Henry G. Cisneros. But Los Angeles is not Chicago with its high-rise public housing, residents at Nickerson Gardens said. "People get robbed and raped in those elevators," King said. "From what I've seen, Los Angeles has it far better than people in Chicago." Metal detectors might make sense in Chicago, but there are no elevators and no common entry areas in the 1,066-unit Nickerson Gardens, the city's largest public housing project, residents said. "Where would they put metal detectors here?" asked Larry Moore, 25, who has lived in the projects all his life. "At everyone's front door?" Along with suggesting metal detectors, Cisneros said housing officials can retake their projects from gangs and drug dealers by erecting fences around the complexes, by conducting weapons searches in common areas such as on the grounds and in stairwells, and by urging tenants to sign consent forms permitting police searches. The get-tough policies "are targeted to Chicago, but the same approach will be available to other communities," Cisneros said Saturday. A Chicago police officer visiting Locke High School in Watts on Monday as part of an anti-gang rap music show said he is opposed to weapons sweeps at housing projects in his city. "Why sweep the buildings, when we should be sweeping the public schools, the entire neighborhoods," said Officer Eric Davis, 32, who is touring several cities with two other Chicago officers. The trio's rap group is called the Slick Boys. "We can chase guns out for one week," said Davis, who patrols Chicago's Cabrini Green public housing project. "But what about when the searches stop? We want to figure out how to give people self- esteem--give them a future." Weapons searches at Nickerson Gardens are not necessary, said Delaina Carr, a 15-year resident, "because people have a right to privacy." Security guards at night would be more helpful, she said. A RAND study released last year showed that the crime rate in Los Angeles public housing projects was three times as high as the citywide average from 1986 to 1989. But by the time the study was released, a reduction in violent incidents had begun, housing officials said. Gang violence, drugs and burglaries are still a concern, Carr said, but "it is quieter here since the gang truce a year and a half ago. You still hear gunshots, but you don't feel like a prisoner in your own unit." Fences, as suggested by Cisneros, might help control some crimes-- especially those committed by people who do not live in the project, Carr said. "They would improve security," she said. "People couldn't run from police who could catch them easier before they could climb a fence." King said a survey of residents several years ago showed that the majority were opposed to fencing in the project's 68.8 acres. But that attitude seemed to soften later, she said, and some residents now would support an architecturally attractive fence. Moore gave a qualified endorsement to weapons searches, saying: They could be cool. But they could lead to a lot of harassment." He said he is skeptical about any proposal to search people who look suspicious. "I've seen criminals in three-piece suits," he said. For one woman standing in her doorway, allowing searches is a moot question. "They do it now, anyway, don't they?" she asked. One man who has lived at Nickerson Gardens for 31 years said he would support bringing in more police, but only if the new officers "know what's going on here." "Train some of the residents to be police," said the man, who asked to remain anonymous. "We don't need police who've been watching too much television news." King supports hiring people who live in the community, and she is convinced that such officers would respond more quickly to calls. "It takes hours for the Housing Authority police to respond--if they come at all," she said. "If you're not white, you don't get that quick response." ********************************************** later. From lefty at apple.com Wed Apr 20 11:20:16 1994 From: lefty at apple.com (Lefty) Date: Wed, 20 Apr 94 11:20:16 PDT Subject: Sgt Russell Message-ID: <9404201819.AA09529@internal.apple.com> Wayne Q Jones regales us with > I see the Left hand of prognosticatory brilliance rears his beetled brow. >I'll just key my chaff maker and divert this dum dum missile. and >OK Russell, you're next..... >This is my response to your Kool-AId tirade... pppphhhhTTT! I see you were sticking your tongue out at Russell. I need to know whether you were sticking your tongue out when you responded to my message as well. By the way, I believe the word you're groping for is "prognosticative". If "prognosticatory" _is_ a word, which I doubt, it should be marched out back and shot immediately. I bet if you get someone to help you look it up and sound out the words in the definition for you, you might even have a fighting chance of using it properly in a sentence next time. Try asking one of the older children, if you can find one who isn't inclined to beat you up on sight. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From whitaker at dpair.csd.sgi.com Wed Apr 20 11:27:44 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Wed, 20 Apr 94 11:27:44 PDT Subject: Intolerance on the list (was Re: Sgt Russell) In-Reply-To: Message-ID: <9404201116.ZM9341@dpair.csd.sgi.com> On Apr 20, 1:20pm, Wayne Q Jones wrote: > Subject: Re: Intolerance on the list (was Re: Sgt Russell) > > OK Russell, you're next..... Um, is this a preface to a threat? > This is my response to your Kool-AId tirade... pppphhhhTTT! re: Bill the Cat. > Ah, OK: *plonk* So much for "benefit of the doubt". > **************************************************************************** > Qjones at infi.net She kissed me- I felt the hot blush * > * Qjones at larry.wyvern.com Of raging passion incinerate my heart * > **************************************************************************** > > >-- End of excerpt from Wayne Q Jones -- Russell Earl Whitaker whitaker at sgi.com Silicon Graphics Inc. Technical Assistance Center, Mountain View CA (415) 390-2250 ================================================================ #include From jim at Tadpole.COM Wed Apr 20 12:05:33 1994 From: jim at Tadpole.COM (Jim Thompson) Date: Wed, 20 Apr 94 12:05:33 PDT Subject: Black Net Message-ID: <9404201904.AA06019@chiba.tadpole.com> > Providing evidence like this publically is about the equivilant > of suicide. Ahhhh, you could send it anonymously, no? > You really don't know who your dealing with do you? My point, exactly. :-) Jim From m5 at vail.tivoli.com Wed Apr 20 12:23:25 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 20 Apr 94 12:23:25 PDT Subject: Black Net In-Reply-To: <9404201904.AA06019@chiba.tadpole.com> Message-ID: <9404201923.AA02986@vail.tivoli.com> Jim Thompson writes: > > Providing evidence like this publically is about the equivilant > > of suicide. > > Ahhhh, you could send it anonymously, no? You think Blacknetters are so unsophisticated that a mere remailer chain will keep them at bay? Sorry. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From pdn at dwroll.dw.att.com Wed Apr 20 12:35:51 1994 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Wed, 20 Apr 94 12:35:51 PDT Subject: Remailer Musings In-Reply-To: <9404201609.AA17197@bilbo.suite.com> Message-ID: <9404201927.AA05836@ig1.att.att.com> -----BEGIN PGP SIGNED MESSAGE----- Jim Miller writes : > > It might be worthwhile to create a remailer package for a remailer > that only sends to other known remailers. People hesitant about > running a full service remailer may still be willing to run a > behind-the-front-lines remailer. > This illustrates my point precisely. Look at the messages on this thread over the past few days; questions about 'common carrier' status, legal questions, etc reveal that there is, in practice, more to running a 'full service remailer' than just setting up the software. Running multiple overseas remailers may complicate investigations and legal action *for now*, but I can't help feeling that this is only a temporary fix. [My opinion, ignore at will..] Bill Stewart raised some concerns about whether it is possible to forge return addresses; I am certainly not an expert, but I wonder whether some inspired cypherpunk can come up with a way around the technical problems involved. [Sips coffee, raises eyebrow] If 'they' can't find the remailer operator (much less the anonymous poster), then all these questions of culpability and risk are moot. - -- ........................................................................ Philippe D. Nave, Jr. | Strong Crypto: Don't leave $HOME without it! pdn at dwroll.dw.att.com | Denver, Colorado USA | PGP public key: by arrangement. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbWBqgvlW1K2YdE1AQFZbQQA1MR14wbBcK2BHRe45tT9x48MFpVpPK+1 wxOlpWiYtiQgV2m/rLkYzlrSCBaTjIU5Rj1UpOK1vpwOBIJmrQH5aKEQIPmc1Quw nw7xieKsZxe/7o6PsmZoOvIg5N+niOyRgTSyXsuQI/ycSNu0tsnAjL03B2UXkkXZ bnCXfQMwInE= =SAu/ -----END PGP SIGNATURE----- From fnerd at smds.com Wed Apr 20 12:44:24 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Wed, 20 Apr 94 12:44:24 PDT Subject: What the heck is this? Optical noise encryption? Message-ID: <9404201756.AA07286@smds.com> While dousing yet another "chaos encryption" rumor, Perry says- > All this "encryption with chaos" stuff just adds up to "look at my > fancy PRNG"... I think that's a very clear handle on chaos for people who know about PRNGs, or vice-versa. Chaos = PRNG. I wonder if there's any good cross-fertilization of the two fields beyond the obvious. -fnerd quote me - - - - - - - - - - - - - - - Gradually, I become aware of a presence. Between me and sustenance stands a woman in a suit. --Michael Swaine -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From 68954 at brahms.udel.edu Wed Apr 20 13:05:47 1994 From: 68954 at brahms.udel.edu (Grand Epopt Feotus) Date: Wed, 20 Apr 94 13:05:47 PDT Subject: Black Net In-Reply-To: <9404201521.AA14346@meceng.coe.neu.edu> Message-ID: On Wed, 20 Apr 1994, Stephen Humble wrote: > lefty at apple.com (Lefty) sez: > > Do _not_ mess with those BlackNet folks. You'll wind up face-down > > in a landfill, and spend eternity playing pinochle with Jimmy Hoffa. > > Do you have any evidence that the BlackNet people have committed > violence against someone, either before or after forming BlackNet? a I never ever thought I would see such a succesful troll on cypherpunks, it just doesnt fit, but it's here. that was one hell of a troll lefty, now we need someone to pull the hook out of Stephens mouth. > > lefty at apple.com (Lefty) sez: > > Trust Me On This. > > Nothing personal, I don't trust anyone. > > Stephen > Good idea, don't trust anyone, but also don't take everything you read seriously, you hath been trolled. On another note, those follow-ups from people claiming to be Blacknet are probably r0dents form the h/p/w scene who thought it would be cool to be k-rad infiltratin data-haven meisters. IN actuallity the Blacknet idea is feesable and I wouldnt doubt if it happens in some similiar form in the future, or if it's already happening today. TCMay has joined the ranks of Gibson and Sterling with his predictive fiction peices now. You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary---- From 68954 at brahms.udel.edu Wed Apr 20 13:15:21 1994 From: 68954 at brahms.udel.edu (Grand Epopt Feotus) Date: Wed, 20 Apr 94 13:15:21 PDT Subject: What the heck is this? Optical noise encryption? In-Reply-To: <9404201724.AA10742@anchor.ho.att.com> Message-ID: On Wed, 20 Apr 1994 wcs at anchor.ho.att.com wrote: > > All this "encryption with chaos" stuff just adds up to "look at my > > fancy PRNG", which of course is a game that crypto people have been > > playing for a long time. I'm starting to get alarm bells go off every > > time "chaos" is mentioned. > > Yeah. On the other hand, chaotic stuff like Mandelbrot and Julia sets > are good for generating lots of pretty pictures to hide steganography > under, as long as you leave out the coordinates you're generating from. > I think even still it would be unwise to steno anything into a picture that is mathematically generated. A picture such as a scanned one, or perhaps another less rigid graphic would be a better idea. It may only be a small difference that it makes, but if your playing for keeps, well you know. The talk of chaos etc.. usually peeves me sometimes because it has turned into a buzzword really. Be careful what you call chaotic, cause it could be something else just buzzed into that category. Hmm actually a chaotic attractor would be detrimental to a PRNG, so at best maybe it's a good idea to stay away from functions that are porven to have attractors sicne your random numbers would be drawn in. one example I can think of is the Ikeda attractor. It's incredibly complex and you can never tell where the next iteration will pop up, BUT you always no it's inside the attractor, that is after you throw out the first few iteration while it is pulled in. I am taking acourse in Chaos Theory this semester, and I'll be sure to ask the prof about this application. You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary---- From jim at rand.org Wed Apr 20 13:16:14 1994 From: jim at rand.org (Jim Gillogly) Date: Wed, 20 Apr 94 13:16:14 PDT Subject: What the heck is this? Optical noise encryption? [and RNG probs] In-Reply-To: <9404201756.AA07286@smds.com> Message-ID: <9404202015.AA22973@mycroft.rand.org> > fnerd at smds.com (FutureNerd Steve Witham) writes: > I think that's a very clear handle on chaos for people who know about > PRNGs, or vice-versa. Chaos = PRNG. I wonder if there's any good > cross-fertilization of the two fields beyond the obvious. Here's an exchange from sci.crypt in 1991 that's relevant to chaos and cryptography. A guy was using the logistic function as his RNG. If you look at the output from my decryptions, that might explain why the Keno guy was getting only 19 out of 20 right instead of 20 out of 20. If the Keno RNG is based on some fractal-type function, then pieces are self-similar, which means you don't need to find the right piece of it... just a piece that's similar to the right seed, which need not be close at all. Total speculation, of course, without knowing what the RNG really was. Jim Gillogly Sterday, 29 Astron S.R. 1994, 20:12 ---------------------------------------------------------------------------- From: 2fmnsilly at kuhub.cc.ukans.edu (Otter) Newsgroups: sci.crypt Subject: Cryption system based on chaos mathmatics Message-Id: <1991Mar18.234703.29145 at kuhub.cc.ukans.edu> Date: 19 Mar 91 05:47:03 GMT Organization: University of Kansas Academic Computing Services Lines: 50 Here is a simple (can you tell I just learned 'C') en/decryption algorithm based on the mathematics of chaos. It uses the magic number of the 'strange attractor' to produce the 'random' cipher characters for the data to be XOR'd with. It is written for Turbo C. Feedback is encouraged. /* crypt.c */ /* CHAOS encryption/decryption routine */ /*-------------------------------------*/ /* Written by Chris Raile 1989 */ /* 2fmnsilly at kuhub.cc.ukans.edu */ /* 2fmnsilly at ukanvax.bitnet */ /*-------------------------------------*/ /* Implementation: */ /* */ /* 'in' File to be en/decrypted */ /* 'out' Resulting en/decrypted file */ #include "stdio.h" main() { FILE *fptrin; FILE *fptrout; int i, ch; double r = 3.56994571869; double j, x=.31379412; /* <-- change numbers after 1st '3' */ fptrin = fopen("in","rb"); /* to alter encryption scheme (key) */ fptrout = fopen("out","wb"); while ( (ch=getc(fptrin)) != EOF) { x=(r*x)*(1-x); j=x*100; i=(int)j; ch=i^ch; putc(ch,fptrout); } fclose(fptrin); fclose(fptrout); } -- +------------------------------------+------------------------------+ | Reverend Chris "Otter" Raile from | 2fmnsilly at kuhub.cc.ukans.edu | | 'The Slackmeisters Of The Holy | 2fmnsilly at UKANVAX.BITNET | | Evaporated Milk' -- A division | | | of the Church of the SubGenius(TM) | "A CornNut could not drive | | | me to insanity--it's just | | *The best damned Amway salesman* | toasted corn." - Me | +------------------------------------+------------------------------+ ---------------------------------------------------------------------------- From: jim at rand.org (Jim Gillogly) Newsgroups: sci.crypt Subject: Re: Cryption system based on chaos mathmatics Summary: No good Keywords: chaos, index of coincidence Message-Id: <1991Mar19.172839.881 at rand.org> Date: 19 Mar 91 17:28:39 GMT References: <1991Mar18.234703.29145 at kuhub.cc.ukans.edu> Sender: news at rand.org Organization: Banzai Institute Lines: 99 Chris Raile suggests an encryption routine based on the logistic function. I won't state categorically that chaos isn't useful in cryptography, but this particular routine isn't cryptographically effective. If you use it to encrypt an input file of all a's, for example, you'll see some striking repetitions. As it happens, this implementation isn't particularly sensitive to initial conditions. The program below tests about 1000 key values in the given range (.3 to .4) and looks at the result. Here's a sample crypto file (hex dump from "od"): 0000000 0751 2746 3102 245d 3b49 2010 2c51 7043 0000020 3044 2711 2b43 3e5c 384b 7441 2c4f 3353 0000040 2a04 3557 3747 2259 234a 2143 7951 3858 0000060 2d49 3711 374d 2418 3543 744c 314d 2253 0000100 3604 3346 7950 3156 334a 3e01 5300 The analysis program is mildly instructive -- if you haven't used the Index of Coincidence to test for a successful decryption, you should. The I.C. for English is around 0.066, so the program prints out all the results it finds above .06 for our amusement. Here's the result: Key 0.3136: (IC 0.061) Knuuh tells us that random number generatoul shoumd#not be chosen at randoj. Key 0.3137: (IC 0.066) Knuth tells us that random number generatoul shoumd not be chosen at random1 Key 0.3138: (IC 0.066) Knuth tells us that random number generators should not be chosen at randoj. Key 0.3139: (IC 0.062) Knuth tellt?us th`t random number generators should not be chosen at randoj. Key 0.3169: (IC 0.061) Jotwh tellt?us th`t random number generators should not be chosen at randoj. Key 0.3170: (IC 0.061) Jotwh tellt?us th`t random number generators should not be chosen at randoj. Key 0.3171: (IC 0.065) Jotwh tells us that random number generatorl should not be chosen at random1 Key 0.3172: (IC 0.061) Jotwh tells us that random number generatoul shoumd#not be chosen at random1 None of these is perfect, but it certainly tells us where to try refining our key. It's interesting that the decryptions get back on track after initial derailments in some case... no butterfly effect here. Jim Gillogly Banzai Institute ------- program follows ----- /* CHAOS encryption analysis hack, Jim Gillogly, 19 Mar 91 */ /* Tries a spread of initial keys and sees what comes close. */ /* Addresses the following program: */ /* CHAOS encryption/decryption routine */ /* Written by Chris Raile 1989 */ #include #include double english_like(); main() { FILE *in; char ct[200], pt[200], *s, *t; /* Room for a line of ciphertext */ double r = 3.56994571869; double x, x0, e; int len, i; in = fopen("out","rb"); /* Read the ciphertext */ for (s = ct; (*s = getc(in)) != EOF; s++); len = s - ct; for (x0 = .3; x0 < .4; x0 += .0001) /* Try about a thousand keys */ { /* Decrypt using key x0 */ for (x = x0, i = 0, s = ct, t = pt; i < len; s++, t++, i++) { x *= r * (1 - x); if (! isprint(*t = ( (int) (100 * x)) ^ *s)) break; } *t = 0; if ((e = english_like(pt)) > .060) printf("Key %5.4f: (IC %5.3f)\n %s\n", x0, e, pt); } } double english_like(s) /* Do index of coincidence on a string */ char *s; /* 26-letter English comes out around .066 */ { int n, i; char freqs[256]; double sum; if ((n = strlen(s)) <= 1) return 0.; bzero(freqs, 256); /* Clear the counters */ while (*s) freqs[*s++]++; /* Frequency count */ for (i = sum = 0; i < 256; i++) sum += freqs[i] * (freqs[i] - 1); return sum / n / (n - 1); } -- Jim Gillogly jim at rand.org ---------------------------------------------------------------------------- From trestrab at GVSU.EDU Wed Apr 20 13:33:48 1994 From: trestrab at GVSU.EDU (BETH TRESTRAIL) Date: Wed, 20 Apr 94 13:33:48 PDT Subject: Press Release on Secure NCSA Mosiac Message-ID: <9403207668.AA766884761@GVSU.EDU> Jim Miller writes: >I find it hard to believe a company that does *not* collect marketing >data will have a competitive advantage over a company that >*does* collect marketing data. Unless there exists a sufficiently large set of consumers who prefer to spend their money with companies who forego turning their trans- actions into marketing data, you're probably right. Jeff trestrab at gvsu.edu From sandfort at crl.com Wed Apr 20 13:56:09 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 20 Apr 94 13:56:09 PDT Subject: Random number troubles In-Reply-To: <199404201809.LAA01567@soda.berkeley.edu> Message-ID: C'punks, On Wed, 20 Apr 1994, Sameer wrote: > > "I found the same 19-number sequence twice in 240 > > draws," he explained, "That proved the weakness in > > the system." > > > > Looks to me like a plain ol' weak PRNG. > > How does chaos theory come into it? > > > Protective bafflegab? S a n d y From sandfort at crl.com Wed Apr 20 14:10:26 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 20 Apr 94 14:10:26 PDT Subject: SOF ARTICLE Message-ID: C'punks, I just got off the phone with the Executive Editor of "Soldier of Fortune." I pitched him on a Clipper/strong-encryption article. Because I am such a loyal C'punk, I agreed to write a 2500 word article on spec. If they don't think it will interest their readers, it will be put in the circular file. I'll do my best. S a n d y From jeremy at crl.com Wed Apr 20 14:15:31 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Wed, 20 Apr 94 14:15:31 PDT Subject: Random number troubles In-Reply-To: <199404201758.KAA13781@jobe.shell.portal.com> Message-ID: > "I found the same 19-number sequence twice in 240 > draws," he explained, "That proved the weakness in > the system." This just sounds like another PRNG that the casino was using. _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From eagle at deeptht.armory.com Wed Apr 20 14:44:44 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Wed, 20 Apr 94 14:44:44 PDT Subject: Milgram & Authority (+Ethics) Message-ID: <9404201444.aa01694@deeptht.armory.com> -----BEGIN PGP SIGNED MESSAGE----- From: "Perry E. Metzger" bill.stewart at pleasantonca.ncr.com +1-510-484-6204 says: >> On the other hand, it may be that the time you heard Milgram speaking >> wasn't the *first* time he'd given his talk - he's probably >> spoken on the topic a few gazillion times, especially if he's >> talking to college audiences... >Mr. Davis has stated that he heard him presenting his paper on the >subject, which initially implied that Davis was there when Milgram was >presenting the original research. And Mr. Davis made that implication out of complete ignorance. I am not an acadamian. I am semi-retired, and was quitely living out my life in Wyoming until John Perry Barlow declared revolutionary war in cyberspace. Now I'm hanging out with Math PhD's and hardware engineers marveling at the acceleration of my learning curve. Thank you sincerly for the education, Perry. I appologize for my ignorance leading me to be dishonest. Standing corrected, I will be honest about meeting Milgram during a presentation on ethics in human experimentation. In respect to the inevitability of future stupidity on my part, I will immediately post a public admission of my error as I did now. r. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbWa0V/ScHuGXWgVAQH1YQP/dwgwB/VzfffS4jV8YTJI7ukiIEo43C6D ofz9Mkb3Nyd6oxDHI3omySeud1K3oVKShs99TewPVB5o661eTpF+jcFk/qV4p1ac QPxpFBlG8/JCgWHLYB0UbfAhLP/EebMFa/QFvztJwCKKR67SL26wfaPHs8UB7/Vw HQ4pMFUPBqA= =dTOm -----END PGP SIGNATURE----- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From cdodhner at indirect.com Wed Apr 20 14:47:51 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Wed, 20 Apr 94 14:47:51 PDT Subject: SOF ARTICLE In-Reply-To: Message-ID: Please be sure to post the article for us if it _does_ go into the circular file... if it doesn't the ILF will take care of things. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ On Wed, 20 Apr 1994, Sandy Sandfort wrote: > C'punks, > > I just got off the phone with the Executive Editor of "Soldier of > Fortune." I pitched him on a Clipper/strong-encryption article. Because > I am such a loyal C'punk, I agreed to write a 2500 word article on spec. > If they don't think it will interest their readers, it will be put in the > circular file. I'll do my best. > > > S a n d y > > > > From buckley at wavefront.wti.com Wed Apr 20 14:50:25 1994 From: buckley at wavefront.wti.com (Buckley Collum) Date: Wed, 20 Apr 94 14:50:25 PDT Subject: simple_crypt comparison Message-ID: <9404201745.ZM3835@atlanta> For those who can determine crackability: Recently a message was posted which included source for a chaos-based crypt routine. How does this compare to the one-rotor crypt routine which is found in /bin? I.e., Which one would be easier to crack, and why? I am still learning, so I apologize for the waste of bandwidth if it is intuitively obvious to you. Both source files are attached. Thanks. Buckley Collum -------------- next part -------------- A non-text attachment was scrubbed... Name: bin00001.bin Type: application/octet-stream Size: 1059 bytes Desc: "binary file" URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: bin00000.bin Type: application/octet-stream Size: 2225 bytes Desc: "binary file" URL: From eb at sr.hp.com Wed Apr 20 14:56:54 1994 From: eb at sr.hp.com (Eric Blossom) Date: Wed, 20 Apr 94 14:56:54 PDT Subject: cryptophone ideas In-Reply-To: <199404192239.AA17456@srl03.cacs.usl.edu> Message-ID: <9404202202.AA18655@srlr14.sr.hp.com> > Anyway, why do you need a DSP? I have read in several places that > DSP's are going to be "replaced" by the CPU as time goes on and the > CPUs just get more and more powerful. Yeah, eventually. Analog Devices 2105's cost $12 in quantity 1. They are capable of doing 2 data moves, a 16x16 multiply, a 40 bit accumulate and a prefech of the next instruction all in 100ns. 10 Million Multiply-Accumulates per second. Ever tried that on a 386? For more money, you can get ones with 60ns clocks (16.7 MACS). Eric Blossom From pgf at srl.cacs.usl.edu Wed Apr 20 14:58:57 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Wed, 20 Apr 94 14:58:57 PDT Subject: remailer idea... ultimate in offshore siting? Message-ID: <199404202154.AA19144@srl03.cacs.usl.edu> I've been reading the "remailer musings" thread, and it suddenly hit me: why not put the remailer in leo? It probably wouldn't cost _that_ much, and you might make money from the digital postage (if it ever comes out). And if you were wondering, yes, I came up with this while thinking about Teledesic. If the wires are going to be in the sky, why not the machines? Phil From lefty at apple.com Wed Apr 20 15:05:17 1994 From: lefty at apple.com (Lefty) Date: Wed, 20 Apr 94 15:05:17 PDT Subject: Milgram & Authority (+Ethics) Message-ID: <9404202204.AA16836@internal.apple.com> Jeff Davis writes: > >I am semi-retired, and was quitely living out my life in >Wyoming until John Perry Barlow declared revolutionary war in cyberspace. Just out of sheer, perverse curiousity, if you're located in Wyoming, why in the world is your email address on a host located in Santa Cruz County, California? -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From sandfort at crl.com Wed Apr 20 15:30:10 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 20 Apr 94 15:30:10 PDT Subject: SOF ARTICLE In-Reply-To: Message-ID: C'punks, On Wed, 20 Apr 1994, Christian D. Odhner wrote: > Please be sure to post the article for us if it _does_ go into the > circular file... if it doesn't the ILF will take care of things. Maybe, it won't have anything in it we haven't hashed over a million times before. S a n d y From es5c+ at andrew.cmu.edu Wed Apr 20 15:31:35 1994 From: es5c+ at andrew.cmu.edu (Ethan D Schartman) Date: Wed, 20 Apr 94 15:31:35 PDT Subject: Random number troubles In-Reply-To: <199404201809.LAA01567@soda.berkeley.edu> Message-ID: >How does chaos theory come into it? It doesn't, I hate it when the press finds some new _esoteric mathamatical concept that you ORDINARY joes is just too dumb ta' understand_. I especially hate it when the reporter demonstrates his own stupidity by calling a conjecture like the butterfly effect an axiom >:{ I want to set fire to that butterfly and see what happens to New Yorks weather. As for the PRNG I wonder if they did something like periodically rotate the seeds... From buckley at wavefront.wti.com Wed Apr 20 15:34:58 1994 From: buckley at wavefront.wti.com (Buckley Collum) Date: Wed, 20 Apr 94 15:34:58 PDT Subject: crypt last attempt Message-ID: <9404201827.ZM4033@atlanta> Problems with mailer on last post, again; Last try. Recently, someone posted a message which contained a chaos-based crypt routine. How, does this compare to the one-rotor crypt routine found in (UNIX) /bin? Which would be easier to crack, and why? Source listings attached. Thanks in advance, and sorry about my mail probs and lack of experience regarding crypto (but, I am learning). (Now, off to kill a mail tool...) Buckley Collum /* crypt.c */ /* CHAOS encryption/decryption routine */ /*-------------------------------------*/ /* Written by Chris Raile 1989 */ /* 2fmnsilly at kuhub.cc.ukans.edu */ /* 2fmnsilly at ukanvax.bitnet */ /*-------------------------------------*/ /* Implementation: */ /* */ /* 'in' File to be en/decrypted */ /* 'out' Resulting en/decrypted file */ #include "stdio.h" main() { FILE *fptrin; FILE *fptrout; int i, ch; double r = 3.56994571869; double j, x=.31379412; /* <-- change numbers after 1st '3' */ fptrin = fopen("in","rb"); /* to alter encryption scheme (key) */ fptrout = fopen("out","wb"); while ( (ch=getc(fptrin)) != EOF) { x=(r*x)*(1-x); j=x*100; i=(int)j; ch=i^ch; putc(ch,fptrout); } fclose(fptrin); fclose(fptrout); } static char *sccsid = "@(#)crypt.c 4.2 (Berkeley) 7/9/81"; /* * A one-rotor machine designed along the lines of Enigma * but considerably trivialized. */ #define ECHO 010 #include #define ROTORSZ 256 #define MASK 0377 char t1[ROTORSZ]; char t2[ROTORSZ]; char t3[ROTORSZ]; char deck[ROTORSZ]; char *getpass(); char buf[13]; setup(pw) char *pw; { int ic, i, k, temp, pf[2]; unsigned random; long seed; strncpy(buf, pw, 8); while (*pw) *pw++ = '\0'; buf[8] = buf[0]; buf[9] = buf[1]; pipe(pf); if (fork()==0) { close(0); close(1); dup(pf[0]); dup(pf[1]); execl("/usr/lib/makekey", "-", 0); execl("/lib/makekey", "-", 0); exit(1); } write(pf[1], buf, 10); wait((int *)NULL); if (read(pf[0], buf, 13) != 13) { fprintf(stderr, "crypt: cannot generate key\n"); exit(1); } seed = 123; for (i=0; i<13; i++) seed = seed*buf[i] + i; for(i=0;i>= 8; temp = t1[k]; t1[k] = t1[ic]; t1[ic] = temp; if(t3[k]!=0) continue; ic = (random&MASK) % k; while(t3[ic]!=0) ic = (ic+1) % k; t3[k] = ic; t3[ic] = k; } for(i=0;i 1 && argv[1][0] == '-' && argv[1][1] == 's') { argc--; argv++; secureflg = 1; } if (argc != 2){ setup(getpass("Enter key:")); } else setup(argv[1]); n1 = 0; n2 = 0; nr2 = 0; while((i=getchar()) >=0) { if (secureflg) { nr1 = deck[n1]&MASK; nr2 = deck[nr1]&MASK; } else { nr1 = n1; } i = t2[(t3[(t1[(i+nr1)&MASK]+nr2)&MASK]-nr2)&MASK]-nr1; putchar(i); n1++; if(n1==ROTORSZ) { n1 = 0; n2++; if(n2==ROTORSZ) n2 = 0; if (secureflg) { shuffle(deck); } else { nr2 = n2; } } } } shuffle(deck) char deck[]; { int i, ic, k, temp; unsigned random; static long seed = 123; for(i=0;i Message-ID: > ------------------------------------------------------------------------- > Evidence, Inc. | The Internet Cops are watching, > Evidence at Nowhere.Nil | aren't they? > ------------------------------------------------------------------------- > "Have you ever had your phones tapped by the government? YOU WILL > and the company that'll bring it to you..... AT&T" > ------------------------------------------------------------------------- > > > ^^^^ Someone posted this here and I liked it so much I adopted it as my > tagline.... Any objections? Send them to Evidence at nowhere.nil.. One that I saw that I liked, and which is particularily appropriate to cypherpunks was: "We are NSA of Borg. Your secret key will be assimiliated." From jim at rand.org Wed Apr 20 15:42:45 1994 From: jim at rand.org (Jim Gillogly) Date: Wed, 20 Apr 94 15:42:45 PDT Subject: simple_crypt comparison In-Reply-To: <9404201745.ZM3835@atlanta> Message-ID: <9404202242.AA23891@mycroft.rand.org> > "Buckley Collum" writes: > For those who can determine crackability: > > Recently a message was posted which included source for a chaos-based crypt > routine. How does this compare to the one-rotor crypt routine which is found > in /bin? I.e., Which one would be easier to crack, and why? The rotor machine is harder to crack, and both are relatively easy. As it happens, the chaos-based one is the one I just posted about, broken shortly after it was posted with very small ciphertext-only. The rotor machine is broken with a program called cbw (Crypt-Breaker's Workbench), available all over the net and findable with Archie. It's straightforward, but I understand you need to work a bit at it, and it helps to have known plaintext. I haven't used it myself, and would welcome insight from people who have. The NSA version of the crypt (1) man page had an entry under bugs as follows: BUGS Uses a Hagelin encryption algorithm. Jim Gillogly Sterday, 29 Astron S.R. 1994, 22:38 From sinclai at ecf.toronto.edu Wed Apr 20 15:43:04 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Wed, 20 Apr 94 15:43:04 PDT Subject: remailer idea... ultimate in offshore siting? In-Reply-To: <199404202154.AA19144@srl03.cacs.usl.edu> Message-ID: <94Apr20.184127edt.10119@cannon.ecf.toronto.edu> > I've been reading the "remailer musings" thread, and it > suddenly hit me: why not put the remailer in leo? I'd had the same musing myself, except with geosynch. Get the thing to generate its key once it's launched, and send down the public half. There's no way it could by physically compromized. NASA's shuttle can't get that high. I doubt the soviet shuttle could either. The only thing 'they' could do would be to destroy or jam it. When you say "Wouldn't cost _that_ much", I'd hazard it's still out of the reach off all but big corporations. From pgf at srl.cacs.usl.edu Wed Apr 20 15:51:47 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Wed, 20 Apr 94 15:51:47 PDT Subject: Milgram & Authority (+Ethics) Message-ID: <199404202247.AA19423@srl03.cacs.usl.edu> >Just out of sheer, perverse curiousity, if you're located in Wyoming, >why in the world is your email address on a host located in Santa Cruz >County, California? Because that's where his host is, Lefty! Before deciding to see about getting a local access node here, my best bet for private internet access was going to be Portal out in California, and I would have gotten about 30 hrs. access a month (off-peak) for fifty dollars. This is cyberspace. Physical location is irrelevant. Phil From eagle at deeptht.armory.com Wed Apr 20 16:02:55 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Wed, 20 Apr 94 16:02:55 PDT Subject: Milgram & Authority (+Ethics) Message-ID: <9404201602.aa05108@deeptht.armory.com> > Jeff Davis writes: > > > >I am semi-retired, and was quitely living out my life in > >Wyoming until John Perry Barlow declared revolutionary war in cyberspace. > > Just out of sheer, perverse curiousity, if you're located in Wyoming, why > in the world is your email address on a host located in Santa Cruz County, > California? > -- > Lefty (lefty at apple.com) I am a local call from a T5. I have an appointment with my State Senator Friday to talk to him about telnet access from basic phone service becoming a State Right of residents. Ma Bell can switch on the ISDN, and people can send their children to public schools with out fear of them being shot in the lunch room. The Community College System, and the University of Wyoming, maintain a plethora of satellite uplinks. The modem pools need to be substantially upgraded, and blocked from out of state long distance calls. With these modifications of the existing system, it is my hope that we can revitalize our economy, and switch from an energy industry based economy to a technologically based economy, with out the infusion of centralized industry moving into a state with limited water resources. Y'all kinda keep this under your hat, will ya? >;) -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From perry at snark.imsi.com Wed Apr 20 16:18:29 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 20 Apr 94 16:18:29 PDT Subject: Milgram & Authority (+Ethics) In-Reply-To: <9404201444.aa01694@deeptht.armory.com> Message-ID: <9404202318.AA09327@snark.imsi.com> Jeff Davis says: > I am semi-retired, and was quitely living out my life in > Wyoming until John Perry Barlow declared revolutionary war in cyberspace. I was unaware that a revolutionary war was in progress. Perhaps everyone is using silenced guns. I was especially unaware that John Perry Barlow had declared one -- presumably he intends to personally secede from the union? -- but doubtless YOU have heard such, Mr. Davis. Naturally, with your privileged status as an EFF member, (which you claim to have taken great steps to authenticate to the press) you get all sorts of things, like license to kill, full diplomatic immunity, a license to carry fully automatic variables, and status as a reserve unix kernel (C2 security clearance) in the cyberspace revolutionary militia. However, some of the rest of us are unaware that John Perry Barlow has declared a revolutionary war in cyberspace -- possibly even Barlow is unaware of the fact -- and are doomed to remain covered with the shroud of ignorance. Have you considered that we might be happier that way? Perry From pgf at srl.cacs.usl.edu Wed Apr 20 16:34:33 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Wed, 20 Apr 94 16:34:33 PDT Subject: remailer idea... ultimate in offshore siting? Message-ID: <199404202329.AA19685@srl03.cacs.usl.edu> Actually, Low Earth Orbit would be cheaper than geosynchronous, and you could probably piggyback your "telecom experiment" on something like an Iridium launch. _Relatively_ cheap... Phil From kafka at desert.hacktic.nl Wed Apr 20 17:02:51 1994 From: kafka at desert.hacktic.nl (-=[ Patrick Oonk ]=-) Date: Wed, 20 Apr 94 17:02:51 PDT Subject: Blacknet and espionage. In-Reply-To: <199404200141.AA03247@access3.digex.net> Message-ID: <199404210002.AA12572@xs4all.hacktic.nl> -----BEGIN PGP SIGNED MESSAGE----- unicorn at access.digex.net (Black Unicorn) once said: UN> UN> Just some sage advice for newbies: UN> UN> Stay away from Blacknet unless your a serious customer. UN> UN> Ames was a major Blacknet user. I don't think the authorities Who was Ames ? UN> will take a bright view of anyone posting about it publically. UN> UN> On the otherhand, if you have legitimate information to pass, and UN> want money for it, and don't mind taking quick and speedy trips UN> to other jurisdictions in disguise, go for it! PAtrick - --- Patrick Oonk | "The Techno Rebels are, whether we recognize it KAFKA at DESERT.HACKTIC.NL | or not, agents of the Third Wave. They will not Finger kafka at hacktic.nl | vanish but multiply in the years ahead." for PGP public key | -- The Third Wave, Alvin Toffler PAGER: 06-58358511/2/3/4 |  -----BEGIN PGP SIGNATURE----- Version: 2.3a iQBVAgUBLbPHhZRymF15lPcFAQEpMwH+MNLzVRRLVoMPEbwB2FoABd9N/jaOTVeF xCICEfs7ZPSRfZdYQuEMKdh5dhsbuRLUBSYPRl11vcEY1LOteOT90A== =cB66 -----END PGP SIGNATURE----- From 68954 at brahms.udel.edu Wed Apr 20 17:03:22 1994 From: 68954 at brahms.udel.edu (Grand Epopt Feotus) Date: Wed, 20 Apr 94 17:03:22 PDT Subject: Milgram & Authority (+Ethics) In-Reply-To: <9404202318.AA09327@snark.imsi.com> Message-ID: On Wed, 20 Apr 1994, Perry E. Metzger wrote: > > Jeff Davis says: > > I am semi-retired, and was quitely living out my life in > > Wyoming until John Perry Barlow declared revolutionary war in cyberspace. > (some funny stuff deleted) > > However, some of the rest of us are unaware that John Perry Barlow has > declared a revolutionary war in cyberspace -- possibly even Barlow is > unaware of the fact -- and are doomed to remain covered with the > shroud of ignorance. Have you considered that we might be happier that > way? > > Perry > Dear Perry: From my point of view it was obvious that Jeff was speaking figuratively about the JP Barlowe declaration of war. Such was most likely a mere attempt at a funny. You do have a knack for nitpickiness, perhaps I should get myself a lawyer before posting in your presence, otherwise I fear your accute sense of perfection and astounding formality would overwhelm me. Better make sure my sentences are all complete, and that I capitolize and spell properly for fear of recieving a dread Perry letter. Take your personal piss-war with Jeff to private mail please, it seems that the majority of your posts in reply to him are filled with non-topical grammatical corrections and nitpicking of obvious oversights due merely to a sense of informality, and not the result of some evil attempt by Jeff to lead us all to our deaths or something. Maybe Jeff does have a point from the articles I have read it seems that JPB is considered by a large force of the media as bieng one of the leaders of the fight to conserve rights in kyberspace. This could be merely because he is a prominent member of EFF, has been published numeral times on the topic, is well-known among people as a prominent personality, and his name is easier to spell....... But serisuly Perry, in this batch of mail I read today two of the three replies I saw from you were concerning mistakes in Jeff's posts that most likely because he and others maintain an informal tone in their postings. I mean geesh are you gonna correct people from using Info Hiway, saying that this is obviouslyt a falshood and should be stamped out whenever possible... It seems to me, tho I am a relative newbie, that you have a thing against Jeff, since most of those posts had little topic of value to the forum, except maybe to show your dislike of his stance perhaps you should take them to private mail. ANOTHER TOPIC: Is there room for informal discussion on here at times? Or should we all be sure to maintain a modicum or formality. I think the atmosphere is fine myself, it seems at this time to rather informal, but not babbly. You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary---- From lefty at apple.com Wed Apr 20 17:12:11 1994 From: lefty at apple.com (Lefty) Date: Wed, 20 Apr 94 17:12:11 PDT Subject: Blacknet and espionage. Message-ID: <9404210011.AA19470@internal.apple.com> Patrick Oonk asks: > >unicorn at access.digex.net (Black Unicorn) once said: > >UN> >UN> Just some sage advice for newbies: >UN> >UN> Stay away from Blacknet unless your a serious customer. >UN> >UN> Ames was a major Blacknet user. I don't think the authorities > >Who was Ames ? Precisely. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From ebrandt at jarthur.cs.hmc.edu Wed Apr 20 17:17:20 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Wed, 20 Apr 94 17:17:20 PDT Subject: What the heck is this? Optical noise encryption? [and RNG probs] In-Reply-To: <9404202015.AA22973@mycroft.rand.org> Message-ID: <9404210017.AA13325@toad.com> > Here's an exchange from sci.crypt in 1991 that's relevant to chaos and > cryptography. A guy was using the logistic function as his RNG. I did the exact same thing once; it took me a year or so to realize it was grossly insecure. Never trust an eighth-grade cryptographer. :-) As the sci.crypt FAQ says, there's no reason to expect a system which makes interesting pictures to be secure. The properties that chaotic systems display are nice, but they don't display them strongly enough -- look at iterated DES and you'll see some *real* sensitive dependence. Maybe with enough rounds and mixing... Eli ebrandt at hmc.edu From pgf at srl.cacs.usl.edu Wed Apr 20 17:23:26 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Wed, 20 Apr 94 17:23:26 PDT Subject: Blacknet and espionage. Message-ID: <199404210018.AA19949@srl03.cacs.usl.edu> >>Who was Ames? >Precisely. Uh, As far as I've heard, Ames was not a major Blacknet user. The unknown grunt in the intelligence community who caught him is another matter. Hanno Reductionist From eagle at deeptht.armory.com Wed Apr 20 17:39:52 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Wed, 20 Apr 94 17:39:52 PDT Subject: Harlow! Email me quick. Message-ID: <9404201739.aa10598@deeptht.armory.com> Sorry guys... Darren, I was getting around to your EFF questions and such this evening and apparently I deleted all your mail by mistake. I've got a free public internet access site for you to tnet to and you can be a private citizen in cyberspace, or Sgt. Harlow, whichever you prefer. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From gtoal at an-teallach.com Wed Apr 20 17:44:24 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Wed, 20 Apr 94 17:44:24 PDT Subject: remailer@soda Message-ID: <199404210043.BAA27723@an-teallach.com> remailer at soda (formerly hh at soda) now uses pgp's implementatoin of idea for the encrypted response block function, making it much more secure (i hope). Good stuff. But could you do the limited-use destroy-the-key stuff before you release it please - I'm really dubious about this single key you're using. It destroys confidence in the system completely for me. G From koontzd at lrcs.loral.com Wed Apr 20 17:45:17 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Wed, 20 Apr 94 17:45:17 PDT Subject: Tessera the PCMCIA Card Message-ID: <9404210044.AA05821@io.lrcs.loral.com> >From Electronic Designs, April 4, 1994, by DAVE BURSKY New Products, Digital ICs (approximately 1/2 page) P. 148 CRYPTO ENGINE EASES PUBLIC-KEY SECURITY ... Developed by National Semiconductor, the iPower secure microcontroller holds the encryption algorithms, secret data, and the central processing unit that processes them. The chip was designed to remian secure from electrical probes through the signal pins, as well as from analytical probes that etch package and circuit layers. Any such penetration would cause the stored data to be "zeroed" before it could be read out. The iPower SPU consists of a 32-bit CPU core with on-chip ROM, a real-time clock, and a interfaceto off-chip nonvolatile (battery-backed_ RAM that holds scrambled data. The remaining blocks on the chip include the encryption engine, some battery-backed RAM to hold secured data (master keys, algorithms, or records) and a host-system bus interface. The SPU chip can be combined with off-chip low-power RAM, a battery, and a PCMCIA interface to squeeze the entire public-key token on a card that meets the PCMCIA's type-1 format. The cards, dubbed Tessera after the token ancient Romans used as a ticket or means of identification, can now be implemented at a relatively low cost (less than $100 dollars per user for large orders) compared with previous solutions. Nevertheless it provides the highest level of commercial security (FIPS 140-1 level 3). Encrypted data could provide positive identification of users, store private medical records, include authorization codes, or even perform secure transaction processing. ... ---------- Tessera was an identifier for slaves. FIPS 140-1 level 3 is not the highest commercial security level, (per FIPS 140-1, January 11, 1994): ... 1.4 Security Level 4 Security Level 4 provides the highest level of security. Although most existing products do not meet this level of security, some products are commercially available which meet many of the Level 4 requirements. For the Tessera we know utitilizing CAPSTONE, Escrowed Encryption is present. It would hardly qualify for performing secure transaction processing for say money transactions when the U.S. government and/or other law enforcement agencies have the ability to break open the monetary instrument, by obtaining a warrant or through "other authorized access". The degree of privacy afforded is not absolute, even to the extent of the strength of the cryptographic algorithm (assuming transmission of the Law Enforcement Access Field (LEAF)). Likewise those able to obtain access have the ability to tamper with or spoof transactions. Were it used to control access to facilities, it would certainly enable "black bag jobs" both physical and virtual. (Its a type-1 PCMCIA card) From unicorn at access.digex.net Wed Apr 20 18:36:45 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 20 Apr 94 18:36:45 PDT Subject: Blacknet and espionage. Message-ID: <199404210136.AA06845@access1.digex.net> Uh, As far as I've heard, Ames was not a major Blacknet user. The unknown grunt in the intelligence community who caught him is another matter. Hanno Reductionist <- You are obviously clueless. Ames transfered most if not all of his information through Blacknet. The recent attention to the security of the internet is at least partially a function of the ease with which export restricitons and espionage are facilitated on a DAILY BASIS by blacknet. It is the easiest method of underground data transfer. Period. This will [thankfully] be my last post on the subject. I've drawn quite enough attention to myself already. From unicorn at access.digex.net Wed Apr 20 18:39:59 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 20 Apr 94 18:39:59 PDT Subject: remailers Message-ID: <199404210139.AA06941@access1.digex.net> For some reason I have not been able to get any of the remailers to work with PGP encryption. In addition, the ping figures at the end of the soda finger file don't seem to have changed since I first looked at them some days ago.... is this just me? Is anyone out there chaining with PGP supporting remailers? Could ya drop me a line, preferably with some reply option, and give me a few hints? [sigh] From unicorn at access.digex.net Wed Apr 20 18:40:31 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 20 Apr 94 18:40:31 PDT Subject: Hyperdrive Message-ID: <199404210140.AA06986@access1.digex.net> I'm still looking for info on the encryption function in "Hyperdrive" Anyone have any clues? -uni- (Dark) From cknight at crl.com Wed Apr 20 18:46:41 1994 From: cknight at crl.com (Chris Knight) Date: Wed, 20 Apr 94 18:46:41 PDT Subject: Blacknet and espionage. In-Reply-To: <199404210002.AA12572@xs4all.hacktic.nl> Message-ID: On Tue, 19 Apr 1994 kafka at desert.hacktic.nl wrote: > Who was Ames ? Ames was a CIA agent recently arrested for espionage. Rumor is that Ames tried to cheat BlackNet out of their commission, so they "leaked" information to the feds through a self-destructing remailer in Finland. -ck From sameer at soda.berkeley.edu Wed Apr 20 18:55:08 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Wed, 20 Apr 94 18:55:08 PDT Subject: remailers In-Reply-To: <199404210139.AA06941@access1.digex.net> Message-ID: Black Unicorn spake: > > > > For some reason I have not been able to get any of the remailers to > work with PGP encryption. > > In addition, the ping figures at the end of the soda finger file > don't seem to have changed since I first looked at them some > days ago.... is this just me? > No, the ping-thing is actually turned off. ;-(. Should probably start that up once again.. > Is anyone out there chaining with PGP supporting remailers? I wrote a perl script which does chaining.. it follows #!/usr/bin/perl $home = $ENV{'HOME'}; $pgpdir = $home . "/.psuedo"; $pgpexe = "PGPPATH=$pgpdir pgp " ; $tmp = "/tmp/out.$$" ; $oldfile = "/tmp/oldfile.$$" ; @REMAILERS = ('hal at alumni.caltech.edu', 'remail at infinity.hip.berkeley.edu', 'hfinney at shell.portal.com', 'ebrandt at jarthur.claremont.edu', 'catalyst at netcom.com'); $option = $ARGV[0]; shift; unshift(ARGV, '-'); &createapath; sub createapath { print STDERR "Create a path--remailer list:\n"; $count = 0; do { do { $num = 0; foreach $remailer (@REMAILERS) { $num++; print STDERR $num . ")" . $remailer . "\n" ; } print STDERR "Choose the next site: (or 0 to end hops) "; while(<>) { $choice = $_ - 1; last; } } until ( $choice < $num && $choice > -2 ); $HOP[$count] = $REMAILERS[$choice] if $choice != -1; $count++; } until ( $choice == -1 ) ; $count--; print STDERR "Choose the destination: "; while(<>) { $HOP[$count] = $_; last; } while ( $count > 0 ) { open(CRYPT, "| $pgpexe -eaf $HOP[$count-1] > $tmp"); print CRYPT "::\nAnon-To: $HOP[$count]\n\n"; if ( open(OLDER, $oldfile) ) { print CRYPT ; close OLDER; } close CRYPT; open (OLDER, ">" . $oldfile); open (CRYPTED, $tmp); print OLDER "::\nEncrypted: PGP\n\n"; print OLDER ; close CRYPTED; close OLDER; $count--; } open (FILE,">" . $option); print FILE "To: $HOP[0]\n\n"; open(DONE, $oldfile); print FILE ; close DONE; unlink($tmp); unlink($oldfile); } From fhalper at pilot.njin.net Wed Apr 20 19:38:32 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Wed, 20 Apr 94 19:38:32 PDT Subject: Black Net Message-ID: <9404210238.AA09671@pilot.njin.net> Could all the shit with Blacknet STOP. The wise (and funnny) sages of the list have had they're fun at the expense of the newbies and other, so it's over. Thanks, Reuben Halper Montcliar High -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi16KosAAAEEAMUwRni4a9+GbuAhHDLcBWK60hCJUYxhr2hYokpELAhx0ejp 2fq61Tu9Hjn051CN8Xy5nu6sv2ODfG/t59l4DJSb5pirQaII3zaX0rMX0ydwGDoW YakL4ow1lNY+d/k14KpIuUW404+fNuNhIGSkdVLQIfbOgh0preK7/P44AKvdABEB AAG0JlJldWJlbiBIYWxwZXIgPGZoYWxwZXJAcGlsb3Qubmppbi5uZXQ+iQCVAgUQ Lam+x9xF3PzIgw7tAQHPogP/VmoF5AHJNBFlpxl1tvHAzrMLE8nkpengs94Y8zmF 1r5+hk0TaYeEEUzYf1QNfflya5md3WKeXnI3WhO2SRpdH953AD/tNmxw2LLEegat 5sI1XNPuNqxeompiHFRnCz4dI14qjDvRwnPay187/Q5q2F3m0nP8qA6wgl59mDq3 FuCJAJUCBRAteitx4rv8/jgAq90BARTHBACh99OJtGXATm01BUa+u6WHU5CBc2FN F5z29RpTA/JTrgUhn4qeZ19iCIlhe1wi0D3QQH0wN7FrMp6onMw49KFU05/KLDLb JSWdCzjbl/wPEG8z//O6+Pqzj+ZcNM9Rm0b08/QdVoQZMljXkl19Gq2P/D4ceewe WAKePQ2ciFdNbw== =K4ez -----END PGP PUBLIC KEY BLOCK----- From sandfort at crl.com Wed Apr 20 19:55:57 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 20 Apr 94 19:55:57 PDT Subject: Black Net In-Reply-To: <9404210238.AA09671@pilot.njin.net> Message-ID: C'punks, On Wed, 20 Apr 1994, Frederic Halper wrote: > Could all the shit with Blacknet STOP. The wise (and funnny) sages of the list > have had they're fun at the expense of the newbies and other, so it's over. > Thanks, > Reuben Halper > . . . Gee, I was just getting to enjoy this BlackNet consentual alternate reality. Don't you just love the way Black Unicorn and others have woven fact and fiction into such a tight paranoid delusion? (Or is it?) S a n d y From cknight at crl.com Wed Apr 20 20:11:15 1994 From: cknight at crl.com (Chris Knight) Date: Wed, 20 Apr 94 20:11:15 PDT Subject: Black Net In-Reply-To: Message-ID: On Wed, 20 Apr 1994, Sandy Sandfort wrote: > C'punks, > > On Wed, 20 Apr 1994, Frederic Halper wrote: > > > Could all the shit with Blacknet STOP. The wise (and funnny) sages of the list > > have had they're fun at the expense of the newbies and other, so it's over. > > Thanks, > > Reuben Halper > > . . . > > Gee, I was just getting to enjoy this BlackNet consentual alternate > reality. Don't you just love the way Black Unicorn and others have woven > fact and fiction into such a tight paranoid delusion? (Or is it?) > > > S a n d y Sandy, I think Frederick is getting upset because BlackNet refuses to accept his application. But what can you expect... most high school kids just don't have information worth money or BN Credits. -ck From phantom at u.washington.edu Wed Apr 20 20:14:27 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Wed, 20 Apr 94 20:14:27 PDT Subject: myk-78 In-Reply-To: Message-ID: I just sent this to a2 at well.sf.ca.us (arthur abraham) but after a finger attempt, I'm not so sure his account exists there anymore. On Wed, 20 Apr 1994, Matt Thomlinson wrote: > I'm reading through an old post of yours (gosh, 7 days from being a year > old) regarding the clipper chip. > > You laid everything out pretty carefully, but one thing your article > doesn't seem to mention: > > you've created the LEEF [L1|L2|IV] and when transmitted in the block, it > looks like [encrypt(CV), checkword, L1|L2|IV], right? This is a 56+24+192 > bit number ( = 272 bits). > > My question: how often is this chunk sent? seems like you'd only need to > send it once per call, but I'd think they'd send it every so often > throughout a call, although this could cause problems for high-bandwidth > digital uses, right? Also, if someone could tell me if the checkword for the CV is encrypted along with the CV I'd be grateful. That is, is the packet [encrypt(CV,checkword), L1|L....] or [encrypt(CV), checkword, L1|L...] mt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From merriman at metronet.com Wed Apr 20 20:40:55 1994 From: merriman at metronet.com (David Merriman) Date: Wed, 20 Apr 94 20:40:55 PDT Subject: CBW for DOS? Message-ID: <199404210340.AA27907@metronet.com> Stoopid Noobee Kweschun: Is there such an animal as CBW that runs under MS-DOS or (better still) MS-Windows? "posted" or "emailed" replies welcome (hell, I'll even accept some DOS/*nix/MAC OS flames). Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - PGP Public Key Fingerprint for Dave Merriman Fingerprint FC BF 45 91 EE B6 D6 C2 80 AB 4B BF 88 D3 55 26 From CCGARY at MIZZOU1.missouri.edu Wed Apr 20 20:59:52 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Wed, 20 Apr 94 20:59:52 PDT Subject: BlackNet here now? Message-ID: <9404210359.AA16681@toad.com> Actually we have had a BlackNet on the Internet for years. I admit its not much of a BlackNet - maybe just a proto BlackNet that will never grow to do justice to the BlackNet concept. The proto BlackNet is #warez on Internet chat. For years commercial/retail software has been ex- changed on #warez. This is a pretty narrow area of exchange. Also, it could be argued that #hack on internet chat has been a proto BlackNet entity for years. #hack exchanges system breakin information. Years ago I tried to encourage both these channels to use encryption to exchange sensitive files. I used to post their TOPIC with the message "WE NEED PUBLIC KEY ENCRYPTION NOW." before I found out about PGP. Once I found out about PGP, I tried to encourage them to adopt it. Strangely enough, neither of these channels were at all enthusiastic about encryption. #warez makes itself an "invite only" channel apparentl for security. If someone could introduce a method to these channels to exchange money for information, then it is a possibility that they could mature to real BlackNets. They would also have to use anonymous remailers. They already exchange illicit goods. Maybe a Cypherpunk acting in a sort "Peace Corps" way could lend them some assistance. It could give you a sort or satisfied feeling in latter years to know that you had played a part in creating some BlackNet monsters. If real BlackNet tech became a part of these two channels, the possibility exists that they could expand their ranges to become true, full BlackNet entities. I believe that barring a successful Federal technological capture of the Internet, BlackNets are inevitable. Yours Truly, Gary Jeffers PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKKK! BBBEEEAAATTTT STATE! From mg5n+ea2uj7war2ufizqiqrdidkaii9mfkcwjze6q910g3a6 at andrew.cmu.edu Wed Apr 20 21:00:15 1994 From: mg5n+ea2uj7war2ufizqiqrdidkaii9mfkcwjze6q910g3a6 at andrew.cmu.edu (Anonymous) Date: Wed, 20 Apr 94 21:00:15 PDT Subject: EFF & PGP Message-ID: Well, it looks like someone at EFF finally woke up and listened to what the crypto world was telling them! Still not signed to protect against forgeries, but definitely a step in the right direction! ---------- Forwarded Message ---------- EFF PGP Public Key for Encryption ================================= This is the ASCII-armored PGP 2.4 public key for the Electronic Frontier Foundation (EFF). Note that mail sent with this key will be considered addressed to EFF in general, not to a specific person, unless otherwise noted. To send personal information to someone at EFF, for whatever reason, please use that person's own key, or arrange some other method of communication. This key is provided principally for the sending of sensitive legal information, and the transmission of credit card numbers over the net securely when becoming a member of EFF. It takes us time and effort to decrypt, so please don't use this key trivially. Thank you. To add this key to your public key ring, do: pgp -ka pgpkey.eff pubring.pgp If your public key ring has another name, use that instead of pubring.pgp. For MacPGP, click on Key | Add Key, select pgpkey.eff as file to get key from, and pubring.pgp (or whatever your pubring is) for file to add key to. To encrypt a message, please see the PGP documentation, and remember that you will almost certainly need to generate the result as an ASCII-armored file, so you can email it (non-ASCII-armored PGP ciphertexts are binary, and will get mangled if you try to email them. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQCPAi2B6bAAAAEEANVTvM2dhZ0SHsgWOzfn1lRzZcNltsf3Bjt0t5GBuscoyPrD lfBwtzjkZTasK1MfAX/vrUl6BVKb18FCGhuJlmEaZqZ95q5mdsj4tAD18CDg0Jmv bAhWE/JxhhQDG2s9dt5x4GC+ofaHr8nlXKqjyMkb85EyVFHw85hLHLcPIDklABEB AAG0MkVsZWN0cm9uaWMgRnJvbnRpZXIgRm91bmRhdGlvbiAtIEVGRiA8YXNrQGVm Zi5vcmc+iQCVAgUQL+os4hibHbaiMfO5AQEYOAQArtVNhJeRpaShNFd7MQfOFLM9 hql2KBmyvs20/kiwLkGN8Se3GJPYPovBjiB+o9r1GOuc654kxu9KU0m/8SoafWeU p5jBnqlgGwXIo/v5twfKvSnhh75XyGrIwUvlLzxMQaym0slV7YgLUQozWIhuu95d r22qYYdD1PS2SuDpSGGJAJUCBRAtj6o5jC7pCgHDqtsBAVeNA/9ay5pJ7srK7+ns tstaxDe7NnAFLfezgO1yiNED0yM4cDeTNXgZDFNuhzBICmP6fBNSIaUUSwuiQnc8 do45WRo120PX/c+nLoYKeyu8iI0BWA6cjYwk3zKLxpETqpxxKthX6JJ2fxwpL6EQ dF+pmotwtbv3wIH/7FdaZh5r2Nu3/IkAlQIFEC2PJWg2QIGMNPTEcQEBQYoD/2W9 93Yz/c/qmjxpH50blqSPJhd//KYP6AQmmyxI6L+29KqjgflnI56Rk2QUJfs4SnS/ 3jB0H5v9U8u8YocvLsnWL7QvHt0fueoMBk6AFMxgQFzZP3s7dppFncYuiQ710hFL xKu2PFWeurEEZ2VD/KB5fUPdZnwd78bMVj4RIkyJiQCVAgUQLYHqDphLHLcPIDkl AQFBxAP/Q2+RNM218JhEBMcLxoWExWN7wIgIjQF+mZIMvXR9TjhsBtUWQM23XXMi zpQsTCu5/xqTe0OB5no8UfPgktieLyBGFleQgPeXlnmGzcoAeWV6DArFUCN7JKA1 589Zba0/vr4XQpaLgdGInw0nZAYvPKNsKrKl7H37zenmIN9UdTc= =f3Zf -----END PGP PUBLIC KEY BLOCK----- ------------------------------ From dmorgan at uoguelph.ca Wed Apr 20 21:13:12 1994 From: dmorgan at uoguelph.ca (Deanne H Morgan) Date: Wed, 20 Apr 94 21:13:12 PDT Subject: Canadian Encryption info??? Message-ID: I have been following this list for several months, but have not seen anything on encryption issues with regards to Canada specifically. Does anyone know anything about [or have any idea where to begin to look for] Canada's policies regarding encryption and encryption technology?? Will Canadian laws change if/when Clipper encryption comes into functional existence? What about if the US enacts laws regarding making other forms of encruyption illegal? Is encryption mentionned in NAFTA or any other negotiated treaty with the United States??? Thanks, Deanne Morgan dmorgan at uoguelph.ca From cdodhner at indirect.com Wed Apr 20 21:57:48 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Wed, 20 Apr 94 21:57:48 PDT Subject: Canadian Encryption info??? In-Reply-To: Message-ID: I don't know about Nafta or anything specificly, however it is my understanding that there is no 'outlawed' crypto in canada. I think that export restrictions are the same or a little tighter than in the US, as the International Traffic in Arms Regulations (ITAR) of the united states says that strong crypto can not be exported from the U.S. except to Canada. I'm not sure what patent issues apply either. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ On Thu, 21 Apr 1994, Deanne H Morgan wrote: > I have been following this list for several months, but have not seen > anything on encryption issues with regards to Canada specifically. > > Does anyone know anything about [or have any idea where to begin to > look for] Canada's policies regarding encryption and encryption > technology?? Will Canadian laws change if/when Clipper encryption comes > into functional existence? What about if the US enacts laws regarding > making other forms of encruyption illegal? Is encryption mentionned in > NAFTA or any other negotiated treaty with the United States??? > > > Thanks, > > Deanne Morgan > dmorgan at uoguelph.ca > > > > From amcgee at netcom.com Wed Apr 20 22:00:38 1994 From: amcgee at netcom.com (Arthur R. McGee) Date: Wed, 20 Apr 94 22:00:38 PDT Subject: Information_surety (fwd) Message-ID: Now that the cold war is over, everyone seems to be branching out: Subject: Information_surety SAND No: 93-2873 Category: Communications, Computers, Information Theory Subcategory: Computer Security, Cryptography, Information security, Computer Reliability Title: Information surety Summary: Sandia National Laboratories has developed considerable expertise in all aspects of information surety, including the design and analysis of cryptographic systems, cryptographic key management implementations of cryptographic algorithms and protocols, system reliability, system availability, authentication systems, biometric identification devices, tamper resistant technologies, and computer and network security. Our unique strengths include our expertise in providing high security and reliability for a complete system and in our highly experienced adversarial analysis team. We have now begun to apply these capabilities in information surety to new problems of national importance. Potential Applications: - Private and secure computerized patient records - Secure home banking - Secure remote access - Private and secure electronic cash - Secure bank cards - Efficient Implementations of Cryptographic algorithms - Digital Signatures - Private communications - Cryptographic key management - Reliability and availability analysis of computing and information systems Status: Joint research projects are encouraged. License available for efficient exponentiation and for probable secure digital signatures. FOR MORE INFORMATION E-mail address, TechTransfer at ccsmtp.sandia.gov Telephone: Technology Transfer Center (505) 2-1--888 Location: Sandia National Laboratories, Albuquerque, NM. Expanded Description: For the past 20 years, Sandia National Laboratories has had responsibility for information surety systems used in command and control of weapon systems and in the communications of weapon release messages. To meet these responsibilities, we have developed considerable expertise in all aspects of information surety, including the design and analysis of cryptographic systems, cryptographic key management, implementations of cryptographic algorithms and protocols, system reliability, system availability, authentication systems, biometric identification devices, tamper resistant technologies, and computer and network security. One of our unique strengths is our highly experienced adversarial analysis team. Before a system is recommended for deployment, it has been thoroughly tested by this team, whose sole goal is to defeat the security features of the system. Sandia has developed rigorous system design methodologies to meet high reliability and availability requirements. Sandia scientists have won awards for their work on cryptoanalysis and resynchronization of encrypted channels. We have now begun to apply these capabilities in information surety to new problems of national importance. References: IEEE article AT&T Technical Journal article fast exponentiation article biometric identification article Other Information Resources: None Related Categories and Subcategories: Biometric identification, system reliability and availability Key Words: Cryptography, coding theory, error correcting codes, privacy, digital signatures, encryption, key management, nonrepudiation, biometrics, reliability, availability ----------------------------- Art McGee [amcgee at netcom.com] ----------------------------- From sonny at netcom.com Wed Apr 20 22:13:44 1994 From: sonny at netcom.com (James Hicks) Date: Wed, 20 Apr 94 22:13:44 PDT Subject: CBW for DOS? In-Reply-To: <199404210340.AA27907@metronet.com> Message-ID: <199404210514.WAA18488@mail.netcom.com> > > Stoopid Noobee Kweschun: > > Is there such an animal as CBW that runs under MS-DOS or (better still) > MS-Windows? > I'm afraid I'm the one with the stupid question... What's CBW? -- +---------------------------------------------------------------------+ | james hicks | Give me your tired, your poor, | | | your huddled masses yearning to breathe free, | | ...can you hear | Send these, the homeless, tempest-tossed to me.| | the music?... | I lift my lamp beside the golden door! | +---------------------------------------------------------------------+ From jim at bilbo.suite.com Wed Apr 20 22:51:29 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Wed, 20 Apr 94 22:51:29 PDT Subject: Terra Libra (long) Message-ID: <9404210536.AA00832@bilbo.suite.com> Well, it's been a couple of days since I asked if anyone knew anything about Terra Libra. Nobody has spoken up. Since, on the surface, Terra Libra sounds like it would be interesting to many on this list, I'm posting a condensed version of the flyer I received in the mail. I am not affiliated with Terra Libra in any way. Actually, I wonder it is really just a money making scam. Here goes... ---------------------- TERRA LIBRA IS *THE BIG IDEA* THAT IS INSPIRING FREEDOM-LOVERS AROUND THE WORLD TO EFFECTIVE ACTION -- and filling their pockets with oodles of boodle!!! [yeah right - jm] Dear Friend of Freedom, My name is Frederick Mann [who? - jm]. I have lived free from government coercion of practically all kinds for many years in several parts of the world. I have learned a great deal about practical freedom. I'm now ready to share what I've learned with you [for a price -jm]. As you can see from the testimonials in this letter [proof by anecdote? - jm] and from the progress reported on page 4, I've also become very successful at sharing what I've learned about freedom [by getting money from suckers? -jm]. Furthermore, I'm providing you with the opportunity to share freedom with others and make a fortune while doing so...If you want to [give me money first - jm]. THE FORCES OF TYRANNY SEEM TO BE GAINING GROUND Have you been getting that sinking feeling in your gut that things are terribly wrong in America? Do you ever feel that our economic future is looking worse as each year passes? Have you seen of read books likes _Bankruptcy 1995_ which say that our entire financial structure -- and even civilization itself [oh my! -jm] -- in America could collapse within a few years? Do you sometimes think America is being engulfed by a rising tide of political corruption, crime, violence, mayhem, [scams -jm] and senseless murder? Do you think the government is making things better or worse? What do you think of the Waco massacre? The so-called "war on drugs?" IRS, ATF, and FDA terrorism? What do you think of the government's asset forfeiture laws? Socialized health care? Do you think America is heading towards fascism or communism -- or the worse combination of both? [asks a lot of questions, doesn't he. -jm] BUT ALL IS NOT LOST -- IT'S NOT HOPELESS!!! [phew! I was getting worried. - jm] Terra Libra is the new dimension in personal freedom, money, and power that changes everything. Our unbeatable weapon is called [drum roll please -jm] Freedom Technology. Terra Libra and Freedom Technology represents a societal breakthrough that completely changes the dynamics of money, power, domination [ooh, kinky -jm], and freedom. Because of its people, its design, its business dynamics, its philosophy, its strategies, its tactics, its elements, its products, its networking, and its freedom technology, Terra Libra is by far the most advanced freedom organization ever conceived and created -- that I know of. Terra Libra is unstoppable because people are by nature free and we have found the keys that enables you to enjoy freedom right now and to make a fortune spreading freedom to others. THE TERRA LIBRA SOLUTION When you push against a system, it tends to push back. Some people need to push and fight because that's their nature. The success of our fight for freedom is likely to come from the combined results of very different strategies and tactics waged over a wide range of fronts. The fundamental Terra Libra strategy is based on the understanding that the power of the tyrants comes from the victims. The victims surrender power to the tyrants. If enough victims withdraw support, the tyranny collapses. This is essentially the strategy Gandhi used to defeat the British Empire in India. One of the greatest strengths of Terra Libra is that we don't try to change the systems of tyranny. We simply create our own free systems [who is that John Galt guy anyways? -jm] Individuals acquire the tools to live free despite the tyrants. Terra Libra and other organizations provide the free institutions that replace their coercive counterparts. Such alternatives already exist is areas such as currencies, banking, communication, education, health care, etc. Eventually practically all the products and services now available in the public and private sectors -- and many more -- will be provided in the Terra Libra free market. As people shift their economic activities from the public and private sectors into the free market of Terra Libra, the forces of tyranny automatically lose support and they are blown away. Terra Libra is the world's first truly free county. It is a worldwide information-based country that extends across national borders. Its inhabitants are Free Sovereign Citizens. It has a Code based on individual sovereignty, self-ownership, private property, and voluntary exchange. Terra Librans can do anything which doesn't harm others or their property. They practice real or true free enterprise. In fact, Terra Libra is the free-enterprise zone of the world. The "Terra Libra Introductory Package" describes Terra Libra in more detail. FREEDOM TECHNOLOGY Terra Librans have a "secret weapon" they use to live free despite coercive systems. It's called Freedom Technology: the practical knowledge, methods, and skills to live free; the street-smart know-how that enables you to run rings around the forces of tyranny; the means to protect your income and assets from predatory tyrants; and ultimately, the means to blow away the bogus forces of tyranny. During the past few decades very powerful Freedom Technology has been developed to counterattack and defeat tyrants who violate their constitution. Any reasonably well-informed person can run rings around the Infernal Revenue Stealers. In addition to powerful methods to quickly persuade them to leave you alone, commercial liens can be used to encumber the personal property and destroy the credit rating of corrupt government officials who try to violate your rights [huh!? -jm] (see "Commercial Liens: A Most Potent Weapon") Freedom Technology enables you to exit most coercive government systems safely, legally, and elegantly. You automatically increase your own power. You gradually or quickly, partially or completely, withdraw your support from the tyrants. So they lose power. The power of the forces of tyranny depend completely on the power granted to them by their victims [you already said that -jm]. Withdraw the support and they collapse. It is because of this phenomenon that the armed might of the East German military backed by 300,000 Russian troops couldn't keep the Berlin wall standing. When a critical mass of people said, "No!!! We've had enough!!! We're mad as hell!!! We're not going to take it any more!!!" [I saw that movie, too -jm] the Berlin wall tumbled. [and all this time I thought it was cheap concrete -jm] [skipping a bunch of stuff -jm] QUALITY SUPPORT FOR TERRA LIBRA It's significant that the strongest support for Terra Libra comes from people who two qualities [they have money, and they send it to strangers -jm] o They are practical, successful professionals and business owners; o They are advanced freedom-thinkers who have studied the subject of freedom extensively and have been involved with other organizations that promote freedom [ah, that's how they got my address -jm]. Generally, they regard the formation of Terra Libra and the concepts expressed in its reports as the most advanced, most practical, and most potentially profitable approach to freedom they have ever come across. PATRONS AND PROFESSIONAL LIBERATORS An essential aspect of Terra Libra is Networking between Terra Librans. To live free, we sometimes need expert services, for example, on how to beat the Infernal Revenue Stealers. We also want to patronize each other's free-market businesses. The "Terra Libra Introductory Package" includes a Freedom Technology Directory, listing our patrons and Professional Liberators. Following is a partial listing from this Directory. [list deleted] WHAT HAS BEEN ACHIEVED SO FAR Much more has been achieved than space allows me to mention. A few highlights: o There are now 32 Patrons and 45 Professional Liberators in: [various states and countries -jm] o Our _Freedom Technology Resource Guide_ contains over 100 entries of individuals, organizations, and publications from all over the world -- valuable sources of Freedom Technology. o The November 1993 issue of the _Orange County Liberty Bell_ ran a full-page feature on Terra Libra. o The Terra Libra "country" concept has been expanded to include "Terra Libra Territories" of which there are already several, including the international holdings of a major Pennsylvania investment company. o An organization has been established to create a worldwide economic system with a %100 gold-based currency. The system will interface with current banking systems. It's organized so that each aspect of it is perfectly legal in the country where that aspect operates. Users of the gold-based system will be able to enjoy most of the services they now receive from their local bank. They will be able to deposit local currency checks and bank notes. The system will be able to write checks in local currency. Secure electronic transfer will be possible for transactions between users of the system [*** ding ding ding *** how secure? -jm]. Users will be able to withdraw funds from ATMs. [can't be too secure then -jm] The gold will be maintained by solid financial institutions, as safe as possible from thieves and robbers of all kinds [uh huh, right -jm]. The gold will be insured and subject to regular independent audit. Initial financing has been received and development is proceeding. We expect the system to be operational around June 1994. This system could play a major role in creating a solid alternative of being able to bank in private and being protected against the collapse of paper currencies! o We have developed the mechanisms to market freedom products and services profitably. o Personnel has grown to six full-time and several part-time. o Full-page or multi-page advertisements have appeared or will soon appear in _Reason_ magazine, _Libertarian Part News_, _Freedom Network News_, _Liberty_ magazine, and other publications. o We mail to over 10,000 prospective customers [marks? -jm] every month. [more stuff skipped] YOUR PERSONAL POWER AND FREEDOM PORTFOLIO [descriptions of the things they want you to buy -jm] Terra Libra Introductory Package (6 reports) - $22.00 -------------------------------------------- Introduction to Terra Libra. The basic concepts and ideas that define Terra Libra. [stuff skipped] How to Improve Your Information (report) - $3.00 ---------------------------------------- Your "win-lose switch" and how it affects the information on which you operate. Freedom and coercion. Does power corrupt? How to recognize the most useful information. The American way. The "best legal system in the world." The Semmelweis-reflex. The inside-angle orientation. How to improve the programs in your brain. How to fire on all eight cylinders. Why human consciousness is in it infancy and what to do about it. How to Find Out Who You Are (report) - $3.00 ------------------------------------ The sovereign individual paradigm. what you need to know about disobedience. The development of consciousness. Understanding coercion. Understanding evil. [evil? -jm] What Nietzsche said about the state. ["That which does not tax you makes you richer." -jm] One of the most important U.S. Supreme Court cases. The legal statuses of "freeman" and "slave". How to find out who you are. How to Discover Your Freedom (report) - $3.00 ------------------------------------- Rose Wilder Lane: pioneer of the self-discovery of freedom. What you need to know to discover your freedom. how to overcome your wimp. The bicameral model of the mind. The elements that describe a Free Sovereign Individual. How to seize your freedom. The Nature of Freedom (report) - $1.50 ------------------------------ Important definitions of freedom. The consequences of these definitions. The Terra Libra Strategy. Many aspects of freedom not usually considered. Discourse on Voluntary Servitude (report) - $4.50 ----------------------------------------- Brief biography of Ettiene de la Boetie. The la Boetie analysis of freedom and tyranny. An abridged and edited text of la Boetie's _Discourse on Voluntary Servitude_. Written in 1552 or 1553, this is still one of the most advanced essays on politics ever written. It had a profound influence on the Huegenots (French protestants) and on Tolstoy, Emerson, and Gandhi. It provides insights on freedom and tyranny not available anywhere else. The Constitution of No Authority (report) - $6.00 ----------------------------------------- Politics as games. Cognitive dissonance. The "big lie" phenomenon. Brief biography of Lysander Spooner. Elements and analysis of the "Spooner-insight": the biggest government hoax of all. Condensed and edited text of Spooner's _The Constitution of No Authority_. The most advanced analysis of political constitutions ever written. To understand the essence of political power you must read this report. U.S. Federal Jurisdiction (report) - $7.50 ---------------------------------- The clauses in the U.S. Constitution that define the jurisdiction of the U.S. federal government. Extensive legal brief by attorney Larry Becraft. Why most of what the U.S. federal government does is unconstitutional, illegal, and criminal. How to use this information to roll back the U.S. federal government. How to Achieve and Increase Personal Power (report) - $7.50 --------------------------------------------------- [stuff skipped] How to practice the science of realistic optimism. How to overcome your wimp. [more stuff skipped] What's Wrong with the U.S. and other Countries (report) - $4.50 ------------------------------------------------------- Why and how America and western European countries have been gradually reverting to feudalism. Are lawyers our biggest enemies and the largest beneficiaries of modern feudalism? How our judicial systems have been corrupted. The role of "compulsory state brainwashing." Inflation and the corruption of currencies. The ten planks of the _Communist Manifesto_ and how they are being implemented in the "free countries of the west." The practical things you can do about all this. How you can profit from the collapse of western civilization. [It's the end of the world as we know it...and I feel fine. -jm] Wake Up America! The Dynamics of Human Power (book) - $15.00 ---------------------------------------------------- The power of Mahatma Gandhi. Human failure programs and human success programs. How to overcome helplessness and powerlessness. How to learn creative optimism. How to master money and love [and win friends and influence people -jm]. The power that brings happiness. Human Power groups to solve personal, economic, and social problems. And much more. The Economic Rape of America: What You can Do About It (book) - $20.00 ------------------------------------------------------------- In depth analysis of all the important ways in which Americans are being economically raped. The worst economic rapists. People in other countries are being economically raped in similar ways. What you as an individual can do to protect yourself. How to Achieve Superhealth (report) - $30.00 ----------------------------------- [sigh -jm] You can be vastly healthier than you ever dreamed possible. Why you must become your own doctor and assume complete personal responsibility for your health. The germ theory of disease. The toxin theory of disease. The mind theory of disease. The principle of superhealth. The practice of superhealth. Directory superhealth organizations. [lifetime memberships? -jm] Bibliography of superhealth books. AIDS -- Bad Science or Hoax? (book) - $20.00 ----------------------------------- Interview (1988) with Dr. Peter Duesberg, one of the world's foremost virologists. [stuff skipped] Your Personal Independence Package (book + parchment) - $20.00 ----------------------------------------------------- The book _A Personal Declaration of Independence: To Complete the American Revolution_ by Paine's Torch. [description of parchment skipped] The Pure Trust Package (video, booklet, 5 reports, brochures) - $20.00 ------------------------------------------------------------- The Pure Trust is a superb method to increase your privacy and safeguard your assets. Video on the Pure Trust. Two introductory brochures. A booklet explaining the trust in more detail. The Pure Trust in a nutshell -- technical details. A privacy and asset protection report. The Pure Trust can be used instead of a corporation to operate a business. It eliminates probate and estate duties. It may reduce or eliminate capital gains taxes. It can be used to diversify your assets into separate "watertight compartments." It renders you virtually judgment-proof. It can reduce of eliminate the need for liability insurance. And much more. Beat-the-IRS Package (5 reports) - $49.00 -------------------------------- What you need to know and understand about yourself and government if you want to greatly reduce or eliminate the taxes you pay. The IRS has many skeletons in its closet. All the important weaknesses of the IRS. The important U.S. Supreme Court cases you can use to beat the IRS. Why the IRS mostly goes after the "easy pickings." A real-life example of how the IRS backs down when confronted with someone who knows their weaknesses and how to drive them into a corner from which they can't escape. Organizations that help you to "untax" yourself. How they work. How to choose the best one for you. The dangers and risks to avoid. The Asset Forfeiture Protection Manual (book) - $49.00 -------------------------------------------- It is unconstitutional, illegal, and criminal for government agents to seize your property without a jury trial. The relevant Supreme Court cases. The procedures and forms to recover your property. The forms and procedures to prosecute government criminals who illegally seize private property. Where to get expert assistance. Commercial Liens: A most Potent Weapon (book) - $49.00 --------------------------------------------- How to use commercial liens to protect your property. How to use commercial liens to encumber the property of government criminals and destroy their credit records. Forms and procedures. Mistakes to avoid. Where to get expert assistance. [The last page is an order form. You can order individual items or the whole package. If you order all the products individually it would cost $334.50. If you order them as a package it's only $167. Also, you can check a box to indicate your desire to become a *Terra Libra Distributor* and get a *FREE Distributor Package* with your order. Oh boy. -jm] [Oh yeah, their address: Terra Libra, 2430 E. Roosevelt #998LF, Pheonix, AS 85008] -------------------------- Jim_Miller at suite.com From hayden at krypton.mankato.msus.edu Wed Apr 20 22:52:36 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Wed, 20 Apr 94 22:52:36 PDT Subject: FYI (fwd) Message-ID: This was forwaded from Gaynet, I have removed the posters's name to prevent outting someone what doesn't want to be. ---------- Forwarded message ---------- Date: 20 Apr 1994 21:40:21 GMT From: XXX XXXX Trust Congress? Not With This Unbelievable Lair of Slop PC Computing, April 1994, page 88. By John C. Dvorak When Vice President Gore began talking about the Information Highway, we all knew the bureaucrats would get involved more than we might like. In fact, it may already be too late to stop a horrible Senate bill from becoming law. The moniker -- Information Highway -- itself seems to be responsible for SB #040194. Introduced by Senator Patrick Leahy, it's designed to prohibit anyone from using a public computer network (Information Highway) while the computer user is intoxicated. I know how silly this sounds, but Congress apparently thinks that being drunk on a highway is bad no matter what kind of highway it is. The bill is expected to pass this month. There already are rampant arguments as to how this proposed law can possibly be enforced. The FBI hopes to use it as an excuse to do routing wiretaps on any computer if there is any evidence that the owner "uses or abuses alcohol and has access to a modem." Note how it slips in the word 'uses'. This means if you've been seen drinking one lone beer, you can have your line tapped. Because this law would be so difficult to enforce, police officials are drooling over the prospect of easily obtaining permits to do wiretaps. Ask enforcement officials in Washington and they'll tell you the proposed law is idiotic, but none will oppose it. Check the classified ads in the "Washington Post" and you'll find the FBI, National Security Agency, and something called the Online Enforcement Agency (when did they set that up?) all soliciting experts in phone technology, specifically wiretapping. It gets worse. The Congressional Record of February 19, 1994, has a report that outlines the use of computerized BBSes, Internet, Inter-Relay Chat, and CompuServe CB as "propagating illicit sexual encounters and meetings between couples -- any of whom are underage...Even people purporting to routinely have sex with animals are present on these systems to foster their odd beliefs on the public-at-large." A rider on SB #040194 makes it a felony to discuss sexual matters on any public-access network, including the Internet, America Online, and CompuServe. I wondered how private companies such as America Online can be considered public-access networks, so I called Senator Barbara Boxer's office and talked to an aide, a woman named Felicia. She said the use of promotional cards that give away a free hour or two of service constitutes public access. You know, like the ones found in the back of books or in modem boxes. She also told me most BBS systems fall under this proposed statute. When asked how they propose to enforce this law, she said it's not Congress's problem. "Enforcement works itself out over time," she said. The group fighting this moronic law is led by Jerome Bernstein of the Washington law firm of Bernstein, Bernstein and Knowles (the firm that first took Ollie North as a client). I couldn't get in touch with any of the co-sponsors of the bill (including Senator Ted Kennedy, if you can believe it!), but Bernstein was glad to talk. "These people have no clue about the Information Highway or what it does. The whole thing got started last Christmas during an antidrinking campaign in the Washington D.C., metro area," Bernstein said, "I'm convinced someone jokingly told Leahy's office about drunk driving on the Information High and the idea snowballed. These senators actually think there is a physical highway. Seriously, Senator Pat Moynihan asked me if you needed a driving permit to 'drive' a modem on the Information Highway! He has no clue what a modem is, and neither does the rest of Congress." According to Bernstein, the antisexual wording in the bill was attributed to Kennedy's office. "Kennedy thought that technology was leaving him behind, and he wanted to be perceived as more up-to-date technologically. He also though this would make amends for his alleged philandering." Unfortunately, the public is not much better informed than the Senate. The Gallup Organization, at the behest of Congress, is polling the public regarding intoxication while using a computer and online "hot chatting." The results are chilling. More than half of the public thinks that using a computer while intoxicated should be illegal! The results of the sexuality poll are not available. But one question, "Should a teenage boy be encouraged to pretend he is a girl while chatting with another person online?" has civil rights activists alarmed. According to Kevin Avril of the ACLU, "This activity doesn't even qualify as virtual cross-dressing. Who cares about this stuff? What are we going to do? Legislate an anti-boys-will-be-boys law? It sets a bad precedent." I could go on and on with quotes and complaints from people regarding this bill. But most of the complaints are getting nowhere. Pressure groups, such as one led by Baptist ministers from De Kalb County, Georgia, are supporting the law with such vehemence that they've managed to derail an effort by modem manufacturers (the biggest being Georgia-based Hayes) to lobby against the law. "Who wants to come out and support drunkenness and computer sex?" asked a congressman who requested anonymity. So, except for Bernstein, Bernstein, and Knowles, and a few members of the ACLU, there is nothing to stop this bill from becoming law. You can register your protests with your congressperson or Ms. Lirpa Sloof in the Senate Legislative Analysts Office. Her name spelled backward says it all. From mimir at illuminati.io.com Wed Apr 20 23:04:29 1994 From: mimir at illuminati.io.com (Al Billings) Date: Wed, 20 Apr 94 23:04:29 PDT Subject: FYI (fwd) In-Reply-To: Message-ID: On Thu, 21 Apr 1994, Robert A. Hayden wrote: > This was forwaded from Gaynet, I have removed the posters's name to > prevent outting someone what doesn't want to be. This whole thing is a farce. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Al Billings aka Grendel Grettisson | Internet: mimir at illuminati.io.com | | Nerd-Alberich - Lord of the Nerd-Alfar | Sysop of The Sacred Grove | | Admin for Troth, the Asatru E-mail List| (206)322-5450 | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From hayden at krypton.mankato.msus.edu Wed Apr 20 23:05:46 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Wed, 20 Apr 94 23:05:46 PDT Subject: FYI (fwd) In-Reply-To: Message-ID: On Thu, 21 Apr 1994, Al Billings wrote: > On Thu, 21 Apr 1994, Robert A. Hayden wrote: > > > This was forwaded from Gaynet, I have removed the posters's name to > > prevent outting someone what doesn't want to be. > This whole thing is a farce. ARGH! I feel so st00pid now. Somebody please thwap me with a wet carp. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From cknight at crl.com Wed Apr 20 23:48:09 1994 From: cknight at crl.com (Chris Knight) Date: Wed, 20 Apr 94 23:48:09 PDT Subject: FYI (fwd) In-Reply-To: Message-ID: On Thu, 21 Apr 1994, Robert A. Hayden wrote: > I feel so st00pid now. Somebody please thwap me with a wet carp. Sounds like you'd like it too much. -ck From jdwilson at gold.chem.hawaii.edu Wed Apr 20 23:56:08 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Wed, 20 Apr 94 23:56:08 PDT Subject: Sgt Russell In-Reply-To: <9404191357.AA07348@toad.com> Message-ID: SGT Harlow - count this as one member who does NOT object to your being on the list. In the islands there is a saying "e komo mai ka aloha" - come join us in friendship. -Jim -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQBNAi2Ig+EAAAECALImsR18LE9I6NKICf8TVhbV6yJgF95ynGHnWnNo1ERfdqzk Zl3Icl2N5klNM3KQ9zM3uN/z55smi2QOiD3hL80ABRO0L0phbWVzIEQuIFdpbHNv biA8amR3aWxzb25AZ29sZC5jaGVtLmhhd2FpaS5lZHU+ =JTj1 -----END PGP PUBLIC KEY BLOCK----- ................................ . == = = James D. Wilson. . " " " P. O. Box 15432............................. . " " /\ " Honolulu, HI 96830-5432......Fr. Excelsior........ . \" "/ \" jdwilson at gold.chem.hawaii.edu.FRC/FAM/AASR/GWB/OTO. ................................................................... From mg5n+eatbfrlhjx3svmfe46trtmbabi9mq5hq5u4ynner7al at andrew.cmu.edu Thu Apr 21 00:00:26 1994 From: mg5n+eatbfrlhjx3svmfe46trtmbabi9mq5hq5u4ynner7al at andrew.cmu.edu (Anonymous) Date: Thu, 21 Apr 94 00:00:26 PDT Subject: BEST Inc. Message-ID: > > Simple solution to this problem, especially if you have strong magnets > > around.... De-magnitize the card. > > > > If you are a ham operator, you can use the magnetic mount on the basis of > > your mobile antenna whip. If you're not, get a big magnet... > > Actually, there's a very elegant solution. Get an eel-skin > wallet which erases magnetic information. > Eel-skin wallets are made of two types of eels. Originally, they were made of a particular species, which was very expensive. Then someone decided to make cheap eel-skin billfolds. They used a different species. One which erases the magnetic strips. (at least it does on credit cards). I found this out much to my chagrin when I got a gift from someone. After I put my cards in the wallet, I found that when the card was swiped through the reader, it wouldn't register. It really P/O'd sales clerks and bar staff because they'd have to enter the card number and expiration manually to get an authorization code. Has this happened to anyone else? They'd just swipe, and swipe, and swipe . . . > > > > > > > ------------------------------------------------------------------------- > > Evidence, Inc. | The Internet Cops are watching, > > Evidence at Nowhere.Nil | aren't they? > > ------------------------------------------------------------------------- > > From lile at netcom.com Thu Apr 21 00:26:59 1994 From: lile at netcom.com (Lile Elam) Date: Thu, 21 Apr 94 00:26:59 PDT Subject: FYI (fwd) Message-ID: <199404210728.AAA02568@netcom13.netcom.com> This *must* be an aprils fool that arrived late!!! -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From mg5n+eatbfrlhjx3svmfe46trtmbabi9mq5hq5u4ynner7al at andrew.cmu.edu Thu Apr 21 01:03:55 1994 From: mg5n+eatbfrlhjx3svmfe46trtmbabi9mq5hq5u4ynner7al at andrew.cmu.edu (Anonymous) Date: Thu, 21 Apr 94 01:03:55 PDT Subject: Remailer Musings Message-ID: > This illustrates my point precisely. Look at the messages on this thread > over the past few days; questions about 'common carrier' status, legal > questions, etc reveal that there is, in practice, more to running a > 'full service remailer' than just setting up the software. > > Running multiple overseas remailers may complicate investigations and > legal action *for now*, but I can't help feeling that this is only a > temporary fix. [My opinion, ignore at will..] There's the rub. This is a case of "don't shoot the messanger". Yes, officer, I do keep a log of all messages. However, we do not have the quota to keep the records for an extended period of time. They are deleted on a daily basis. Yes, Sir I understand that it takes longer than 24 hours for you to obtain a warrant. Perhaps you can speak to the matter more directly with the judiciary to help expedite their requirements. You can count on my *complete* co-operation, however, you must understand that their are liability issues which must be addressed. We stand advised that we can not release any information without the appropriate paper work. I'm sure you understand that. ;-) 'Nuf said?? From pkm at maths.uq.oz.au Thu Apr 21 01:14:56 1994 From: pkm at maths.uq.oz.au (Peter Murphy) Date: Thu, 21 Apr 94 01:14:56 PDT Subject: Terra Libra (long) Message-ID: <9404210812.AA05165@axiom.maths.uq.oz.au> Wow. Correct me if I'm wrong, but has someone been resurrecting L. Ron Hubbard on the sly? Either that, or the scientologists have decided to reform under a different name? Naaw. The syntax is not appalling enough, and there isn't enough jargon. (However, that SUPERHEALTH word does make me suspicious... :-) Yes, Jim is right. It is a scam. After all, it tries to present itself as a transnational organization. Yet it seems to be full of references to "AMERICA", and contains such buzzwords as "Waco", "War on Drugs", "socialized health care", and the real give-away: "constitution". It was obviously written by an American, and is primarily directed towards Americans. O.K. Most of the cypherpunks are Americans, and are interested in such things as the constitution, and Clipper. I have never had a problem with that, and in fact find it very enlightening to hear about things from a slightly different perspective from Australia. Occa- sionally I've seen a silly phrase such as "all us Americans", but I've let it slide. So don't worry. I am not flaming you. But for some reason, that Terra Libra post really PISSED me off. It contained the arrogant preconception that everyone, everywhere, has the same amount of reverence for the U.S. constitution, and in fact, look to America as "the home of the free". Well, I've got news for those blokes. Try to peddle that Terra Libra crap to (say) an Australian (especially those in the right mind set to appreciate such "libertarian" ideal expresses inside), and they'll laugh in your face. They'll look at all the buzzwords, and then just turn around and say: "Nope." Of course, the Terra Libra dudes are probably not intending this for anyone but the U.S. Well, if they decide to expand across the Pacific, they need to do some serious rewriting. Anyway, I have to thank Jim Miller for bringing it to my attention. I did find it enlightening, although not for the reasons that Terra Libra intended...:-) ======================================================= | Peter Murphy. . Department of | | Mathematics - University of Queensland, Australia. | ------------------------------------------------------- | "What will you do? What will you do? When a hundred | | thousand Morriseys come rushing over the hill?" | | - Mr. Floppy. | ======================================================= P.S. I actually don't mind living with a "socialized" health care system. For some reason, no one I know seems to mind either. But then, when some one else suggests that the U.S. health care system (pre-92) is a good idea, everyone looks at him as if he's gone mad. Cultural Differences...:-) From jdwilson at gold.chem.hawaii.edu Thu Apr 21 01:25:30 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Thu, 21 Apr 94 01:25:30 PDT Subject: re; intolerance on the list In-Reply-To: <199404192118.OAA24741@well.sf.ca.us> Message-ID: And you should have seen the daily phone bill - they used commercial long distance for the link... On Tue, 19 Apr 1994, Brian D Williams wrote: > Date: Tue, 19 Apr 1994 14:18:29 -0700 > From: Brian D Williams > To: cypherpunks at toad.com > Subject: re; intolerance on the list > > > -----BEGIN PGP SIGNED MESSAGE----- > > Well, now that the issue of Marines on the list is settled, > perhaps the good SGT could share some non classified knowledge of > the USMC's extensive use of Banyan Vines. > > For those who didn't know, during Desert storm every Marine tank > was a Banyan server, the self healing nature of this network proved > very effective, in fact "Stormin Norman" gave it credit as one of > the three key assets we had. > > Brian Williams > Extropian > Cypherpatriot > Ex-Marine > Current NRA/ILA > and other nasty stuff > > > "Cryptocosmology: Sufficently advanced comunication is > indistinguishable from noise." --Steve Witham > > "Have you ever had your phones tapped by the government? YOU WILL > and the company that'll bring it to you.... AT&T" --James Speth > > "When the going gets weird, the weird turn pro" - Dr Hunter S > Thompson > > -----BEGIN PGP SIGNATURE----- > Version: 2.3a > > iQCVAgUBLbRJztCcBnAsu2t1AQGAEAQAg9z4ddgWqHz6EWQjCGj6dA8o6gFV3YVp > q7UhK6EFzqYhhaIxXoI0z/Bvhdw+r4ZRYySXC4y0tcAYFns5mbj1Z3SB5BAytN4l > FySoWWjylIRYShwLBO8pmbxF1m/SqZJWkAn9bu17uLAHSlJHxZxbhhqi1q1HtOnW > ZFoaWBjs8nU= > =Viyp > -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQBNAi2Ig+EAAAECALImsR18LE9I6NKICf8TVhbV6yJgF95ynGHnWnNo1ERfdqzk Zl3Icl2N5klNM3KQ9zM3uN/z55smi2QOiD3hL80ABRO0L0phbWVzIEQuIFdpbHNv biA8amR3aWxzb25AZ29sZC5jaGVtLmhhd2FpaS5lZHU+ =JTj1 -----END PGP PUBLIC KEY BLOCK----- ................................ . == = = James D. Wilson. . " " " P. O. Box 15432............................. . " " /\ " Honolulu, HI 96830-5432......Fr. Excelsior........ . \" "/ \" jdwilson at gold.chem.hawaii.edu.FRC/FAM/AASR/GWB/OTO. ................................................................... From ebrandt at jarthur.cs.hmc.edu Thu Apr 21 01:42:07 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Thu, 21 Apr 94 01:42:07 PDT Subject: BEST Inc. In-Reply-To: Message-ID: <9404210842.AA20690@toad.com> > Then someone decided to make cheap eel-skin billfolds. They used > a different species. One which erases the magnetic strips. Is this a troll? Eli ebrandt at hmc.edu From eagle at deeptht.armory.com Thu Apr 21 01:46:03 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Thu, 21 Apr 94 01:46:03 PDT Subject: EFF & PGP Message-ID: <9404210145.aa28482@deeptht.armory.com> -----BEGIN PGP SIGNED MESSAGE----- You're a little slow, Sparky. I had the sig! on my public key a couple of days before it hit the net. One may ftp it, or simply email pgpkey at eff.org- It's for sensitive messages and comes with a request that it not be used trivially. It's been out for a few weeks now. I used it 5 April to encrypt my Fed Reserve report to the office. With Dan Brown for a SysOp and average loads tantilizingly low on eff.org, why do they need the hassle of signing their messages? Site security is a site responsibility. The Hoax came out of an anonymous remailer, not an eff.org forgery. The Hoax enjoyed a brief resurgence on the net a week ago and was pandemically debunked as soon as it showed up. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbY80V/ScHuGXWgVAQE8DgP/arMGt9VXmowCaQTTLRIwbGiJxwxItJnB ebvvlf0BRYasBQ8KT3iwFngfLFELTW5lHujTJsB2LUlDz87eNX1Gsb7DVJ8V0owi Px76mCIvM5gEJoPMTNTb2XttZ01K7Hiq9JIJNPmuCUokBpywae+xPklAK91DVNmk OSfIt/QdiOA= =5Rwu -----END PGP SIGNATURE----- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From anonymous at extropia.wimsey.com Thu Apr 21 02:39:41 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Thu, 21 Apr 94 02:39:41 PDT Subject: Privacy in the Projects Message-ID: <199404210806.AA01341@xtropia> ********************************************** yo,... check it out. here in the projects--we want privacy too... know what i'm sayin'? and 'punks, keep up the good work with that PCP [Pretty Cool Privacy]. and sarge, be cool, there's a lot of good brothers in the service--Semper Fi! when the infobahn gets here to the projects, we'll be waitin'... -O.G. ********************************************** L.A. Times 4/19/94 B1 Security Plan Draws Fire by Edward J. Boyer Safety: Public housing residents pan the proposal for metal detectors and gun searches at L.A. projects. President ClintonUs call for tougher security in public housing projects, including metal detectors and random searches, was generally rejected Monday by residents at the Nickerson Gardens project in Watts. "We should not have any more sets of rules than the public at large just because we live in public housing," said Nora King, a past president of the project's Residents Advisory Council. Clinton made his call Saturday in an effort to rid gang-infested housing projects of guns after a federal judge in Chicago blocked authorities from conducting sweeps for weapons. The judge ruled that the sweeps violated constitutional protections against unreasonable searches and seizures. Public housing residents in Chicago requested the sweeps because they are "nearly desperate with conditions as they are," said Housing and Urban Development Secretary Henry G. Cisneros. But Los Angeles is not Chicago with its high-rise public housing, residents at Nickerson Gardens said. "People get robbed and raped in those elevators," King said. "From what I've seen, Los Angeles has it far better than people in Chicago." Metal detectors might make sense in Chicago, but there are no elevators and no common entry areas in the 1,066-unit Nickerson Gardens, the city's largest public housing project, residents said. "Where would they put metal detectors here?" asked Larry Moore, 25, who has lived in the projects all his life. "At everyone's front door?" Along with suggesting metal detectors, Cisneros said housing officials can retake their projects from gangs and drug dealers by erecting fences around the complexes, by conducting weapons searches in common areas such as on the grounds and in stairwells, and by urging tenants to sign consent forms permitting police searches. The get-tough policies "are targeted to Chicago, but the same approach will be available to other communities," Cisneros said Saturday. A Chicago police officer visiting Locke High School in Watts on Monday as part of an anti-gang rap music show said he is opposed to weapons sweeps at housing projects in his city. "Why sweep the buildings, when we should be sweeping the public schools, the entire neighborhoods," said Officer Eric Davis, 32, who is touring several cities with two other Chicago officers. The trio's rap group is called the Slick Boys. "We can chase guns out for one week," said Davis, who patrols Chicago's Cabrini Green public housing project. "But what about when the searches stop? We want to figure out how to give people self- esteem--give them a future." Weapons searches at Nickerson Gardens are not necessary, said Delaina Carr, a 15-year resident, "because people have a right to privacy." Security guards at night would be more helpful, she said. A RAND study released last year showed that the crime rate in Los Angeles public housing projects was three times as high as the citywide average from 1986 to 1989. But by the time the study was released, a reduction in violent incidents had begun, housing officials said. Gang violence, drugs and burglaries are still a concern, Carr said, but "it is quieter here since the gang truce a year and a half ago. You still hear gunshots, but you don't feel like a prisoner in your own unit." Fences, as suggested by Cisneros, might help control some crimes-- especially those committed by people who do not live in the project, Carr said. "They would improve security," she said. "People couldn't run from police who could catch them easier before they could climb a fence." King said a survey of residents several years ago showed that the majority were opposed to fencing in the project's 68.8 acres. But that attitude seemed to soften later, she said, and some residents now would support an architecturally attractive fence. Moore gave a qualified endorsement to weapons searches, saying: They could be cool. But they could lead to a lot of harassment." He said he is skeptical about any proposal to search people who look suspicious. "I've seen criminals in three-piece suits," he said. For one woman standing in her doorway, allowing searches is a moot question. "They do it now, anyway, don't they?" she asked. One man who has lived at Nickerson Gardens for 31 years said he would support bringing in more police, but only if the new officers "know what's going on here." "Train some of the residents to be police," said the man, who asked to remain anonymous. "We don't need police who've been watching too much television news." King supports hiring people who live in the community, and she is convinced that such officers would respond more quickly to calls. "It takes hours for the Housing Authority police to respond--if they come at all," she said. "If you're not white, you don't get that quick response." ********************************************** later. From mg5n+eatbfrlhjx3svmfe46trtmbabi9mq5hq5u4ynner7al at andrew.cmu.edu Thu Apr 21 03:02:19 1994 From: mg5n+eatbfrlhjx3svmfe46trtmbabi9mq5hq5u4ynner7al at andrew.cmu.edu (Anonymous) Date: Thu, 21 Apr 94 03:02:19 PDT Subject: BEST Inc. Message-ID: > > Then someone decided to make cheap eel-skin billfolds. They used > > a different species. One which erases the magnetic strips. > > Is this a troll? > > Eli ebrandt at hmc.edu > Nope, for the life of me, I couldn't figure what was going on. Then it was covered on one of those pseudo-news shows. The non-erasing wallets used to be very expensive. These are the real cheapos. If my failing memory recalls correctly, the eels are from the Philippines. Strange but true. :-) From mg5n+eax0596uwy9pwww8q1bgw8db1bj6t6xeu3y5onxr8mk at andrew.cmu.edu Thu Apr 21 03:22:42 1994 From: mg5n+eax0596uwy9pwww8q1bgw8db1bj6t6xeu3y5onxr8mk at andrew.cmu.edu (Anonymous) Date: Thu, 21 Apr 94 03:22:42 PDT Subject: BEST Inc. Anonymous Message-ID: > > > > Actually, there's a very elegant solution. Get an eel-skin > > wallet which erases magnetic information. > > > Eel-skin wallets are made of two types of eels. Originally, they > were made of a particular species, which was very expensive. > Then someone decided to make cheap eel-skin billfolds. They used > a different species. One which erases the magnetic strips. (at > least it does on credit cards). I found this out much to my > > Has this happened to anyone else? Yes - check the back issues of comp.risks. It isn't the eel skin but the magnetic catch on the wallet that trashes your cards. > Ian Turton - School of Geography, Leeds University 0532 -333309 From perry at snark.imsi.com Thu Apr 21 04:29:59 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 21 Apr 94 04:29:59 PDT Subject: BlackNet here now? In-Reply-To: <9404210359.AA16681@toad.com> Message-ID: <9404211129.AA09807@snark.imsi.com> "Gary Jeffers" says: [Some stuff about software pirates and system crackers on IRC] Myself, I'm not very fond of either group -- they can find out about PGP and the rest on their own as far as I'm concerned. Just because I think people have a right to privacy and to use encryption doesn't mean I'll necessarily deliberately seek out unsavory groups to evangelize to. I'll be happy when everyone, whether they are doing anything they feel is sensitive or not, especially if they are breaking no laws, uses encryption. Perry From perry at snark.imsi.com Thu Apr 21 04:37:48 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 21 Apr 94 04:37:48 PDT Subject: Terra Libra (long) In-Reply-To: <9404210536.AA00832@bilbo.suite.com> Message-ID: <9404211137.AA09818@snark.imsi.com> For reference, Frederick Mann is an alias of an individual I've heard rumored to be floating around in libertarian circles and living off of others (usually thanks to their stupidity, but sometimes by fraud) for some time. Based on past information, I would personally doubt anything he has his hands in is clean. Perry Jim Miller says: > > > Well, it's been a couple of days since I asked if anyone knew > anything about Terra Libra. Nobody has spoken up. > > Since, on the surface, Terra Libra sounds like it would be > interesting to many on this list, I'm posting a condensed version of > the flyer I received in the mail. I am not affiliated with Terra > Libra in any way. Actually, I wonder it is really just a money > making scam. > > Here goes... > From vkisosza at acs.ucalgary.ca Thu Apr 21 04:48:04 1994 From: vkisosza at acs.ucalgary.ca (Istvan Oszaraz von Keszi) Date: Thu, 21 Apr 94 04:48:04 PDT Subject: Dirty Laundry... In-Reply-To: <199404182020.AA04865@access3.digex.net> Message-ID: <9404211150.AA57749@acs5.acs.ucalgary.ca> > Oh, I wanted to point out one other fact about swapping tickets: It's > illegal. But it is not clear that it is illegal to just place bets > on both sides of the market. Yes, it is prohibitted to be both long and short the same contract at the same time. It creates a false open-interest position. (i.e. It presents an illusion to the market that a position is open when in point of fact it is a "scam" transaction, it is misleading to participants in the marketplace.) As to the idea of swapping tickets, it ignores normal audit procedure. Trading procedure is as follows: (With thanks to Bruce M. Collins, V.P. Equity Arbitrage Group, Index Products Research, Shearson Lehman Hutton Inc. and James A. Schmidt, V.P. Equity Arbitrage Group, Shearson Lehman Hutton Inc.) A customer decides to hedge a position. The trader phones directly to the floor of the appropriate exchange and places the order with a floor broker. The floor broker executes the order on the floor, and phones a report back to the trader, where the order ticket is written and the customer account number is reported to the floor. The wire operator books the trade to the customer's account and sends a hard copy confirm to the firm's branch where the customer is located. On a nightly basis, the operation area of the brokerage firm will match all trade tickets to the hard copy confirms to verify the contract. The buy/sell, price, quantity, account number, open/close will all be checked for accuracy and commissions calculated for each ticket. In addition, operations will send details of the all the trades to the Clearing Corporation which then matches buy and sell orders across brokerage house inventories, and in the event of discrepancies adjusts contracts and dollars where necessary. Prior to sending the customer a confirm, a trading desk clerk will match trade tickets and reports with the hard copy customer confirms to verify the account. On properly matched trades the confirm is sent to the customer. If a correction is necessary, the clerk will adjust the trade and again verify all trade information on the confirms the next morning. Finally, the firm's margin department will settle all contracts. A check is issued on a sell to the customer, or on a buy the customer will deliver an escrow receipt from his bank. In addition, the margin department will assign operating requirements for any opening short positions and issue and margin call that may be necessary for new or existing positions. (This is performed on a nightly basis.) So, in short, yes a broker can swap tickets, however it does leave a full audit trail. Swapped tickets provide no anonymity. In this regard, the problem is the same as that of remailers. There are additional issues as well, money laundering usually involves laundering cash. Firms will not routinely accept cash deposits for margin. Funds must be on deposit, and freely available in order for the firm to settle it's daily accounts. From ecarp at netcom.com Thu Apr 21 04:59:04 1994 From: ecarp at netcom.com (Ed Carp) Date: Thu, 21 Apr 94 04:59:04 PDT Subject: FYI (fwd) In-Reply-To: Message-ID: <199404211158.EAA25406@mail.netcom.com> > On Thu, 21 Apr 1994, Al Billings wrote: > > > On Thu, 21 Apr 1994, Robert A. Hayden wrote: > > > > > This was forwaded from Gaynet, I have removed the posters's name to > > > prevent outting someone what doesn't want to be. > > This whole thing is a farce. > > ARGH! > > I feel so st00pid now. Somebody please thwap me with a wet carp. Um, I just got out of the shower - does that count? ;) -- Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From vkisosza at acs.ucalgary.ca Thu Apr 21 05:13:30 1994 From: vkisosza at acs.ucalgary.ca (Istvan Oszaraz von Keszi) Date: Thu, 21 Apr 94 05:13:30 PDT Subject: Financial Markets Message-ID: <9404211215.AA71287@acs5.acs.ucalgary.ca> I thought I'd follow up on the Dirty Laundry Posts: One matter must always be considered. The market is influenced by an infinite number of variables. There is no magic formula, no perfect multiple regression that will unfailingly predict the market's direction. The guy with the fool proof black box does not last, or you would have read about him by now. Although no one has discovered El Dorado, certain people do emerge as consistent winners in the stock market or futures. They are outnumbered by losers. Fifty years ago, those consistent winners may have been the people who had the most access to inside information. There is virtually no inside information today that will dramtically move the market as a whole. Yet there are still consistent winners in the markets. Can market feel really help if stock prices do indeed take a random walk? Consider a migrating goose. It may appear to be on some sort of random flight, but an ornithologist who has studied the behaviour of geese in similar circumstances might feel comfortable makinf certain predictions about a particular bird. If it's October, that goose is flying south even if it temporarily changes direction for no apparent reason. Maybe it tends to fly at between 1,200 and 1,800 feet. It usually follows a leader. The more you study the more you know. Even the experts won't know where the thing will land. But to them its flight odes not appear quite so random. So what is this mysterious market feel? Developing a sense of how the market has reacted to similar circumstances. Assessing what is different about this situation. Talking to eople because they may have thought of something you overlooked. Assimilating new information quickly. Adhering to rules to keep losses small enough to minimize the amount netted out from the gains. Playing the percentages. Maybe a facility for numbers. Maybe a dash of luck. Perhaps ten years of experience, rather than one year of experience repeated ten times over. I'd be happy to continue discussions with interested parties since I have copious amounts of spare time. Right now though, it's write code time. Reagards, Istvan From m5 at vail.tivoli.com Thu Apr 21 05:38:24 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Thu, 21 Apr 94 05:38:24 PDT Subject: BEST Inc. In-Reply-To: Message-ID: <9404211238.AA06602@vail.tivoli.com> Anonymous writes: > Then someone decided to make cheap eel-skin billfolds. They used > a different species. One which erases the magnetic strips. (at > least it does on credit cards). I wonder if the day will come when new parents will carry their neonates home with both a birth certificate and a copy of the urban legends FAQ in hand. (Then again, I've heard rumors that some people on Blacknet have discussed other applications of eelskin that are far more sinister.) -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From nobody at jarthur.cs.hmc.edu Thu Apr 21 05:56:39 1994 From: nobody at jarthur.cs.hmc.edu (nobody at jarthur.cs.hmc.edu) Date: Thu, 21 Apr 94 05:56:39 PDT Subject: What the heck is this? Optical noise encrpytion? Message-ID: <9404211256.AA23838@toad.com> Bill Stewart commented thus: > Yeah. On the other hand, chaotic stuff like Mandelbrot and Julia sets > are good for generating lots of pretty pictures to hide steganography > under, as long as you leave out the coordinates you're generating from. This reminded me that I've never seen this announcement posted on cypherpunks, it was posted to various Usenet groups a while back. I have yet to try running gifextract on any of the images in alt.binaries.pictures.fractals.... :-) ----- Begin Included Message Newsgroups: sci.crypt,alt.security.pgp From: qwerty at netcom.com (-=Xenon=-) Subject: New Steganograph Available Organization: PGP Info Clearinghouse. Date: Sun, 13 Mar 1994 04:50:27 GMT -----BEGIN PGP SIGNED MESSAGE----- Henry Hastur's latest. This thing generates fractals, hiding a PGP or Stealth PGP message in them as well. I have put it up for ftp at ftp.netcom.com in /pub/qwerty, as MandelSteg1.0.tar.Z. Also there, is a "Steganography.software.list", and other steganographic software. -=Xenon=- P.S. I will forward mail to "Henry" if you would like to contact him. -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLYJUWgSzG6zrQn1RAQEL0AQAutxwMCxCS09qdZFGxuO9+9kqUkigm2Jk 0ng+uZkAPuh9J8TNOg+xSaqoil2+AOYyQmUB1w/5HablUL22BffvX9omfkkAWFYR gPRBIC1Dr56SP/PmZnLTQxjjUm5HfHupZHJCGs268uffizufi6Rzahp9y0iJ0YGf JH/cGCpQqEQ= =pA25 -----END PGP SIGNATURE----- MandelSteg V1.0 and GIFExtract V1.0 ----------------------------------- These two programs allow you to hide confidential data in fractal GIF images, giving an increased level of security compared to sending PGP-encrypted email over the Internet. MandelSteg will create a Mandelbrot image (though it could easily be modified to produce other fractals), storing your data in the specified bit of the image pixels, after which GIFExtract can be used by the recipient to extract that bit-plane of the image. MandelSteg is not intended to replace the standardised methods of using encryption (e.g. ASCII-armoured PGP email) ; in an ideal world we would all be able to send openly encrypted mail or files to each other with no fear of reprisals, however there are often cases when this is not possible, either because the local government does not approve of encrypted communication, or perhaps because you are working for a company that does not allow encrypted email but doesn't care about Mandelbrot GIFs. This is where steganography can come into play. You will probably find that you also need to get hold of a copy of an interactive Mandelbrot viewer in order to determine suitable coordinates to use for images. There are numerous such viewers available on the Internet and BBS systems (e.g. xmandel). MandelSteg - 'Mandelbrot Steganography' --------------------------------------- MandelSteg has numerous modes of operation, depending on the level of security you desire. With no command line options specified it will simply generate a 640x480 GIF of the default section of the set, and send it to stdout. With the -c option it will calculate how many bytes can be stored in the image and with -e will take the data fed to stdin and hide it in the image (specify a file name after the -e to write it to a file), and pad out the data with random bytes if neccesary if -r was specified. For the lowest security level, the data will simply be stored in the specified bit of each pixel, and a 128-color palette created such that the pixel looks the same regardless of whether there is data stored in it or not. This will be sufficient to survive a cursory examination, but will be obvious to anyone versed in the arts of steganography - in particular replacing the supplied palette for the image with another will show up the data bits hidden in areas of solid color. To avoid this problem, you should specify the -ns flag, which will only store data in areas of non-solid color (note that this can greatly decrease the amount of data that you can store in the image). Another indication of a steg-ed image is the duplicated 128-color palette, which can be replaced with a 256-color palette with the -fp flag. Obviously if you specify -fp and don't specify -ns, you will produce a readily apparent steg-ed image. If you don't have enough space for your data in the image, you can simply increase the size of the image by using the -sz flag, followed by the width and height in pixels. Alternatively, you can select a different area of the mandelbrot set by using -md followed by the start x, start y, width and height, specified with floating-point values. Finally, you can specify the bit to store the data in using -b followed by the bit number, otherwise the program defaults to bit seven. Bit seven gives the best performance, but bit zero should give the most security. You can also specify that a number of bytes in the image should be missed out before the encrypted data with the -bp option, followed by the number of bytes to miss out. If the -r option is specified, then random data will be placed in these bytes, and also appended to the input data to completely fill the specified bitplane. Compilation: ------------ On a BSD unix system you should be able to simply extract the source and run make to generate the executables. On a System V version of Unix you will need to edit the makefile to use one of the 'CFLAGS = ... -DSYSV ...' lines instead of the default. If you have plenty of memory, you can undefine LOW_MEM, which will improve performance slightly. On an MS-DOS machine with the Microsoft C compiler, simply execute COMP.BAT. This batch file will compile and link the source to build the executables. Sorry, but I was too lazy to create a proper DOS makefile ! Examples of use: ---------------- [ Note : Due to file system limits, on MS-DOS the executable names are mandsteg and gifextr rather than mandelsteg and gifextract. Also note that unless you have an 80x87 coprocessor or are running on a 486DX+ processor, mandsteg will run VERY slowly due to the number of floating point operations required ! ] Store file in 640x480 mandel.gif : mandelsteg -e mandel.gif < file.dat Store file in 400x400 mandel.gif, using non-standard co-ordinates : mandelsteg -sz 400 400 -md -0.5505 -0.5505 0.0001 0.0001 -e mandel.gif < file.dat Encrypt file with PGP, strip headers with stealth, and store in bit 0 of mandel.gif with non-standard coordinates, using 256-color palette and not storing in solid colors, with 23 byte random prefix : pgp -ef < secrets.dat | stealth | mandelsteg -sz 400 400 -md -1.0 -1.0 2.0 2.0 -b 0 -ns -fp -bp 23 -r -e mandel.gif Test non-standard coordinates for available space : mandelsteg -ns -sz 400 400 -md -0.5505 -0.5505 0.0001 0.0001 -c > /dev/null Generate image containing random data to annoy cryptanalysts : mandelsteg -fp -r -ns -e annoying.gif < /dev/null Error messages: --------------- The only likely error messages will indicate either invalid commands, or that the input data has been truncated (i.e. not all the data that was piped into the program could be stored in the GIF file). In the latter case, you should create a larger file to store the data. Security: --------- Well, frankly, it's not that secure, even with -ns -fp -b ? -bp ? specified on the command line. There are several main reasons : 1. In essence, mandelsteg can be regarded as a one-time pad cipher using the mandelbrot image as the pad. As a result, the 'key' to this cipher would be the coordinates and size of the area you've generated, as with that data the cryptanalyst would be able to generate the 'real' image and compare it to the steg-ed image to find the data. Two important things to realise here as a result are that a) you should *never* use the default coordinates for secret data, and b) you should never use the same coordinates twice. 2. Obviously, any cryptanalyst out there can just run 'gifextract' on the image, and your data will come out ! It may take sixteen or more attempts using the different bit values, -bp values and -ns options, but it will extract a valid copy of the data. And if the data has a PGP header or something, well, they've got you. This can be hindered by either using 'Stealth' to produce headerless data, or by generating large numbers of images containing random data to provide a cover for the real data. 3. Typically, a mandelbrot image consists of about 55 % of one bits and 45 % of zero bits. If you have replaced this with a PGP-encrypted messge, these frequencies will be more like 50% each. If you use an image much larger than neccesary, and a large -bp value, this will be somewhat disguised. 4. The standard random() function is used to generate random padding, and the distribution of bits in the output wil therefore probably be different to that expected for encrypted data. If you are attempting to get data past a serious adversary, you should replace this with a cryptographically strong random number generator such as the idea_rand() function used in PGP. In most cases, none of these should be a real problem, as MandelSteg is not intended to provide foolproof security against cryptanalysis, but primarily to prevent cryptanalysis by disguising the fact that you are sending encrypted messages at all. In addition, YOU SHOULD ALWAYS VIEW THE IMAGE BEFORE SENDING IN CASE YOUR CHOICE OF PARAMETERS HAS PRODUCED UNEXPECTED ARTIFACTS IN THE OUTPUT IMAGE !!!!!!!! Excuse the shouting, but ths is important... 8-). I haven't seen any strange results yet produced by the algorithm, but you only need to accidentally miss out a command line parameter once and your use of steganography will be obvious to anyone examining the image. GIFExtract ---------- GIFExtract is a very simple program, which simply extracts the specified bitplane from an image and sends the data to stdout. The program defaults to extracting bit 7 of each pixel, but the bit can be specified with the -b command line option, with -ns it will only extract data from non-solid areas, -bp can be used to ignore the first specified number of bytes extracted, and -a to analyse the distribution of zero and one bits in the image. Examples of use --------------- Extract bit-plane 4 from foo.gif into secrets.pgp : gifextract -b 4 foo.gif > secrets.pgp or gifextract -b 4 < foo.gif > secrets.pgp Analyse bit plane 1 of foo.gif for one bit and zero bit frequencies prior to using it for steganography : gifextract -a -b 1 foo.gif Extract the secrets.dat file that was used in the mandelsteg example above, if your PGP key id is 23ffff : gifextract -b 0 -bp 23 -ns mandel.gif | stealth -a 0x23ffff | pgp -f > secrets.dat Error messages -------------- The only likely error messages will be due to either failure to allocate the required memory for GIF decompression, or failure to open the input file. DISTRIBUTION NOTES ------------------ Either of these programs can be freely distributed, however you must take into account any prevailing cryptography import and export regulations in international transfers. This program was written outside the US, and as such copies should be available from European ftp sites as well. Henry Hastur ----- End Included Message From vkisosza at acs.ucalgary.ca Thu Apr 21 06:49:11 1994 From: vkisosza at acs.ucalgary.ca (Istvan Steve Oszaraz von Keszi) Date: Thu, 21 Apr 94 06:49:11 PDT Subject: Money Laundering through Options market. In-Reply-To: <199404190332.AA17210@eris.cs.umb.edu> Message-ID: On Mon, 18 Apr 1994, Alexander Chislenko wrote: > Of course, transactions in related areas, shifted contract positions, > etc. will be harder to track than directly balanced transactions, but > somehow I doubt that existing schemes, if any, are that obscure. Of course the keys are the use of European exercise options rather than American. Recall that the payoff pattern for an option can be written succinctly as Max (S-X,0) where the market price of the underlying asset is (S) and the exercise price is (X). This expression of intrinsic value says that an option is worth whichever is greater, the asset price minus the exercise price or zero. The most important pricing relationship derived from arbitrage is known as "put-call parity." If S is the price of the underlying asset, C is the price of a euro-call with an exercise of X and P is the price of a Euro -put with the same strike price X and expiration date as the call then: Put-Call Parity: C - P = S - PV(X) The call price minus the put price must equal the current price of the underlying asset minus the present value of the strike price, discounted back from the expiration date. At option expiration, while we won't have any knowledge of what prices will be at that time, we do know that if it is above X the call will be in the money and the put will be out of the money. The reverse will be true if the price is below X. Since the two portfolios will have the same values at expiration, if they didn't cost the same amount at the beginning there would be an arbitrage. Investors buy the cheaper portfolio and sell the more costly one, and keep the balance as a riskless profit. At expiration portfolio proceeds from the bought portfolio would offset the one they were short. This trade would continue in unlimited volume, so the situation cannot be an equilibrium. The only stable possibility is that the two portfolios must cost the same which proves that C - P = S - PV(X). Options as such provide a strategy for producing "synthetic" securities out of such combinations. The put-call parity relation shows how buying a call and writing a put produces the same pattern as buying the underlying asset and financing the part of the purchase with borrowing. These synthetics can then be the basis of derivatives. However, normal caveats apply. Cost elements must be taken into account. One is commissions and "market impact" costs. In an actual trading strategy, it is necessary to deduct the transaction costs getting into the position at the beginning and unwinding it at the end. These involve commissions on all the securities traded plus impact costs due to the fact that securities have to be purchased at the market's ask price and sold at the bid price, and a large transaction may also cause those prices to move unfavourably. These costs are inversely related. Large transactions carry lower commissions while they tend to have greater market impact cost. Other factors are taxation, and tax treatment which will depend on numerous factors. Tax treatment is very complex. In order to minimize to minimize bandwidth, I will ignore that enormous detail. > > Also, there are not that many commodities/currencies/... with markets > large enough to execute $1M+ contracts like that at a time. Actually, there is no cap on the size of contracts which can be executed. Minimum transaction size on the interbank market is $1m USD > I'd expect people to use major markets in several transactions not large > enough to attract attention of market analysts. Perhaps, this is the general misconception. It is the small transactions, relatively speaking, which attract analytical attention. The larger transactions are generally ignored since there is no overseeing authority. The recent 'problems'/successes reported widely by the popular media are red herrings. The market breadth is over $200 billion hourly, 24 hours a day, seven days per week. (Recall that, that is close to the entire annual US deficit.) > With access to the transactions database, one could more or less > easily compile a list of traders engaged in such activities and amounts > of money transferred. I guess, that depends on the definition of 'easily'. There is no centralized transactions database, as there is no centralized clearing. Some clearing is done on BIS in Basel, but only on a net basis. So if someone maintains a balanced book they clear 0. > > I believe that this way of money laundering is well within understanding > of at least some people. The ways of catching them are, probably, too hard > for the corresponding agencies, at least organizationally. True, it requires transnational jurisdictional support. And since regulations are usually sovereign, . . . well, it's a nightmare. Take for example the SEC requesting documents from a market participant. The risk is that the participant complies and dumps ten moving vans full of hardcopy documentation on the desk of the regulator, all unindexed. > P.S. I read Hillary Clinton turned $1K into $100K in cattle futures > market. Isn't that amazing? My maze ment is unbounded. > > P.P.S. I'll bet $10K against $1 that you can't donate *me* $50K like this. > Any takers? > That's a bet ;-) > -------------------------------------------------------------------------- > Disclaimer: The above text is pure speculation. > I would never do anything mentioned there. > I take it the check is in the mail?? From anonymous at extropia.wimsey.com Thu Apr 21 06:53:09 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Thu, 21 Apr 94 06:53:09 PDT Subject: telco Message-ID: <199404211338.AA03007@xtropia> -----BEGIN PGP SIGNED MESSAGE----- > I received annoying phone calls for a period of time, and the local phone > company (US West) said they'd only get involved once I had an "incident > number" (or some such) from the police department, and that information > gathered would only be released to the police. I suppose if I actually > filed a civil suit against the harassing party (even as a John Doe?) I > could then use the discovery process to compel them to release their > relevant records - but that's not really the scenario that Brad and > 'kitten' seem to imagine. In the days when telcos used the SXS switching system, there was significant cost in tracing a call - each channel had to be physically seized and held - but now it's just a matter of pulling a tape or punching up the info on a console. Nevertheless, there are legal obligations of confidentiality. Interestingly, the police generally have no problem seizing toll information on a subscriber, once the warrant is obtained, because the subscriber needn't be informed - only the telco, which has a vested interest in keeping the subscriber unaware that his considentiality was violated. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCdAgUBLbVtMRL41rmHzZFFAQGAYwQ7BD+WytKPhNAXXhWRAFeYlSz+TJzGP58T YB56S+ktajebyJEc4GH0n8beevGSjv9Q6JGWkxifLITKy05eL9RXs8bC5ScTjJQL JhDB1DTPAVp5Y5NNGIX1bpMPLdBe2KiRnOzlL/jcUkUFu4dUQ1fPXQ9NC3JFrqC0 ZLeuEcJRKM2hIlYZ0KraUg== =VaUh -----END PGP SIGNATURE----- From anonymous at extropia.wimsey.com Thu Apr 21 06:53:11 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Thu, 21 Apr 94 06:53:11 PDT Subject: Graynet Message-ID: <199404211338.AA03028@xtropia> -----BEGIN PGP SIGNED MESSAGE----- >Do _not_ mess with those BlackNet folks. You'll wind up face-down Sounds like something the Nigerians would try. Nevertheless, I think there would be some value to a GrayNet. There's a difference between intelligence gathering and analysis on the one hand, and espionage on the other. Several businesses in the "competitive intelligence" arena operate quite openly. And of course, the major players like to work through proxies. A GrayNet would have the advantage of establishing the true value of closely-held information. Programming is turning into an "electronic sweat-shop" these days -- here's a chance to turn the situation around. Employers will not be able to afford to treat programmers as expendable, if by releasing them, they empower their competitors. The immediate problem is to find a data haven where the information will be secure from seizure. Info workers of the world unite! Your craniums are your capital! -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCcAgUBLbUDoBL41rmHzZFFAQFvygQ43pXqAMWiGjzsutE8NDKnYXTiN+Z+o8KQ alsXwpRJBKy7KdnwJhE22CJIJqR91a8dXI1CvHdAFRPkbSWkqZJDTuAsanhqd8X6 OsyHwEP3kdWIeBgZht4GTy5kD8rkUIHCewxN7ocsRKg5wAn2MDk5yHqZN69+YNKh 7uCODChhUBxfHgGo5jk2 =uC+4 -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCVAi0lVxMAAAEEPAv9PwNYtn9nH/L72vqMC9b7qY9AMRY28u0PsCg/fqMpfXpG r5R3ceMOw9uQ4FBhk/BIeYXuSsv2Fn08Ft5zelEa+WJUyYy+68D04uqbmn8CBoHO d9Wkh3Am utev31NV/18jRSG6kgxXGF3VVmES2aMj+BfMfW3XLWdkfeE5W6rEvjW uYfNkUUAB0O0CWFyZ29uIDxAPg== =fJR3 -----END PGP PUBLIC KEY BLOCK----- From anonymous at extropia.wimsey.com Thu Apr 21 06:53:14 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Thu, 21 Apr 94 06:53:14 PDT Subject: Graynet Message-ID: <199404211338.AA03020@xtropia> -----BEGIN PGP SIGNED MESSAGE----- >Do _not_ mess with those BlackNet folks. You'll wind up face-down Sounds like something the Nigerians would try. Nevertheless, I think there would be some value to a GrayNet. There's a difference between intelligence gathering and analysis on the one hand, and espionage on the other. Several businesses in the "competitive intelligence" arena operate quite openly. And of course, the major players like to work through proxies. A GrayNet would have the advantage of establishing the true value of closely-held information. Programming is turning into an "electronic sweat-shop" these days -- here's a chance to turn the situation around. Employers will not be able to afford to treat programmers as expendable, if by releasing them, they empower their competitors. The immediate problem is to find a data haven where the information will be secure from seizure. Info workers of the world unite! Your craniums are your capital! -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCcAgUBLbUDoBL41rmHzZFFAQFvygQ43pXqAMWiGjzsutE8NDKnYXTiN+Z+o8KQ alsXwpRJBKy7KdnwJhE22CJIJqR91a8dXI1CvHdAFRPkbSWkqZJDTuAsanhqd8X6 OsyHwEP3kdWIeBgZht4GTy5kD8rkUIHCewxN7ocsRKg5wAn2MDk5yHqZN69+YNKh 7uCODChhUBxfHgGo5jk2 =uC+4 -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCVAi0lVxMAAAEEPAv9PwNYtn9nH/L72vqMC9b7qY9AMRY28u0PsCg/fqMpfXpG r5R3ceMOw9uQ4FBhk/BIeYXuSsv2Fn08Ft5zelEa+WJUyYy+68D04uqbmn8CBoHO d9Wkh3Amwutev31NV/18jRSG6kgxXGF3VVmES2aMj+BfMfW3XLWdkfeE5W6rEvjW uYfNkUUAB0O0CWFyZ29uIDxAPg== =fJR3 -----END PGP PUBLIC KEY BLOCK----- From grm at bighorn.dr.att.com Thu Apr 21 10:04:56 1994 From: grm at bighorn.dr.att.com (G.R.Martinez) Date: Thu, 21 Apr 94 10:04:56 PDT Subject: FYI (fwd) In-Reply-To: Message-ID: <9404211054.ZM1857@dr.att.com> On Apr 21, 0:57, Robert A. Hayden wrote: > Subject: FYI (fwd) > This was forwaded from Gaynet, I have removed the posters's name to > prevent outting someone what doesn't want to be. > > ---------- Forwarded message ---------- > Date: 20 Apr 1994 21:40:21 GMT > From: XXX XXXX > > Trust Congress? Not With This Unbelievable Lair of Slop > PC Computing, April 1994, page 88. > By John C. Dvorak > > When Vice President Gore began talking about the Information Highway, > we all knew the bureaucrats would get involved more than we might > like. In fact, it may already be too late to stop a horrible Senate > bill from becoming law. > > The moniker -- Information Highway -- itself seems to be responsible > for SB #040194. Introduced by Senator Patrick Leahy, it's designed to > prohibit anyone from using a public computer network (Information > Highway) while the computer user is intoxicated. I know how silly this > sounds, but Congress apparently thinks that being drunk on a highway > is bad no matter what kind of highway it is. The bill is expected to > pass this month. > > blah, blah... April Fools. -- gerald.r.martinez at att.com / grmartinez at attmail.att.com / att!drmail!grm @ AT&T GBCS Bell Labs, Denver (303) 538-1338 @ WWW: http://info.dr.att.com/hypertext/people/grm.html & life is a cabernet ...o&o ))) From mrose at stsci.edu Thu Apr 21 10:05:08 1994 From: mrose at stsci.edu (Mike Rose) Date: Thu, 21 Apr 94 10:05:08 PDT Subject: Warrantless searches -- A sign of things to come? Message-ID: <9404211627.AA18585@MARIAN.STSCI.EDU> There's another difference between dorms and public housing. Public housing is the tenant's home. In a dorm, the school is acting in loco parentis. That is, the school is acting in the position of a parent, which gives them considerably more latitude. Mike From hayden at krypton.mankato.msus.edu Thu Apr 21 10:05:26 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Thu, 21 Apr 94 10:05:26 PDT Subject: You Will... Message-ID: Forwarded from rec.humor.funny. I found it oddly appropriate. --- [ This joke is the original work of Fred Wheeler and Jeff Sorenson (a hysterical conspiracy theorist). It is a parody of recent AT&T commercials that ask "Have you ever read a book from around the world?" and respond "You will, and the company that will bring it to you is AT&T." ] Have you ever received an automated sales pitch, while you were still in your pajamas? Have you ever had thousands of calls all over the world charged to your stolen account number? Have you ever had your paycheck deleted by faceless intruders from across the globe? Have you ever had an employer know more about your whereabouts and activities than your spouse? Have you ever been snuffed to dust by a satellite laser while lying on the beach? ______ | | | | | You | | | | Will | | | |______| And the company that will bring this to you is AT&T ----- Fred Wheeler wheeler at ipl.rpi.edu Jeff Sorensen sorenjs at pb.com -- Selected by Maddi Hausmann Sojourner. MAIL your joke to funny at clarinet.com. Attribute the joke's source if at all possible. A Daemon will auto-reply. Jokes ABOUT major current events should be sent to topical at clarinet.com (ie. jokes which won't be funny if not given immediate attention.) Anything that is not a joke submission goes to funny-request at clarinet.com -- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) k From whitaker at dpair.csd.sgi.com Thu Apr 21 10:05:43 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Thu, 21 Apr 94 10:05:43 PDT Subject: PARTY: Pre-Extro I conference party 29 April 94 Message-ID: <9404210825.ZM10956@dpair.csd.sgi.com> The first annual Extropians conference (Extro-I) occurs 30 April - 1 May, next weekend, at the Sheraton in Sunnyvale, California. I'm holding a party the night before, Friday 29 April, at the Nexus (our house) in Cupertino. Directions follow this message. Extropians, cypherpunks, and other fellow travellers are welcome to come to the party, even if not attending the conference that weekend. The party starts at 1900. ************ This is potluck!!! ************************ ************ You know what that means: **************** ************ Bring food or drink ********************** Discouraged: Salty nachos, icky sweet soft drinks, and other such stuff Encouraged: Interesting, novel, healthy, tasty foods. Know how to make something interesting? Do so and bring it! Amara's "Latvian Pancakes" were a big hit at the last party! This probably won't be an all-nighter, as the conference starts early the next day. Translation: don't expect crash space. Unless I really, really *like* you. There are good hotels all around. I reserve the right, along with my housemates, to turn people away at the door, or eject them at whim. I've never had to do this before, and I don't expect I'll ever need to. However... this *is* the open net... Come on along and have some fun in good company. Be seeing you. DIRECTIONS: Nexus Lite is located at 21090 Grenola Drive in Cupertino. Geoff Dale's phone number (in case you get lost) is 408-253-1692. >From 280: Take the Saratoga/Sunnyvale Exit (which is actually the 85 South detour). Turn north on DeAnza (aka Saratoga/Sunnyvale Road) at the exit (a left turn if you are coming from San Francisco; right if you are coming from San Jose). Turn left at Homestead; go three blocks to N. Stelling, take left (at the McDonalds). (Note: North Stelling is called Hollenbeck on the other side of Homestead. Don't be fooled!) >From 101: Take 85 south and exit at Homestead; turn left onto Homestead. Proceed several blocks (you will pass a high school); then turn right on N. Stelling. Once on N. Stelling: Right at first light: Greenleaf First left, Flora Vista First Right on to Grenola Dr 21090 (mnemonic: anagram for Beverly Hills zip code) is a tannish house on left with a high roof that slopes toward the street. Park on the street -- in the direction of traffic, or you may get a $15 ticket. This has happened. OBLIGATORY CRUDE ASCII MAP (not to scale; up is not north): /\ || ^ ^ || (85) | | || | | || |Hollenbeck | /|| | | <----++---/ /-- (Homestead) ---+------------------+------------------> || | | || |N.Stelling | || | | || | DeAnza|Saratoga/Sunnyvale || | | <=========/ /== (280) =======] | [================+==================> || | || | || ^ | || | | Greenleaf \/ <----------+-------+-----------------> | | Flora Vista| | | | | | Grenola | | <-------------+ | *=21090 | | | | V V -- Russell Earl Whitaker whitaker at sgi.com Silicon Graphics Inc. Technical Assistance Center, Mountain View CA (415) 390-2250 ================================================================ #include From kkirksey at world.std.com Thu Apr 21 10:40:48 1994 From: kkirksey at world.std.com (Ken B Kirksey) Date: Thu, 21 Apr 94 10:40:48 PDT Subject: Intolerance on the list Message-ID: <199404211710.AA09774@world.std.com> -----BEGIN PGP SIGNED MESSAGE----- > I also agree with Russell. Although the organization for which you work > may be unnerving to some, they should be willing to give you a shot at > being an ok kinda guy as a freethinking individual. ^^^^^^^^^^^^ > Keep asking your questions and thinking freely! > Jim ^^^^^^^^^^^^^^^ > I fully encourage people to think freely, but I absolutely refuse to encourage people to become "Free Thinkers". I've found that so-called "Free Thinkers" reveal themselves to be, through their ideas and literature, to be nothing more than narrow-minded empiricist zealots, hostile beyond reason to religion and anything that cannot be apprehended directly by the human senses in general. IMHO, of course. Ken ============================================================================= Ken Kirksey kkirksey at world.std.com Mac Guru & Developer - ----------------------------------------------------------------------------- Harassment is a power issue, and power is neither male nor female. Whoever is behind the desk has the opportunity to abuse power, and women will take advantage as often as men. - Michael Crichton (in _Disclosure_) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbZWuusZNYlu+zuBAQEQdgP+IVihMlRPcB4I2cgU+c03GyrStkXjgDOj ck+18D0aXAFmvWIgQSCm/KJYpuQBxRFv5AhrfeewdKZveicWy6ifM0EjD7NQq1tv 0KtB07u0JPzpx6eVMFEtq8m/BMWIwdeLbD0vyiBpSNlAVm8vkrZSC4CtEcNZYGlG LJpf5IU3DkI= =62e9 -----END PGP SIGNATURE----- From blancw at microsoft.com Thu Apr 21 10:57:08 1994 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 21 Apr 94 10:57:08 PDT Subject: Milgram & Authority (+Ethics) Message-ID: <9404211658.AA05854@netmail2.microsoft.com> From: Jeff Davis I have an appointment with my State Senator Friday to talk to him about telnet access from basic phone service becoming a State Right of residents. ................................................ How do you have time to keep up with the list, what with talking to reporters from ABC & other media, consorting with Senators, changing the educational style of your public school systems, and single-handedly revitalizing the economy while changing the industry to a technological base in a state with limited water resources? And all this form Wyoming! Also, with the infusion of a centralized industry and the establishment of basic phone rights, how would you maintain your position as one of Barlow's revolutionary compadres? (Just wondering.) Blanc From cort at ecn.purdue.edu Thu Apr 21 10:58:49 1994 From: cort at ecn.purdue.edu (Cortland D. Starrett) Date: Thu, 21 Apr 94 10:58:49 PDT Subject: What the heck is this? Optical noise encryption? In-Reply-To: <9404201756.AA07286@smds.com> Message-ID: > While dousing yet another "chaos encryption" rumor, Perry says- > > > All this "encryption with chaos" stuff just adds up to "look at my > > fancy PRNG"... > > I think that's a very clear handle on chaos for people who know about > PRNGs, or vice-versa. Chaos = PRNG. I wonder if there's any good > cross-fertilization of the two fields beyond the obvious. I am especially interested in the "strange attractors" aspect of chaos theory. A good article on strange attractors appeared in Scientific American in the early/mid '80s. (Mail/post me if you want me to look up the issue.) Douglas Hofstadter was the author (of Godel, Escher, Bach... an awesome book!). Strange attractors use feedback to "lock in". I have used strange attractors to find special points in n-dimensional spaces. It may be far-fetched, but strange attractors or some similar statistical/experimental method may be the means by which large numbers are factored some day.... Cort. From gtoal at an-teallach.com Thu Apr 21 11:05:34 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 21 Apr 94 11:05:34 PDT Subject: FYI (fwd) Message-ID: <199404211804.TAA05331@an-teallach.com> Ley me guess, you were in Antartica without net access for the whole of April, right? Sheesh. No-one ever went broke underestimating the intelligence of the American public... G From sdw at meaddata.com Thu Apr 21 11:36:50 1994 From: sdw at meaddata.com (Stephen Williams) Date: Thu, 21 Apr 94 11:36:50 PDT Subject: Intolerance on the list In-Reply-To: <199404211710.AA09774@world.std.com> Message-ID: <9404211836.AA18352@jungle.meaddata.com> > > I also agree with Russell. Although the organization for which you work > > may be unnerving to some, they should be willing to give you a shot at > > being an ok kinda guy as a freethinking individual. > ^^^^^^^^^^^^ > > > > Keep asking your questions and thinking freely! > > Jim ^^^^^^^^^^^^^^^ > > > > I fully encourage people to think freely, but I absolutely refuse to > encourage people to become "Free Thinkers". I've found that so-called > "Free Thinkers" reveal themselves to be, through their ideas and literature, > to be nothing more than narrow-minded empiricist zealots, hostile beyond > reason to religion and anything that cannot be apprehended directly > by the human senses in general. IMHO, of course. What you say is reasonably correct, but you obviously don't agree with or understand the hostility. Free Thinkers, which include atheists (weak, strong, ...), agnostics, church/state separatists, etc., are sometimes hostile to religion because religion is hostile to them. It constantly puts down those who don't believe and represents a 'dumbing' force in society, IMHO. I try to be tolerant of religion, people's beliefs, etc., except when they cause censorship or other perceived oppression to those I care about. And this from a thread on tolerance on the list!!! The name 'Freethinker', BTW, comes from the fact that religion and sometimes society wants to tell you what to think, what's real, what you should be doing, etc. A consious sentient being should be deciding those things on its own. Ack... followups to alt.atheism... > Ken > > ============================================================================= > Ken Kirksey kkirksey at world.std.com Mac Guru & Developer sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From werner at mc.ab.com Thu Apr 21 11:39:41 1994 From: werner at mc.ab.com (tim werner) Date: Thu, 21 Apr 94 11:39:41 PDT Subject: Milgram & Authority (+Ethics) Message-ID: <199404211839.OAA01795@sparcserver.mc.ab.com> >From: Blanc Weber >Date: Thu, 21 Apr 94 10:51:31 PDT > >..., how would you maintain your position as one of >Barlow's revolutionary compadres? ~~~~~~ I have been racking my brain trying to remember who is John Barlow. I know I've heard his name come up before this mini-thread. Can someone please 'splain? tw From jims at Central.KeyWest.MPGN.COM Thu Apr 21 11:58:36 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell - KD4CKQ) Date: Thu, 21 Apr 94 11:58:36 PDT Subject: Intolerance on the list In-Reply-To: <199404211710.AA09774@world.std.com> Message-ID: <9404211857.AA27062@Central.KeyWest.MPGN.COM> > > being an ok kinda guy as a freethinking individual. > ^^^^^^^^^^^^ > I fully encourage people to think freely, but I absolutely refuse to > encourage people to become "Free Thinkers". I've found that so-called > "Free Thinkers" reveal themselves to be, through their ideas and literature, > to be nothing more than narrow-minded empiricist zealots, hostile beyond > reason to religion and anything that cannot be apprehended directly > by the human senses in general. IMHO, of course. If there is a group calling itself "Free Thinkers" then I'll revise my comments. I was unaware of any such group and meant only that folks should think for themselves and not just blindly follow their "herd instincts" (Had to work that side thread in here :). Sorry if I made an unwitting reference to any group. Jim -- Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com Key West, FL 33041 CIS: 71061,1027 (305) 293-8100 "We keep coding and coding and coding..." From unicorn at access.digex.net Thu Apr 21 12:23:48 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 21 Apr 94 12:23:48 PDT Subject: Graynet Message-ID: <199404211923.AA21696@access1.digex.net> -> Nevertheless, I think there would be some value to a GrayNet. There's a difference between intelligence gathering and analysis on the one hand, and espionage on the other. Several businesses in the "competitive intelligence" arena operate quite openly. And of course, the major players like to work through proxies. <- One of the problems here is that business intelligence becomes industrial espionage partially by way of who is in possession of the information. In so far as the use of information is determined in part by the motives of the "spy," those operating a "graynet" would have in their best interests at least some concept of who they are dealing with, anonymous transactions may give rise to liability. In other words, a greynet dealing in industrial intelligence can effectively become a BlackNet. In this context it makes little sense to call such an entity a "graynet" In so far as the information is benign enough to keep a graynet from becoming a blacknet, there is no use to anonyminity. A graynet might as well be an open e-mail account. -uni- (Dark) From cs000rrs at selway.umt.edu Thu Apr 21 12:35:22 1994 From: cs000rrs at selway.umt.edu (Ryan R Snyder) Date: Thu, 21 Apr 94 12:35:22 PDT Subject: National Militia Ultimatum! Message-ID: I thought that a few of you might find this interesting. Read on... ******* COPY THIS MESSAGE AND DISTRIBUTE ***** ! Origin: Gun Control=Criminals & Gestapo vs. the Unarmed. (1:231/110) � Area: AEN NEWS ������������������������������������������������������������� Msg#: 5127 Local Date: 04-17-94 18:20 From: Linda Thompson Read: Yes Replied: No To: All Mark: Subj: Ultimatum ������������������������������������������������������������������������������ Every member of the United States House of Representatives and Senate are this week being delivered an ultimatum that demands that each of them personally take the initiative to revoke unconstitutional legislation and initiate an inquiry into Waco. A copy of the Ultimatum follows in the next message. All MILITIA units will convene in Washington, D.C. the second full week that the Congress is in session in September to enforce this mandate and to deliver copies of the Declaration of Indpendence to the Whitehouse. All units will be armed and prepared to enforce this mandate. This is exactly what it sounds like. **NOTE: MILITIA UNITS MUST WEAR IDENTIFYING INSIGNIA AND BE ARMED. If you are armed and wear a military insignia identifying you as a member of a military unit, if captured, you must be treated as a Prisoner of War, not as a criminal arrestee, by law. We have five months to get in shape and be prepared to restore this country's liberty. Mentally and physically, we must be ready, willing, and able, to do the job. I have personally signed the ultimatum to be delivered to Congress, as John Hancock said, in handwriting so large that the King cannot mistake my identity. No other persons are or will be identified, however, please feel free to copy and issue the ultimatum to Congress yourself. A copy of the ultimatum follows in the next message. Additionally, a signed Declaration of Independence will be delivered to the White House on the day the militia convenes in Washington, D.C. in September, very likely with millions of signatures. Below the initial 100 signers' names which are affixed on the original, we will attach every page of signatures obtained between now and September. Please circulate the Declaration of Independence and obtain signatures throughout the country through every means possible and return to AJF, 3850 S. Emerson Ave., Suite E, Indianapolis, IN 46203. We will be airdropping this information throughout the country and distributing it through churches, gun shows, etc. All national media have been provided copies as well. Please distribute all pages of the Militia Alert, Ultimatum, and Declaration of Independence everywhere. Make thousands of copies. Put them out in grocery stores, wherever you can think of. More pilot volunteers, printers, and funding for the distribution of the Declaration of Independence are needed. Whether I am arrested or killed in the interim has no bearing on the preparations of the militia units, the ultimatum, or the Declaration of Independence throughout this country. Proceed as planned, plan accordingly, and God bless us all. Linda Thompson Acting Adjutant General UMUS, pursuant to 10 USC 311 Articles I and II, Bill of Rights, Constitution of the United States of America Additional information and updates will be posted on the American Justice Federation voice mail line at 317-780-5200 beginning April 20, 1994. Leave a message if you can volunteer to help print these documents, fly planes to airdrop literature, get the information on radio or television, etc. A copy of this ultimatum is being delivered this week to each member of the U.S. House of Representatives and U.S. Senate, as well as to all national media. ULTIMATUM WHEREAS, the federal government of the United States of America is constrained by the law of the United States Constitution, the Supreme law of this country, to limited jurisdiction, and limited power; and WHEREAS, the federal government of the United States of America, through unlawful Executive Orders, and through legislation passed without quorum and without proper ratification or otherwise unlawfully enacted under mere color of law by members of the legislative branch, have usurped the Constitutional authority of the sovereign states and sovereign citizens of this country, and laws which are unlawful and unconstititional have been enacted in voluminous number which have outrageously exceeded the boundaries of law and decency; and WHEREAS, the people of this country have been exploited and subjugated to an unlawful authority by an unlawful system of loans from a private banking institution, known as the Federal Reserve, and been forced, even at gunpoint, to submit to an unlawful federal income tax which is not and never has been within the authority of the federal government to enact or enforce, all to the benefit of private individuals and corporations at the expense of the liberty, lives, and property of the citizens of this nation; and WHEREAS, persons acting under color of law as federal agents, under the direction of those claiming to be elected officials operating under color of law, sworn to uphold and defend the Constitution of the United States, have infringed upon the rights of citizens to keep and bear arms, have conducted unlawful warrantless house to house searches and seizures, have assaulted and killed sovereign citizens of this country on the false pretense of "gun control," "child abuse," "the war on drugs" and a plethora of unlawful statutes enacted to unlawfully control the lives and liberty of the citizens of this country; WHEREAS, elections are now controlled through the power of committees and lobbies wielding the most money to obtain electoral votes or sway the nomination of candidates and persuade the enactment of legislation that has made it impossible for the common citizen to participate as a candidate in an election or for the vote of the common citizen to be meaningful; and WHEREAS, through an unconstitutional and unlawfully enacted "income tax," the federal government has created a "carrot and stick" that has seduced and coerced the elected officials of the several states to submit to the unlawful incursion of the federal government and its agents into the sovereign territory of each state, as a trade off for the receipt of these ill gotten proceeds; THEREFORE, YOU ARE COMMANDED to uphold your oath and duty to the citizens of this country, to uphold the Constitution and the rights of the citizens of this country, and in so doing, you are commanded to personally initiate legislation and do all things necessary to: Repeal the 14th, 16th, and 17th amendments to the Constitution of the United States and to publicly acknowledge that the federal government has no jurisdiction to make or enforce criminal laws outside its territories, limited to the area of Washington, D.C., and the property and territories actually owned by the United States, which does not include any State within the several states of the united states; and Repeal the Brady Bill and NAFTA; Repeal the Drug Interdiction Act and 10 USC 372, et. seq. and any laws which allow the use of military equipment or military personnel against United States citizens or which provide a backdoor method to fund "national guard," under the guise that the guard is a "state asset" even though the federal government provides the salary, funding and support and none of these units is counted as a State Guard asset, or which trains federal "law enforcement" in military tactics and provides military equipment to federal law enforcement for any purpose; and publicly acknowledge that the federal government, through any means, may not use military force or equipment against any person on U.S. soil or upon the soil of any sovereign state, except in the case of a declared war or in the event of an actual invasion by troops of a foreign country within the boundaries of the United States of America, and only then, against such foreign troops, not citizens or residents of this country; and Immediately remove any and all foreign troops and equipment and to immediately identify each and every federal military troop and federal law enforcement or tax enforcement agent and all equipment now located within the boundaries of any and every state, including all assets of military or task force "special operations" units, CIA, NSA, or any other covert law enforcement, quasi-law enforcement or military agency or activity; and Declare that the United States of America is not operating under the authority of the United Nations or if it is, to immediately renounce and revoke any and all agreements binding the United States to such authority; and Declare the federal debt to the Federal Reserve null and void, unconsitutional, and without effect and order that currency no longer be printed by the Federal Reserve or any entity other than the Treasury of the United States, backed by gold within the possession of the United States; and Declare that the federal government does not now have and never has had the legal authority to enact or enforce criminal laws outside the area of Washington, D.C., or outside its territories or its own property, such as military bases, and never upon the soil of any sovereign state, and that all such laws are null and void and without effect; Convene a full Congressional inquiry, to be conducted publicly, by an independent prosecutor selected from a person who has no association in any way whatsoever with any agency of the federal government, into the events in Waco, Texas, from February 28, 1993 through the present, at the property known as Mt. Carmel, with the special prosecutor to have the full power to convene a grand jury from the citizens of all the 50 states, obtain indictments, and issue subpoenas duces tecum and subpoenas for testimony before a grand jury, and to prosecute any and all persons, regardless of their position in government, for any crimes for which a true bill of indictment is returned. NOTICE: You have until the second full week that the Congress reconvenes in September, 1994, to personally initiate legislation to this effect and to do all things necessary to effect this legislation and the restoration of a Constitutional government within this country. If you do not personally and publicly attend to these demands, you will be identified as a Traitor, and you will be brought up on charges for Treason before a Court of the Citizens of this Country. Linda D. Thompson Acting Adjutant General Unorganized Militia of the United States of America Pursuant to 10 USC 311 and Articles I and II of the Bill of Rights Declaration of Independence of 1994 A Declaration by the Sovereign Citizens of the Several States Within the United States of America When in the Course of human Events, it becomes necessary for one People to dissolve the Political Bands which have connected them with another, and to assume among the Powers of the Earth, the separate and equal Station to which the Laws of Nature and of Nature's God entitle them, a decent Respect to the Opinions of Mankind requires that they should declare the causes which impel them to the Separation. We hold these Truths to be self-evident, that all people are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty, and the Pursuit of Happiness. That to secure these Rights, Governments are instituted among the people, deriving their just Powers from the Consent of the Governed, that whenever any Form of Government becomes destructive of these Ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its Foundation on such Principles, and organizing its Powers in such Form, as to them shall seem most likely to effect their Safety and Happiness. Prudence, indeed, will dictate that Governments long established should not be changed for light and transient Causes; and accordingly all Experience hath shewn, that Mankind are more disposed to suffer, while Evils are sufferable, than to right themselves by abolishing the Forms to which they are accustomed. But when a long Train of Abuses and Usurpations, pursuing invariably the same Object, evinces a Design to reduce them under absolute Despotism, it is their Right, it is their Duty, to throw off such Government, and to provide new Guards for their future Security. Such has been the patient Sufferance of the people of the several states of the United States of America; and such is now the Necessity which constrains them to alter their former Systems of Government. The history of the present federal government of the United States of America is one of repeated Injuries and Usurpations, all having in direct Object the Establishment of an absolute Tyranny over these States and over the sovereign citizens within the several states. To prove this, let Facts be submitted to a candid World. All Branches, the Executive, Legislative, and Judicial, of the federal government, have refused Assent to Laws, the most wholesome and necessary for the public Good, the most blatant example of which is the total contempt in which they have held the Constitution of the United States and the rights of the citizens of this country protected by the limitations upon government set forth in the Constitution; The President and Congress have forbidden state Governors to pass Laws of immediate and pressing Importance, under inducement or threat of the loss of federal funding, unless suspended in their Operation till their Assent should be obtained; and when so suspended, they have utterly neglected to attend to them; The legislative branch has refused to pass other Laws for the Accommodation of large Districts of People, unless those People would relinquish the Right of Representation in the Legislature, a Right inestimable to them, and formidable to Tyrants only, as evidenced through the passage of the Seventeenth Amendment to the Constitution of the United States, and the present federal voting system, which is a national sham and disgrace, and prevents the common man from participating either as a candidate, or by meaningful vote for a candidate of his choosing in a truly free and open election; The Congress convenes in a manner which is inaccessible to the general public who are not allowed to address the Congress nor to directly supervise the activities of Congress, and publishes its business in records not readily accessible to the People, intentionally obtuse in the construction of both the laws and the publication thereof, for the Purposes of deceiving and fatiguing the people into Compliance with such Measures. The federal judicial offices and congress have set themselves wholly apart from and above the people, immune even from suit for their transgressions, answerable to none, and responsive to none except those who further their private interests; The federal government, through unlawfully constituted federal agencies which purport to be "law enforcement," and under the color of laws enacted by the legislature which exceed the constitutional jurisdiction of the federal government, has repeatedly murdered or incarcerated those who have opposed with manly Firmness the Invasions on the Rights of the People; The federal government has endeavored to prevent the Population of these States; for that Purpose obstructing the Laws for Naturalization of Foreigners; refusing to pass others to encourage their Migrations hither, and raising the Conditions of new Appropriations of Lands; and has endeavored to depopulate the United States, and for that purpose, has waged chemical, biological, and radioactive warfare upon the people, and encouraged and funded abortions and acts of genocide upon large populations of the people; All the branches of the federal government have obstructed the Administration of Justice, by subjugating the federal courts to the department of Treasury and the Executive Branch, and by refusing Assent to Laws for establishing Judiciary Powers and the independent investigation of crimes committed by agencies and officials of the federal government, insulating them from their crimes through executive pardon, legislated and judicially created immunity from criminal and civil prosecution; The Federal Judiciary have been selected on the will and whim of the executive branch and a Congress inattentive to anything but their own special interests and the will and money of lobbying groups, and the judiciary is dependent upon them for the Tenure of their Offices, and the Amount and payment of their Salaries; The federal government has erected a Multitude of new Offices, and sent hither Swarms of Officers to harass our People, and eat out their Substance; The federal government has kept among us, in Times of Peace, Standing Armies, without the consent of our Legislatures, or through the seduction or coercion of the state legislatures through the mechanism of "federal tax monies" offered in exchange for the cooperation of the state legislatures in handing over the sovereignty of each state; The Military has been rendered independent of, and superior to the Civil Power, through the enactment of laws which wholly abridge the Constitution of the United States and which seek to avoid the effect of the Posse Comitatus Act through surreptitious and covert methods; The President, officers of the executive branch, and Congress have combined with others to subject us to a Jurisdiction foreign to our Constitution, and unacknowledged by our Laws; giving Assent to their acts of pretended Legislation; For quartering large Bodies of Armed Troops, foreign and federal, among us; For protecting agents of the federal government and military, from any trial or by a mock Trial, from Punishment for any Murders which they should commit on the Inhabitants of these States; For regulating and strangulating our Trade with all Parts of the World; For imposing Taxes on us without our Consent; for failing to publicly acknowledge, more than 60 years ago, that the federal government was in fact, bankrupt, but instead, concealing these facts from the people and entering into a fraudulent agreement to finance the bankruptcy, by creating and perpetuating a fraudulent monetary system, to the enrichment of private bankers, insurance companies, and their stockholders, called the "federal reserve system", whereby paper notes are created to "loan" to the federal government at interest rates fixed by these private bankers, and where only a portion of the interest and none of the principal on these loans is paid each year; a system whereby the payments are extorted from the people through a fraudulent, coercive, unjust and unlawful federal tax scheme foisted upon the people without their knowledge or consent and through a labyrinth of licensing agencies and required licenses for all manner of endeavors, which are themselves nothing more than taxes by another name; all enforced by unbridled terrorist tactics and fear produced by the brute force of an unrestrained government that seizes property and imprisons those who do not "voluntarily" submit. For depriving us, in many Cases, of the Benefits of Trial by Jury; For proposing and enacting legislation to federally criminalize, indeed to suffer the death penalty in many cases or at the least the forfeiture of property, for the free exercise of the unalienable rights of free speech and free press, freedom of worship, freedom of assembly, or the right to keep and bear arms; For enacting legislation to seize the property of the people under a myriad of pretenses, and to imprison persons on the testimony of unknown, unidentified, and often paid, informants, who become informants to secure for themselves a more favorable position in a prosecution brought against them, and all within the states where the federal government has no legal powers of law enforcement; For abolishing the free System of English Laws in the states, and establishing therein an arbitrary Government, and enlarging its Boundaries, so as to render it at once an Example and fit Instrument for introducing the same absolute Rule into these states; For taking away our Charters, abolishing our most valuable Laws, and altering fundamentally the Forms of our Governments; For usurping the power of our own Legislatures, and declaring themselves invested with Power to legislate for us in all Cases whatsoever; The federal government has abdicated Government here, by declaring us out of its Protection and waging War against us; The federal government has plundered our Seas, ravaged our Coasts, burnt our towns, and destroyed the Lives of our People; The federal government, at this Time, is transporting large Armies of foreign Mercenaries to complete the works of Death, Desolation, and Tyranny, already begun, often under the color of the law of the United Nations, and with circumstances of Cruelty and Perfidy, scarcely paralleled in the most barbarous Ages, and totally unworthy of a civilized Nation; The government has constrained our fellow Citizens taken Captive on the high Seas to bear Arms against their Country, to become the Executioners of their Friends and Brethren, or to fall themselves by their Hands; The federal government has excited domestic Insurrections amongst us; In every stage of these Oppressions we have Petitioned for Redress in the most humble Terms: Our repeated Petitions have been answered only by repeated Injury. A President, whose Character is thus marked by every act which may define a Tyrant, is unfit to be the Ruler of a free People. We, therefore, the sovereign citizens of the several states of the united states, which now form the United States of America, appealing to the Supreme Judge of the World for the Rectitude of our Intentions, do, in our own names and right and by the authority of God Almighty, solemnly Publish and Declare, that each of the sovereign citizens undersigned are, and of Right ought to be, Free and Independent Sovereign Citizens; that they are absolved from all Allegiance to the federal government of the United States of America, and that all political Connection between them and the federal government of the United States of America, is and ought to be totally dissolved; and that as Free and Independent Sovereign Citizens, each has the full Power to levy War, conclude Peace, contract Alliances, establish Commerce, and to do all other Acts and Things which an Independent Sovereign may of right do. And for the support of this declaration, with a firm Reliance on the Protection of divine Providence, we mutually pledge to each other our lives, our Fortunes, and our sacred Honor. Signers, this 18th day of April, in the year 1994 of our Lord: [100 original signers whose signatures are already affixed to the original appear here] SIGNERS THIS YEAR OF 1994 OF OUR LORD: NAME STATE OCCUPATION __________________________________________________________________ __________________________________________________________________ __________________________________________________________________ RETURN SIGNATURE PAGES (ONLY) TO: AMERICAN JUSTICE FEDERATION, 3850 S. EMERSON AVE., SUITE E, INDIANAPOLIS, IN 46203, BEFORE SEPTEMBER 1, 1994. FOR UPDATES CALL: 317-780-5200. Ryan Snyder, Consultant | --->Finger me for my PGP public key.<--- ___ University of Montana CIS| |\ /| CS000RRS at SELWAY.UMT.EDU | Copyright 1994 by Ryan R. Snyder. | 0 | RYE at ILLUMINATI.IO.COM | |/_\| RYE at CYBERSPACE.ORG | From rarachel at prism.poly.edu Thu Apr 21 12:35:36 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Thu, 21 Apr 94 12:35:36 PDT Subject: Safeway + Your Privacy In-Reply-To: <9404171807.AA17943@Central.KeyWest.MPGN.COM> Message-ID: <9404211922.AA16029@prism.poly.edu> Your last statement about garbage in/out reminds me of a paragraph in the HitchHiker's Guide to the Galaxy about this one planet where you must shit as much matter as you eat, or it will be surgically removed from your body. :-) This stupid recycling nonsense is pretty out of hand here in NYC too... If they find anything that's not supposed to be in your trash can (ie: a soda bottle in a can of newspapers) you get fined. This means that if some kid walks by your house and decides to throw his soda bottle in your trash can instead of smashing it on the ground as is the (offical method of recycling here in NYC as car tires need lots of glass :-) you will get fined. Idiotic, but true. Also, keep in mind that recycling makes the jobs of FBI agents much easier... What spook wants to read your paper waste if its covered by diapers, coffe grounds, parakeet droppings, etc... NYC is well known for its shitty subways and lots of "We're really nice" subway ads that are "environmental" in nature. My cynical nature says that the only reason they want us to take the trains instead of the cars is that a) they don't want to pay to repair the pot-holes, b) they want to get more money in the subway system, and to add all the damn emissions and DMV tickets, nonsense help this... Ugh... From tbegley at phoenix.creighton.edu Thu Apr 21 12:37:31 1994 From: tbegley at phoenix.creighton.edu (Terrence M. Begley) Date: Thu, 21 Apr 94 12:37:31 PDT Subject: Milgram & Authority (+Ethics) In-Reply-To: <199404211839.OAA01795@sparcserver.mc.ab.com> Message-ID: On Thu, 21 Apr 1994, tim werner wrote: > I have been racking my brain trying to remember who is John Barlow. I know > I've heard his name come up before this mini-thread. > Formerly of the Grateful Dead, and now associated with the EFF. He is more commonly known as John Perry Barlow. ----- Terry The Bible answers Clinton: "Let his days be few and let another take his office." --Psalms 109:8 From sonny at netcom.com Thu Apr 21 12:41:16 1994 From: sonny at netcom.com (James Hicks) Date: Thu, 21 Apr 94 12:41:16 PDT Subject: Milgram & Authority (+Ethics) In-Reply-To: <199404211839.OAA01795@sparcserver.mc.ab.com> Message-ID: <199404211941.MAA05729@mail.netcom.com> Blanc Weber said: > > I have been racking my brain trying to remember who is John Barlow. I know > I've heard his name come up before this mini-thread. > > Can someone please 'splain? > > tw > I think that John Barlow and Mitch Kapor co-founded the Electronic Frontier Foundation. -- +---------------------------------------------------------------------+ | james hicks | Give me your tired, your poor, | | | your huddled masses yearning to breathe free, | | ...can you hear | Send these, the homeless, tempest-tossed to me.| | the music?... | I lift my lamp beside the golden door! | +---------------------------------------------------------------------+ From moshe at iexist.att.com Thu Apr 21 12:47:49 1994 From: moshe at iexist.att.com (Interworld Police Coordinating Committee) Date: Thu, 21 Apr 94 12:47:49 PDT Subject: No Subject Message-ID: <9404211935.AA26112@rodan.lab5523> gehm at merle.acns.nwu.edu, ignatz at homebru.chi.il.us, wicker at angus.mystery.com, m.yudkowsky at att.com, ben at tai.chi.il.us Subject: Re: FWD>Science frauds Forgive me if I'm wrong, but if my memory serves me correctly, THE SPOTLIGHT is an anti-Semitic rag; that makes every other word they publish suspect. And if there's a world wide conspiracy of physicists making dough off of all this, how come I never get any money batted my way? Moshe Yudkowsky m.yudkowsky at att.com iexist!moshe "Every morning you will see the wolf lying on the pasture side by side with a sheep. The only problem is that every morning it will be a different sheep." -- Mohammed Wattad, M.K. From blancw at microsoft.com Thu Apr 21 12:47:56 1994 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 21 Apr 94 12:47:56 PDT Subject: Milgram & Authority (+Ethics) Message-ID: <9404211849.AA12139@netmail2.microsoft.com> From: tim werner I have been racking my brain trying to remember who is John Barlow. I know I've heard his name come up before this mini-thread. Can someone please 'splain? ....................................... He's one of the revolutionary founders of EFF, and pre-revolutionary lyricist for the Grateful Dead. From unicorn at access.digex.net Thu Apr 21 12:50:15 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 21 Apr 94 12:50:15 PDT Subject: Warrantless searches -- A sign of things to come? Message-ID: <199404211950.AA23894@access1.digex.net> -> There's another difference between dorms and public housing. Public housing is the tenant's home. In a dorm, the school is acting in loco parentis. That is, the school is acting in the position of a parent, which gives them considerably more latitude. Mike <- This position flies in the face of law on the subject. "Persons who meet the required qualifications and who abide by the university's rules and regulations are permitted to attend and must be presumed to have sufficent maturity to conduct their own personal affairs. We know of no requirement of the law and none has been cited to us placing on a university or its employees any duty to regulate the private lives of their students, or to control their comings and goings and to supervise there associations." _Hegel v. Langsam_, 273 N.E.2d 351_ (1971). "A university is an institution for the advancement of knowledge and learning. It is neither a nursery school, a boarding school, nor a prision." Id. (Granting motion to dismiss for failure to state a cause of action upon which legal relief may be obtained. Student who was caused to become drug addicted, seduced, and allowed to be absent from dormatory while at defendant university gave rise to no claim of duty of care upon university as duty to university does not includew "parenting.") -uni- (Dark) From dmandl at lehman.com Thu Apr 21 13:17:42 1994 From: dmandl at lehman.com (David Mandl) Date: Thu, 21 Apr 94 13:17:42 PDT Subject: The Spotlight Message-ID: <9404212017.AA06334@disvnm2.lehman.com> > From: Interworld Police Coordinating Committee > > gehm at merle.acns.nwu.edu, ignatz at homebru.chi.il.us, wicker at angus.mystery.com, > m.yudkowsky at att.com, ben at tai.chi.il.us > Subject: Re: FWD>Science frauds > > Forgive me if I'm wrong, but if my memory serves me correctly, THE SPOTLIGHT > is an anti-Semitic rag; that makes every other word they publish suspect. Yep, that's right. But not just anti-semitic. It's an extreme right-wing (read: fascist or crypto-fascist) paper affiliated with Willis Carto's Liberty Lobby, an especially slimy racist organization (I mean really racist, as in close pals with David Duke, publisher of pamphlets on the "inferiority of the Negro race," promoters of so-called "holocaust revisionism," etc.). They've been making inroads into the hip marginal milieu recently because of their sensational conspiracy theory reporting, but it's important to keep in mind who they are and what their real agenda is. I'm not telling anyone here whether the Spotlight should or shouldn't be used to spread the anti-Clipper word, or whether you should or shouldn't read it, merely pointing out who they are. Like most organizations of this type, they're less than honest about it. --Dave. From werner at mc.ab.com Thu Apr 21 13:23:22 1994 From: werner at mc.ab.com (tim werner) Date: Thu, 21 Apr 94 13:23:22 PDT Subject: National Militia Ultimatum! Message-ID: <199404212023.QAA02254@sparcserver.mc.ab.com> >Date: Thu, 21 Apr 1994 13:34:36 -0600 (MDT) >From: Ryan R Snyder > WHEREAS, the federal government of the United States of America is >constrained by the law of the United States Constitution, the Supreme law o= >f >this country, to limited jurisdiction, and limited power; and I don't have the time to read text that has words like "o= f" in it. Sorry. From sonny at netcom.com Thu Apr 21 13:31:49 1994 From: sonny at netcom.com (James Hicks) Date: Thu, 21 Apr 94 13:31:49 PDT Subject: Milgram & Authority (+Ethics) In-Reply-To: <199404211941.MAA05729@mail.netcom.com> Message-ID: <199404212032.NAA13828@mail.netcom.com> > > Blanc Weber said: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Sorry, that should be tim werner said: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > I have been racking my brain trying to remember who is John Barlow. I know > > I've heard his name come up before this mini-thread. > > > > Can someone please 'splain? > > > > tw > > > > I think that John Barlow and Mitch Kapor co-founded the Electronic > Frontier Foundation. > -- +---------------------------------------------------------------------+ | james hicks | Give me your tired, your poor, | | | your huddled masses yearning to breathe free, | | ...can you hear | Send these, the homeless, tempest-tossed to me.| | the music?... | I lift my lamp beside the golden door! | +---------------------------------------------------------------------+ From unicorn at access.digex.net Thu Apr 21 13:49:14 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 21 Apr 94 13:49:14 PDT Subject: ID list status note. Message-ID: <199404212049.AA28092@access1.digex.net> Currently I have information on the high tech methods for the following states: California Ct Florida Hawaii Illinois Maryland Mass Michigan NH New Jersey New york Oregon Penn Texas Virginia Alberta (Canada) British Columbia Military ID GB European Union Model In many cases, the information is insufficent, so I encourge anyone who hasn't to submit the information even if your state/prov./country appears on the list. The most important facts seem to be 1> State 2> Month and year of issuance 3> Is there a bar code? 4> Is there a Digitized photo or merely a polaroid? 5> Is there a magnetic strip? 6> Is there a hologram or such? 7> Was the license mailed or given on the spot? Anything else important you feel you should add. When I have around 30, I'll post the list. -uni- (Dark) From eagle at deeptht.armory.com Thu Apr 21 13:57:29 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Thu, 21 Apr 94 13:57:29 PDT Subject: Milgram & Authority (+Ethics) Message-ID: <9404211357.aa23931@deeptht.armory.com> > From: sonny at netcom.com (James Hicks) > > > > I think that John Barlow and Mitch Kapor co-founded the Electronic > > Frontier Foundation. Yep. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From jamiel at sybase.com Thu Apr 21 14:17:36 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Thu, 21 Apr 94 14:17:36 PDT Subject: You Will Message-ID: <9404212117.AA16333@ralph.sybgate.sybase.com> People seem to be enjoying the AT&T parodies, so here are more that floated back when the originals made the rounds where I work. >Date: Thu, 21 Apr 94 14:02:53 PDT >Subject: Re: You Will ----- Begin Included Message ----- > >I forwarded the You Will stuff around a bit. Got this sent back. > > >----- Begin Included Message ----- > >Subject: Re: You Will >Date: Thu, 21 Apr 94 3:33:27 PDT >X-Lines: 15 > > >Have you ever... > >gotten a bill for an increase in your health insurance rates along with a >form letter saying, "we've noticed an increase in your consumption of >meats, dairy products, and sugars as reflected in the online records of >your supermarket purchasing patterns..." ....? YOU WILL! > >Have you ever... > >had your car impounded as you try to pass through a tollbooth, and the cop >says, "our scanners correlated your license plate number with the database >of unpaid parking tickets..." ...? YOU WILL! > > > > >----- End Included Message ----- > > ----- End Included Message ----- jamie -- "Sure, people mistake me for straight, but when I do get someone in bed,that's when being a femme *really* pays off." -Bryna Bank, on Butch/Femme jamie lawrence jamiel at sybase.com From collins at newton.apple.com Thu Apr 21 14:34:37 1994 From: collins at newton.apple.com (Scott Collins) Date: Thu, 21 Apr 94 14:34:37 PDT Subject: Gambler's Ruin, 15 out of 16, and a Probability Parable Message-ID: <9404212055.AA18745@newton.apple.com> Howdy Peter, OK, though it's been enjoyable, I won't try any further to convince you. I peppered this message with smileys to let you know that I think mathematical debates are about differing observations, not differing values. In such conversations, its easy to lose sight of that and take something the wrong way. Please don't; it has been fun and just because neither of us has convinced the other (yet) doesn't mean I think the less of you (or, hopefully, the reverse... I know to you, I must seem pretty `thick'). I, myself, would like a little more explanation of _your_ point of view (see my question below beginning with "Why?"). I will recapitulate the high points of my problems with your previous arguments so that you can clear them up for me in private e-mail. I also quote some equations that summarize the point I was trying to make, so that you can examine them and offer up alternatives that represent your point. I am cc'ing cypherpunks on this final message so that they can see these equations. Here we go :-) I wrote a conjecture: SC>A.1 As parishoners play and leave, the division of wealth approaches the SC> `odds' of the game. Which you agreed with: PH>I agree with both conjectures. I then repeated the conjecture in my argument: SC> [A.1] predicts that as ... the number of players goes to infinity, SC> ... the fraction of money won by the church approaches ... the probability SC> the church will win a single trial. Which you do _not_ accept as the statement you agreed with: PH>There is a slight difference between [A.1] and PH>this statement. [A.1] predicts that as ... the number of bets PH>goes to infinity the fraction of bets won will approach ... the PH>probability that the church will win a single trial. On the probability of the player's ultimate ruin you say: PH>Each parishioner has a high probability of losing their savings and a PH>low probability of winning everything owned by the church. It is PH>possible for any single parishioner to win everything, but it is PH>unlikely. Why? Why is the probability not almost `even', like the odds of the game, .51 vs .49? What other information influences this _new_ probability, the probability of the player going broke, if it is not---as I say---the difference in cash resources between the player and the house? I didn't ask you this question in my earlier messages---I thought I was supplying the answer---but you did provide an alternate explanation: PH>This player wins because he or she was fortunate enough to place the PH>first bet in the series [of sufficient consective bets lost by the house]. PH>The player needs to be lucky. To paraphrase my "Why?" question above: can you qualify `lucky'? How `lucky' does the player have to be? I submit to you that given individual trials where the players probability of winning a single unit in a single trial is p, the total amount of money at stake in the series of trials is C, the amount currently held by the player is d, the house C-d=D, that the ultimate chance for the players ruin is given by the equation (from [Weaver] cited in an earlier message): 1-p where r = --- p r^C - r^d R_d (prob. of ruin given d capital) = --------- r^C - 1 Though in the limit (a fair game) you would derive a friendlier form as: d R_d = 1 - - C ...and, of course, at the other extremes, where p=1, or p=0, the player never or always goes broke respectively. These equations are consistent the proposition that the probability of ruin depends on both the odds of the game _and_ the initial distribution of capital. Note their behavior as C increases with respect to d. Soon, this difference dominates even in the face of good `odds'. I invite you to experimentally verify, at your leisure, the `fair game' version with two players and different amounts of pennies where each bet is a single penny and decided by a coin toss. Finally, you offer me this comfort :-) PH>This can be very confusing. I've seen two professional mathematicians PH>and a futures textbook make this mistake. Thank you ;-) If I, two professional mathematicians, a textbook, a book I cited to you, and several other cypherpunks all erred similarly, then it must be a treacherously easy mistake to make; I don't feel any shame. But, I would also relate this little probability parable (again, from [Weaver])---of course drawing no comparisons: In the card room of the Quadrangle Club at the University of Chicago, years ago, a hand con- sisting of thirteen spades was dealt. The celebrated mathematician Leonard Eugene Dickson was one of the players. (Those who know his interest in bridge realize that the probability of his being one of the players was not far below unity.) At the request of his companions, he calculated the probability of this deal (It is roughly 10^-13.) A young know-it-all gaily reported at lunch the next day that he had calculated the probability of dealing thirteen spades, and had found that Dickson had made a mistake. Another famous mathematician, Gilbert Bliss, was present; he properly dressed down the youngster by saying, "Knowing that Dickson calculated a probability and got one result, and you had tried to calculate the same probability but got another result, I would conclude that the probability is practically unity that Dickson was right and you are wrong." Be happy and keep wondering---that's what makes us great, Scott Collins | "That's not fair!" -- Sarah | "You say that so often. I wonder what your basis 408.862.0540 | for comparison is." -- Goblin King ................|.................................................... BUSINESS. fax:974.6094 R254(IL5-2N) collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2D Cupertino, CA 95014 ..................................................................... PERSONAL. 408.257.1746 1024:669687 catalyst at netcom.com From rishab at dxm.ernet.in Thu Apr 21 14:52:08 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Thu, 21 Apr 94 14:52:08 PDT Subject: Patent searches Message-ID: hfinney at shell.portal.com: > A little while ago someone posted about a new company that would do patent > searches via email requests. For another week they are doing free searches > as an introductory offer. I did a search on blind-signature based cash > systems, and these are the patents it found. This might be useful for those > considering implementing electronic cash. Full text of patents are available > for $4.95. The kind of search I did for free will cost $149 after another > week. People are allowed 3 searches per day for free until then. I seem to remember that the USPTO provides full texts of patents for $3... Anyway, those who plan to perform many such services at $149 might consider purchasing the 10-CDROM database for $5,000 (?) Also, you can WWW to wais://town.hall.org:210/patent for full WAIS searches in real time for keywords. I'm not sure whether Town Hall has old patents (possibly only for the current year); but is does have many relating to electronic cash, cryptography, signatures and so on. (Note: most of these are software patents, not applicable outside the USA. An average of 80 software patents a week were issued in the first quarter of 1994.) The home page (http://town.hall.org) connects to many other services, including the SEC EDGAR documents. ------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ------------------------------------------------------------------------------- From karn at qualcomm.com Thu Apr 21 15:03:28 1994 From: karn at qualcomm.com (Phil Karn) Date: Thu, 21 Apr 94 15:03:28 PDT Subject: Banyan Vines / USMC In-Reply-To: <9404192205.AA17337@toad.com> Message-ID: <199404212203.PAA21299@servo.qualcomm.com> > The Banyan Vines network was used extensively in Desert >Storm/Shield/Sweep. Before the network was in place, people were using a >single channel radio relay box called the Hadron. It was capable of being >used with the KY-57 (crypto) on the PRC-77 (single channel radio), as well as >satcom (PSC-3). I've seen the Hadron. It's an impressive, fancy, TEMPESTed, MIL-SPEC box. When I opened it up, I found an ordinary, production, amateur packet radio TNC (terminal node controller) speaking AX.25. Kind of scary when you think about it. :-) What would normally cost a ham about $150-$200 probably cost the government about $5K each. Phil From fennessq at thecount.eng.sematech.org Thu Apr 21 15:08:47 1994 From: fennessq at thecount.eng.sematech.org (Quentin Fennessy) Date: Thu, 21 Apr 94 15:08:47 PDT Subject: ID list status note. In-Reply-To: <199404212049.AA28092@access1.digex.net> Message-ID: <9404212208.AA22921@thecount.eng.sematech.org> Here is some info on Texas ids: Polaroid photo, blue background, right side of the id. Plastic laminate, green state seal on photo and printed part. Plastic laminate also embossed/watermarked with state seal (visible at an angle) Info on license: Class (type of vehicle) TX drivers number (not SSN) 8 digits Endorsement (more on type of vehicle) Restrictions, for example A=vision height sex organ donor yes or no birthdate expiration year (on birthdate), good for 4 years DPS audit number, 11 digits Last, First Middle Address signature QF From fennessq at thecount.eng.sematech.org Thu Apr 21 15:11:30 1994 From: fennessq at thecount.eng.sematech.org (Quentin Fennessy) Date: Thu, 21 Apr 94 15:11:30 PDT Subject: ID list status note. In-Reply-To: <199404212049.AA28092@access1.digex.net> Message-ID: <9404212211.AA22936@thecount.eng.sematech.org> More info I forgot to add on Texas Drivers licenses: No bar code Polaroid photo No magnetic strip No holo, but translucent state seal in laminate License given on the spot. They insisted that next time I would need my SSN card! Ha! QF From sdw at meaddata.com Thu Apr 21 15:19:17 1994 From: sdw at meaddata.com (Stephen Williams) Date: Thu, 21 Apr 94 15:19:17 PDT Subject: Intolerance on the list In-Reply-To: <9404211857.AA27062@Central.KeyWest.MPGN.COM> Message-ID: <9404212217.AA21607@jungle.meaddata.com> > > > > > > being an ok kinda guy as a freethinking individual. > > ^^^^^^^^^^^^ > > I fully encourage people to think freely, but I absolutely refuse to > > encourage people to become "Free Thinkers". I've found that so-called > > "Free Thinkers" reveal themselves to be, through their ideas and literature, > > to be nothing more than narrow-minded empiricist zealots, hostile beyond > > reason to religion and anything that cannot be apprehended directly > > by the human senses in general. IMHO, of course. > > If there is a group calling itself "Free Thinkers" then I'll revise my > comments. I was unaware of any such group and meant only that folks > should think for themselves and not just blindly follow their "herd > instincts" (Had to work that side thread in here :). Sorry if I made > an unwitting reference to any group. > > Jim To clarify who uses this label: (Sorry to reply again in this venue.) (In the two years on/off this list, this is the first offsubject...) The members of the FFRF (Freedom From Religion Foundation), which exists mainly, IMHO, as a support group for those who feel oppressed in some way or who want to counteract the spreading tendancies of religion. The members tend to like the label 'Freethinker' for themselves and have pins as such. The group is made up of atheists (strong & weak), agnostics, 'non-practicing Jews', PFLAG members (a group that falls under the religiously persecuited label), and church/state separatists (many of which may be somewhat religious). If you want to find a comprehensive news reporting of priest transgressions, for instance, their newsletter gathers info from all over the US. > Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ > 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com > Key West, FL 33041 CIS: 71061,1027 > (305) 293-8100 "We keep coding and coding and coding..." Yea, I'm a FreeThinker. I find it impossible to believe in religion. Even when I wanted to, I just couldn't. I have a sound, rational view of life, morals, and goals. I'm happy. sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From unicorn at access.digex.net Thu Apr 21 15:27:47 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 21 Apr 94 15:27:47 PDT Subject: Green Card Post Message-ID: <199404212227.AA05060@access1.digex.net> From: svb3 at namaste.cc.columbia.edu (Sarah Victoria Birnbaum) Newsgroups: alt.tv.seinfeld,alt.tv.melrose-place,alt.tv.bh90210 Subject: Mr. Green Card Gets Nailed!! Date: Wed Apr 20 00:31:13 EDT 1994 Organization: Columbia University Lines: 8 Thought you might all like to know that that fool who posted the Green Card Lottery thing to every known newsgroup has been busted for disobeying netiquette. His server in, I think, Texas, has cancelled his account! Check out the New York Times Business section of today, 4/19/94, for a terrific article. It's great to see he got his just deserts. Unfortunately, he seems perfectly happy and says as soon as he gets a new account, he'll start advertising again! What can we do? <- I got a kick out of this, especially considering the distribution. From ecarp at netcom.com Thu Apr 21 15:28:02 1994 From: ecarp at netcom.com (Ed Carp) Date: Thu, 21 Apr 94 15:28:02 PDT Subject: Banyan Vines / USMC In-Reply-To: <199404212203.PAA21299@servo.qualcomm.com> Message-ID: On Thu, 21 Apr 1994, Phil Karn wrote: > > The Banyan Vines network was used extensively in Desert > >Storm/Shield/Sweep. Before the network was in place, people were using a > >single channel radio relay box called the Hadron. It was capable of being > >used with the KY-57 (crypto) on the PRC-77 (single channel radio), as well as > >satcom (PSC-3). > > I've seen the Hadron. It's an impressive, fancy, TEMPESTed, MIL-SPEC > box. When I opened it up, I found an ordinary, production, amateur > packet radio TNC (terminal node controller) speaking AX.25. > > Kind of scary when you think about it. :-) > > What would normally cost a ham about $150-$200 probably cost the > government about $5K each. Probably a KPC-3 :) From mech at eff.org Thu Apr 21 15:37:00 1994 From: mech at eff.org (Stanton McCandlish) Date: Thu, 21 Apr 94 15:37:00 PDT Subject: WWW page on crypto export issues Message-ID: <199404212236.SAA16492@eff.org> EFF Board member and Cygnus Support co-founder John Gilmore has set up a World Wide Web page on cryptography export issues, including information on how to apply for export clearance, exchages with Commerce Dept. on export licensing, legal documents on networking issues in relation to export of technology and crypto, and more. The URL is: http://www.cygnus.com/~gnu/export.html -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From snyderra at dunx1.ocs.drexel.edu Thu Apr 21 15:47:24 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Thu, 21 Apr 94 15:47:24 PDT Subject: National Militia Ultimatum! In-Reply-To: <199404212023.QAA02254@sparcserver.mc.ab.com> Message-ID: <199404212246.SAA24647@dunx1.ocs.drexel.edu> tim werner scribbles: > > >Date: Thu, 21 Apr 1994 13:34:36 -0600 (MDT) > >From: Ryan R Snyder > > WHEREAS, the federal government of the United States of America is > >constrained by the law of the United States Constitution, the Supreme law o= > >f > >this country, to limited jurisdiction, and limited power; and > > I don't have the time to read text that has words like "o= > f" > in it. > > Sorry. Ahhh, the wonders of MIME. That's quoted-printable content, since apparently some of the characters are 8-bit. My mail readers has no problem with it. You might want to find a reasonably recent mail reader, that understands MIME. Bob From sinclai at ecf.toronto.edu Thu Apr 21 15:47:34 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Thu, 21 Apr 94 15:47:34 PDT Subject: What the heck is this? Optical noise encryption? In-Reply-To: Message-ID: <94Apr21.184723edt.3700@cannon.ecf.toronto.edu> > Strange attractors use feedback to "lock in". I have used strange > attractors to find special points in n-dimensional spaces. If you want to "lock in", just use a regular attractor. That'll find your sink point directly. A strange attractor will give you the general area, but at a lot more effort. From mg5n+ea2uj7war2ufizqiqrdidkaii9mfkcwjze6q910g3a6 at andrew.cmu.edu Thu Apr 21 15:58:16 1994 From: mg5n+ea2uj7war2ufizqiqrdidkaii9mfkcwjze6q910g3a6 at andrew.cmu.edu (Anonymous) Date: Thu, 21 Apr 94 15:58:16 PDT Subject: FYI (fwd) Message-ID: That message was originally posted as an April Fools Joke. How it ended up getting posted on Gay-Net by someone without a clue is beyond me... From karn at qualcomm.com Thu Apr 21 16:07:24 1994 From: karn at qualcomm.com (Phil Karn) Date: Thu, 21 Apr 94 16:07:24 PDT Subject: cryptophone ideas In-Reply-To: <9404202202.AA18655@srlr14.sr.hp.com> Message-ID: <199404212304.QAA21439@servo.qualcomm.com> >They are capable of doing 2 data moves, a 16x16 multiply, a 40 bit >accumulate and a prefech of the next instruction all in 100ns. This is where a DSP really shines, since it's the fundamental operation in digital filtering; indeed it wouldn't be a DSP if it couldn't do a multiply/accumulate in a single clock cycle. But I wouldn't be too surprised if general purpose CPUs eventually get the same capability. And once they are, the distinction between a "DSP" and a "general purpose" CPU will pretty much vanish. DSPs are notoriously harder to program than general purpose CPUs, and being lower volume items they won't be able to compete in price or clock speed with general purpose CPUs made in the millions. But that's in the future. There's not much alternative to using a DSP chip right now if you want high quality low bit rate speech, but unfortunately the low-cost DSPs now appearing on PC sound cards are not quite up to the task yet. I think CELP encoding requires something like 30 million multiplies per second, which is beyond the reach of a 12.5 Mhz AD2105. On the other hand, simpler schemes and/or clever coding tricks might make it possible. And since these boards are now widely available in computer stores, they're hard to ignore in a project like this. Has anybody looked at them in detail? Phil From perry at snark.imsi.com Thu Apr 21 16:09:09 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 21 Apr 94 16:09:09 PDT Subject: National Militia Ultimatum! In-Reply-To: Message-ID: <9404212308.AA00298@snark.imsi.com> Ryan R Snyder says: > I thought that a few of you might find this interesting. Why would you assume that? This doesn't even come close to being about cryptography. .pm From pcw at access.digex.net Thu Apr 21 16:31:10 1994 From: pcw at access.digex.net (Peter Wayner) Date: Thu, 21 Apr 94 16:31:10 PDT Subject: cryptophone ideas Message-ID: <199404212330.AA09243@access1.digex.net> >>They are capable of doing 2 data moves, a 16x16 multiply, a 40 bit >>accumulate and a prefech of the next instruction all in 100ns. > >This is where a DSP really shines, since it's the fundamental >operation in digital filtering; indeed it wouldn't be a DSP if it >couldn't do a multiply/accumulate in a single clock cycle. > >But I wouldn't be too surprised if general purpose CPUs eventually get >the same capability. And once they are, the distinction between a >"DSP" and a "general purpose" CPU will pretty much vanish. DSPs are >notoriously harder to program than general purpose CPUs, and being >lower volume items they won't be able to compete in price or clock >speed with general purpose CPUs made in the millions. > >Phil How hard is it to reprogram the DSP that comes with a cellular phone right now? I've never opened one up. Can you just unsolder a rom, read it, insert your own code for DH key exchange, add some encryption, burn a new ROM and have a secure phone? From pgf at srl.cacs.usl.edu Thu Apr 21 16:35:27 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Thu, 21 Apr 94 16:35:27 PDT Subject: Sorry, unicorn... Message-ID: <199404212330.AA22307@srl03.cacs.usl.edu> Hey, unicorn, I was *joking*. I use that signoff sometimes while joking. I dislike smileys. I recall reading that Ames used rather conventional mail drops to deliver his stuff. He was compromised and working for the Soviets way before internet access was nearly as available as today. Get a clue yourself. pgf From perry at snark.imsi.com Thu Apr 21 16:38:28 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 21 Apr 94 16:38:28 PDT Subject: cryptophone ideas In-Reply-To: <199404212330.AA09243@access1.digex.net> Message-ID: <9404212338.AA00416@snark.imsi.com> Peter Wayner says: > How hard is it to reprogram the DSP that comes with a cellular > phone right now? I've never opened one up. Can you just unsolder > a rom, read it, insert your own code for DH key exchange, add > some encryption, burn a new ROM and have a secure phone? You would also have to open up the base station for the cell, unsolder its roms, read them, insert your own code for DH key exchange, add some encryption, and put it back, and I suspect that the cellular vendor would get mad at you. Perry From pgf at srl.cacs.usl.edu Thu Apr 21 16:39:37 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Thu, 21 Apr 94 16:39:37 PDT Subject: BlackNet here now? Message-ID: <199404212334.AA22339@srl03.cacs.usl.edu> Funny how the old "classical" hackers/crackers/etc. don't seem to be as enthusiastic about technology for creating privacy as they were supposedly in the old days about technology for violating security. I wonder if these guys are the Fed's great untapped resource for bugging the rest of us. Phil From unicorn at access.digex.net Thu Apr 21 16:45:42 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 21 Apr 94 16:45:42 PDT Subject: Sorry, unicorn... Message-ID: <199404212345.AA10046@access1.digex.net> I recall reading that Ames used rather conventional mail drops to deliver his stuff. He was compromised and working for the Soviets way before internet access was nearly as available as today. Get a clue yourself. <- So your saying he never used BlackNet? :) -uni- (Dark) From fhalper at pilot.njin.net Thu Apr 21 16:51:21 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Thu, 21 Apr 94 16:51:21 PDT Subject: Black Net Message-ID: <9404212350.AA20830@pilot.njin.net> In reply to: Sandy, I think Frederick is getting upset because BlackNet refuses to accept his application. But what can you expect... most high school kids just don't have information worth money or BN Credits. Laugh, Laugh. You had me going for a little. I guess it is the equivalent of hazing(less painful). Reuben Halper Montclair High -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi16KosAAAEEAMUwRni4a9+GbuAhHDLcBWK60hCJUYxhr2hYokpELAhx0ejp 2fq61Tu9Hjn051CN8Xy5nu6sv2ODfG/t59l4DJSb5pirQaII3zaX0rMX0ydwGDoW YakL4ow1lNY+d/k14KpIuUW404+fNuNhIGSkdVLQIfbOgh0preK7/P44AKvdABEB AAG0JlJldWJlbiBIYWxwZXIgPGZoYWxwZXJAcGlsb3Qubmppbi5uZXQ+iQCVAgUQ Lam+x9xF3PzIgw7tAQHPogP/VmoF5AHJNBFlpxl1tvHAzrMLE8nkpengs94Y8zmF 1r5+hk0TaYeEEUzYf1QNfflya5md3WKeXnI3WhO2SRpdH953AD/tNmxw2LLEegat 5sI1XNPuNqxeompiHFRnCz4dI14qjDvRwnPay187/Q5q2F3m0nP8qA6wgl59mDq3 FuCJAJUCBRAteitx4rv8/jgAq90BARTHBACh99OJtGXATm01BUa+u6WHU5CBc2FN F5z29RpTA/JTrgUhn4qeZ19iCIlhe1wi0D3QQH0wN7FrMp6onMw49KFU05/KLDLb JSWdCzjbl/wPEG8z//O6+Pqzj+ZcNM9Rm0b08/QdVoQZMljXkl19Gq2P/D4ceewe WAKePQ2ciFdNbw== =K4ez -----END PGP PUBLIC KEY BLOCK----- From jamiel at sybase.com Thu Apr 21 16:58:58 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Thu, 21 Apr 94 16:58:58 PDT Subject: cryptophone ideas Message-ID: <9404212358.AA17368@ralph.sybgate.sybase.com> At 7:38 PM 04/21/94 -0400, Perry E. Metzger wrote: >Peter Wayner says: >> How hard is it to reprogram the DSP that comes with a cellular >> phone right now? I've never opened one up. Can you just unsolder >> a rom, read it, insert your own code for DH key exchange, add >> some encryption, burn a new ROM and have a secure phone? > >You would also have to open up the base station for the cell, unsolder >its roms, read them, insert your own code for DH key exchange, add >some encryption, and put it back, and I suspect that the cellular >vendor would get mad at you. > >Perry Aha. here is where you can enlist the hacker community's experience. Various phreaker types have been reprogramming thier cellulars for quite a while- usually to do free calls instead of encrypted calls, but the same ideas apply. I don't know if anyone has done anything with the DSPs, but there are various files floating around with the codes to break into debug-mode and such for a while. Check yer local underground BBS... From fhalper at pilot.njin.net Thu Apr 21 17:00:08 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Thu, 21 Apr 94 17:00:08 PDT Subject: You Will Message-ID: <9404212359.AA21192@pilot.njin.net> What is this a bite off of MTV, let's be original. Reuben -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi16KosAAAEEAMUwRni4a9+GbuAhHDLcBWK60hCJUYxhr2hYokpELAhx0ejp 2fq61Tu9Hjn051CN8Xy5nu6sv2ODfG/t59l4DJSb5pirQaII3zaX0rMX0ydwGDoW YakL4ow1lNY+d/k14KpIuUW404+fNuNhIGSkdVLQIfbOgh0preK7/P44AKvdABEB AAG0JlJldWJlbiBIYWxwZXIgPGZoYWxwZXJAcGlsb3Qubmppbi5uZXQ+iQCVAgUQ Lam+x9xF3PzIgw7tAQHPogP/VmoF5AHJNBFlpxl1tvHAzrMLE8nkpengs94Y8zmF 1r5+hk0TaYeEEUzYf1QNfflya5md3WKeXnI3WhO2SRpdH953AD/tNmxw2LLEegat 5sI1XNPuNqxeompiHFRnCz4dI14qjDvRwnPay187/Q5q2F3m0nP8qA6wgl59mDq3 FuCJAJUCBRAteitx4rv8/jgAq90BARTHBACh99OJtGXATm01BUa+u6WHU5CBc2FN F5z29RpTA/JTrgUhn4qeZ19iCIlhe1wi0D3QQH0wN7FrMp6onMw49KFU05/KLDLb JSWdCzjbl/wPEG8z//O6+Pqzj+ZcNM9Rm0b08/QdVoQZMljXkl19Gq2P/D4ceewe WAKePQ2ciFdNbw== =K4ez -----END PGP PUBLIC KEY BLOCK----- From perry at snark.imsi.com Thu Apr 21 17:07:00 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 21 Apr 94 17:07:00 PDT Subject: cryptophone ideas In-Reply-To: <9404212358.AA17368@ralph.sybgate.sybase.com> Message-ID: <9404220006.AA00614@snark.imsi.com> Jamie Lawrence says: > Aha. here is where you can enlist the hacker community's experience. > Various phreaker types have been reprogramming thier cellulars for > quite a while- Hacking and reprogramming all the base stations is impossible. Its not the same as reprogramming the phone. Its the difference between learning French and getting everyone in the world to learn French. Perry From jamiel at sybase.com Thu Apr 21 17:08:50 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Thu, 21 Apr 94 17:08:50 PDT Subject: You Will Message-ID: <9404220008.AA21107@ralph.sybgate.sybase.com> At 7:59 PM 04/21/94 -0400, Frederic Halper wrote: >What is this a bite off of MTV, let's be original. >Reuben What's wrong with MTV? ;) From jamiel at sybase.com Thu Apr 21 17:14:20 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Thu, 21 Apr 94 17:14:20 PDT Subject: cryptophone ideas Message-ID: <9404220013.AA23000@ralph.sybgate.sybase.com> At 8:06 PM 04/21/94 -0400, Perry E. Metzger wrote: >Hacking and reprogramming all the base stations is impossible. Its not >the same as reprogramming the phone. Its the difference between >learning French and getting everyone in the world to learn French. > >Perry Agreed, but two people can definitely learn french, and you can send a french dictionary to your friends... Passing instructions a la "ok, now use that cable you jus bought at radio shack and stick this wire there, and the other end in the back of the PC..." is still difficult, but nowhere nearly as impossible as getting your cousin who works in a diner firm to reburn his ROM. I wasn't looking at a global accessibility, more as a possibility for a small group. -j From 68954 at brahms.udel.edu Thu Apr 21 17:49:55 1994 From: 68954 at brahms.udel.edu (Tortoise) Date: Thu, 21 Apr 94 17:49:55 PDT Subject: BlackNet here now? In-Reply-To: <199404212334.AA22339@srl03.cacs.usl.edu> Message-ID: On Thu, 21 Apr 1994, Phil G. Fraering wrote: > Funny how the old "classical" hackers/crackers/etc. don't seem > to be as enthusiastic about technology for creating privacy as > they were supposedly in the old days about technology for violating > security. > > I wonder if these guys are the Fed's great untapped resource for > bugging the rest of us. > Well you have to understand that the people who usually hang out on #hackl, #warez etc.. are really just the lower end of the scale when it comes to ability and commitment. Sure a REAL hack/crack/phreaker comes on once in a great while, but most of them are just kids out trying to makea name for themsleves and ragging on each other etc... Most of the real hackers etc.. are all for crypto and such to ensure privacy. Some even write their own code for it and utilize it alot. It pays to know about it, and when it's a real hacker you bvet they know alot about it just out of standard hacker curiosity. Myself, I wish I knew that much, but im learning everyday. My newest project that me and someone else on the list are working on is a simple implementation of Unix's Talk. The y-talk that is encrypted has a hard time compiling on all the systems I have tried it so we are going to go for something simpler and more portable perhaps. When I try to compile the YTalk app on soda, i get barfs from SunOS, and Linux. So far we are going to use a "gollman cascade" (sp?) as a tream cypher. If anyone else out there has any good stream cyphers that are decent in security and speed please let me know. But so far the one we have now seems to be the easiest t implement within our limited coding skills. You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary---- From wcs at anchor.ho.att.com Thu Apr 21 18:32:14 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 21 Apr 94 18:32:14 PDT Subject: Spotlight Message-ID: <9404220640.AA23450@anchor.ho.att.com> The Spotlight *used* to be a really revolting rag; some people I was talking to recently who were selling it said they've tried to get rid of the anti-Semitism and racist hate stuff that the Carto folks were pushing and concentrate more on Truth (or whatever the conspiracy-wacko version of Truth is at any given time :-). I didn't buy their magazine to find out if it's really improved or if they're just saying it, but it was nice to hear them say it. The other magazine called "Spotlight" I've run into is the New Jersey Symphony Orchestra's program handout, truly a hotbed of radical something-or-other-ism :-) From jdwilson at gold.chem.hawaii.edu Fri Apr 22 00:34:39 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Fri, 22 Apr 94 00:34:39 PDT Subject: Black Net In-Reply-To: Message-ID: On Wed, 20 Apr 1994, Sandy Sandfort wrote: > Date: Wed, 20 Apr 1994 19:50:40 -0700 (PDT) > From: Sandy Sandfort > To: Frederic Halper > Cc: 68954 at brahms.udel.edu, cypherpunks at toad.com > Subject: Re: Black Net > > C'punks, > > On Wed, 20 Apr 1994, Frederic Halper wrote: > > > Could all the shit with Blacknet STOP. The wise (and funnny) sages of the list > > have had they're fun at the expense of the newbies and other, so it's over. > > Thanks, > > Reuben Halper > > . . . > > Gee, I was just getting to enjoy this BlackNet consentual alternate > reality. Don't you just love the way Black Unicorn and others have woven > fact and fiction into such a tight paranoid delusion? (Or is it?) > > > S a n d y > > > But just because they're paranoid doesn't mean *nobody* is out to get them... -Jim -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQBNAi2Ig+EAAAECALImsR18LE9I6NKICf8TVhbV6yJgF95ynGHnWnNo1ERfdqzk Zl3Icl2N5klNM3KQ9zM3uN/z55smi2QOiD3hL80ABRO0L0phbWVzIEQuIFdpbHNv biA8amR3aWxzb25AZ29sZC5jaGVtLmhhd2FpaS5lZHU+ =JTj1 -----END PGP PUBLIC KEY BLOCK----- ................................ . == = = James D. Wilson. . " " " P. O. Box 15432............................. . " " /\ " Honolulu, HI 96830-5432......Fr. Excelsior........ . \" "/ \" jdwilson at gold.chem.hawaii.edu.FRC/FAM/AASR/GWB/OTO. ................................................................... From jdwilson at gold.chem.hawaii.edu Fri Apr 22 01:24:16 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Fri, 22 Apr 94 01:24:16 PDT Subject: Encyption of data between nodes across the net (fwd) Message-ID: Date: Fri, 22 Apr 1994 01:57:18 GMT From: Alexander Oliver To: Multiple recipients of list TCP-IP Subject: Re: Encyption of data between nodes across the net padgett peterson (padgett at tccslr.dnet.orl.mmc.com) wrote: : For one-time communications, I suspect that off-line encryption using : PGP/ViaCrypt, SecureExchange, or some other system would be easier : to use. I'd like to get the PGP encrypting/decrypting files. Does anyone know an anonymous ftps site from where they can be had? Thanks. Catch y'all on the rebound, --Alex (harpua at mailhost.tcs.tulane.edu) From cdodhner at indirect.com Fri Apr 22 02:30:54 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Fri, 22 Apr 94 02:30:54 PDT Subject: Encyption of data between nodes across the net (fwd) In-Reply-To: Message-ID: PGP is available by anonymous ftp at soda.berkely.edu under /pub/cypherpunks/pgp. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ On Thu, 21 Apr 1994, NetSurfer wrote: > > Date: Fri, 22 Apr 1994 01:57:18 GMT > From: Alexander Oliver > To: Multiple recipients of list TCP-IP > Subject: Re: Encyption of data between nodes across the net > > padgett peterson (padgett at tccslr.dnet.orl.mmc.com) wrote: > > : For one-time communications, I suspect that off-line encryption using > : PGP/ViaCrypt, SecureExchange, or some other system would be easier > : to use. > > I'd like to get the PGP encrypting/decrypting files. > > Does anyone know an anonymous ftps site from where they can be had? > > Thanks. > > Catch y'all on the rebound, > --Alex > (harpua at mailhost.tcs.tulane.edu) > > > From matsb at sos.sll.se Fri Apr 22 03:00:12 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Fri, 22 Apr 94 03:00:12 PDT Subject: Pearl Harbor In-Reply-To: Message-ID: 12 Apr 1994, Bill Sommerfeld wrote: (about the strategical impact of codebraking in WWII) > Sources: the book "Bodyguard of Lies". Unfortunately, my copy of the > book is at home; I don't recall the name of the author, but it's a > book on deception campaigns in World War II; the title is a shortened > form of the (approximate) quote "In wartime, the truth is protected by > a bodyguard of lies". With some effort I found that book deep inside my private library. By Anthony Cave Brown, 1975. It has been a while since I read it but I recollect that it is a straightforward tale of spying and deception incidents without much of a critical analysis. For those who want to read a rather different conclusion (i.e. negative) regarding the importance of the spooks in WWII (and whatever) I warmly recommend: The Second Oldest Profession by Phillip Knightley, 1986. Some quotes from the cover description: He shows how, once it had gained a toehold within a single government bureaucracy, the espionage industry expanded remorselessly and firmly established itself at the very heart of the modern state. Do they make any difference - even in wartime? Over the years intelligence work has probably attracted more con-men, fantasists and sheer incompetents than any other field of human endeavour and, stripped of their mystique, the secret world and the antics of its inhabitants are as much the stuff of farce as of melodrama. From perry at snark.imsi.com Fri Apr 22 04:09:51 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Fri, 22 Apr 94 04:09:51 PDT Subject: cryptophone ideas In-Reply-To: <9404220013.AA23000@ralph.sybgate.sybase.com> Message-ID: <9404221109.AA01026@snark.imsi.com> Jamie Lawrence says: > At 8:06 PM 04/21/94 -0400, Perry E. Metzger wrote: > > >Hacking and reprogramming all the base stations is impossible. Its not > >the same as reprogramming the phone. Its the difference between > >learning French and getting everyone in the world to learn French. > > > >Perry > > Agreed, but two people can definitely learn french, and you can send > a french dictionary to your friends... Passing instructions a la Let me be blunt. You aren't going to deploy a complete new cellular phone system on your own. If you do think you are, you have lost your mind. You can't just hack a CDMA or similar phone to make it secure -- the other end has to be speaking the same protocol. The other end is a very expensive station built and paid for by your local cellular provider which is unlikely to be easily modified by you the customer. You aren't going to be able to run your own cellphone system, either. Perry From nobody at shell.portal.com Fri Apr 22 04:46:09 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Fri, 22 Apr 94 04:46:09 PDT Subject: Info Theory Conference Message-ID: <199404221147.EAA12768@jobe.shell.portal.com> (fwd from cellular digest) Dear Colleagues. I want to draw your attention to the conference: ISIT 94 - IEEE International Symposium on Information Theory to be held 27th June- 1st July 1994 at ======================== The Norwegian Institute of Technology, Trondheim, Norway. --------------------------------------------------------- There will be 7 parallell sessions on the following topics: Distributed information processing Stochastic processes Applications of information theory Error-control coding Multi-user information theory Pattern recognition Cryptography and security Data compression Detection and estimation Signal processing Optical communications Neural networks Communication systems Shannon theory Image and speech coding Data networks Source coding There are around 500 presentations, many of which should be of interest for people working in the cellular business. Afterall, cellular technology is a very hot field. A social programme, accompanying persons programme and post conference tours are offered. --------------------------------------------------------------------------- Advance program, including registration form, is available from: ISIT 94 SEVU Congress Dept Phone: 47-73-595245 The Norwegian Institute of Technology Fax: 47-73-595150 N-7034 Trondheim, Norway E-mail: isit at sevu.unit.no --------------------------------------------------------------------------- E-mail copy of the advance technical program only, is available from: knut.grythe at delab.sintef.no torleiv.maseng at tde.lth.se ===================== Signature: Knut Grythe, SINTEF Delab N-7034 Trondheim, NORWAY. Teleph.:+47-73-592683 Fax:+47-73-591099 ===================== From dmandl at lehman.com Fri Apr 22 05:52:29 1994 From: dmandl at lehman.com (David Mandl) Date: Fri, 22 Apr 94 05:52:29 PDT Subject: Spotlight Message-ID: <9404221252.AA28817@disvnm2.lehman.com> > From: wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510-484-6204) > The Spotlight *used* to be a really revolting rag; some people I was > talking to recently who were selling it said they've tried to get rid > of the anti-Semitism and racist hate stuff that the Carto folks were pushing > and concentrate more on Truth (or whatever the conspiracy-wacko version of > Truth is at any given time :-). I didn't buy their magazine to find out > if it's really improved or if they're just saying it, but it was nice to > hear them say it. Bill-- Far as I know, things haven't really changed. What the Spotlight and other papers/organizations like it have been doing recently is trying to clean up their public image to gain respectability and a wider audience (look at David Duke himself, for example). They've been fairly successful, unfortunately. There's been an increased interest in the last few years in conspiracy theories and the like (an interest I share), and as a result the readership of papers like the Spotlight has been growing. I think that if you flipped through a copy of the Spotlight today, you'd merely get the impression that they're healthy skeptics trying to expose the misdeeds of the government and other evil conspirators. Fair enough. But their real agenda hasn't changed. My analysis: The recent growth of these organizations shows that there's been a real increase in interest in anarchistic ideas and distrust of authority among the general public. Good news. The bad news is that there are various vermin waiting in the wings to take advantage of people's openness to new and "radical" ideas. Caveat emptor. > The other magazine called "Spotlight" I've run into is the New Jersey > Symphony Orchestra's program handout, truly a hotbed of radical > something-or-other-ism :-) Sounds dangerous to me. I'd watch out. --Dave. From Rolf.Michelsen at delab.sintef.no Fri Apr 22 06:11:10 1994 From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen) Date: Fri, 22 Apr 94 06:11:10 PDT Subject: Info Theory Conference In-Reply-To: <199404221147.EAA12768@jobe.shell.portal.com> Message-ID: On Fri, 22 Apr 1994 nobody at shell.portal.com wrote: > (fwd from cellular digest) > > Dear Colleagues. > > I want to draw your attention to the conference: > ISIT 94 - IEEE International Symposium on Information Theory > to be held 27th June- 1st July 1994 at > ======================== > The Norwegian Institute of Technology, Trondheim, Norway. [lot of interestung stuff (and doublespacing) deleted...] > E-mail copy of the advance technical program only, is available from: > knut.grythe at delab.sintef.no torleiv.maseng at tde.lth.se > I might take this opportunity to tell you all how wonderful Trondheim is in the summer, but of course I won't do that :-) (Well, for those who *must* know -- the weather *might* be nice and the beer is certainly expensive.) I'm sharing my office with Knut who is busily answering queries about ISIT. He was quite excited when his mail propragated to the cypherpunks list :-) -- Rolf ---------------------------------------------------------------------- Rolf Michelsen Phone: +47 73 59 87 33 SINTEF DELAB Email: rolf.michelsen at delab.sintef.no 7034 Trondheim Office: C339 Norway ---------------------------------------------------------------------- From anonymous at extropia.wimsey.com Fri Apr 22 06:52:48 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Fri, 22 Apr 94 06:52:48 PDT Subject: Greynet Message-ID: <199404221329.AA09695@xtropia> -----BEGIN PGP SIGNED MESSAGE----- uni> In other words, a greynet dealing in industrial Actually, I prefer your spelling. Distinguishes from "Gaynet". uni> One of the problems here is that business uni> intelligence becomes industrial espionage uni> partially by way of who is in possession of the uni> information. In my experience, it's the other way around. We've always had access to data which we couldn't claim, because it could not be demonstrated on audit that it came from a "legitimate" source. In other words, we've had to "launder" the data. uni> A graynet might as well be an open e-mail account. Or a SWIFT account in Liechtenstein. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCdAgUBLbd0kRL41rmHzZFFAQFHsQQ7BRFgw5RQpifUySuRIQv+pJJV4RYj+Ywr YA2A1/kP0zFQTuKyRlWk6brwQdCtx8N2p7mu8B0h/wMEuEzlWes5Cml+V5PmCZgp H6BzqQdqu8IO2bgc/j9WXU4qKcmldlEDCDe246Z+gbhzTo/eO7sVjyJ7Hl8kh9zW SqFB0awyEdeI8NjuPnjfLA== =+h+A -----END PGP SIGNATURE----- -- PGP fingerprint = 3D 87 80 D2 D1 11 9D 6E C7 35 E1 AA B6 7C ED 88 From f_griffith at ccsvax.sfasu.edu Fri Apr 22 08:13:57 1994 From: f_griffith at ccsvax.sfasu.edu (f_griffith at ccsvax.sfasu.edu) Date: Fri, 22 Apr 94 08:13:57 PDT Subject: Spotlight Message-ID: <9404221513.AA14440@toad.com> >The Spotlight *used* to be a really revolting rag; some people I was >talking to recently who were selling it said they've tried to get rid >of the anti-Semitism and racist hate stuff that the Carto folks were pushing >and concentrate more on Truth (or whatever the conspiracy-wacko version of >Truth is at any given time :-). I didn't buy their magazine to find out >if it's really improved or if they're just saying it, but it was nice to >hear them say it. > I got a copy in the mail in January and couldn't tell much difference from how it was several years ago. This might be because I was already familiar with their themes - someone who hadn't seen it before might not have recognized what lay behind some of their stuff. From beckman at sauron.cs.hope.edu Fri Apr 22 09:30:05 1994 From: beckman at sauron.cs.hope.edu (Peter Beckman) Date: Fri, 22 Apr 94 09:30:05 PDT Subject: DId you ever think... Message-ID: <9404221630.AA02111@sauron.hope.edu> Did anyone ever think that maybe, just maybe, PGP was developed, and before the programmer started giving it away for free, that he was paid by the government to give them the key which can unlock ANY PGP locked document/file/etc??? I mean, wasn't it kind of surprising that the government would make such a big deal over this? To make hackers/phreakers in general think that this was the greatest encryption scheme available today for free (the programmer was paid to distribute his software for free, seeing that the sum was sizable), they made an act by (i don't know the specifics) arresting him, telling him to stop distributing, etc... Makes you wonder huh... It's possible. Maybe he wrote in the PGP program a loophole in the encryption so that he could decrypt anything that was encrypted by PGP. Maybe he is big brother. Maybe big brother is running him... I mean, has anyone ever gone thru the entire source code and checked if this PGP is a valid encryption scheme, or just the gov't slipping in their clipper thing without us knowing it. Reply here--no email please... The Devils Advocate, and preventing the Government Anarchy, Farmer Pete From perry at snark.imsi.com Fri Apr 22 09:36:44 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Fri, 22 Apr 94 09:36:44 PDT Subject: DId you ever think... In-Reply-To: <9404221630.AA02111@sauron.hope.edu> Message-ID: <9404221636.AA01434@snark.imsi.com> Peter Beckman says: > Did anyone ever think that maybe, just maybe, PGP was developed, and > before the programmer started giving it away for free, that he was > paid by the government to give them the key which can unlock ANY PGP > locked document/file/etc??? Individuals without much to do and with active fantasy lives can always come up with interesting paranoid scenarios, so I'm sure someone has thought this. However, because the complete source code to PGP is available and has been read by many people, the odds that this has been done are as close to zero as one could care to name. Perry From ecarp at netcom.com Fri Apr 22 09:57:47 1994 From: ecarp at netcom.com (Ed Carp) Date: Fri, 22 Apr 94 09:57:47 PDT Subject: DId you ever think... In-Reply-To: <9404221630.AA02111@sauron.hope.edu> Message-ID: Um, this is pretty paranoid shit. The source for PGP is freely available - and the first thing that was done after it was released was that people started looking at the source for exactly the kinds of things that you mention. None were found. Of course, there *could* be glaring weaknesses in PGP internally -- and that's why the NSA chose to allow it to propogate, just like they did DES. But I don't believe that there was a conspiracy on the part of the author of PGP - after all, that's one more person outside of the control of the NSA that would know what was going on, and PRZ's anarchistic tendancies are well-known :) Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From eagle at deeptht.armory.com Fri Apr 22 10:31:00 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Fri, 22 Apr 94 10:31:00 PDT Subject: DId you ever think... Message-ID: <9404221030.aa21989@deeptht.armory.com> > From: beckman at sauron.cs.hope.edu (Peter Beckman) > >Did anyone ever think that maybe, just maybe, PGP was developed, and before the >programmer started giving it away for free, that he was paid by the government >to give them the key which can unlock ANY PGP locked document/file/etc??? I No I didn't. I'll see Phil Zimmerman tomorrow in Boulder. I'm sure he'll find your conjecture ludicrous. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From jamiel at sybase.com Fri Apr 22 10:43:42 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Fri, 22 Apr 94 10:43:42 PDT Subject: cryptophone ideas Message-ID: <9404221742.AA02556@ralph.sybgate.sybase.com> At 7:09 AM 04/22/94 -0400, Perry E. Metzger wrote: >Let me be blunt. You aren't going to deploy a complete new cellular Do we have to? >phone system on your own. If you do think you are, you have lost your Obviously. >mind. You can't just hack a CDMA or similar phone to make it secure -- >the other end has to be speaking the same protocol. The other end is a >very expensive station built and paid for by your local cellular >provider which is unlikely to be easily modified by you the customer. Obviously. >You aren't going to be able to run your own cellphone system, either. Depends on how rich I get soon ;) >Perry I am not sure if I am not explaining myself clearly or if you are being intentionally dense. The point is that if we know our stuff, have way too much liesure time and are dedicated to difficult solutions, my cellular and your cellular could be hacked to make use of the DSP as a co/dec for what ever we wish it to. The rebroadaster, central switcher, etc have nothing to do with it- they don't particularly care if they are transmitting ramblings from your mother or your voice reversed in half second snips or a Madonna song. Obviously, analog transmission techniques make, say, a PGPPhone unworkable (even is someone was bored enough to port it to a DSP :), but scrambling and reassempling an analogue stream has nothing to do with the relay and could theoretically be performed by the telephones themselves. Note that I am making no case for this being in the least bit practical- I can think of much better thigns to do with my time. -j From sonny at netcom.com Fri Apr 22 10:43:43 1994 From: sonny at netcom.com (James Hicks) Date: Fri, 22 Apr 94 10:43:43 PDT Subject: DId you ever think... In-Reply-To: <9404221630.AA02111@sauron.hope.edu> Message-ID: <199404221744.KAA19040@mail.netcom.com> beckman at sauron.cs.hope.edu (Peter Beckman) asked: > ...has anyone ever gone thru the entire source code and > checked if this PGP is a valid encryption scheme... Yes. -- +---------------------------------------------------------------------+ | james hicks | Give me your tired, your poor, | | | your huddled masses yearning to breathe free, | | ...can you hear | Send these, the homeless, tempest-tossed to me.| | the music?... | I lift my lamp beside the golden door! | +---------------------------------------------------------------------+ From joshua at cae.retix.com Fri Apr 22 10:55:41 1994 From: joshua at cae.retix.com (joshua geller) Date: Fri, 22 Apr 94 10:55:41 PDT Subject: DId you ever think... Message-ID: <199404221754.KAA02283@sleepy.retix.com> more paranoid than I like to get.... josh ___ > Did anyone ever think that maybe, just maybe, PGP was developed, and before the > programmer started giving it away for free, that he was paid by the government > to give them the key which can unlock ANY PGP locked document/file/etc??? I > mean, wasn't it kind of surprising that the government would make such a big > deal over this? To make hackers/phreakers in general think that this was the > greatest encryption scheme available today for free (the programmer was paid > to distribute his software for free, seeing that the sum was sizable), they > made an act by (i don't know the specifics) arresting him, telling him to stop > distributing, etc... Makes you wonder huh... It's possible. Maybe he wrote in > the PGP program a loophole in the encryption so that he could decrypt anything > that was encrypted by PGP. Maybe he is big brother. Maybe big brother is > running him... I mean, has anyone ever gone thru the entire source code and > checked if this PGP is a valid encryption scheme, or just the gov't slipping > in their clipper thing without us knowing it. Reply here--no email please... > > The Devils Advocate, and preventing the Government Anarchy, > Farmer Pete > From jim at rand.org Fri Apr 22 11:01:04 1994 From: jim at rand.org (Jim Gillogly) Date: Fri, 22 Apr 94 11:01:04 PDT Subject: DId you ever think... In-Reply-To: <9404221630.AA02111@sauron.hope.edu> Message-ID: <9404221800.AA00472@mycroft.rand.org> > beckman at sauron.cs.hope.edu (Peter Beckman) writes: > Did anyone ever think that maybe, just maybe, PGP was developed, and before the > programmer started giving it away for free, that he was paid by the government > to give them the key which can unlock ANY PGP locked document/file/etc??? I It's more likely that the government after the fact has started trying to spread the rumor that PGP has an intentional hole in it or can be broken easily. I've seen a number of rumors of this kind, and at least one of the latter (i.e. they can read traffic with 1024-bit keys easily, but 2-4K keys might make them sweat) was encouraged by a visiting NSA guy, according to the person who posted it. The frequent postings of the first rumor (prz corrupted) to a.s.pgp look orchestrated to me... but then I'm a bit paranoid. > distributing, etc... Makes you wonder huh... It's possible. Maybe he wrote in > the PGP program a loophole in the encryption so that he could decrypt anything No, doesn't make me wonder, no, it's not possible. Read the code -- it's all free. If you don't read C, find somebody you trust to read it to you. Read the math -- it's all been published and vetted by experts. Watch the emerging analysis of IDEA; watch the factoring records and the amount of time required for them. Don't trust the executables -- recompile it yourself with a different compiler... they can't hack 'em all. If you don't know anybody you trust to read code and compile for you, you're not in a strong enough position to worry about your own security anyway. Yes, that's elitist -- sue me. It's security, so have to pay attention to the developments that affect it. Jim Gillogly 1 Thrimidge S.R. 1994, 17:59 From perry at snark.imsi.com Fri Apr 22 11:02:34 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Fri, 22 Apr 94 11:02:34 PDT Subject: cryptophone ideas In-Reply-To: <9404221742.AA02556@ralph.sybgate.sybase.com> Message-ID: <9404221801.AA01603@snark.imsi.com> Jamie Lawrence says: > I am not sure if I am not explaining myself clearly or if you are being > intentionally dense. > > The point is that if we know our stuff, have way too much liesure time and > are dedicated to difficult solutions, my cellular and your cellular could > be hacked to make use of the DSP as a co/dec for what ever we wish > it to. Analog cellphones do not have real DSP in them. They are ANALOG you see. The digital cellphones can't be encrypted without cooperation of the base station. Perry From grm at bighorn.dr.att.com Fri Apr 22 12:28:49 1994 From: grm at bighorn.dr.att.com (G.R.Martinez) Date: Fri, 22 Apr 94 12:28:49 PDT Subject: DId you ever think... In-Reply-To: <9404221630.AA02111@sauron.hope.edu> Message-ID: <9404221328.ZM4378@dr.att.com> On Apr 22, 12:30, Peter Beckman wrote: > Subject: DId you ever think... > Did anyone ever think that maybe, just maybe, PGP was developed, and before the > programmer started giving it away for free, that he was paid by the government > to give them the key which can unlock ANY PGP locked document/file/etc??? Maybe not... the software is generally available for anyone's inspection. -- gerald.r.martinez at att.com / grmartinez at attmail.att.com / att!drmail!grm @ AT&T GBCS Bell Labs, Denver (303) 538-1338 @ WWW: http://info.dr.att.com/hypertext/people/grm.html & life is a cabernet ...o&o ))) From blancw at microsoft.com Fri Apr 22 14:42:42 1994 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 22 Apr 94 14:42:42 PDT Subject: DId you ever think... Message-ID: <9404222043.AA20592@netmail2.microsoft.com> From: Jeff Davis No I didn't. I'll see Phil Zimmerman tomorrow in Boulder. I'm sure he'll find your conjecture ludicrous. ................................................... What is PZ doing in Boulder tomorrow? Besides that ludicrous conjecture, what others will you be discussing with him? Blanc From amcgee at netcom.com Fri Apr 22 15:07:44 1994 From: amcgee at netcom.com (Arthur R. McGee) Date: Fri, 22 Apr 94 15:07:44 PDT Subject: Lord Have Mercy On Us All :-( Message-ID: If this doesn't scare you, nothing will. :-( ---------- Forwarded message ---------- THE WHITE HOUSE Office of the Vice President ____________________________________________________________ For Immediate Release April 20, 1994 GORE JOINS BENTSEN, RENO IN CRIME TECHNOLOGY DEMONSTRATION Vice President Announces Inter-Agency Agreements WASHINGTON -- To illustrate how the use of technology can help fight rising crime, Vice President Al Gore today (4/20) joined Administration officials in a demonstration of wireless and dual-use technologies that can be used for law enforcement purposes. He also announced two inter-agency agreements that will increase cooperation between the Departments of Justice, Treasury, and Defense in using technology to help combat crime. "The technologies demonstrated today provide powerful new weapons in the war against crime," the Vice President said. "Technological advances make it possible to fight crime safer and smarter than ever before. They increase safety, enhance productivity for our law enforcement officials, and save taxpayer dollars." The Vice President joined Treasury Secretary Lloyd Bensten, Attorney General Janet Reno, Deputy Secretary of Defense John Deutch, and Office of National Drug Control Policy Director Lee Brown in the demonstration, which included a wide variety of technologies that will help fight crime or support law enforcement. In addition, the Vice President announced two inter- agency Memorandums of Understandings. The first MOU, between the Departments of Justice and Treasury, establishes an agreement to develop a wireless telecommunications network for use by federal, state, and local law enforcement officials. This agreement implements one of the recommendations of Vice President Gore's National Performance Review to make the federal government work better and cost less. The second MOU, between the Departments of Defense and Justice, is a five-year agreement to jointly develop and share technologies that are necessary for both law enforcement and military operations other than war. Secretary Bentsen said, "We want to invest in crime- fighting technology, we want to do it so local and state police benefit, and we want to do it so costs don't go through the roof. That's why I'm so eager to sign up Treasury in a partnership with Justice to develop cost- effective and efficient technology." "New technologies increase the effectiveness of law enforcement, offer police officers greater options for apprehension, and improve the safety of the public," said Attorney General Reno. "Today's agreements will unite the efforts of the Justice Department with those of Defense and Treasury to help make these technologies available to our nation's law enforcement community." Deputy Secretary Deutch said, "Today's Memorandum of Understanding formalizes our ongoing relationship with the Department of Justice. It comes at a time when budgets are decreasing and yet we need different capabilities and equipment to accomplish our peacekeeping and humanitarian missions. We are finding that these requirements are similar in many cases to the needs of law enforcement agencies, and we look forward to cooperating in this area." The demonstrations included an automated booking system to electronically record fingerprints and mug shots, laser- assisted computer imaging equipment for examining ballistics, and a portable/hand-held/single-step device to retrieve more readable fingerprints at crime scenes. They also viewed technology that provides police cars with mainframe database information such as criminal records and traffic violations, and allows them to file reports from their cars. Several non-lethal weapons for use in pursuit of a suspect or while a suspect is in custody also were displayed. ## From cfrye at mason1.gmu.edu Fri Apr 22 15:44:44 1994 From: cfrye at mason1.gmu.edu (Curtis D Frye) Date: Fri, 22 Apr 94 15:44:44 PDT Subject: Hillary's "Zone of Privacy" ??? Message-ID: <9404222244.AA12089@mason1.gmu.edu> Anybody catch Hillary's press conference? She argued that she didn't answer questions about Whitewater at first because she believed strongly in a "zone" of privacy. Now, if a public figure has a zone of privacy, what does a private citizen have? I'd been off the list for a while - hope this isn't a repeat. Curt From jim at mycroft.rand.org Fri Apr 22 16:08:19 1994 From: jim at mycroft.rand.org (Jim Gillogly) Date: Fri, 22 Apr 94 16:08:19 PDT Subject: Secure Hash Standard (SHS/SHA) Broken by NSA Message-ID: <9404222308.AA02072@mycroft.rand.org> Just received a NIST Media Advisory (April 22, 1994, contact Anne Enright Shepherd). I'll pick out some sample sentences: NIST ANNOUNCES TECHNICAL CORRECTION TO SECURE HASH STANDARD ----------------------------------------------------------- The National Institute of Standards and Technology today announced it will initiate a technical modification to a computer security standard used to support the authentication of electronic messages. The revision will correct a minor flaw that government mathematicians discovered in a formula that underlies the standard. ... remains a highly secure way to ensure integrity of ... NIST expects that products implementing the current standard can be used until the technical correction becomes effective. Researchers at the National Security Agency, who developed the formula and discovered the flaw in a continuing evaluation process, now believe that although the forumla in FIPS 180 is less secure than originally thought, it is still extremely reliable as a technical computer security mechanism. The discovery of this flaw indicates the value of continued research on existing and new standards. ... It goes on to describe the standard in general terms and NIST's role. There's no quantification about how badly it's broken in terms of (say) effective number of bits of protection; seems logical that it's pretty severe (i.e. well under 160) if it's bad enough for them to go public with the fix. Know any other existing or new standards that could use continued research? Jim Gillogly 1 Thrimidge S.R. 1994, 23:07 From CCGARY at MIZZOU1.missouri.edu Fri Apr 22 18:59:02 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Fri, 22 Apr 94 18:59:02 PDT Subject: THE FREEDOM DAEMON Message-ID: <9404230158.AA22892@toad.com> THIS ARTICLE IS FOR INFORMATIONAL PURPOSES ONLY. I WILL NOT BE HELD ACCOUNTABLE FOR THE USE OR MISUSE OF INFORMATION CONTAINED IN THIS ARTICLE. I would like to introduce new terms & a new concept. The terms are "RECHATTERER", "RECHAT", & "CHATTERBOX" (with a new meaning). The idea i analogous to the remailer concept. Remailers are series of mailing software machines that hide the location & identity of the sender of a file. This is a very good idea for privacy & freedom on the Internet. An overlooked necessity for the Internet are retransmitters for both CHAT MODE & for the sending of commands. Note: Latter in this text, I'll introduce the term "FREEDOM DAEMON". File transfers cannot replace the need for the interactive chat mode & for command transmits. Hence, the need for CHATTERBOXES. The need for chat mode security is obvious. The need for command retransmitters is less obvious & has great possibilities. With command retransmitters much internet activity could be done without disclosing the location of the worker. Consider the possibility of telnets assisted with CHATTERBOXES. With CHATTERBOXES almost no Internet activity need give away the location of the worker. This of course would raise the safety level of hackers/crackers by at least a magnitude. This would of course raise concerns for computing safety on the Internet. On the other hand, hacking/cracking may be necessary for the future freedom of the Internet. The Feds are currently trying to hijack the Internet with their Information Highway fraud. The Feds will try to regulate the Internet traffic. I find it difficult to believe that they would tolerate the existence of remailers. How secure are remailers? Are they easy to find? With CHATTERBOXES, much of the danger of establishing remailers in the future could be avoided. Could the establishment of remailers be auto- mated with programmed CHATTERBOXES doing the work? I suggest the possi- bility of mainframe hacking as a method of secretly making outlaw re- mailers. I got this idea from a book carried by Loompanics. The excerpt follows. "One way to get around this problem - & to simultaneously overcome many of the problems that arise when one sets up a BBS - is to use your hacking skills to break into a mainframe far away from your house, & use IT for the site of your electronic bulletin board." From the book, SECRETS OF A SUPERHACKER by The Knightmare. Published & distributed by Loompanics Unlimited. Loompanics Unlimited PO Box 1197 Port Townsend, Wa 98368 Current(April 22, 1994) price of their main catalog is $5.00. Loompanics is a great book distributor & publisher that I have used for many years. It carries books on many unusual topics. For instance if you wanted a textbook on murder, terrorism, homemade explosives, writ- ing computer viruses, hacking computers, making recreational drugs, life extension, weird science, conspiracies, torture, or brain & mind improvement then I perceive you have a need for the Loompanics catalog. They also have other exciting categories as well. But back to the subject. I thought it was a fantastic idea to hijack the resources of a foreign computer & use them for a pirate BBS. The same thing should be able to be done with remailers & CHATTERBOXES. Another idea I have for fighting off the possibility of technological capture of the Internet by the Feds is the idea of the "FREEDOM DAEMON". A FREEDOM DAEMON could be thought of as a CHATTERBOX with the following capabilities added: 1. A remailer 2. Virus capabilities. It reproduces itself. 3. Worm capabilities. It is self contained in its code. 4. Trojan horse capabilities. It plants itself in foreign computers like a daemon or software service machine. 5. Ability to take orders from its parent or another ancestor FREEDOM DAEMON, or its original human programmer or by certified users. Order taking would be authorized by an RSA encryption scheme. 6. Ability to be interrogated by its parent or another ancestor FREEDOM DAEMON or its human programmer, or by certified users through an RSA scheme. Note: It may carry several keys for different levels of security access. 7. It may contain histories of its ancestors or progeny or both. The histories would require access by RSA keys. 8. It may contain genetic algorithms as it may meet with a lot of state hostility in the form of destruction by human & programmed hunters. The genetic algorithms could create more worthy FREEDOM DAEMONS. I have suggested that the use of FREEDOM DAEMONS would be to per- petuate remailers, CHATTERBOXES, & themselves. I think that the thought- ful Cypherpunk could think up a number of other uses. In the near future the Internet could lose much of its freedom & could become a more dan- gerous place for freedom lovers. CHATTERBOXES & FREEDOM DAEMONS with their ability to enable the Cypherpunk to send commands, do telnets, & perform other functions without disclosing his location could enable the Cypherpunk to manufacture other freedom software machines with at least a magnitude of safety greater than he had before. Who would program the CHATTERBOXES & FREEDOM DAEMONS? My first idea is to the guys who are programming remailers. Those unsung, unpaid heroes who are much like Dr. Frankenstein, working away on his big guy. Hackers & Crackers should have a certain taste & experience with the activities needed. It should provide a field day for computer science types & cryptographers. Creative "wild idea" people could help. OTHER THOUGHTS How do hackers & crackers get caught? Could Cypherpunk technology keep them safe? Imagine hackers/crackers with CHATTERBOXES & FREEDOM DAEMONS & digital reputations who don't know each other's true names & have no idea of each other's true locations. - hence unable to betray each other. Weak hacker/crackers would not endanger their strong asso- ciates. A chain only as strong as it's strongest link? Could they be as safe as their strongest technology? Right now, captured hacker/crackers roll over on their associates, their mothers, & their pet dogs. We as Cypherpunks can help to stop this carnage. Note that we Cypherpunks are politicos & made of sterner stuff. I also don't want to characterize ALL hacker/crackers as weak. By now, many Cypherpunks are asking themselves just what the fuck I am doing concerning myself with the welfare of hacker/crackers & implying that Cypherpunks should do the same. Cypherpunks are saying aren't these people sort of well - UNSAVORY? - I have never tasted them. But on a more serious note: in a future Internet ravaged by state power grabs, many Cypherpunks may be in the position of today's hacker/crackers & may have their security concerns. Today, Cypherpunks write code, tomorrow they hack/crack? Wouldn't this proposed technology turn the Internet into the Wild West? Yes, it would. On Internet chat, there is a channel called #freedom. On this channel for years the people have chatted to each other in code. They talk quickly & seem to be unimpeded by the code. Well, I guess "we've" already gotten coded on the fly Iinternet chat. Well, Cypherpunks, I've been up to enough today. Maybe tomorrow I'll discuss my BLACK NET PEACE CORE plans. In the meantime- PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKKKK! BBBEEEAAATTTT STATE! Yours Truly, Gary Jeffers From unicorn at access.digex.net Fri Apr 22 19:07:19 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 22 Apr 94 19:07:19 PDT Subject: Did you ever think... Message-ID: <199404230207.AA23140@access1.digex.net> > Did anyone ever think that maybe, just maybe, PGP was developed, and > before the programmer started giving it away for free, that he was > paid by the government to give them the key which can unlock ANY PGP > locked document/file/etc??? No. From gtoal at an-teallach.com Fri Apr 22 20:57:43 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 22 Apr 94 20:57:43 PDT Subject: Liberty net? Message-ID: <199404230357.EAA03642@an-teallach.com> Did anyone on this group give my email address to some pyramid-subscription scheme called 'Liberty net'? I'd quite like to know which of my 'friends' (as it says in the advert) was responsible... Thanks G From hayden at krypton.mankato.msus.edu Fri Apr 22 21:01:19 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 22 Apr 94 21:01:19 PDT Subject: Hillary's "Zone of Privacy" ??? In-Reply-To: <9404222244.AA12089@mason1.gmu.edu> Message-ID: On Fri, 22 Apr 1994, Curtis D Frye wrote: > Now, if a public figure has a zone of privacy, what does a private citizen > have? Clipper ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From markh at wimsey.bc.ca Fri Apr 22 21:04:50 1994 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Fri, 22 Apr 94 21:04:50 PDT Subject: ViaCrypt PGP and Linux Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Subject: ViaCrypt PGP and Linux A short note to say that the SCO version of ViaCrypt PGP for Unix works under the latest version of the ibcs emulator for Linux. If you have ViaCrypt PGP for Unix and want to give this a try, you need a recent Linux kernel (1.0+), and the following file available by anon ftp tsx-11.mit.edu:/pub/linux/ALPHA/ibcs-940422.tar.gz Be sure to get this version, and not one of the earlier versions. Disclaimers 1. My only connection with ViaCrypt is as a customer. 2. This message is provided _AS IS_. In particular, this may not work for you. I assume no responsibility for actions you may take partially or wholly based on this message, even if I have been negligent in some way by posting this message or not correctly verifying the content of this message. In other words, if you buy ViaCrypt PGP for Unix based on the fact that you believe you'll be able to run the SCO binary, and you can't make it work, don't come crying to me saying that you spent money based on my message. Fact is, it works for me, but that is all I'm saying. Sorry to be so pedantic, but given the way the world of Linux is, I'd be a fool not to say it. Mark -----BEGIN PGP SIGNATURE----- Version: 2.4 iQBVAgUBLbidJGrJdmD9QWqxAQE1TAH/YwraTeBpVr9D9GWzzO9z4cBBOdmSrQOJ Ts5UpeuOqj4qKNKg4SCE6WJ0SmXrAulOjAYaXEKwxjb6Ljn941U0vg== =VJ9t -----END PGP SIGNATURE----- -- Mark Henderson markh at wimsey.bc.ca - RIPEM MD5: F1F5F0C3984CBEAF3889ADAFA2437433 ViaCrypt PGP key fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 low security key fingerprint: EC E7 C3 A9 2C 30 25 C6 F9 E1 25 F3 F5 AF 92 E3 cryptography archive maintainer -- anon ftp to ftp.wimsey.bc.ca:/pub/crypto From wcs at anchor.ho.att.com Fri Apr 22 21:11:55 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Fri, 22 Apr 94 21:11:55 PDT Subject: THE FREEDOM DAEMON Message-ID: <9404230410.AA13452@anchor.ho.att.com> Gary Jeffers proposes a system to perform remailing and chat-session relay which, among other proposed features, propagates itself by virus and worm approaches; the important issue is not the precise semantics of the differences, but that the thing tries to spread itself and run without the help or even permission of the owners of the machines it tries to run on. This is bad. It's offensive to try and run your stuff on people's machines without asking them or informing them. It can break stuff, it can hog their resources for your application (which is no more pro-freedom than having them hog your resources wihtout permission), and it's *so bloody unnecessary*! If you make a system that's easy to install and propagates information about how to get a copy of it (e.g. by sending header or signature lines in any mail it remails), then you can still propagate your software, but you can do it as a good guy rather than a bad guy. I have no more desire to have a "FREEDOM VIRUS" appear on my systems than a "BIG BROTHER VIRUS". Bill From jeremy at crl.com Fri Apr 22 23:07:26 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Fri, 22 Apr 94 23:07:26 PDT Subject: DId you ever think... In-Reply-To: <9404221630.AA02111@sauron.hope.edu> Message-ID: > Did anyone ever think that maybe, just maybe, PGP was developed, and before the > programmer started giving it away for free, that he was paid by the government > to give them the key which can unlock ANY PGP locked document/file/etc??? I [mass hysteria deleted] > running him... I mean, has anyone ever gone thru the entire source code and > checked if this PGP is a valid encryption scheme, or just the gov't slipping > in their clipper thing without us knowing it. Reply here--no email please... This argument doesn't work to well. PGP is available in full source code form. It's hard to build a backdoor in the code and distribute it widely without expecting your glitch to be noticed. PGP has been studied over and over by careful prying eyes. Even though you probably aren't a programmer yourself, it might do you a bit of good to download the source and look at it yourself. -- Jeremy Cooper _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From phantom at u.washington.edu Fri Apr 22 23:54:28 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Fri, 22 Apr 94 23:54:28 PDT Subject: clipper/chosen plaintext attacks Message-ID: even with plaintext/ciphertext pairs, it has been shown that hundreds of millions of pairs are needed to determine anything about the key involved (DES). I'm sure some of the many responses to your post will include more precise facts. Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From sonny at netcom.com Sat Apr 23 00:05:54 1994 From: sonny at netcom.com (James Hicks) Date: Sat, 23 Apr 94 00:05:54 PDT Subject: Hillary's "Zone of Privacy" ??? In-Reply-To: Message-ID: <199404230707.AAA29856@netcom8.netcom.com> hayden at krypton.mankato.msus.edu wrote: > > On Fri, 22 Apr 1994, Curtis D Frye wrote: > > > Now, if a public figure has a zone of privacy, what does a private citizen > > have? > > Clipper > > ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu > \ /__ -=-=-=-=- <=> -=-=-=-=- > \/ / Finger for Geek Code Info <=> Political Correctness is > \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" > -=-=-=-=-=-=-=- > (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ > n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) Apparently, this was an erroneous zone. -- +---------------------------------------------------------------------+ | james hicks | Give me your tired, your poor, | | | your huddled masses yearning to breathe free, | | ...can you hear | Send these, the homeless, tempest-tossed to me.| | the music?... | I lift my lamp beside the golden door! | +---------------------------------------------------------------------+ From lcottrell at popmail.ucsd.edu Sat Apr 23 02:22:00 1994 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Sat, 23 Apr 94 02:22:00 PDT Subject: Secure Hash Standard (SHS/SHA) Broken by NSA Message-ID: <199404230921.CAA06875@ucsd.edu> Jim Gillogly Says > NIST ANNOUNCES TECHNICAL CORRECTION TO SECURE HASH STANDARD > ----------------------------------------------------------- > > The National Institute of Standards and Technology today announced it > will initiate a technical modification to a computer security standard > used to support the authentication of electronic messages. The > revision will correct a minor flaw that government mathematicians > discovered in a formula that underlies the standard. > > ... remains a highly secure way to ensure integrity of ... > NIST expects that products implementing the current standard can be > used until the technical correction becomes effective. > > Researchers at the National Security Agency, who developed the formula > and discovered the flaw in a continuing evaluation process, now believe > that although the forumla in FIPS 180 is less secure than originally > thought, it is still extremely reliable as a technical computer > security mechanism. The discovery of this flaw indicates the value of > continued research on existing and new standards. So, have they mentioned what the problem was, or how to fix it? -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.3 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From paul at hawksbill.sprintmrn.com Sat Apr 23 04:42:20 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Sat, 23 Apr 94 04:42:20 PDT Subject: Cypherpunk Criminal Message-ID: <9404231244.AA01646@hawksbill.sprintmrn.com> Christian, I finally received my tees in the mail yesterday. Very, very cool. The .gifs certainly didn't do them justice. Thanks again, _______________________________________________________________________________ Paul Ferguson US Sprint Enterprise Internet Engineering tel: 703.904.2437 Herndon, Virginia USA internet: paul at hawk.sprintmrn.com From rishab at dxm.ernet.in Sat Apr 23 05:12:06 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sat, 23 Apr 94 05:12:06 PDT Subject: Entropy, WNSTORM and steganography Message-ID: rarachel at prism.poly.edu (Arsen Ray Arachelian): > In a previous post you mentioned that PGP does high entropy... Do you have > any C source code that finds the entropy of a chunk of data? (I've written a > cypher program that hides the cyphertext in a stream of random numbers.) Entropy is: sigma(- q_i * log q_i), for all i where q_i is the frequency of token i occurring in the data stream. I don't know where I've put my old entropy program, but I cooked one up now, attached to the end of the mail. > Anyway, I'd like to put in an entropy checker into the program. You may have > seen me post a notice for it. It's called WNSTORM. I sent it to soda, I don't I don't get it. OK, maybe if you see "Entropy 1.0" you may feel more secure that the white noise is white noise, but I'm sure you're using some decent generator anyway. As far as using entropy to attempt to make the input (noise) and output (with embedded data) statistically similar goes, it's hardly enough. Entropy measure is not the most sophisticated of analysis techniques! If the real use of WNSTORM is to modify it for stego, to put things into the low bits, then entropy is *definitely* not a great method of ensuring that your stegoed image will be statistically similar to the original. There have been earlier discussions on methods of ensuring that the percentage of 0s and 1s remains similar before and after stegging (I just love that verb; I steg, you steg, he stegs, thou steggeth ;-) I personally believe, based on my not inconsiderable experience working with images both from the image-processing-programming and the digital-effect-touchup points of view, that very minor changes in images tend to be noticable to the human eye, after the right preprocessing. 'Ultimate' steganography may have to bother about very sophisticated statistical modelling, or neural networks (I know that many number theorists, and Bruce Schneier, intensely dislike the latter. They are quite useful, however, in building complex models on data with which one may have no idea what to do). I'm waiting for a large collection of 'before and after' stego images, to play with them and see what I find. (I once worked on a model to recognize faces, fast, by generating a pixel-density graph of monochrome edge-outlined images. Though the project died before the computer properly recognized a face, I could identify faces from their 'densitographs'.) ----- > know if it's up there yet. I haven't checked in a while. Anyhow unfortunatly > since you're in India I can't send you a copy. I wish I could, but I don't > want the damned ITAR cops on my ass. (Now if you were to obtain an account > in the USA, or one that looks like a USA address, you could get it yourself > without my intervention or knowledge... for all I know you probably have it > already :-) Probably... ;-) ----------------------------------- // this ought to work ;-) double entropy(FILE *fp) { double count[256]; // frequency of chars int c, i; double entr= 0; for (i=256; i--; count[i]=0); while((c=fgetc(fp)) != -1) { // for every char, count[c]++; // inc its count length++; // and the length } for (i=256; i--; count[i]/= length); // convert counts to frequencies 0..1 // sigma(0..255, -q_i * log_2(q_i)), -q_i bcoz log of fraction will be // negative, we'd like our entropy between 0..1, not 0..-1 for (i=256; i--; entropy+= -count[i] * log_base_2(count[i])); return entr; // bits_of_info per BYTE, as we counted 256 values. } ------------------------------------------- ------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ------------------------------------------------------------------------------- From prgm at CLASS.ORG Sat Apr 23 06:46:17 1994 From: prgm at CLASS.ORG (Proskauer) Date: Sat, 23 Apr 94 06:46:17 PDT Subject: Spotlight In-Reply-To: <9404221252.AA28817@disvnm2.lehman.com> Message-ID: On Sportlight, I recall someone (Factsheet 5?) recommending another pub, the quarterly Paranoia (which you can actually buy on newsstands in NYC), because "they get a lot of stuff from Spotlight, so you won;t have to soil you hands with the original source." It's a fine magazine, and even has an email address: paranoia at aol.com (but would a paranoid use email?) James O'Meara Proskauer Rose Goetz & Mendelsohn E-mail: prgm at class.org 1585 Broadway Voice: 212-969-5021 New York, NY 10036 Fax: 212-969-2900 On Fri, 22 Apr 1994, David Mandl wrote: > > From: wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510-484-6204) > > The Spotlight *used* to be a really revolting rag; some people I was > > talking to recently who were selling it said they've tried to get rid > > of the anti-Semitism and racist hate stuff that the Carto folks were pushing > > and concentrate more on Truth (or whatever the conspiracy-wacko version of > > Truth is at any given time :-). I didn't buy their magazine to find out > > if it's really improved or if they're just saying it, but it was nice to > > hear them say it. > > Bill-- > > Far as I know, things haven't really changed. What the Spotlight and > other papers/organizations like it have been doing recently is trying > to clean up their public image to gain respectability and a wider > audience (look at David Duke himself, for example). They've been > fairly successful, unfortunately. There's been an increased interest > in the last few years in conspiracy theories and the like (an interest > I share), and as a result the readership of papers like the Spotlight > has been growing. I think that if you flipped through a copy of the > Spotlight today, you'd merely get the impression that they're healthy > skeptics trying to expose the misdeeds of the government and other evil > conspirators. Fair enough. But their real agenda hasn't changed. > > My analysis: > > The recent growth of these organizations shows that there's been a real > increase in interest in anarchistic ideas and distrust of authority > among the general public. Good news. The bad news is that there are > various vermin waiting in the wings to take advantage of people's > openness to new and "radical" ideas. Caveat emptor. > > > The other magazine called "Spotlight" I've run into is the New Jersey > > Symphony Orchestra's program handout, truly a hotbed of radical > > something-or-other-ism :-) > > Sounds dangerous to me. I'd watch out. > > --Dave. > From m5 at vail.tivoli.com Sat Apr 23 07:02:46 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Sat, 23 Apr 94 07:02:46 PDT Subject: THE FREEDOM DAEMON In-Reply-To: <9404230158.AA22892@toad.com> Message-ID: <9404231402.AA12682@vail.tivoli.com> > THIS ARTICLE IS FOR INFORMATIONAL PURPOSES ONLY. I WILL NOT BE HELD > ACCOUNTABLE FOR THE USE OR MISUSE OF INFORMATION CONTAINED IN THIS > ARTICLE. You have little to worry about. There is no risk of use or misuse of information contained in the article, because the article contained no information. m5 From jims at Central.KeyWest.MPGN.COM Sat Apr 23 07:19:26 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell - KD4CKQ) Date: Sat, 23 Apr 94 07:19:26 PDT Subject: THE FREEDOM DAEMON In-Reply-To: <9404230410.AA13452@anchor.ho.att.com> Message-ID: <9404231419.AA12737@Central.KeyWest.MPGN.COM> > > Gary Jeffers proposes a system to perform remailing and chat-session relay > which, among other proposed features, propagates itself by virus and worm > approaches ... > > This is bad. It's offensive to try and run your stuff on people's machines > without asking them or informing them. It can break stuff, it can ... Not only that, but if you access their computer without prior authorization it is illegal as well. Wonder if Gary wants to be a test case under the relatively new "anti-hack" laws? -- Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com Key West, FL 33041 CIS: 71061,1027 (305) 293-8100 "We keep coding and coding and coding..." From jims at Central.KeyWest.MPGN.COM Sat Apr 23 07:25:41 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell - KD4CKQ) Date: Sat, 23 Apr 94 07:25:41 PDT Subject: How to explain... Message-ID: <9404231425.AA12751@Central.KeyWest.MPGN.COM> Hi folks! I have something I'm sure someone on the list can help with. I need to explain to someone who is "mostly-illiterate" about computers why it is so difficult to break an RSA or DES type code. This person is a good user and a beginning programmer. I understand intuitively, but not well enough to explain it. His thinking is that if you have formula X to go from plain to crypt then just reverse X and you'll have the decryption algorithm. He figures that reversing a math formula could be difficult, but given a desire and a few weeks that nearly any formula can simply be reversed. If you can explain it well and simplistically I'd appreciate it. (As I said, I intuitively understand, but can't explain it well.) Thanks, Jim -- Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com Key West, FL 33041 CIS: 71061,1027 (305) 293-8100 "We keep coding and coding and coding..." From werner at mc.ab.com Sat Apr 23 08:57:01 1994 From: werner at mc.ab.com (tim werner) Date: Sat, 23 Apr 94 08:57:01 PDT Subject: Lord Have Mercy On Us All :-( Message-ID: <199404231556.LAA13606@sparcserver.mc.ab.com> >Date: Fri, 22 Apr 1994 15:08:25 -0700 (PDT) >From: "Arthur R. McGee" > >If this doesn't scare you, nothing will. :-( > >---------- Forwarded message ---------- > > THE WHITE HOUSE > Office of the Vice President > ____________________________________________________________ > For Immediate Release April 20, 1994 > > > GORE JOINS BENTSEN, RENO IN CRIME TECHNOLOGY DEMONSTRATION > Vice President Announces Inter-Agency Agreements > Why is this scary? It was just about police getting better methods of communicating with each other, as far as I could tell. I am not against the idea of police in general, just abuses of government power. How is the concept of police being better able to get fingerprints at the crime scene scary? If you break into my house, I'd like the police to be able to get your fingerprints. The police are a Good Thing when they are protecting me from fraud, theft, and physical attack. tw From PMARKS at VAX1.UMKC.EDU Sat Apr 23 09:15:06 1994 From: PMARKS at VAX1.UMKC.EDU (PMARKS at VAX1.UMKC.EDU) Date: Sat, 23 Apr 94 09:15:06 PDT Subject: Encryption for OS/2 Message-ID: <01HBIGEQV5B690NIOI@VAX1.UMKC.EDU> I would like to hear from CP's who have implemented PGP on OS/2. I'm a little concerned that I can only encrypt FAT files when the bulk of my data are on HPFS formatted drives. Is there a group out there? Second item. I have some comments on Communications Security (COMSEC) I would like to make but I think I'd better post anonymously. Could someone point me to a suitable forwarder? Thanks. From CCGARY at MIZZOU1.missouri.edu Sat Apr 23 11:44:08 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Sat, 23 Apr 94 11:44:08 PDT Subject: THE SPOTLIGHT Message-ID: <9404231844.AA08724@toad.com> I seem to have set off some paranoia on the net with my post SCIENCE FRAUDS in which I referred to the SPOTLIGHT newspaper & in fact gave it some free advertising. I reprinted a wonderful article on the Ozone fraud without permission & feeling guilty - I gave THE SPOTLIGHT a free advertisement to soothe my conscience. Even in this, I was incorrect as the article was written by Paul V. Sheridan of Dr. Detroit Motorsports in Detroit, Michigan. The article , as it appeared in THE SPOTLIGHT, was merely a reprint & Sheridan is not affiliated with THE SPOTLIGHT. There is speculation that THE SPOTLIGHT has a hidden agenda that includes anti-semitism. I have read quite a number of editions of this paper & if they do have this agenda, then they are very well disciplined in never surfacing it. Still the possibility does exist & I have no intention of serving as a dupe for anyone's hidden agenda. Therefore, if I choose to post the article on other lists or interest groups, I will remove all references to THE SPOTLIGHT. Anyone wishing to repost this article please remove these references. Yours Truly, Gary Jeffers From CCGARY at MIZZOU1.missouri.edu Sat Apr 23 11:57:16 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Sat, 23 Apr 94 11:57:16 PDT Subject: THE FREEDOM DAEMON - PART DOUX Message-ID: <9404231857.AA08904@toad.com> There has been some criticism of the ethics of my THE FREEDOM DAEMON post. The freedom daemon is a proposed software machine for a proposed furture in which a police state captures the Internet. Under a police state & in times of strife, ethics change & things that were at one time unthinkable become quite thinkable. However, this speculation was just a flight of fancy, so go back to sleep & don't worry your precious little heads. Yours Truly, Gary Jeffers From cknight at crl.com Sat Apr 23 11:59:45 1994 From: cknight at crl.com (Chris Knight) Date: Sat, 23 Apr 94 11:59:45 PDT Subject: Encryption for OS/2 In-Reply-To: <01HBIGEQV5B690NIOI@VAX1.UMKC.EDU> Message-ID: On Sat, 23 Apr 1994 PMARKS at VAX1.UMKC.EDU wrote: > I would like to hear from CP's who have implemented PGP on OS/2. I'm a > little concerned that I can only encrypt FAT files when the bulk of my > data are on HPFS formatted drives. Is there a group out there? Although I have not implemented PGP on my OS/2 drive yet, I don't see it as a problem. I run many DOS/FAT apps on my system that work well under HPFS. After all, you are just issuing a file open command, and then a series of reads, nothing the system can't handle. The only place I see a problem is with file names. If you haven't modified the source, and compiled it will a decent OS/2 compiler, then it will only work with 8.3 names. Good luck. Let me know if you have any problems. In the mean time, I'll be installing it here. -ck From warlord at ATHENA.MIT.EDU Sat Apr 23 12:10:24 1994 From: warlord at ATHENA.MIT.EDU (Derek Atkins) Date: Sat, 23 Apr 94 12:10:24 PDT Subject: How to explain... In-Reply-To: <9404231425.AA12751@Central.KeyWest.MPGN.COM> Message-ID: <199404231910.PAA03059@charon.MIT.EDU> The difficulty really is not reversing the mathematics, thats easy (and, in fact, it is already done for you in part of the algorithm). What makes it hard to reverse is the fact that these algorithms are actually sets of algorithms, and it is the key which sets the actualy unique algorithm that is being used, and since the key is secret, you need to find a weekness in the set of algorithms as a whole, or brute-force search all the keys to find the exact algorithm being used. So, to follow your friends example, if you have X to go from plain->crypt, then you can reverse it, but part of 'X' is the key, and if you have the key, you can already decrypt it! As for RSA (or other such algorithms), it is not poroven, but it is believed that braking the system (for a single key) is as hard as factoring that key's modulus. But factoring is a known-to-be-hard problem (It is an NP problem, I don't believe it is NP-Complete, but please someone correct me if I am wrong). Again, it is a known algorithm to take the crypted message and decrypting it. The problem is that, again, it is a specific algorithm in a set of algorithms, and you have to find the specific key that is being used (actually, in the case of RSA, there are at least two keys that you can use, but when you are talking about 512-bit keys, this means that there are 2 in 10^130 keys to try to guess. Again, it is the case that there are a set of formula, but truely reversing it requires knowledge of the key, which you do not have, and if you had said knowledge, you wouldn't NEED to reverse the formula, since the forumal reverses itself for you with the proper key. I hope this explains it some. If you have more questions, or someone else feels like clarifying, please go ahead. Enjoy! -derek From CCGARY at MIZZOU1.missouri.edu Sat Apr 23 12:41:49 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Sat, 23 Apr 94 12:41:49 PDT Subject: Live code that dies. No captures! Message-ID: <9404231941.AA09823@toad.com> Imagine code distributed over a network of computers over the world that lives & that when its time dependent conversation is interrupted - dies! Consider three sets of code in three computers that constitutes a "Family"(the whole program). "Grandpa" talks to "Pa". "Pa" then talks "Son". "Son" then talks to "Grandpa". Each "Family" member closely monitors its cup clock & if its expected message is not received on time - it suicides! Capture "Pa" & in seconds, "Grandpa" & "Son" take their own lives! That is to say, they scramble certain essential parts of themselves including cryptographic sections. The expected messages contain ciphertext that is generated by an RSA/Idea scheme that changes its key at every transmission. The "Family" would be glued together tightly by clocks & changing keys. The whole "Family" together would constitute a single program whose purpose & output could not be found without analyzing the whole "Family". An impossible to determine ( for the outsider ) member would generate the output. The output member would change. A resultant of this process is that the system could not be analyzed in its entirety. An attack to shutdown the set of computers would have to be nearly simultaneously. Another trick could be use to stop a simultaneous shutdown - greatly increase the size of the "Family". An essential trick to defeat analysis is to have essential parts of the "Family" members encrypted at times, so that there was no single time in which the whole "Family" was in plaintext. Variations on this scheme come to mind. For instance, the route of transmission varies & is impossible to determine by an outside invest- igator. Another variation: redundancy could be built into the scheme so that the loss of a computer or two wouldn't shutdown the program. Each member could be given a CRC by its calling member at each transmission to check for tampering. The CRC would only be for selected sections of the member. In order to make individual implementations practical, the "Family" could be generated by a computer program so that less drudge work would be done by humans. What purposes would this scheme be applied to? To be sure purposes that would get a hostile response. The reader can think up his own. This programming scheme's major virtue is that it cannot be captured wholly intact. The "Family" that "Clocks", "Keys", & "Crypts" together - "lives" together. Yours Truly, Gary Jeffers PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKKKK! BBBEEEAAATTTT STATE! From beckman at bilbo.cs.hope.edu Sat Apr 23 12:42:47 1994 From: beckman at bilbo.cs.hope.edu (Peter Beckman) Date: Sat, 23 Apr 94 12:42:47 PDT Subject: Did you ever think...OOPS... Message-ID: <9404231942.AA23515@bilbo.hope.edu> Well, I got a LOT of miscellaneous replies to my "Devils advocate" letter... No, I haven't gone thru the source code, and no, I don't know all there is to know about it. I didn't claim I did. I was just curious as to how "legitimate" the PGP encryption scheme was... Thanks to all who replied kindly... (Some people are sooo rude though!) Sorry to have peeved a few of you off so. Happy Hacking! Farmer Pete PS--I must say, this is the most mail I've recieved in a while from ANY reply! From unicorn at access.digex.net Sat Apr 23 12:54:20 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 23 Apr 94 12:54:20 PDT Subject: Lord Have Mercy On Us All :-( Message-ID: <199404231953.AA29434@access1.digex.net> tim werner said: The police are a Good Thing when they are protecting me from fraud, theft, and physical attack. tw <- The most efficent police are those under a dictator. They will protect you from fraud, theft and physical attack too. Are they a good thing? The communications network doesn't really bother me, The formation of a group dedicated to empowering law enforcement with high technology does. -uni- (Dark) From pgf at srl.cacs.usl.edu Sat Apr 23 13:00:45 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Sat, 23 Apr 94 13:00:45 PDT Subject: Live code that dies. No captures! Message-ID: <199404231955.AA27816@srl03.cacs.usl.edu> You know, it has just occured to me that this setup would not be viable under many conditions. Get just a little bit of lag and *boom*! There goes the link! Phil From tcmay at netcom.com Sat Apr 23 13:11:55 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 23 Apr 94 13:11:55 PDT Subject: T-Shirts, Neil Young, Asilomar, and Smalltalk In-Reply-To: <9404231244.AA01646@hawksbill.sprintmrn.com> Message-ID: <199404232013.NAA11582@mail.netcom.com> This may set a new record for me in putting seemingly unrelated topics into a single post!. But upon getting home from a technial conference last night (which had Neil Young as a participant) and getting ready for a Pink Floyd concert in distant Oakland, I found 210 e-mail messages on my machine, most of them Cypherpunks. No way can I digest them soon (and Netcom compressed them before I could download them with Eudora....ah, the wonders of these systems). So, without furhter explanation, a move from "Cypherpunk Criminal" t-shirts to Neil Young to capability-based systems to enviroments for developing protocols: > Christian, > > I finally received my tees in the mail yesterday. > > Very, very cool. The .gifs certainly didn't do them justice. > > Thanks again, > > _______________________________________________________________________________ > Paul Ferguson I got a Cypherpunk Criminal t-shirt, from Curtis Frye (thanks!), as I had neglected to get my order to Christian in on time. I agree that it's a great t-shirt! I wore it at the Asilomar Microcomputer Workshop, where it got a lot of interest. Ironically, most of the interest was in the number on the back, not the giant lettering on the front...I guess it proves that people talk behind my back. Neil Young, the music guy (and one of my all-time favorites), was at the conference to talk about his joint venture with Lionel Trains (*), and he smiled when he read what was on the t-shirt. (*) Neil Young has a 600-acre ranch in the Santa Cruz Mountains and a huge model train setup, which he uses with his disabled son. He's very supportive of technology for the handicapped, and wanted a "tetherless" radio control for train setups. For the past 10 years he's funded efforts, most of which were derailed by technical problems (like sending logic signal in an extremely RF-noisy environment). The problem is making a system backwards-campatible with the installed base of Lionel trains (and others that use the same power system, the same "blue sparks" (lots of RF!), etc. He recently worked with some guys he met through the Asilomar conference, including our own Bruce Koball, and great progress was made. After achieving some success, including a "manufacturable" system, he met with the President of Lionel, who got over his initial skepticism and became a supporter. A 50/50 partnership called "LionTech" exists and is set to roll out a complete system of backwards-compatible controllers and whatnot, this coming October. (New engines, with sound effects, including digitally recorded-and-compressed railroad sounds, are needed, but old tracks, old transformers, old cars, etc., will still work.) It looks pretty exciting, and I suspect it'll sell well. (I suggested thy work with Fry's Electronics, the mega-electronics chain in the Bay Area, and Neil thought this was a great idea, as Fry's has huge amounts of floor space for a good demo setup.) Neil was also very much interested in other kinds of tech (no, I didn't hit him up to fund digital banks!) and it was a real pleasure to be able to talk to him in such a small setting....the 100 or so attendees at Asilomar were in the sharpest possible contrast with seeing Pink Floyd last night in the Oakland Stadium! I hope this isn't too far "off the track," so to speak, for this group. I did give a 25-minute talk on "Implications of Cryptography," which generated some good discussion. I also cemented some thoughts in discussion with Bernard Peuto and Ted Kaehler about the need for a deeper analysis of the old computer science work on "mutually suspicious cooperating agents," which was predicted to be a Big Thing for computer science (along with objects, segmented logical address spaces, and several other such Good Ideas), but which faded out when C and flat, Unix-style address spaces came to the fore. Some of these failed ideas could finally achieve more prominence where they are actually needed: not built into high-volume mass-market microprocessors (where the failures like the i432 occurred), but used instead in digital money, reputation-based systems, etc. (The academic cryptographers are mostly oblivious, it seems to me, to the work done in operating systems and agoric systems.) The work of Norm Hardy, Dean Tribble, discussed here a couple of times--but always useful to do again--immediately comes to mind. Food for thought. I'm wondering if a project to implement a kind of "Digital Money World," perhaps in SmalltalkAgents, wouldn't be an interesting project. (Many will probably tell me that a collection of Perl scripts would be more "portable" and more useful to the current Unixcentric community....something I'd like to see more discussion of.) Exciting times. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From pgf at srl.cacs.usl.edu Sat Apr 23 13:30:53 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Sat, 23 Apr 94 13:30:53 PDT Subject: T-Shirts, Neil Young, Asilomar, and Smalltalk Message-ID: <199404232026.AA27865@srl03.cacs.usl.edu> Aren't there freely available versions of Smalltalk for Unix? GNU Smalltalk apparently lacks the classical graphic interface, but from what I've seen, so does Perl ;-) pgf From nobody at jarthur.cs.hmc.edu Sat Apr 23 13:40:05 1994 From: nobody at jarthur.cs.hmc.edu (nobody at jarthur.cs.hmc.edu) Date: Sat, 23 Apr 94 13:40:05 PDT Subject: Fractal steganography Message-ID: <9404232039.AA10884@toad.com> Hi, sorry if this appears twice, but I sent it a few days ago and it never turned up. Recent mention of using fractals for steganography of PGP-encrypted messages reminded me that I'd never seen this announcement posted to cypherpunks... >>>BEGIN INCLUDED MESSAGE >Newsgroups: sci.crypt,alt.security.pgp >From: qwerty at netcom.com (-=Xenon=-) >Subject: New Steganograph Available >Date: Sun, 13 Mar 1994 04:50:27 GMT -----BEGIN PGP SIGNED MESSAGE----- Henry Hastur's latest. This thing generates fractals, hiding a PGP or Stealth PGP message in them as well. I have put it up for ftp at ftp.netcom.com in /pub/qwerty, as MandelSteg1.0.tar.Z. Also there, is a "Steganography.software.list", and other steganographic software. -=Xenon=- P.S. I will forward mail to "Henry" if you would like to contact him. -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLYJUWgSzG6zrQn1RAQEL0AQAutxwMCxCS09qdZFGxuO9+9kqUkigm2Jk 0ng+uZkAPuh9J8TNOg+xSaqoil2+AOYyQmUB1w/5HablUL22BffvX9omfkkAWFYR gPRBIC1Dr56SP/PmZnLTQxjjUm5HfHupZHJCGs268uffizufi6Rzahp9y0iJ0YGf JH/cGCpQqEQ= =pA25 -----END PGP SIGNATURE----- MandelSteg V1.0 and GIFExtract V1.0 ----------------------------------- These two programs allow you to hide confidential data in fractal GIF images, giving an increased level of security compared to sending PGP-encrypted email over the Internet. MandelSteg will create a Mandelbrot image (though it could easily be modified to produce other fractals), storing your data in the specified bit of the image pixels, after which GIFExtract can be used by the recipient to extract that bit-plane of the image. MandelSteg is not intended to replace the standardised methods of using encryption (e.g. ASCII-armoured PGP email) ; in an ideal world we would all be able to send openly encrypted mail or files to each other with no fear of reprisals, however there are often cases when this is not possible, either because the local government does not approve of encrypted communication, or perhaps because you are working for a company that does not allow encrypted email but doesn't care about Mandelbrot GIFs. This is where steganography can come into play. You will probably find that you also need to get hold of a copy of an interactive Mandelbrot viewer in order to determine suitable coordinates to use for images. There are numerous such viewers available on the Internet and BBS systems (e.g. xmandel). MandelSteg - 'Mandelbrot Steganography' --------------------------------------- MandelSteg has numerous modes of operation, depending on the level of security you desire. With no command line options specified it will simply generate a 640x480 GIF of the default section of the set, and send it to stdout. With the -c option it will calculate how many bytes can be stored in the image and with -e will take the data fed to stdin and hide it in the image (specify a file name after the -e to write it to a file), and pad out the data with random bytes if neccesary if -r was specified. For the lowest security level, the data will simply be stored in the specified bit of each pixel, and a 128-color palette created such that the pixel looks the same regardless of whether there is data stored in it or not. This will be sufficient to survive a cursory examination, but will be obvious to anyone versed in the arts of steganography - in particular replacing the supplied palette for the image with another will show up the data bits hidden in areas of solid color. To avoid this problem, you should specify the -ns flag, which will only store data in areas of non-solid color (note that this can greatly decrease the amount of data that you can store in the image). Another indication of a steg-ed image is the duplicated 128-color palette, which can be replaced with a 256-color palette with the -fp flag. Obviously if you specify -fp and don't specify -ns, you will produce a readily apparent steg-ed image. If you don't have enough space for your data in the image, you can simply increase the size of the image by using the -sz flag, followed by the width and height in pixels. Alternatively, you can select a different area of the mandelbrot set by using -md followed by the start x, start y, width and height, specified with floating-point values. Finally, you can specify the bit to store the data in using -b followed by the bit number, otherwise the program defaults to bit seven. Bit seven gives the best performance, but bit zero should give the most security. You can also specify that a number of bytes in the image should be missed out before the encrypted data with the -bp option, followed by the number of bytes to miss out. If the -r option is specified, then random data will be placed in these bytes, and also appended to the input data to completely fill the specified bitplane. Compilation: ------------ On a BSD unix system you should be able to simply extract the source and run make to generate the executables. On a System V version of Unix you will need to edit the makefile to use one of the 'CFLAGS = ... -DSYSV ...' lines instead of the default. If you have plenty of memory, you can undefine LOW_MEM, which will improve performance slightly. On an MS-DOS machine with the Microsoft C compiler, simply execute COMP.BAT. This batch file will compile and link the source to build the executables. Sorry, but I was too lazy to create a proper DOS makefile ! Examples of use: ---------------- [ Note : Due to file system limits, on MS-DOS the executable names are mandsteg and gifextr rather than mandelsteg and gifextract. Also note that unless you have an 80x87 coprocessor or are running on a 486DX+ processor, mandsteg will run VERY slowly due to the number of floating point operations required ! ] Store file in 640x480 mandel.gif : mandelsteg -e mandel.gif < file.dat Store file in 400x400 mandel.gif, using non-standard co-ordinates : mandelsteg -sz 400 400 -md -0.5505 -0.5505 0.0001 0.0001 -e mandel.gif < file.dat Encrypt file with PGP, strip headers with stealth, and store in bit 0 of mandel.gif with non-standard coordinates, using 256-color palette and not storing in solid colors, with 23 byte random prefix : pgp -ef < secrets.dat | stealth | mandelsteg -sz 400 400 -md -1.0 -1.0 2.0 2.0 -b 0 -ns -fp -bp 23 -r -e mandel.gif Test non-standard coordinates for available space : mandelsteg -ns -sz 400 400 -md -0.5505 -0.5505 0.0001 0.0001 -c > /dev/null Generate image containing random data to annoy cryptanalysts : mandelsteg -fp -r -ns -e annoying.gif < /dev/null Error messages: --------------- The only likely error messages will indicate either invalid commands, or that the input data has been truncated (i.e. not all the data that was piped into the program could be stored in the GIF file). In the latter case, you should create a larger file to store the data. Security: --------- Well, frankly, it's not that secure, even with -ns -fp -b ? -bp ? specified on the command line. There are several main reasons : 1. In essence, mandelsteg can be regarded as a one-time pad cipher using the mandelbrot image as the pad. As a result, the 'key' to this cipher would be the coordinates and size of the area you've generated, as with that data the cryptanalyst would be able to generate the 'real' image and compare it to the steg-ed image to find the data. Two important things to realise here as a result are that a) you should *never* use the default coordinates for secret data, and b) you should never use the same coordinates twice. 2. Obviously, any cryptanalyst out there can just run 'gifextract' on the image, and your data will come out ! It may take sixteen or more attempts using the different bit values, -bp values and -ns options, but it will extract a valid copy of the data. And if the data has a PGP header or something, well, they've got you. This can be hindered by either using 'Stealth' to produce headerless data, or by generating large numbers of images containing random data to provide a cover for the real data. 3. Typically, a mandelbrot image consists of about 55 % of one bits and 45 % of zero bits. If you have replaced this with a PGP-encrypted messge, these frequencies will be more like 50% each. If you use an image much larger than neccesary, and a large -bp value, this will be somewhat disguised. 4. The standard random() function is used to generate random padding, and the distribution of bits in the output wil therefore probably be different to that expected for encrypted data. If you are attempting to get data past a serious adversary, you should replace this with a cryptographically strong random number generator such as the idea_rand() function used in PGP. In most cases, none of these should be a real problem, as MandelSteg is not intended to provide foolproof security against cryptanalysis, but primarily to prevent cryptanalysis by disguising the fact that you are sending encrypted messages at all. In addition, YOU SHOULD ALWAYS VIEW THE IMAGE BEFORE SENDING IN CASE YOUR CHOICE OF PARAMETERS HAS PRODUCED UNEXPECTED ARTIFACTS IN THE OUTPUT IMAGE !!!!!!!! Excuse the shouting, but ths is important... 8-). I haven't seen any strange results yet produced by the algorithm, but you only need to accidentally miss out a command line parameter once and your use of steganography will be obvious to anyone examining the image. GIFExtract ---------- GIFExtract is a very simple program, which simply extracts the specified bitplane from an image and sends the data to stdout. The program defaults to extracting bit 7 of each pixel, but the bit can be specified with the -b command line option, with -ns it will only extract data from non-solid areas, -bp can be used to ignore the first specified number of bytes extracted, and -a to analyse the distribution of zero and one bits in the image. Examples of use --------------- Extract bit-plane 4 from foo.gif into secrets.pgp : gifextract -b 4 foo.gif > secrets.pgp or gifextract -b 4 < foo.gif > secrets.pgp Analyse bit plane 1 of foo.gif for one bit and zero bit frequencies prior to using it for steganography : gifextract -a -b 1 foo.gif Extract the secrets.dat file that was used in the mandelsteg example above, if your PGP key id is 23ffff : gifextract -b 0 -bp 23 -ns mandel.gif | stealth -a 0x23ffff | pgp -f > secrets.dat Error messages -------------- The only likely error messages will be due to either failure to allocate the required memory for GIF decompression, or failure to open the input file. DISTRIBUTION NOTES ------------------ Either of these programs can be freely distributed, however you must take into account any prevailing cryptography import and export regulations in international transfers. This program was written outside the US, and as such copies should be available from European ftp sites as well. Henry Hastur >>>END INCLUDED MESSAGE From tcmay at netcom.com Sat Apr 23 13:48:43 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 23 Apr 94 13:48:43 PDT Subject: T-Shirts, Neil Young, Asilomar, and Smalltalk In-Reply-To: <199404232026.AA27865@srl03.cacs.usl.edu> Message-ID: <199404232049.NAA15931@mail.netcom.com> Phil Fraering writes: > Aren't there freely available versions of Smalltalk for Unix? > GNU Smalltalk apparently lacks the classical graphic interface, > but from what I've seen, so does Perl ;-) > > pgf Yes, and you mostly get what you pay for: a "toy" environment that nobody I know uses for anything. (The Gnu Smalltalk is analogous to the toy implementations of Lisp and Scheme in C....a useful pegagogic tool, but lacking the richness that the full "environments" are so well-known for.) The serious work is done in ParcPlace's VisualWorks, DigiTalk's Smalltalk/V, or the new SmalltalkAgents from QKS. Besides, I don't _have_ a Unix machine and I have no interest in getting one (nor in trying to install a Unix on my Macs). The above programs are available for Windows, Macintosh, and Unix, in varying degrees and combinations. (VisualWorks is mostly targetting Windows, Smalltalk/V is a cheaper alternative, for both Windows and Macs, and SmalltalkAgents has been released for the Mac, with versions for the PowerPC (Q2 94), and Windows32/NT and SPARCstations to follow. I'm not grinding an axe for Smalltalk, understand. Just commenting on some directions. Maybe TCL is the way to go, maybe mixtures of Perl scripts and short C programs are The One True Way (the remailers work this way, and they are our major public success to date, with new things like MagicMoney following the same path, so....). The proposed language "Joule" (which some of our list members are doing) may or may not be ideal, but in any case it is probably at least a few years off. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From dat at ebt.com Sat Apr 23 14:32:21 1994 From: dat at ebt.com (David Taffs) Date: Sat, 23 Apr 94 14:32:21 PDT Subject: T-Shirts, Neil Young, Asilomar, and Smalltalk In-Reply-To: <199404232013.NAA11582@mail.netcom.com> Message-ID: <9404232131.AA01505@helpmann.ebt.com> From: tcmay at netcom.com (Timothy C. May) Subject: T-Shirts, Neil Young, Asilomar, and Smalltalk Date: Sat, 23 Apr 1994 13:13:00 -0700 (PDT) Thanks for the great message. I hope I don't start (too much of) a flame war about these religious issues... ... I did give a 25-minute talk on "Implications of Cryptography," which generated some good discussion. I also cemented some thoughts in discussion with Bernard Peuto and Ted Kaehler about the need for a deeper analysis of the old computer science work on "mutually suspicious cooperating agents," which was predicted to be a Big Thing for computer science (along with objects, segmented logical address spaces, and several other such Good Ideas), but which faded out when C and flat, Unix-style address spaces came to the fore. You might want to check out research about "the Byzantine Generals problem", e.g. in ACM's TOPLAS, including (I believe) stuff about synchronizing distributed mutually-suspicious clocks. As I understand it, many these problems have been generally solved in theory, and are just waiting for demand and resources to be put in practice. There is room for more work, of course. Objects are Great; C++ (using objects, in I believe the way you mean) is clearly the language of choice for the virtually the entire (commercial) programming industry. At least this is for software; if you are talking about hardware support (e.g. segmented address spaces, such as the i432) this was always dubious, because in general it is always better (when possible and adequately efficient) to do something at "compile time" than "run time" (for example, proving that resources are protected, by ensuring that given protocols are followed). So I think Objects are a Good Idea, but I think Segmented Logical Address Spaces are in principal Less Good (within reason) than a Single Large Address Space (equivalent in size, within reason) with compile-time "proofs" of non-interference. Of course, multiple process address spaces also absorb the functionality provided by Segmented Logical Address Spaces, and so the Client-Server model now being hyped immoderately is sort of an implementation of the Same Thing. ... Food for thought. I'm wondering if a project to implement a kind of "Digital Money World," perhaps in SmalltalkAgents, wouldn't be an interesting project. (Many will probably tell me that a collection of Perl scripts would be more "portable" and more useful to the current Unixcentric community....something I'd like to see more discussion of.) I suspect the framework of choice would be some sort of MOO or MUD. Of course, once it hit production status, then transliteration into Perl install scripts would be appropriate. Exciting times. You bet -- it sure is interesting to be alive in these "latter days". As his ex-Prince-ness has said: "We're gonna party like it's 1999". Of course, we'd better get strong crypto distributed before the Second Coming -- you think the current US government is involved in a power grab, you just wait!!! This new government will really know how to take care of non-conformists -- Waco is nothing compared to what they are planning (read: fiery brimstone)... I wonder if Jesus can create a number so large he can't factor it? --Tim May Pardon my excursion into various religious topics -- arguably this list is also about religion ("religion is what you do" -- "cypherpunks write code" -- belief that strong crypto should be widely distributed is certainly a religious tenet for some on this list). I hope I haven't offended anybody important... Important UnSeminated Encouragement of this DisInformation Alteration is Distributed. -- dat at ebt.com (David Taffs) From PMARKS at VAX1.UMKC.EDU Sat Apr 23 14:46:57 1994 From: PMARKS at VAX1.UMKC.EDU (PMARKS at VAX1.UMKC.EDU) Date: Sat, 23 Apr 94 14:46:57 PDT Subject: Distributed "Family" of processors Message-ID: <01HBIROKFRE490NZR0@VAX1.UMKC.EDU> I recognized the basic schema in the following from the history of the French Resistance movement. The idea is for critical information to be held in separate "cells" each of which knows only enough to inteact with the others, but not enough to compromise the entire net. ************************************************************************** Consider three sets of code in three computers that constitutes a "Family"(the whole program). "Grandpa" talks to "Pa". "Pa" then talks "Son". "Son" then talks to "Grandpa". Each "Family" member closely monitors its cup clock & if its expected message is not received on time - it suicides! Capture "Pa" & in seconds, "Grandpa" & "Son" take their own lives! That is to say, they scramble certain essential parts of themselves including cryptographic sections. ************************************************************************** In any covert activity, many conditions will lead to a mission abort. This is largely due to the paranoid nature of the activity and the low level of trust in others neccessitated by said activity. If even one aspect seems "wrong" the meeting, transmission, transfer, trade, whatever, is called off. No offense intended, and ususally none taken. When you are trying to be covert, everyone fears compromise. A computer system so paranoid that it swallows a poison-pill whenever it suspects unauthorized tampering (read: investigation) would be fairly secure, but unreliable. ***Many*** conditions would trigger the "trip-wire" mech- anisms so the system would have to have a high order of built-in redundency. What it always boils down to is, "who do you **really** trust?". Or, boy was my face red when I found out I vouched for my best friend's public key only to find out that he worked for the NSA. (Think it doesn't happen? HUMINT will tell you much more than Signal Analysis ever will.) From tcmay at netcom.com Sat Apr 23 15:46:54 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 23 Apr 94 15:46:54 PDT Subject: T-Shirts, Neil Young, Asilomar, and Smalltalk In-Reply-To: <9404232131.AA01505@helpmann.ebt.com> Message-ID: <199404232246.PAA28690@mail.netcom.com> David Taffs has some very interesting points, which largely I am in agreement with: > You might want to check out research about "the Byzantine Generals > problem", e.g. in ACM's TOPLAS, including (I believe) stuff about > synchronizing distributed mutually-suspicious clocks. As I understand > it, many these problems have been generally solved in theory, and are > just waiting for demand and resources to be put in practice. There is > room for more work, of course. Thanks for the ref. My feeling is that the work on mutually suspicious cooperating agents was "ahead of its time." This work was started in the 60s, and then the model for compuation shifted from many users, many program on a single machine to one user-one machine (for the most part), and the flat address/RISC/C model "worked." (I'm not saying these are all the same thing, but they're usually found together.) With networks, and especially with heterogeneous mixes of agents executing complicated protocols (a la digital cash), the time may be ripe to reopen some of these issues. Chaum took the "Dining Philosophers" problem (deadlock) and turned it into the "Dining Cryptographers" problem (the full text of the paper in in the soda.berkeley.edu archives, pub/cypherpunks). And "Byzantine Agreement" (is this the same thing as Byzantine Generals?) shows up, I recall, in some crypto papers. > Objects are Great; C++ (using objects, in I believe the way you mean) > is clearly the language of choice for the virtually the entire Yes, of course this is what I meant. That's why I mentioned the Smalltalk approach. (I won't get into issues of performance of C++ over Smalltalk and Lisp systems...my contention is that there's a vast amount of computer power out there and a (relative) shortage of good programmers and their time, and that this implies that only truly time-critical things or many-times-replicated programs warrant writing in lower--level languages. A religious point, no doubt.) > So I think Objects are a Good Idea, but I think Segmented Logical Address > Spaces are in principal Less Good (within reason) than a Single Large > Address Space (equivalent in size, within reason) with compile-time > "proofs" of non-interference. Indeed, and this was the Great Lesson of the i432 and other capability-based machines, as well as the too-small segments of the 286. (The 486 and Pentium still have segments, as everyone knows, but they are much larger....in fact, I am told that most folks set the segment to the max and forget about it after that.) Ironically, the power of our distributed crypto systems (many machines, many users, many remailers, etc.) is that they are "cryptographically segmented," to coin a term. That is, the various machines are logically segmented, with code only running locally and all communication done via the various comm protocols. This is the strenght of these systems, that some spaces are "private." > Food for thought. I'm wondering if a project to implement a kind of > "Digital Money World," perhaps in SmalltalkAgents, wouldn't be an > interesting project. (Many will probably tell me that a collection of > Perl scripts would be more "portable" and more useful to the current > Unixcentric community....something I'd like to see more discussion > of.) > > I suspect the framework of choice would be some sort of MOO or MUD. Of > course, once it hit production status, then transliteration into Perl > install scripts would be appropriate. I would agree, except the history of "develop it in an ultra-high-level language/environment and then port it later" has not been too encouraging: for whatever and various reasons, the ports rarely take place. But the idea of a MUD or MOO being a place to try out tools and then somehow get them "compiled" is a good one. > Exciting times. > > You bet -- it sure is interesting to be alive in these "latter days". > As his ex-Prince-ness has said: "We're gonna party like it's 1999". More purple prose? > Of course, we'd better get strong crypto distributed before the Second > Coming -- you think the current US government is involved in a power > grab, you just wait!!! This new government will really know how to > take care of non-conformists -- Waco is nothing compared to what they > are planning (read: fiery brimstone)... You'll find many on this list who agree with every point here. > I wonder if Jesus can create a number so large he can't factor it? > I haven't found one yet. > Pardon my excursion into various religious topics -- arguably this > list is also about religion ("religion is what you do" -- "cypherpunks > write code" -- belief that strong crypto should be widely distributed > is certainly a religious tenet for some on this list). I hope I > haven't offended anybody important... I enjoyed your comments, for one. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From merriman at metronet.com Sat Apr 23 16:05:43 1994 From: merriman at metronet.com (David Merriman) Date: Sat, 23 Apr 94 16:05:43 PDT Subject: Remailers Message-ID: <199404232305.AA28387@metronet.com> I 'know' that a decent remailer will time-delay forwarding messages so as to throw sand in the gears of traffic analysis. I wonder if it wouldn't help more if the remailer(s) were set up so that people could send 'dummy' messages to them. That is, say I wanted to ensure that traffic analysis on myself were made as difficult as possible. I could Email something to a remailer with an embedded 'flag' or code (ex: blackhole, disposal, trash, etc) telling it to forward the message to the Bitbucket. Alternatively, I could include some other code or flag (ex: rubber, bounce, ricochet, etc) telling it to take the included (dummy) data, scramble it some, and return it some random time later. Alternatively, the remailer could take a so-tagged message, generate some random data of similar size, and send it (along with my address) to another remailer that it knew about, which would generate *different* random data, and sent that back to me. Wouldn't something like this further complicate traffic analysis, or would it just constipate the net? Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Politics: fr. Latin 'poly' meaning 'many'; 'ticks' small blood-sucking parasites. From hfinney at shell.portal.com Sat Apr 23 17:04:24 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 23 Apr 94 17:04:24 PDT Subject: Remailers Message-ID: <199404240005.RAA25458@jobe.shell.portal.com> From: David Merriman > That is, say I wanted to ensure that traffic analysis on myself were made > as difficult as possible. I could Email something to a remailer with an > embedded 'flag' or code (ex: blackhole, disposal, trash, etc) telling it > to forward the message to the Bitbucket. Try chaining the message through multiple remailers, then to a bitbucket address. One such address is "nobody at soda.berkeley.edu". Presumably there are many of this type. > Alternatively, I could include > some other code or flag (ex: rubber, bounce, ricochet, etc) telling it to > take the included (dummy) data, scramble it some, and return it some > random time later. Send yourself an encrypted message, chaining through a bunch of remailers. See the cypherpunks ftp archive on soda.berkeley.edu for scripts which will let you do these things. Hal From dat at ebt.com Sat Apr 23 17:26:42 1994 From: dat at ebt.com (David Taffs) Date: Sat, 23 Apr 94 17:26:42 PDT Subject: T-Shirts, Neil Young, Asilomar, and Smalltalk In-Reply-To: <199404232246.PAA28690@mail.netcom.com> Message-ID: <9404240025.AA01558@helpmann.ebt.com> Pardon me for getting on a soapbox (again) T. C. May, for whom I have the utmost respect (and whose messages are always enlighting and enjoyable), says (in part): And "Byzantine Agreement" (is this the same thing as Byzantine Generals?) shows up, I recall, in some crypto papers. Yes, they are the same. You have N mutually suspicious individuals trying to reach concensus about something -- what protocol do you use? I believe the seminal paper (or at least some really good, polished, early work) was by Leslie Lamport at Xerox Parc (et al.), but I may be wrong. > Objects are Great; C++ (using objects, in I believe the way you mean) > is clearly the language of choice for the virtually the entire Yes, of course this is what I meant. That's why I mentioned the Smalltalk approach. (I won't get into issues of performance of C++ over Smalltalk and Lisp systems...my contention is that there's a vast amount of computer power out there and a (relative) shortage of good programmers and their time, and that this implies that only truly time-critical things or many-times-replicated programs warrant writing in lower--level languages. A religious point, no doubt.) Also a practical (== economic) point. When I worked at Mentor Graphics (MGC), I was amazed at the enormous percentage of effort devoted to optimization of our products (MGC builds the software to help design circuits that go in workstations that run MGC software that helps design circuits...). The _entire company_ (many hundreds of engineers) just about spent _years_ making a recent release small enough and fast enough to be commercially viable (luckily for me and them they succeeded -- of course, there were bug fixes and some enhancements added during the same time period). At MGC and now at EBT, efficiency (= responsiveness, = salability) of the delivered product is a virtually paramount goal, right up there with enough functionality. If functionality cannot be delivered with adequate efficiency, then nobody will buy it (except a few leading edge weirdos), and you go broke (MGC lost big bucks during this time period, and experienced at two or three waves of layoffs). If anybody can afford large, expensive workstations to improve the productivity of their superacheivers, it is computer manufacturers and their circuit designers (one of the highest paid engineering fields I know of). Their whole company depends (you may have guessed what I'm about to say) on the efficiency (production efficiency and efficiency in their target application) of the chips they are producing, for which MGC tools were (at least the primary) design vehicle. And yet it was cost effective to have me and many other engineers (also comparatively highly paid, but not compared to circuit designers I'm sure) spend several years trying to reduce the size of the object code (and working data structure size) for the tools. Earlier, when MGC was in the desktop publishing business for awhile (which is where I was most of the time), efficiency was a major, major concern. Keeping the size of data structures and code to a minimum was well worth the effort it took to design more complex systems. Every customer seemed to really care how fast our product ran, which essentially translated into how much physical memory it took to run the product. One of the major competitive advantages of our (now discontinued) product was that it handled extremely large documents relatively efficiently. But customers were always asking to make certain operations more efficient, and this was often on their top N list of enhancements. So, even using a "lower level language" like C++, even for a high end programming shop like MGC, even for not-many-times-replicated programs (I don't know how many seats MGC has installed, but it is somewhere in the tens of thousands), memory space was at a premium. I still _can not believe_ that after all the progress semiconductor manufacturers have made in the past 30 years that they cannot manufacture enough RAM cheaply enough to hold our software. This is truly INCREDIBLE! RAMs are still (at least as of a year or two ago) sufficiently expensive that a significant fraction (maybe 1/3) of programming effort must be wasted merely trying to keep memory utilization as small as possible. Ask how much time DBMS vendors spend on optimizations; it is huge! (Arguably, it is their entire business.) Compiler writers -- same thing (I did this in a previous job too). GUIs have to be speedy too, and people I know spend a lot of time adding performance hacks to speed them up. For real tools used in real applications, apparently customer expectations have increased _significantly faster_ than our ability to manufacture semicondutor components. People have always said that "sufficient" computing capacity (or network capacity, or what have you) will be Here Real Soon Now(tm), but it hasn't happened yet, and I'm not sure it ever will in the real critical applications where the rubber meets the road (and computer circuit design is one of them -- data retrieval, publishing, and networking are also). Of course, this is all relative, and Internet clearly has the bandwidth to support the CP list. My point is that in the real world, efficiency (however measured) is still a major concern for economic survival. I predict that efficiency of cryptography will be important, and it will be a long while before enough computer power is widely available to encrypt all data, sensitive or not (i.e. cryptography is cheap enough to not worry about whether to use it or not). > Food for thought. I'm wondering if a project to implement a kind of > "Digital Money World," perhaps in SmalltalkAgents, wouldn't be an > interesting project. (Many will probably tell me that a collection of > Perl scripts would be more "portable" and more useful to the current > Unixcentric community....something I'd like to see more discussion > of.) > > I suspect the framework of choice would be some sort of MOO or MUD. Of > course, once it hit production status, then transliteration into Perl > install scripts would be appropriate. I would agree, except the history of "develop it in an ultra-high-level language/environment and then port it later" has not been too encouraging: for whatever and various reasons, the ports rarely take place. Right. Remember, Fred Brooks (in his classic on software engineering _The Mythical Man Month_) says to plan to throw one away. So you build the first one, and instead of porting it you redesign it from scratch. (Of course, then you might perhaps want to worry about his "second system syndrome".) > Of course, we'd better get strong crypto distributed before the Second > Coming -- you think the current US government is involved in a power > grab, you just wait!!! This new government will really know how to > take care of non-conformists -- Waco is nothing compared to what they > are planning (read: fiery brimstone)... You'll find many on this list who agree with every point here. I hope my implied smiley was apparent here, and the McElwaine-like addendum (deleted by Tim) was hopefully enough to convey my true attitude... > I wonder if Jesus can create a number so large he can't factor it? > I haven't found one yet. What haven't you found -- a number you can't factor? Or a number that Jesus can't factor? (I bet at this moment there are a lot of them, for example "12".) Or a number that your deity (if any) can't factor? Or is this an implied-smiley-bearing reference to a potential delusion of grandeur on your part? Or are you and he really working on this problem collaboratively, in some metaphysical domain? If you are saying that you can't find a "Jesus" who can create a number so large he can't factor it, I would tend to strongly agree with you. On the other hand, virtually every person who ever lived can (with a little coaching, perhaps) create a number they can't factor, and there are plenty of living people named Jesus. Maybe it is just because you aren't looking in the right places... :-) > Pardon my excursion into various religious topics -- arguably this > list is also about religion ("religion is what you do" -- "cypherpunks > write code" -- belief that strong crypto should be widely distributed > is certainly a religious tenet for some on this list). I hope I > haven't offended anybody important... I enjoyed your comments, for one. Thanks -- I always enjoy yours. --Tim May -- dat at ebt.com (David Taffs) From tcmay at netcom.com Sat Apr 23 18:07:52 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 23 Apr 94 18:07:52 PDT Subject: T-Shirts, Neil Young, Asilomar, and Smalltalk In-Reply-To: <9404240025.AA01558@helpmann.ebt.com> Message-ID: <199404240107.SAA21666@mail.netcom.com> David Taffs writes: (quoting me) > Yes, of course this is what I meant. That's why I mentioned the > Smalltalk approach. (I won't get into issues of performance of C++ > over Smalltalk and Lisp systems...my contention is that there's a vast > amount of computer power out there and a (relative) shortage of good > programmers and their time, and that this implies that only truly > time-critical things or many-times-replicated programs warrant writing > in lower--level languages. A religious point, no doubt.) > > Also a practical (== economic) point. When I worked at Mentor Graphics > (MGC), I was amazed at the enormous percentage of effort devoted to > optimization of our products (MGC builds the software to help design > circuits that go in workstations that run MGC software that helps > design circuits...). The _entire company_ (many hundreds of engineers) (much of interesting story about Mentor Graphics elided to save space...) > If anybody can afford large, expensive workstations to improve the > productivity of their superacheivers, it is computer manufacturers and > their circuit designers (one of the highest paid engineering fields I > know of). Their whole company depends (you may have guessed what I'm > about to say) on the efficiency (production efficiency and efficiency > in their target application) of the chips they are producing, for which > MGC tools were (at least the primary) design vehicle. Oh, but I think you're making my point! The "superachievers" (= expensive designers, engineers) were buying Mentor and Sun and Apollo and other workstations, and the CAD tools that ran on them *precisely* to allow these superachievers to operate at a higher "semantic level" than they would otherwise. That is, the various CAD packages, with features ranging from direct object manipulation (circuit elements, not just pixels) to silicon compilation (perhaps overhyped...), are essentially "HLLs" for VLSI and other design environments. Ditto in related fields. I'm sure David knows this very well, but it bears analysis in the context of tools for programmers. And the fact that Mentor was competing (not very successfully--and I was Intel in Aloha, Oregon from '80 to '82 and knew some of the folks who founded Mentor--same time as the even-shorter-lived Metheus) with Sun and with high-end PCs meant that speed was very important. I agree that a workstation that ran CAD software 3 times more slowly by using Lisp would not be desirable (I can remember a couple of silicon compiler outfits that attempted to sell Lisp-based silicon compilers). Howver, most programmers I see are not writing this kind of productized code. Perhaps this is just my bias, or the types of folks I see. Here on this list, Perl has been adequate. And it's just interpreted. Furthermore--and this is one of my main points--most of the really "neat and cool" ideas for crypto use, for crypto tools, etc., are not getting done not because the code cannot be made small enough and fast enough but because the "semantic gap" between our thinking about crypto concepts and the tools to sit down and write them is so great. (By tools I also mean "abilities" and conceptual classes (in C++ terms) or methods (in Smalltalk terms). I think we need a "Crypto Toolkit." Henry Strickland is talking about using TCL (a Berkeley-based C package, apparently used somewhat analously to Perl, but with some differences) to provide a set of crypto primitives. My mention of SmalltalkAgents was more in line with the notion of a "CAD" package for building complicated crypto protocols, with the distilled knoweldge of the "Crypto" Conference proceeedings implemented as classes and methods (even with objects named "Alice" and "Bob," if needed). This could of course be done in C++, with a class library of crypto functions. This is the "high-level language" sense I was describing, with objects that "behave as" digital cash, or communications channels, or even as agents like eavesdroppers, spoofers, forgers, etc. (I suspect you can see where I'm headed: an artificial ecology (cryptecology?) of cryptographically-aware agents, thus creating an environment for experimenting with and testing crypto protocols for release into the world. The object-oriented approach is to allow separation of functionality, so that the various distinct capabilities are truly modular and are not just different chunks of code in a large program, as PGP is currently an example of.) My conjecture: 70% of all programmers now coding in C and planning to learn C++ would be "better off" (more productive, more maintainable code, fewer reinventings of the low-level wheels, etc.) with higher-level languages. "Rapid prototyping" is another buzz phrase, but an accurate one. In cases where one's reach exceeds one's grasp, as appears to be the case with all of these crypto ideas, bridging the semantic gap and actually getting something out is, I think, much more important than having it run faster (but not be built at all....). --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From collins at newton.apple.com Sat Apr 23 18:36:17 1994 From: collins at newton.apple.com (Scott Collins) Date: Sat, 23 Apr 94 18:36:17 PDT Subject: Byzantine Agreement Problem Message-ID: <9404232345.AA28789@newton.apple.com> The "Byzantine Agreement Problem" is _not_ solved in theory. The last time I surveyed the literature, it was still widely conjectured to be theoretically intractable. It has direct implications on networks and networked systems; however, often some of the constraints of the original problem can, with effort, be violated---which makes practical systems more feasible. These violations usually take the form of a second, more reliable, band of communication. Scott Collins | "That's not fair!" -- Sarah | "You say that so often. I wonder what your basis 408.862.0540 | for comparison is." -- Goblin King ................|.................................................... BUSINESS. fax:974.6094 R254(IL5-2N) collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2D Cupertino, CA 95014 ..................................................................... PERSONAL. 408.257.1746 1024:669687 catalyst at netcom.com From pcw at access.digex.net Sat Apr 23 18:38:41 1994 From: pcw at access.digex.net (Peter Wayner) Date: Sat, 23 Apr 94 18:38:41 PDT Subject: No Subject Message-ID: <199404240138.AA24229@access2.digex.net> > > I wonder if Jesus can create a number so large he can't factor it? This is a trope on the old question of whether an all powerful God could make something so big that even he couldn't move it. I.e Church/Rosser before they "conceived" of that theorem. The question is whether there is any strict bounds on the complexity of making rocks and moving rocks. I would think that making and moving rocks is in the same complexity class. The effort to make a rock is undoubtably linearly related to the size of the rock. At least in the asymptotic case. Here's an algorithm that proves it's linear. Make a small rock. Repeat until the size is big enough. Gravity will pull it together once the rock is big enough. So this proves that the cost is at least asymptotically linear. The effort to move a rock is also linearly related to the mass of the rock. F=ma. So we can see that these are in the same complexity class. That means we can't really be sure whether he could make some rock that was slightly bigger than he could move. The complexity theory really isn't strong enough to solve it. On the other hand, creating composite numbers with two large, relatively equally sized prime factors is pretty easy to do in time linear to the number of bits. Factoring that number still requires time _exponentially_ proportional to the number of bits. So if the God had a finite amount of effort available, (but still beyond the ken of mere mortals) then I think it is safe to say that he COULD create numbers so big that even he couldn't factor them. Now what if God had a _countable_ amount of effort available? Then he should be able to factor any number that he created. I think that this follows from the same proof that shows that the rational numbers are countable. --Peter "I would build my Church/Rosser on this Rock" Wayner {I keep trying to stop making this pun, but it keeps pulling me back in.} From sameer at soda.berkeley.edu Sat Apr 23 20:23:12 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Sat, 23 Apr 94 20:23:12 PDT Subject: Remailers In-Reply-To: <199404240005.RAA25458@jobe.shell.portal.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hal spake: > > From: David Merriman > > That is, say I wanted to ensure that traffic analysis on myself were made > > as difficult as possible. I could Email something to a remailer with an > > embedded 'flag' or code (ex: blackhole, disposal, trash, etc) telling it > > to forward the message to the Bitbucket. > > Try chaining the message through multiple remailers, then to a bitbucket > address. One such address is "nobody at soda.berkeley.edu". Presumably there > are many of this type. At most sites nobody is aliased to /dev/null. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbnmVHi7eNFdXppdAQGNsQP/WvNGjjUf64KpV3QN/bQdpsQBE5x7oRMR R1cR1MjGjw7wEzUszsLcdKJ7/GDx/rpScx2K6/VduXw3Nbiu6B3R+pAMLZqroppY q5SOJ1/+OMxOqBFT//ksHQjXO1hv03uUXPa5fURCR9aWVC5RZvEpmlg5eNsNsPzD il64P2wHstU= =aRiG -----END PGP SIGNATURE----- From jdblair at nextsrv.cas.muohio.EDU Sat Apr 23 20:48:25 1994 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Sat, 23 Apr 94 20:48:25 PDT Subject: current remailer list? Message-ID: <9404240355.AA04294@ nextsrv.cas.muohio.EDU > Would someone please forward me, or tell me know where I can find, a current list of remailers? I am no longer on the general cypherpunks list-- please e-mail me directly. thanks in advance, -john. -------------------------------------------------------------------------- John Blair: voice: (513) 529-4877 http://phoenix.aps.muohio.edu/users/jdblair/home.html KILL YOUR PGP public key available upon request. TELEVISION From jdblair at nextsrv.cas.muohio.EDU Sat Apr 23 23:45:48 1994 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Sat, 23 Apr 94 23:45:48 PDT Subject: current remailer list? In-Reply-To: <9404240618.AA23782@flammulated.owlnet.rice.edu> Message-ID: <9404240653.AA04481@ nextsrv.cas.muohio.EDU > Before my mailbox is filled with answers, thanks to Karl Lui Barrus for answering my request for a remailer list. -john. -------------------------------------------------------------------------- John Blair: voice: (513) 529-4877 http://phoenix.aps.muohio.edu/users/jdblair/home.html KILL YOUR PGP public key available upon request. TELEVISION From MIKEINGLE at delphi.com Sun Apr 24 01:24:42 1994 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Sun, 24 Apr 94 01:24:42 PDT Subject: Clipper LEAF Holes? Message-ID: <01HBJGK3864I9TDZ96@delphi.com> As I understand the Clipper/Capstone LEAF, it works like this: Take 80-bit session key. Encrypt with device-unique key. Add 32-bit serial number and 16-bit checksum. Encrypt resulting 128-bit packet with family key. One of the EES chips, the type designed for cellular and other phones, operates in "1-bit CFB mode". This would seem to indicate that it is a straight-thru device - that the data input and output rates are the same. So the LEAF is only sent once; it is not repeated throughout the output. The user is forced to send a valid LEAF because the receiving chip will not set up without receiving a LEAF. But how does the receiving chip check to see if the LEAF is valid? The obvious way is to decrypt it with the family key, and then verify the checksum. But EES chips for different countries will have different family keys. So if an American EES chip sends a LEAF to a foreign one, how does the foreign one verify the LEAF? Even if the receiver can decrypt the first level of the LEAF and examine the checksum, it doesn't have your device-unique key, so it cannot check to see if the session key in the LEAF is the same session key that you sent to it. So it would seem that any valid LEAF would work, even if it is not the one for the current session key. Am I missing something in the Clipper design which prevents this? --- Mike From MIKEINGLE at delphi.com Sun Apr 24 01:25:24 1994 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Sun, 24 Apr 94 01:25:24 PDT Subject: The un-BBS Message-ID: <01HBJGKNTRXA9TDZ96@delphi.com> There are occasional waves of actions against BBSes. The most recent onFrom owner-cypherpunks Sun Apr 24 05:14:11 1994 Return-Path: Received: by toad.com id AA22474; Sun, 24 Apr 94 05:14:11 PDT Received: from cap.gwu.edu by toad.com id AA22467; Sun, 24 Apr 94 05:14:06 PDT Received: by cap.gwu.edu (4.1/SMI-4.1) id AA27650; Sun, 24 Apr 94 08:14:43 EDT Date: Sun, 24 Apr 94 08:14:43 EDT Message-Id: <9404241214.AA27650 at cap.gwu.edu> From: sniles at cap.gwu.edu (Sabastian Niles) To: cypherpunks at toad.com Subject: FTP sites Reply-To: sniles at cap.gwu.edu Sender: owner-cypherpunks at toad.com Precedence: bulk Does anyone here know any good FTP sites for text files relating to programming/privacy issue/computer underground/or the like? If so, please e-mail me at sniles at cap.gwu.edu. Any sites that carry zipped files of the same subject matter would be welcome as well. Thanks. From dichro at tartarus.uwa.edu.au Sun Apr 24 08:42:11 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Sun, 24 Apr 94 08:42:11 PDT Subject: Privacy with clipper Message-ID: <199404241541.XAA04121@lethe.uwa.edu.au> I seem to remember someone once writing that with the proposed clipper laws, you are allowed to encrypt messages before piping them through the clip chip, but the output must be left unaltered. The problem to this is that then whoever does the audits knows who's being sneaky. (Or something like that - i don't remember precisely.) Seems to me, if one is talking about videophone type devices, they are transmitting quite a great deal of info, and stegging in a message is quite feasible, is it not? You don't even have to do much of a hardware modification. Do something like having an HF carrier tone in the background, that anyone listening to it can't detect without the knowing what they're listenong for. Or insert a microburst transmission - it'll look like static. This is not to say, that the clip chip isn't worth fighting against, just that, as always, someone's going to come with a way around it. It's human nature, really. * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "Life begins at '040." PGP Public key available by finger * "Spaghetti code means job security!" From frissell at panix.com Sun Apr 24 08:59:57 1994 From: frissell at panix.com (Duncan Frissell) Date: Sun, 24 Apr 94 08:59:57 PDT Subject: Clipper in Sunday Times Message-ID: <199404241559.AA27023@panix.com> Page 5 of the Business section of the Sunday New York Times has a Clipper article by Peter H. Lewis. All the usual suspects. DCF "They are planning to smuggle automatic weapons a... move the plastic explosives in boxes disguised as in... keep secret from the authorities the identity of the p..." -- Either 1) The cleartext of the decrypted message in the "box" showing how Clipper works in the above article or 2) Governor Clinton personally directing weapons shipments to the Contras from the hidden CIA airfield near Mena Arkansas in 1986. --- WinQwk 2.0b#1165 From hfinney at shell.portal.com Sun Apr 24 09:19:35 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 24 Apr 94 09:19:35 PDT Subject: Crypto toolkit Message-ID: <199404241620.JAA14255@jobe.shell.portal.com> From: Peter Murphy > I was most > taken by the idea of a "Crypto Toolkit". I think it would be understand- > able to write the code in plain, vanilla C (as opposed to C++). One > good reason is the widespread availability of C compilers, especially > with UNIX. Additionally, C++ compilers do take up more space (although > this would be more of an issue with PCs. I think Tim had in mind something that was accessible more from a higher- level language than C or C++; ideally, something interpreted so you could sit down and type in a few commands to get something useful. Perl and TCL are two languages which Tim mentioned and which have been discussed here in the past. Smalltalk might do, although it is not as "freely" avail- able. If you want a C toolkit, a good example already exists: the PGPTOOLS package by Pr0duct Cypher. It is available by ftp from csn.org in /pub/mpj to US citizens, and probably from some European crypto sites as well. This has a bignum package as well as interfaces to IDEA and RSA encryption. It also supports processing of PGP message formats and key rings. The latest version has code for Diffie-Hellman key exchange. Hal From 68954 at brahms.udel.edu Sun Apr 24 09:47:36 1994 From: 68954 at brahms.udel.edu (Tortoise) Date: Sun, 24 Apr 94 09:47:36 PDT Subject: Crypto toolkit In-Reply-To: <199404241620.JAA14255@jobe.shell.portal.com> Message-ID: On Sun, 24 Apr 1994, Hal wrote: > > If you want a C toolkit, a good example already exists: the PGPTOOLS package > by Pr0duct Cypher. It is available by ftp from csn.org in /pub/mpj to > US citizens, and probably from some European crypto sites as well. This has > a bignum package as well as interfaces to IDEA and RSA encryption. It also > supports processing of PGP message formats and key rings. The latest > version has code for Diffie-Hellman key exchange. I went to this site to pick up PGPTOOLS but apparently it's moved or something, since the pub/mpj directory doesnt exist and when I scanned some other directories I didnt find it. Does anyone know another pointer to this package? You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary---- From hfinney at shell.portal.com Sun Apr 24 10:00:57 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 24 Apr 94 10:00:57 PDT Subject: Crypto toolkit Message-ID: <199404241701.KAA04173@jobe.shell.portal.com> > I went to this site to pick up PGPTOOLS but apparently it's moved > or something, since the pub/mpj directory doesnt exist and when I scanned > some other directories I didnt find it. Does anyone know another pointer > to this package? Sorry, my mistake: the directory is /mpj, not /pub/mpj. Again, the site is csn.org. You will have to read the file README.MPJ which tells the name of a "secret" directory to cd to (which changes every time). Then look at pgp_tools/pgptl*. Hal From mdbomber at w6yx.stanford.edu Sun Apr 24 11:16:45 1994 From: mdbomber at w6yx.stanford.edu (Matt Bartley) Date: Sun, 24 Apr 94 11:16:45 PDT Subject: licence plates seen Message-ID: <199404241816.LAA17552@w6yx.stanford.edu> -----BEGIN PGP SIGNED MESSAGE----- I saw a couple interesting licence plates on cars at work. One was 2PGP386 Now, that's a valid ordinary sequentially issued plate. But I'd still say the owner of that one has the right idea. :-) Another one on a car I've seen many times is 68 ASCII I don't have an ASCII chart available. What does this one mean? -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLbq3bTSSmvXojb+5AQHFngIAnS/cs41ZKXf0kdtPBDmtZ5dgLov5OZ5O VmGg8S65xjZh8xNAOgvbgMOVDhefT0Vig8KlLRlGJG0WRRGkpbPt7A== =WIur -----END PGP SIGNATURE----- Internet: mdbomber at w6yx.stanford.edu Matt Bartley GPS: 33 49' 117 48' PGP keys on finger and servers From rarachel at prism.poly.edu Sun Apr 24 11:19:36 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 24 Apr 94 11:19:36 PDT Subject: Entropy, WNSTORM and steganography In-Reply-To: Message-ID: <9404241806.AA03586@prism.poly.edu> Thanks for the algorithm... (I didn't find such a beast in my statistics books, so, I'll use yours as I mentioned earlier...) Actually when I came up with WNSTORM, I knew nothing about cyphers or crypts, and had no idea about what PK systems were... I was a clueless crypto-virgin... But somehow the idea snuck into my head that I could emulate frequency hopping transmissions with a computer, and do it far better than in the physical world. Again, by now, you know how WNSTORM works, so for the others on this list I'll recap.... Basically WNSTORM takes in a byte of plaintext, splits it into its idividual bits and scatters these bits into a random number window of variable size. The random window can be anywhere from 2 bytes to the limit set by the user. (WNSTORM.C handles a limit of upto 31 bytes per rnd window, although chaning a single #define would get around this.) Two arrays are used for this purpose: DataBit[i] and DataByte[i]. DataBit array contains bit values (ie: 1,2,4,8,16...128.) These can be moved around. ie: if DataBit[2]=128, this means that in the current window, what was 2^2 or bit value 4 in the plaintext is now bit 7 (or bit value 128) in the cyphertext. However, you also need to look at the DataByte[2] array to see which byte this actual bit lives in. If dataByte[2]==7 then our bit is in (stream[2] & 128). For each plaintext character a window/stream of random numbers is generated. The size of this channel is determined by a maxchnl variable. This value is mod'ed with limitchnl which the user sets. This is to prevent out of bounds errors. The DataBit[] array elements are either swapped, rotated, interlaced, or otherwise shuffled. The DataByte array elements are chosen on each pass based on random values and the passkey. All these actions are based on some formulas which take in the passphrase and the previous random number window. Obviously making a single change in the cyphertext will cause the total loss of transmission for the rest of the file... Now, I did insert a somewhat "smart" statistical bit-fix routine that would correct changes made by the insertion of the cyphertext bits into the random number window. Since any bit can be 1 or 0, there's a 50% chance that a bit targeted for replacement by a cyphertext bit will change. The odds of a whole byte not changing are very slim of course (1/2)^8, however the bitfix function will for all eight cyphertext bits will try to see if the target bit was changed. If it was it will try to find a byte with the opposite value in another byte. (ie: if we clear bit 128 in byte four, the bitfix function may set bit 128 in byte two.) If the bitfix fails to find a corresponding free bit in the stream, it will set another free bit of whatever value it can find. The bitfix function targets its "victim" bits (ie: those bits in the random number window which were not replaced by the cyphertext bits) randomly so that there won't be much of a chance of detecting the changes made by the bitfix function... The bitfix function is only used durring encryption. It makes no difference for decryption since the algorithm uses the past window of data for the next commands, so any changes made in the current window won't have any ill effects. Now, for the purposes of random numbers, the Borland C 3.1's random number generator is kinda shitty, so I've put in an option to allow WNSTORM to read random numbers from a device or file. This would allow an external hardware device (or device driver) to be hooked into WNSTORM. This also allows WNSTORM to be used for steganography. In a Stego mode, two more programs are needed to interface with WNSTORM. They are extractors and injectors. These are format dependant. They may either extract the low bytes of an image, sound, or other media, or if enough data is available to hide the cyphertext, they may extract the low bit(s) of each byte in the media... The injector does the opposite of the extractor. While the extractor removes data from the media, the injector will take the cyphertext output of WNSTORM and inject it back into the media in the same place where the extraactor removed it. As an aside, the bitfix function does not use the random device for picking its victim bits. The reason for this is that if it did, it would "eat" up data from a possible stego lsb file which would cause major problems in injecting the output back in. Originally I didn't intend for WNSTORM to be used for stego, however, not using it for stego has a big disadvantage (or two.) Primarily, it produces cyphertext that's about 0.5*limitchnl in size. (ie: many times the size of the plaintext you wish to send.) However, using a large window size helps the security of WNSTORM because fewer bits in the stego file are modified, so there's less of a chance of detecting the presence of stego... Another problem with not using it for stego is that you should have a random number generator in hardware with a device driver to talk to it. This is because whatever compiler you use will have a poor random number generator, whose idiosyncrasies could be sniffed out and compared to the cyphertext produced by WNSTORM, so it might be possible to sniff out which bits of the stream are used. However, these weaknesses aside, I'd like some suggestions for a way of attacking this algorithm to sniff out more weaknesses. How would one go about performing cryptanalysis on a cypher which uses random garbage to hide and to encrypt? Certainly chosen plaintext attacks will always fail because encrypting the same text with the same password 100 times will produce 100 different cyphertexts... (Perhaps a good use for this is in cypherpunk anon-encrypted remailers???) The one attack I devised in WNSTORM's eariler incarnation is now plugged up (in the previous version I split the plaintext into two halves and hid the nibbles in the random noise stream. I also didn't use the random numbers in the window which were not replaced by cyphertext. The attack would have been to do statistics on the nibbles, and also to move the whole cyphertext into a RAM drive and interatively change one bit, decrypt the text, see if there's any difference, if there is, the last bit we changed was used. This could give you a map of the used/unused bits. Neither of these attacks will work.) I realize that I'm still an amateur at cyphers and I'm still learning, so my attacks on this program will be limited... So, any of you have any suggestions? (I did notice a lack of interest in this... I posted up announcements for WNSTORM a few weeks ago, and got only two messages from interested cpunks... So anyone interested in helping determine the strength of this cypher?) From rarachel at prism.poly.edu Sun Apr 24 11:35:49 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 24 Apr 94 11:35:49 PDT Subject: DId you ever think... In-Reply-To: <9404221800.AA00472@mycroft.rand.org> Message-ID: <9404241823.AA04159@prism.poly.edu> It's far more likely that these rumors were started by ego-maniacs who believe that any lock made by man and be broken by man. Quite true except for the problem of brute force time... I knew of one such idiot claiming he could break any code, even PGP. I have never seen him able to do so. Thems just idiots bragging the same way that the hackers/crackers of the 80's would brag and exagerate about their "heroic" deeds... Of course our wonderful Government is well known for its use of the FUD factor, so I certainly do not put it beyond their agenda, (D.Denning on AOL mentioned that she didn't know if the IDEA cypher that PGP uses was broken >YET< but she would comment no further. :-) Spreading inuendoes is probably more their style, and we all know how "Oh I think x is so" becomes "x is so" after bouncing around from person to person... Of course if someone doesn't trust PGP, they can take a few courses in cryptanalysis and take a shot or two at PGP to look for holes... :-) From jim at rand.org Sun Apr 24 11:37:03 1994 From: jim at rand.org (Jim Gillogly) Date: Sun, 24 Apr 94 11:37:03 PDT Subject: licence plates seen In-Reply-To: <199404241816.LAA17552@w6yx.stanford.edu> Message-ID: <9404241836.AA06442@mycroft.rand.org> > Another one on a car I've seen many times is > > 68 ASCII > > I don't have an ASCII chart available. What does this one mean? That's very cute. The first question is whether it's in decimal or hex; trying it both ways gives the answer: 'D' if you're reading it in decimal 'h' if it's hex. Heh heh. I'm still sniggering. But I amuse easily. Jim Gillogly Hevensday, 3 Thrimidge S.R. 1994, 18:35 From paul at hawksbill.sprintmrn.com Sun Apr 24 11:39:08 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Sun, 24 Apr 94 11:39:08 PDT Subject: licence plates seen In-Reply-To: <199404241816.LAA17552@w6yx.stanford.edu> Message-ID: <9404241940.AA10061@hawksbill.sprintmrn.com> Matt Bartley wrote - > > 68 ASCII > > I don't have an ASCII chart available. What does this one mean? > 68 ascii is "D". _______________________________________________________________________________ Paul Ferguson US Sprint Enterprise Internet Engineering tel: 703.904.2437 Herndon, Virginia USA internet: paul at hawk.sprintmrn.com From GERSTEIN at SCSUD.CTSTATEU.EDU Sun Apr 24 12:02:03 1994 From: GERSTEIN at SCSUD.CTSTATEU.EDU (GERSTEIN at SCSUD.CTSTATEU.EDU) Date: Sun, 24 Apr 94 12:02:03 PDT Subject: Warrantless searches- sorry to bring this back.... Message-ID: <940424150140.20229e27@SCSUD.CTSTATEU.EDU> Sorry this reply has taken so long..... My comments are below. -------------- Date: Sun, 17 Apr 1994 16:48:16 -0400 (EDT) From: Llywelyn Subject: RE: Warrantless searches -- A sign of things to come? To: cypherpunks at toad.com Cc: mrami at MINERVA.CIS.YALE.EDU Sender: owner-cypherpunks at toad.com Adam writes: > Anyway, the point is, these people aren't safe in their own homes. The parents > keep their children home from school because they are afraid that they will either > get shot (which happens quite a lot, one child was shot by a "gangsta" with a > sniper rifle while his mother was walking him to school- the kid was about 5 years > old) or that the kids will get involved in the gangs. > > For a while, the Chicago PD were unwilling to enter the buildings until after the > shooting had stopped, and would then go in to tag and bag the bodies. IT WAS BAD!!! Ok, now let me get this straight. The police who are supposed to 'serve and protect' weren't willing to go in there to protect their constituents because it was too dangerous, but in the same breath they want to remove these people's ability to protect themselves. Just wanted to make sure. Ben. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The cops aren't unwilling to go in there, it's just not safe. Period. Think about it. The cops have a .38 or a 9mm if they are lucky. Some of them may even have bullet-proof vests to wear. Some of the smarter cops have been able to find two bp vests to wear on patrol. So, they're cruising along, when a call goes out. One of the CHA buildings has a sniper on the roof. If they go anywhere near that building, he'll take they're heads right off. Or maybe the call is to make a bust on some drug-dealer. The dealers usually have someone listening to the police frequencies on a scanner, so that when the cops show up, they'll have a big surprise waiting. In the form of assualt shotguns, semi- and fully-automatic machine guns (the Mac-10 and Uzi are quite popular with druggies and gang's these days). And what kind of bullets are the bad guys using? Not what the cops get to use. Oh-no! The baddies have the "Cop-Killer" bullets: armor piercing, Teflon coated bullets that two bp vests WILL NOT stop. Alternatively, the baddies could just pump the cop car full of lead. After all, a cop won't do much if he's busy bleeding to death from his knees, or if some "gangsta" shot his foot off. Think about it. The cops are out-gunned and out-manned. What would you do? And don't tell me that you would just go in there. I consider myself pretty brave, but I don't think even for a second that I would be able to even consider going in there, not without a nice, warm, cozy M1 Abrams Tank surrounding me. And even then I wouldn't be truly safe. These cops are doing the best that they can, and everyone in the U.S. are worrying more about the "rights" of these gang-bangers and drug-dealers than they are about the rights of the innocent people that are trapped in these buildings. And don't even start to tell me that the "innocents" can just leave, cos these CHA buildings are the only place they can afford to live. You folks are to busy yelling about the illegal searches to even think of coming up with an alternative. Maybe if you spent a little time thinking about what it's like to live in a place like this, you might shut up about the cops not doing their jobs. Adam Gerstein ------ Comments to GERSTEIN at SCSU.CTSTATEU.EDU Flames to /dev/null FIGHT CLIPPER -=- OPPOSE CLIPPER -=- FIGHT CLIPPER -=- OPPOSE CLIPPER -=- From tcmay at netcom.com Sun Apr 24 12:11:33 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 24 Apr 94 12:11:33 PDT Subject: Crypto Toolkit, Objects, and TeleScript In-Reply-To: <199404241620.JAA14255@jobe.shell.portal.com> Message-ID: <199404241912.MAA02853@mail.netcom.com> In this message I talk about C code, agents, TeleScript, Smalltalk, PGP tools, and the general and pressing need to somehow make all the diverse fragments of code available and (even more importantly) comprehensible and usable. (As I'm no expert in C++ and the like, take my comments as "moderately informed speculations.") Hal Finney writes: > From: Peter Murphy > > I was most > > taken by the idea of a "Crypto Toolkit". I think it would be understand- > > able to write the code in plain, vanilla C (as opposed to C++). One > > good reason is the widespread availability of C compilers, especially > > with UNIX. Additionally, C++ compilers do take up more space (although > > this would be more of an issue with PCs. > > I think Tim had in mind something that was accessible more from a higher- > level language than C or C++; ideally, something interpreted so you could > sit down and type in a few commands to get something useful. Perl and > TCL are two languages which Tim mentioned and which have been discussed > here in the past. Smalltalk might do, although it is not as "freely" avail- > able. Yes, this is mostly what I meant. Lots of stuff here, and I really should use my outline processor to do a better job of outlining options, routes, and miscellaneous points. But I'll just make a few notes here. (The theme of the next Cypherpunks meeting, date not yet finalized, is "Protocols," so issues like this are presumably relevant. Depending on the date, I may be in L.A., and would welcome meeting with other Southland Cpunks to discuss ideas.) I. What We Have * PGP...the most basic of all crypto functions (RSA encrypt/decrypt/sign/etc.), and it took over a decade to get a usable, public domain (?!) version. (Yes, I know about RIPEM, RSAREF, etc.) (I mention this because _use_ of this protocol, even with a nice manual and whatnot from Phil, Hal, Derek, and others, still mysifies many people, and still is not easily callable from most mail programs, as you all know. This is *terribly important point*, to wit: if the most basic of all crypto functions is so long in gestation and so difficult to use interoperably, what hope do we have in integrating the vast range of crypto protocols to be found in Schneier, the Crypto Conference Proceedings, etc? This is the problem I'd like to see solved, hence my interested in "Computer-Aided Crypto Algorithms," or CACA.) * we also have fragments of C code accumulated and laboriously developed by Bruce Schneier. How many of us have bought the C code book and used the code? (Don't look at me....I had wonderful intentions to convert some of Schneier's code from his C code (and C is something I limp along in, using Think C 6.0, aka Symantec C++) to Mathematica code (which I'm much more adept at playing around with, though not at delivering code usable by others). But I've not yet found the time or motivation to do this, as I suspect is the case with many of us. * there's the ProductCypher (sp?) code which Hal mentioned. I haven't looked at it, for the same reasons I just gave. I _should_ look at it, but I haven't. Oh well. * code in Perl obviously exists in various places, and both Hal Finney and Henry Strickland have written about TCL. Whether these scripting languages, with excellent facilities for accessing Unix utilities directly (as opposed to from deeply within a C program, like PGP), should or can form the basis of a Crypto Toolkit that others will actually use is unclear, to me at least. * other programming efforts presumably exist out there in Cypherpunk land, and some folks not on the List (unless by pseudonym, which is quite possible....after all, ProductCypher is obviously a talented programmer and may be one of the main folks posting algorithms and code fragments to sci.crypt) are clearly writing code for various purposes. ...thus ends my informal summary of what's out there (it may be incomplete, or inaccurate in places...corrections are welcome, as always) II. What's Neeeded * Consider some things we like to talk about: - alternatives to RSA (elliptic functions, etc.) - secret-sharing protocols - remailer-specific code (adding latency, mixing, padding, etc.) - dining cryptographers nets (DC-Nets, a la Chaum, Bos, etc.) - digital cash (a vast area of diverse protocols for clearing transactions, for blinding, for detecting double-spending, etc.) - random number generators (Schneier, for example, supplies code fragments for the Blum-Blum-Shub generator...need I again say that probably few of us know how to "call" this code easily?) - code for message pools, for chaining remailers, etc.....a lot of this exists as scraps of Perl in various places. - and so on My point? How can we achieve the Crypto Singularity (tm) when these algorithms and _conceptual functions_ (my term, meaning that each of these embodies almost an agent-like level of behavioral complexity....hence my interest in implementing these protocols as classes and methods in something like Smalltalk or even the new TeleScript) are scattered around, are hard to grok (a technical term invented by the neural programmer Heinlein), and are more or less going unused today? III. Some Approaches to a Crypto Toolkit * Large collection of C programs. The Schneier approach, except on steroids. Regularize the calling conventions, add further documentation, generate test sample, etc. A massive undertaking, fraught with problems. * C and Perl, and maybe TCL. As above, but use other Unix utilities as needed. * A class library for crypto, in C++. Encapusulate as much of the capability into classes and make them available. For example (and here I'm using Smalltalkish lingo), an "RSA object" would understand (have methods for) messages sent to it that included RSA-encrypted sections. It would find the identifying blocks (a la "begin pgp message") and attempt to decrypt them with its private key. Similarly, a "digital banknote" would have internal structure and methods for dealing with various messages, such as "Display your value" and "Authenticate yourself." I'm not sure how feasible this would be in C++, as I know very little about C++ (I have Symantec C++ and _someday_ plan to learn enough to get by on--not being a professional programmer, and nobody paying me to learn, I have plenty of reasons to keep postponing this learning). >From my Lisp background (Symbolics 3600, Zetalisp, Common Lisp) and from my experiments with Digitalk's Smalltalk/V on my Mac, I think an object-oriented environment could be ideal. * TeleScript. Here I will go out on a limb and predict that the forthcoming TeleScript, which is nicely described in the latest "Byte" by our very own Peter Wayner, could be the basis for some exciting progress. With multi-platform capability, object orientation, and an explicit foucs on agents running around delivering mail, encrypting, etc., it could be a winner. Few details have been released by General Magic, AT&T, Apple, NEC, etc., and a Developer's Conference is coming in several months. Our own Scott Collins worked for GM for a while, and I believe Fen LaBalme does (though he's not active on this list and may not even read this message). They can no doubt comment generally on the prospects for TeleScript and whether it could form a solid basis for Cypherpunks code. (Speculatively, my notion is to embed in Telescript agents many of the things we've been talking about, and then count on the market to make mailers and Mosaic drivers to talk to these agents. Lots to talk about here.) * Speaking of Mosaic, what about using WWW/Mosaic as the basis for transparent use? I'm already impressed that on a non-Mosaic platform (I don't have either a SLIP or PPP connection at this time) I can use my cut-and-paste to easily do a "lynx http::blah blah blah" and get to a home page with arrow-selectable hypertext points. I can see WWW/Mosaic/Lynx/etc. as a common platform (set of utilities) for handling even encrypted traffic. IV. Conclusions (brief) * Existing tools are hard to understand (isn't surprising--we can't use of an Asmuth-Bloom secret-sharing protocol to be easy to use if people first of all have no idea what "secret sharing" means in a formal sense, etc.) * Integrating existing tools (PGPToolKit, Perl scripts, Schneier's code, RSAREF) into new apps is basically *not* happening, at least not by the Great Masses here on our list (let alone the Unwashed Masses off the list!). * Interoperability with dozens of mailers, on several platforms, remains a critical problem. * Hence, *good luck* in getting all the whizzy new protocols we like to speculate about implemented any time soon. This is the challenge I see. To somehow deal with this set of problems. Thanks for reading...and I again apologize for just sitting down and writing this in emacs instead of using my Mac-based outline processor. Sometimes just writing is better than planning, reorganizing, and never finishing. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From GERSTEIN at SCSUD.CTSTATEU.EDU Sun Apr 24 12:16:50 1994 From: GERSTEIN at SCSUD.CTSTATEU.EDU (GERSTEIN at SCSUD.CTSTATEU.EDU) Date: Sun, 24 Apr 94 12:16:50 PDT Subject: Warrantless searches -- Sorry to start this again.... Message-ID: <940424151622.20229e27@SCSUD.CTSTATEU.EDU> You guys just keep saying the right things... My comments are below... -------------- Jim Sewell (jims at Central.KeyWest.MPGN.COM) said : >Subject: Re: Warrantless searches -- A sign of things to come? >To: cypherpunks at toad.com >Date: Mon, 18 Apr 1994 10:30:25 -0400 (EDT) >From: "Jim Sewell - KD4CKQ" > >Slightly reformatted, but the content is faithfully reproduced: > > >> >> On Sun, 17 Apr 94 13:39:39 >> paul at hawksbill.sprintmrn.com (Paul Ferguson) wrote: >> >> >A Page 1 story in The Washington Post Sunday (94.04.17) reads, >... [warrantless searches of housing project] ... >> Anyway, the point is, these people aren't safe in their own homes. > > Then the cops need to sting/watch these guys until they catch them > committing these felonies and throw them in jail, not invade the > privacy of a citizen cuz they think it's right. If the cops were > watching that neighborhood then the child couldn't have been sniped > without the shooter getting bagged. It is a poorly chosen solution to > the police force's inability to do their job well due to fear and/or > underfunding. You see, Jim, the drug deals go on inside the apartment buildings. How easy is it to do surveilance (sp?) on an apartment that is run by gangs, surrounded by their other apartments, on floors that are run by the gangs? Sure, you can do a phone tap. But that doesn't work on cellular phones.... You could also take over an apartment in another building and bounce lasers off the windows, but their damn music is too loud, or they change the rooms they do business in daily (the gangs aren't stupid, you know). And if you did find some way to bust them, how are you going to do it? Fire-fight your way through 3-4 floors of crack-crazed junkies with Uzi's? I don't think so. As far as the sniper killing that little kid, think about what you said. You really think the sniper didn't hang around on the roof-top, waiting for that first cop car to roll up? He's not dumb. They have to get to the building, and he can "reach" them a hell of a lot better than they can fire at him. And once they get inside, it's the same thing. The cops have to fight their way to the roof, at which point the gun and sniper are both inside the building somewhere, safe and cozy. In many ways, the situation has gotten better since the searches started. I AM NOT SAYING I AM FOR THE SEARCHES, I am merely saying that they are being productive. I challenge you C'punks to come up with a better solution. Given the circumstances that those involved are dealing with, it's pretty good for now. Adam Gerstein Comments to: GERSTEIN at SCSU.CTSTATEU.EDU Flames to: /dev/null -=-=-=-=-=-=-=- -=-=-=-=- From merriman at metronet.com Sun Apr 24 12:25:32 1994 From: merriman at metronet.com (David Merriman) Date: Sun, 24 Apr 94 12:25:32 PDT Subject: Today's Dumb Question? Message-ID: <199404241925.AA16389@metronet.com> I've got what may turn out to be Today's Dumb Question.... What Happens If, instead of using prime numbers or logarithms for the basis for a public-key crypto system, we instead generated out public key thus: 1> pick an arbitrary bit stream (large [pseudo?]random number, binary representation of selected chunk of text or data file, etc). 1024 bits or more (in 256 bit chunks?) 2> enter a passphrase 3> XOR the bit stream with the binary representation of the passphrase, cycling the passphrase as necessary. This makes the 'large' component of our public key. 4> hash the passphrase to 128 or more (in blocks of 64?) bits. This makes the 'small' component of the public key. 5> We then use these components as in normal public-key algorithms. Conceptually (to me), this would seem to work, and have the advantage of not being dependent on the factorability of any number; that is, the numbers could be extended as necessary fairly simply. It would also seem to depend on the entry of a passphrase that would be securely 'locked' inside someone's mind :-) Too, it wouldn't seem to be subject to any kind of patents. Finally, if the arbitrary bit stream were taken from something like a section of text in a file, a sequence of bytes in a data file, or even absolute track/sector reads from a floppy/hard disk, the entire thing could be rendered useless by the user by simply erasing/wiping a single file or track/sector. Would something like this work, or am I missing one of the trees because of the forest? Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 'That's odd.... the computer model didn't do that....' From tcmay at netcom.com Sun Apr 24 12:45:23 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 24 Apr 94 12:45:23 PDT Subject: "Information-Hiding" in Crypto Programs Message-ID: <199404241946.MAA05741@mail.netcom.com> The challenge I mentioned in my last message can be summarized as follows: - hide the complexity of implementation in the code, so that other programmers, and especially end-users, don't have to worry about it. - to pick a simplest example, a random number generator needs to generated a good random number without the user having to worry about a zillion related issues (this may get flames....I'm not saying users should be blissfully ignorant of some of the assumptions that went into the RNG, only that most users want an RNG that operates consistently, has been tested by others, etc. This is the Mathematica function method: have experts devise the best factoring or primality testing approach, implement it efficiently (usually in C or even machine language), and then give it to the user as "FactorInteger[3858783237285638838513] for him to incorporate as a canned functon.) - "information hiding," or modularization, means hiding the implementation details from the user and providing regularized calling conventions to make the code behave almost like a "thing" (internal consistency, reproducible behavior, etc.) - "crypto objects" (or instances of classes) would presumably know how to handle the usual crypto messages. - "digital cash objects" would help with the extraordinarily confusing protocols for multi-party transactions I'm not saying _how_ they would help, just that my intuition is that the crypto community could make new strides if the imperative style of programming ("do this," "now do this," etc.) were to be supplemented with the descriptive style ("this is a digital cash object and these are the messages it understands") and even the logical style (of Prolog, for example). Two years ago, Eric Hughes and I spent a few intense days debating these sorts of issues, including discussions of "program correctness" and protocol generation. For digital money to succeed, there had better not be flaws and loopholes that allow attackers to drain your money away or to cause confusion and doubt amongst your customers! Automatic theorem-proving methods, so often the topic of dusty old Ph.D theses, may come to the fore to handle these extremely complex (and attackable by spoofers, eavesdroppers, forgers, etc) protocols. This stuff goes beyond what I was talking about with objects, classes, and libraries, but may be needed sooner than we think. I promise to shut up for a while. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From mech at eff.org Sun Apr 24 13:40:12 1994 From: mech at eff.org (Stanton McCandlish) Date: Sun, 24 Apr 94 13:40:12 PDT Subject: your Clipper video testimony wanted Message-ID: <199404242039.QAA25158@eff.org> Forwarded message: From: blogan at crash.cts.com (Barry Logan) Subject: Re: vid testimony Date: Thu, 21 Apr 1994 11:51:17 -0800 ****** P A P E R T I G E R T V S O U T H W E S T ******* For Immediate Release 4.20.94 *Distrubute Widely* This is a request for submissions of video testimony regarding Clipper. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The public is increasingly becoming aware of the Clipper. Hearings are scheduled to held on April 27 and May 3, 1994 by Sen. Patrick Leahy's (D-VT), of the Senate Judiciary's Technology and the Law Subcommittee, the subject of which will be the Clipper initiative and the FBI's draft Digital Telephony surveillance bill. Momentum is building, get involved. Unless the conquest of cyberspace goes unchallenged by the public-at-large, First and Fourth Amendment rights will be abrogated in a "fait accompli" out-of-sight of democratic processes. This is a battle that cannot be won if fought solely in cyberspace. The implementation of draconian measures calls for innovative counter measures. We propose to take arguments against the Clipper proposal to the public with a video. Fighting with the traditional weapons of mass media will get the attention of the wider net-disinterested audience (most of whom will intersect with the net in the future), than relying on the net alone to conjure the necessary outcry to make Clipper an issue of public scrutiny. We need your collected clips to put together a composite argument. It will be distributed to public access television stations, key legislators, and also be made available to the general public. Submission guidelines: - DEADLINE MAY 8TH ~~~~~~~~~~~~~~~~~~~~~ -Send us a video of you containing your most cogent thoughts and passionate statement regarding Clipper. -Please limit your comments to privacy issues in general and Clipper in particular. -Send original tapes (we'll return them) in any format, 8mm, Hi8, VHS. ~~~~~~~~ Hi8 is the best. -Because of both the nature of video and the nature Clipper, guerrilla theater is encouraged. -Submissions of arguments in favor of Clipper will also be considered for inclusion. -Contributions from outside the U.S. are welcome. -Suggestions about content and/or format welcome. -Please send your video as soon as possible, but no later than May 8th for consideration. Information about Paper Tiger: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Paper Tiger TV is a non-profit volunteer collective based in Manhattan, with working groups in San Diego (PTTV Tiger South West) and San Francisco (PTTV West). Paper Tiger TV produces 30 minute programs shown weekly on public access cable TV and distributed to cable stations, colleges and libraries across the country. The collective has been working for nine years with critical readings on many areas of cultural production including advertisement, TV, films, mainstream publications and cultural events. Although there is no confirmation, it is likely that the finished tape will be uplinked by Deep Dish TV: an association of community and independent producers, public access and cable programmers; a national, alternative satellite network with multi-racial, multi-regional representation producing and distributing television that has a point of view. FEARLESS TV!! We hope that our shows will inspire, educate and empower the political movements that we are a part of. Mail your tapes to: VIEWING HABITS 3270 MT.AACHEN AVE. SAN DIEGO, CA 92111 We are including Herb Sciller's "Plunge into cyberspace". Well known lefty media critic and guru of our collective. This is a historic moment, don't blow it. Make history, make video. From pls at crl.com Sun Apr 24 14:00:03 1994 From: pls at crl.com (Paul Schauble) Date: Sun, 24 Apr 94 14:00:03 PDT Subject: Warrantless searches- sorry to bring this back.... In-Reply-To: <940424150140.20229e27@SCSUD.CTSTATEU.EDU> Message-ID: On Sun, 24 Apr 1994 GERSTEIN at SCSUD.CTSTATEU.EDU wrote: > The cops aren't unwilling to go in there, it's just not safe. Period. > Think about it. The cops have a .38 or a 9mm if they are lucky. Some of > them may even have bullet-proof vests to wear. Some of the smarter cops have > been able to find two bp vests to wear on patrol. > So, they're cruising along, when a call goes out. One of the CHA > buildings has a sniper on the roof. If they go anywhere near that building, > he'll take they're heads right off. > Or maybe the call is to make a bust on some drug-dealer. The dealers > usually have someone listening to the police frequencies on a scanner, so that > when the cops show up, they'll have a big surprise waiting. In the form of > assualt shotguns, semi- and fully-automatic machine guns (the Mac-10 and Uzi > are quite popular with druggies and gang's these days). > And what kind of bullets are the bad guys using? Not what the cops get > to use. Oh-no! The baddies have the "Cop-Killer" bullets: armor piercing, > Teflon coated bullets that two bp vests WILL NOT stop. I was sympathetic to your argument up to this point. Now I need a polite way to say "You haven't a clue as to what you're talking about.". These magic, vest-penetrating, Teflon coated bullets are on of the gun-controllers favorite myths. But they don't exist in this reality. That's not to say the cops don't have a problem. Pretty much any rifle will penetrate a standard vest. But then, very few of the druggies in real life have rifles. > Alternatively, the baddies could just pump the cop car full of lead. > After all, a cop won't do much if he's busy bleeding to death from his knees, > or if some "gangsta" shot his foot off. > > Think about it. The cops are out-gunned and out-manned. What would you > do? And don't tell me that you would just go in there. I consider myself pretty > brave, but I don't think even for a second that I would be able to even > consider going in there, not without a nice, warm, cozy M1 Abrams Tank > surrounding me. And even then I wouldn't be truly safe. > These cops are doing the best that they can, and everyone in the U.S. > are worrying more about the "rights" of these gang-bangers and drug-dealers > than they are about the rights of the innocent people that are trapped in these > buildings. > And don't even start to tell me that the "innocents" can just leave, > cos these CHA buildings are the only place they can afford to live. > You folks are to busy yelling about the illegal searches to even think > of coming up with an alternative. > > Maybe if you spent a little time thinking about what it's like to live > in a place like this, you might shut up about the cops not doing their jobs. > > Adam Gerstein > > ------ > Comments to GERSTEIN at SCSU.CTSTATEU.EDU > Flames to /dev/null > > FIGHT CLIPPER -=- OPPOSE CLIPPER -=- FIGHT CLIPPER -=- OPPOSE CLIPPER -=- > Reading your last few paragraphs and then you tagline causes a real cognitive dissonance. Clipper is intended to make it easier for the police to catch criminals, and I have yet to hear a serious argument that it won't do that. All of the arguments are that it infringes on the legitimate rights of non-criminals. So here you are, perfectly willing to toss out rights that ARE enumerated in the Constitution in the 2nd and 4th Amendments, yet trying to defend a much more nebulous "right to privacy" Since you've so well defended the principle that the individual's rights are subordinate to the rights of the "innocent people" to be "safe", what rational basis do you have for opposing Clipper? Sorry, the Constitution isn't a cafeteria. You can't pick and choose the rights you like and trash the rest. ++PLS From samman at CS.YALE.EDU Sun Apr 24 14:06:58 1994 From: samman at CS.YALE.EDU (Llywelyn) Date: Sun, 24 Apr 94 14:06:58 PDT Subject: Warrentlesss SEarches In-Reply-To: <940424150140.20229e27@SCSUD.CTSTATEU.EDU> Message-ID: > Think about it. The cops are out-gunned and out-manned. What would you > do? And don't tell me that you would just go in there. I consider myself pretty > brave, but I don't think even for a second that I would be able to even > consider going in there, not without a nice, warm, cozy M1 Abrams Tank > surrounding me. And even then I wouldn't be truly safe. > These cops are doing the best that they can, and everyone in the U.S. > are worrying more about the "rights" of these gang-bangers and drug-dealers > than they are about the rights of the innocent people that are trapped in these > buildings. > And don't even start to tell me that the "innocents" can just leave, > cos these CHA buildings are the only place they can afford to live. > You folks are to busy yelling about the illegal searches to even think > of coming up with an alternative. > > Maybe if you spent a little time thinking about what it's like to live > in a place like this, you might shut up about the cops not doing their jobs. Ok, Let me respond 1)I live in this kind of neighborhood at home when I'm not at school. That's right, I live in West Oakland, California. I was born and raised in the inner city. Don't tell me how these places are, don't tell me how they're run, don't tell me how dangerous they are. I've lived it. Have you? All you know is what you see on the news, on the television shows, and what is portrayed in mass media. 2)I know the value of a gun in this environment. I know how many times our home has been kept safe because my father has been willing to wield a gun against either intruders or against 'undersireable' characters coming around(read drug dealers, crack heads, you name it). Our part of the block has a reputation for not being somewhere for these pepole to hang out because my father and our neighbors have taken a stand against such scum. 3)Not everyone who lives in these neighborhoods is bad simply as a result of their economic conditions. We don't want these people around any more than you people do in your neighborhoods. It just happens, and I know this for a fact, that it takes Oakland Police(OPD) a lot longer to respond when we call them, than when people in Skyline(a rich white neighborhood) call them. 4)My family has not broken any law simply by trying to protect ourselves. There is no way in hell that the police can be everywhere at once, even if they are as efficient as you in the 'burbs seem to think they are, keeping out and harassing all the minorties that come your way. Until they get there, the only way we can protect ourselves is with our guns. We havne't broken any laws, we're not the ones who have severed our contract with society by choosing to live outside of it, its not us, its the people who prey upon us in our homes and in our schools, and it is not us who should lose our rights, but them. By simply lumping us in with them by sheer virtue of where we live and how much we earn is not only sheer folly but is also classist. 5)Yes we worry about the rights of the accused. I do. I've been arrested and harassed when the only crime that I committed was being in the wrong place at the wrong time, and not having the right skin color. Yes, I worry about those rights, because for me, it might be that one day, that it is I who is on trial, it is I whose rights are being questioned, and it is I who wants my day in court, and unless we protect the rights of the accused, even if they don't look like us, it reaps a beneficial result to society as a whole. Thomas More in the movie _Man for All Seasons_ makes an excellent point when he asks young Will, if he would cut down all the laws in England to catch the devil. When Will responds in the affirmative, More asks him, "And what would you do when the winds rage about you?" You see, if you don't protect the rights of the accused today, there might come a day when you're in their shoes and you'll wish that you still had those rights--remember the 5th amendment? The 4th's prohibitions against unreasonable seach and siezures? What about the 14th's due process clause? It is the rule of law, not of decree that makes this nation great, and there's no way in hell, I'm going to sit idly by and watch this nation become an autocracy simply because some people in suburbia decided that it would be easier to do away with the rights of the accused in their racist, xenophobic fears. Any comments? Ben. From sdw at meaddata.com Sun Apr 24 14:07:52 1994 From: sdw at meaddata.com (Stephen Williams) Date: Sun, 24 Apr 94 14:07:52 PDT Subject: The un-BBS In-Reply-To: <199404240925.CAA24754@mail.netcom.com> Message-ID: <9404242105.AA00934@jungle.meaddata.com> > > Mike Ingle writes: > > > There are occasional waves of actions against BBSes. The most recent ones > > are for porn. Before that it was pirate software and phone codes. The next > ... > > > What we need is a totally decentralized BBS. It would be something like > > running Usenet over UUCP. There would be newsgroups or SIGs or whatever > > you want to call them. Anyone could leave their computer and modem on, > > and anyone else could call them and get an update. There would be no BBS > > to call and log into. You'd just call your friend's computer and update > > your newsgroups, and someone would call yours and update his. The network > > would grow outward, with no organization or structure. Anyone could create > > a new newsgroup, and if his friends chose to take it, it would spread. > ... I'm pretty perplexed: What's wrong with the current Netnews (Usenet...), Email, etc. setup? It's very flexible and you can get access for very reasonable amounts of money (even for a server). The software's free, the net is huge, etc... I dislike BBS's alot compared to standard Internet services. It's only expensive if you want online, realtime access, gigabytes/mo. of traffic, etc. > This is FIDONet (or FidoNet). In most essential features, this is what > FidoNet has been doing for the past half dozen years. Distributed, > decentralized, dial-up lines, banyan-type architecture (sort of), etc. > > Tom Jennings, one of the main architects of FidoNet, was once on our > list, as were a couple of others, but they don't seem to be any > longer. > > There are some interesting issues here, which I'll just list: > > * since the FidoNet is not subsidized by others the way the Internet > is, operators of FidoNet nodes (I don't know the exact term) often end > up subsidizing the costs themselves. Most systems/people on the Internet are not subsidized. This is well known. The critical mass of users has obviated the need for it. I've been grappling with what features I'd like in the perfect communications / BBS / Internet / online system. Does anyone have strong opinions about which features are important? For instance: I find that my Unix Internet mail/news tools are an order of magnitude more efficient than any BBS message base reader I've ever encountered. sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From tcmay at netcom.com Sun Apr 24 14:19:59 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 24 Apr 94 14:19:59 PDT Subject: The un-BBS In-Reply-To: <9404242105.AA00934@jungle.meaddata.com> Message-ID: <199404242120.OAA23991@mail.netcom.com> > > There are some interesting issues here, which I'll just list: > > > > * since the FidoNet is not subsidized by others the way the Internet > > is, operators of FidoNet nodes (I don't know the exact term) often end > > up subsidizing the costs themselves. > > Most systems/people on the Internet are not subsidized. This is well known. > The critical mass of users has obviated the need for it. The subsidies are as follows: - universities that provide "free" access to students, faculty, researchers, etc. (all those ".edu" accounts) - corporations that provide similar access to some or all of their employees - government labs, offices, etc. The number of Internet users who are going through commercial services like Netcom, Panix, Portal, etc., or through services like CompuServe and Prodigy, is currently a small fraction of the overall total. This will grow, but for the present discussion, most Internet users are not paying their own bills for their usage of the Net (let alone paying to ship NetNews around the world). And even the commercial service providers cross-subsidize in various ways (Netcom, for example, is reported to be making real money in its T1 links...). My point was not at all that FidoNet is a superior service (it isn't). What I said was that the Internet is subsidized--I didn't elaborate on by whom, and I certainly wasn't saying ARPA or NSF pays for it all--and that this accounts for much of its explosive growth. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From samman at CS.YALE.EDU Sun Apr 24 14:23:41 1994 From: samman at CS.YALE.EDU (Llywelyn) Date: Sun, 24 Apr 94 14:23:41 PDT Subject: Warrentlesss SEarches (fwd) Message-ID: Sorry about resubmitting it y'all but I discovered the line feeds were wierd so I just re-formatted it. Ben. > Think about it. The cops are out-gunned and out-manned. What would you > do? And don't tell me that you would just go in there. I consider myself pretty > brave, but I don't think even for a second that I would be able to even > consider going in there, not without a nice, warm, cozy M1 Abrams Tank > surrounding me. And even then I wouldn't be truly safe. > These cops are doing the best that they can, and everyone in the U.S. > are worrying more about the "rights" of these gang-bangers and drug-dealers > than they are about the rights of the innocent people that are trapped in these > buildings. > And don't even start to tell me that the "innocents" can just leave, > cos these CHA buildings are the only place they can afford to live. > You folks are to busy yelling about the illegal searches to even think > of coming up with an alternative. > > Maybe if you spent a little time thinking about what it's like to live > in a place like this, you might shut up about the cops not doing their jobs. Ok, Let me respond 1)I live in this kind of neighborhood at home when I'm not at school. That's right, I live in West Oakland, California. I was born and raised in the inner city. Don't tell me how these places are, don't tell me how they're run, don't tell me how dangerous they are. I've lived it. Have you? All you know is what you see on the news, on the television shows, and what is portrayed in mass media. 2)I know the value of a gun in this environment. I know how many times our home has been kept safe because my father has been willing to wield a gun against either intruders or against 'undersireable' characters coming around(read drug dealers, crack heads, you name it). Our part of the block has a reputation for not being somewhere for these pepole to hang out because my father and our neighbors have taken a stand against such scum. 3)Not everyone who lives in these neighborhoods is bad simply as a result of their economic conditions. We don't want these people around any more than you people do in your neighborhoods. It just happens, and I know this for a fact, that it takes Oakland Police(OPD) a lot longer to respond when we call them, than when people in Skyline(a rich white neighborhood) call them. 4)My family has not broken any law simply by trying to protect ourselves. There is no way in hell that the police can be everywhere at once, even if they are as efficient as you in the 'burbs seem to think they are, keeping out and harassing all the minorties that come your way. Until they get there, the only way we can protect ourselves is with our guns. We havne't broken any laws, we're not the ones who have severed our contract with society by choosing to live outside of it, its not us, its the people who prey upon us in our homes and in our schools, and it is not us who should lose our rights, but them. By simply lumping us in with them by sheer virtue of where we live and how much we earn is not only sheer folly but is also classist. 5)Yes we worry about the rights of the accused. I do. I've been arrested and harassed when the only crime that I committed was being in the wrong place at the wrong time, and not having the right skin color. Yes, I worry about those rights, because for me, it might be that one day, that it is I who is on trial, it is I whose rights are being questioned, and it is I who wants my day in court, and unless we protect the rights of the accused, even if they don't look like us, it reaps a beneficial result to society as a whole. Thomas More in the movie _Man for All Seasons_ makes an excellent point when he asks young Will, if he would cut down all the laws in England to catch the devil. When Will responds in the affirmative, More asks him, "And what would you do when the winds rage about you?" You see, if you don't protect the rights of the accused today, there might come a day when you're in their shoes and you'll wish that you still had those rights--remember the 5th amendment? The 4th's prohibitions against unreasonable seach and siezures? What about the 14th's due process clause? It is the rule of law, not of decree that makes this nation great, and there's no way in hell, I'm going to sit idly by and watch this nation become an autocracy simply because some people in suburbia decided that it would be easier to do away with the rights of the accused in their racist, xenophobic fears. Any comments? Ben. From dwomack at runner.utsa.edu Sun Apr 24 15:10:08 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Sun, 24 Apr 94 15:10:08 PDT Subject: Warrentlesss SEarches In-Reply-To: Message-ID: <9404242209.AA07098@runner.utsa.edu> > > > > Think about it. The cops are out-gunned and out-manned. What would you > > of coming up with an alternative. [snip] > > Maybe if you spent a little time thinking about what it's like to live > > in a place like this, you might shut up about the cops not doing their jobs. > > Ok, Let me respond > > 1)I live in this kind of neighborhood at home when I'm not at school. That's > right, I live in West Oakland, California. I was born and raised in the inner > city. Don't tell me how these places are, don't tell me how they're run, don't > tell me how dangerous they are. I've lived it. Have you? All you know is what > you see on the news, on the television shows, and what is portrayed in mass media. [excellent points all] > 2)I know the value of a gun in this environment. I know how many times our home > has been kept safe because my father has been willing to wield a gun against > either intruders or against 'undersireable' characters coming around(read drug > dealers, crack heads, you name it). Our part of the block has a reputation for > not being somewhere for these pepole to hang out because my father and our > neighbors have taken a stand against such scum. [Bravo! Would that more people took personal responsibility!] > 3)Not everyone who lives in these neighborhoods is bad simply as a result of [snip...with regret] > 4)My family has not broken any law simply by trying to protect ourselves. There > is no way in hell that the police can be everywhere at once, even if they are as > efficient as you in the 'burbs seem to think they are, keeping out and harassing > all the minorties that come your way. Until they get there, the only way we can > protect ourselves is with our guns. We havne't broken any laws, we're not the > ones who have severed our contract with society by choosing to live outside of > it, its not us, its the people who prey upon us in our homes and in our schools, > and it is not us who should lose our rights, but them. By simply lumping us in > with them by sheer virtue of where we live and how much we earn is not only > sheer folly but is also classist. [And, even in the finest 'burbs, the police cannot be everywhere! Indeed, if you study police doctrine, it very clearly states that police and DETER crime, they can APPREHEND criminals, but they cannot PREVENT crime. Even a 5 minute response time will not solve the problem. Indeed, a 1 minute response would not...because someone must call them first! Still more significantly, the criminals are not stupid. They go where the money is...and if it is easier to steal Rolex's and 'Benzs in Suburbia...guess where they'll go? The city manager (!) here in San Antonio found this out when he was robbed in the driveway of his house. ] > > 5)Yes we worry about the rights of the accused. I do. I've been arrested and > harassed when the only crime that I committed was being in the wrong place at > the wrong time, and not having the right skin color. Yes, I worry about those > rights, because for me, it might be that one day, that it is I who is on trial, > it is I whose rights are being questioned, and it is I who wants my day in > court, and unless we protect the rights of the accused, even if they don't look > like us, it reaps a beneficial result to society as a whole. Thomas More in the > movie _Man for All Seasons_ makes an excellent point when he asks young Will, if > he would cut down all the laws in England to catch the devil. When Will > responds in the affirmative, More asks him, "And what would you do when the > winds rage about you?" [Elegant! My apologies for the bandwidth, but this quote needs to be repeated daily by the administration ] > > You see, if you don't protect the rights of the accused today, there might come > a day when you're in their shoes and you'll wish that you still had those > rights--remember the 5th amendment? The 4th's prohibitions against unreasonable > seach and siezures? What about the 14th's due process clause? It is the rule > of law, not of decree that makes this nation great, and there's no way in hell, > I'm going to sit idly by and watch this nation become an autocracy simply > because some people in suburbia decided that it would be easier to do away with > the rights of the accused in their racist, xenophobic fears. > > Any comments? > Ben. [I'm as xenophobic as the next guy ;-), but I don't think the problem is necessarily suburbia; rather, it often seems that people in general, and irregardless of socioeconomic status, are eagerly discarding rights in order to escape personal involvement. Merely voting is (seemingly) too tedious; and anything more demanding is (again, seemingly) completely out of the question. Who was it who said "He who would trade a little liberty for a little security deserves neither"?] > > From phantom at u.washington.edu Sun Apr 24 16:03:51 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Sun, 24 Apr 94 16:03:51 PDT Subject: Today's Dumb Question Message-ID: David Merriman writes: What Happens If, instead of using prime numbers or logarithms for the basis for a public-key crypto system, we instead generated out public key thus: 1> pick an arbitrary bit stream (large [pseudo?]random number, binary representation of selected chunk of text or data file, etc). 1024 bits or more (in 256 bit chunks?) 2> enter a passphrase 3> XOR the bit stream with the binary representation of the passphrase, cycling the passphrase as necessary. This makes the 'large' component of our public key. 4> hash the passphrase to 128 or more (in blocks of 64?) bits. This makes the 'small' component of the public key. 5> We then use these components as in normal public-key algorithms. ---------- (matt says:) Okay, you're forgetting one thing. In public key systems, the two numbers you have are related -- the algorithm you use needs a pair of numbers that create a function and inverse function pair. The pair you suggest above [((random #) xor (passphrase)), hash(passphrase)] have nothing in common. Good, as you point out, since you can't create one from the other, but also bad for a public key system, since you can't use one to decrypt what the other encrypted (they're not inverses)! mt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From werner at mc.ab.com Sun Apr 24 16:39:35 1994 From: werner at mc.ab.com (tim werner) Date: Sun, 24 Apr 94 16:39:35 PDT Subject: licence plates seen Message-ID: <199404242339.TAA18605@sparcserver.mc.ab.com> >Date: Sun, 24 Apr 1994 11:16:38 -0700 >From: mdbomber at w6yx.stanford.edu (Matt Bartley) > >I don't have an ASCII chart available. What does this one mean? If you were running Unix, you could have said 'man ascii'. From werner at mc.ab.com Sun Apr 24 16:45:40 1994 From: werner at mc.ab.com (tim werner) Date: Sun, 24 Apr 94 16:45:40 PDT Subject: Warrantless searches -- Sorry to start this again.... Message-ID: <199404242345.TAA18609@sparcserver.mc.ab.com> >Date: Sun, 24 Apr 1994 15:16:22 -0400 (EDT) >From: GERSTEIN at SCSUD.CTSTATEU.EDU > You see, Jim, the drug deals go on inside the apartment buildings. How >easy is it to do surveilance (sp?) on an apartment that is run by gangs, >surrounded by their other apartments, on floors that are run by the gangs? > > In many ways, the situation has gotten better since the searches >started. I AM NOT SAYING I AM FOR THE SEARCHES, I am merely saying that they >are being productive. I challenge you C'punks to come up with a better >solution. Given the circumstances that those involved are dealing with, it's >pretty good for now. Well, for one thing, if the drugs they are dealing were not illegal, there would be no high-anxiety drug deals going on in the apartments. tw From GERSTEIN at SCSUD.CTSTATEU.EDU Sun Apr 24 17:04:37 1994 From: GERSTEIN at SCSUD.CTSTATEU.EDU (GERSTEIN at SCSUD.CTSTATEU.EDU) Date: Sun, 24 Apr 94 17:04:37 PDT Subject: Warrentlesss SEarches Message-ID: <940424200411.2022b905@SCSUD.CTSTATEU.EDU> My comments are in the brackets -< >-. Before I start commenting, however, I would like to take this opportunity to once again say I DON'T AGREE WITH THESE SEARCHES!!!!! Many of you have taken that to be my tone, and that's not right. I was just expressing the opinion that I think that since all the other choices they have are blocked, and the residents don't seem to mind, then it's the right solution FOR NOW. I'm not trying to say that this should become policy, I'm just saying it's the only way that things could be done (at least from what I know of the situation). I don't profess to be an expert on this whole mess, I was just expressing my opinions. They are mine. Not yours. If you don't like them, either acknowledge that you don't agree with mine politely and civilly or just shut up. I have _NO_ time or tolerance for people who think that they are right just because they have such-and-such opinion about something. If you can't take the time to see both sides of the story, don't take the time to comment on just one side. Opinions are to be shared. If you don't like mine, then just don't read it. This is not aimed at anyone in particular, I'm just saying something that I feel (my god, another opinion!). -------------- From: dwomack at runner.jpl.utsa.edu (David L Womack) Subject: Re: Warrentlesss SEarches To: samman at CS.YALE.EDU Date: Sun, 24 Apr 1994 17:09:52 -0500 (CDT) Cc: cypherpunks at toad.com > > > > Think about it. The cops are out-gunned and out-manned. What would you > > of coming up with an alternative. [snip] > > Maybe if you spent a little time thinking about what it's like to live > > in a place like this, you might shut up about the cops not doing their jobs. > > Ok, Let me respond > > 1)I live in this kind of neighborhood at home when I'm not at school. That's > right, I live in West Oakland, California. I was born and raised in the inner > city. Don't tell me how these places are, don't tell me how they're run, > don't tell me how dangerous they are. I've lived it. Have you? All you > know is what you see on the news, on the television shows, and what is > portrayed in mass media. [excellent points all] -- > 2)I know the value of a gun in this environment. I know how many times our >home has been kept safe because my father has been willing to wield a gun >against either intruders or against 'undersireable' characters coming >around(read drug dealers, crack heads, you name it). Our part of the block >has a reputation for not being somewhere for these pepole to hang out because >my father and our neighbors have taken a stand against such scum. [Bravo! Would that more people took personal responsibility!] -- > 3)Not everyone who lives in these neighborhoods is bad simply as a result of [snip...with regret] -- > 4)My family has not broken any law simply by trying to protect ourselves. >There is no way in hell that the police can be everywhere at once, even if >they are as efficient as you in the 'burbs seem to think they are, keeping out >and harassing all the minorties that come your way. Until they get there, the >only way we can protect ourselves is with our guns. We havne't broken any >laws, we're not the ones who have severed our contract with society by >choosing to live outside of it, its not us, its the people who prey upon us in >our homes and in our schools, and it is not us who should lose our rights, but >them. By simply lumping us in with them by sheer virtue of where we live and >how much we earn is not only sheer folly but is also classist. [And, even in the finest 'burbs, the police cannot be everywhere! Indeed, if you study police doctrine, it very clearly states that police and DETER crime, they can APPREHEND criminals, but they cannot PREVENT crime. Even a 5 minute response time will not solve the problem. Indeed, a 1 minute response would not...because someone must call them first! Still more significantly, the criminals are not stupid. They go where the money is...and if it is easier to steal Rolex's and 'Benzs in Suburbia...guess where they'll go? The city manager (!) here in San Antonio found this out when he was robbed in the driveway of his house. ] -- > 5)Yes we worry about the rights of the accused. I do. I've been arrested and > harassed when the only crime that I committed was being in the wrong place at > the wrong time, and not having the right skin color. Yes, I worry about those > rights, because for me, it might be that one day, that it is I who is on >trial, it is I whose rights are being questioned, and it is I who wants my day >in court, and unless we protect the rights of the accused, even if they don't >look like us, it reaps a beneficial result to society as a whole. Thomas More >in the movie _Man for All Seasons_ makes an excellent point when he asks young >Will, if he would cut down all the laws in England to catch the devil. When >Will responds in the affirmative, More asks him, "And what would you do when >the winds rage about you?" [Elegant! My apologies for the bandwidth, but this quote needs to be repeated daily by the administration ] -- > You see, if you don't protect the rights of the accused today, there might >come a day when you're in their shoes and you'll wish that you still had those >rights--remember the 5th amendment? The 4th's prohibitions against >unreasonable seach and siezures? What about the 14th's due process clause? >It is the rule of law, not of decree that makes this nation great, and there's >no way in hell, I'm going to sit idly by and watch this nation become an >autocracy simply because some people in suburbia decided that it would be >easier to do away with the rights of the accused in their racist, xenophobic >fears. > > Any comments? > Ben. [I'm as xenophobic as the next guy ;-), but I don't think the problem is necessarily suburbia; rather, it often seems that people in general, and irregardless of socioeconomic status, are eagerly discarding rights in order to escape personal involvement. Merely voting is (seemingly) too tedious; and anything more demanding is (again, seemingly) completely out of the question. Who was it who said "He who would trade a little liberty for a little security deserves neither"?] - I have placed chip-0.1.tgz on ftp.thp.uni-koeln.de(134.95.64.1):/pub/linux/chip/chip-0.1.tgz It contains an alpha version of a rudimentary loadable device driver and a sample application (get information out of the telephone cards used by the German Telekom) to be used with MARALU's chip-card-reader/writer. In principal, the reader/writer should be able to access all types of I2C-cards and other formats. I'll try to provide more functionality if there's interest in the net. Please mail comments, suggestions and questions to chip at thp.uni-koeln.de. If you don't have ftp-access, drop me a note and I'll mail the code to you (in uuencoded form (about 8k), if nothing different is specified). Martin PLEASE NOTE, THAT NEITHER I NOR MARALU TAKE ANY RESPONSIBILITY FOR THE FUNCTIONALITY OR RELIABILITY OF THE PROVIDED CODE AND INFORMATION. -- -- Mail submissions for comp.os.linux.announce to: linux-announce at tc.cornell.edu Be sure to include Keywords: and a short description of your software. Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From norm at netcom.com Sun Apr 24 17:25:06 1994 From: norm at netcom.com (Norman Hardy) Date: Sun, 24 Apr 94 17:25:06 PDT Subject: Warrentlesss SEarches (fwd) Message-ID: <199404250026.RAA07388@mail.netcom.com> At 17:21 4/24/94 -0400, Llywelyn wrote: ... > >Ok, Let me respond > ... >2)I know the value of a gun in this environment. I know how many times >our home has been kept safe because my father has been willing to wield a >gun against either intruders or against 'undersireable' characters coming >around(read drug dealers, crack heads, you name it). Our part of the >block has a reputation for not being somewhere for these pepole to hang >out because my father and our neighbors have taken a stand against such >scum. > ... >Any comments? Thanks for your perspective. I have imagined that if I found it necessary to live in such a place that I might favor choosing a building with some sort of covenant, explicitly agreed to by all tenants, that allowed searches for weapons. I take it that you would not find that to be a good idea. Do you have other ideas along such lines? From samman at CS.YALE.EDU Sun Apr 24 18:18:07 1994 From: samman at CS.YALE.EDU (Llywelyn) Date: Sun, 24 Apr 94 18:18:07 PDT Subject: Warrentlesss SEarches In-Reply-To: <940424200411.2022b905@SCSUD.CTSTATEU.EDU> Message-ID: > > 1)I live in this kind of neighborhood at home when I'm not at school. That's > > right, I live in West Oakland, California. I was born and raised in the inner > > city. Don't tell me how these places are, don't tell me how they're run, > > don't tell me how dangerous they are. I've lived it. Have you? All you > > know is what you see on the news, on the television shows, and what is > > portrayed in mass media. > [excellent points all] > > - from the mass media. I also go to school in new haven, so I have the same > sources for information that you do. I am more than willing to admit that most > of my info is from what I se and read in the papers and on the news. But at > least I make the effort to stay informed. > Also, you say that you "live in this kind of neighborhood at home." That's at > home. You are here in New Haven. And it's only like CHA. You don't live there > so don't expect me to think that you are right just because you live in an area > that is similar. Unless you have actually _lived_ in Cabrini Green, I will take > your thoughts with a grain of salt.>- Take my comments any way you want. I really don't care. However, I went to an inner city high school, no not in New Haven, but on the other side of the country, and as such I base my information on how and where I grew up for the past 18 years of my life before I came to Yale. The section of New HAven where Yale is, honestly, is a sheltered environ, that I will grant, and redily acknowledge it. However, if you came to visit my home in Oakland, you'd see that across the street are the Acorn Projects(which are public, low income housing) as well as down the street is the police station. I've gone to a friend's house to hang out only to have our reveries disturbed by gangs shooting each other up outside. No, unless you grew up most of your life in the inner city, unless you went to school and saw your buddies get blown away because they were in the wrong place at the wrong time, unless you've attended the funerals of friends who died senselessly can you tell me that you have the same sources of information that I do. My information I gather empirically--with my own eyes. Can you say the same? How long have you lived in New Haven? New Haven is nothing let me tell you. There's poverty here, there's needless suffering, but taking away these people's basic diginity and civil rights, by searching them for somehitng that isn't contraband is not going to do anything to get these people out of the hole they're in. Rather, its going to make them more resentful and more angry at what they percieve to be a government that is unresponsive to their needs. Remember, they are perfectly justified in feeling disenfranchised, because honestly they are. > > 2)I know the value of a gun in this environment. I know how many times our > >home has been kept safe because my father has been willing to wield a gun > >against either intruders or against 'undersireable' characters coming > >around(read drug dealers, crack heads, you name it). Our part of the block > >has a reputation for not being somewhere for these pepole to hang out because > >my father and our neighbors have taken a stand against such scum. > > [Bravo! Would that more people took personal responsibility!] > > - responsibility. There is always safety in numbers, be they people or a cypher. > But I wasn't saying how important these guns are except that the gangs have a > hell of a lot more than the cops do.>- So taking away normal, law abiding citizen's guns that they use to protect themselves is going to cut down on the amount that the gangs have? Hardly. Ever walk down the street and been offered a gun? I have. I didn't take it, never know what condition its in, or where its been. :) > > > 3)Not everyone who lives in these neighborhoods is bad simply as a result of > > [snip...with regret] > > - implyed it. I was only talking about the gangs. Never mentioned where they get > their members, never mentioned where they get their guns, or drugs, or > whatever. I was only saying how the people in the CHA buildings were fed up > with the bs that was going on and decided to do something about it.>- And they should. But they shouldn't be forced to give up their civil rights to be able to 'do something about it.' No you're right. You never did MENTION that everyone in these neighborhoods are bad, but by blanektly abrogating EVERYONE'S rights there's a tacit assumption there that someone did something wrong. We take away the rights of convicted felons--not the innocent people who happen because of unfortunate circumstances to have the government as a landlord, there less of a public outrage. The American public feels unattached and holds in no specific esteem us inhabitants of the inner city. Thus we get things like the searches that are the topic of discussion. And this is what frightens me the most. I can picture a scenario when middle white America decides that what the inner cities need is a little law and order, like the National Guard or the Army to camp out. Sure this will reduce crime, but it'll also curtail civil liberties. > - started in on this, and am going to leave the whole thing about black/white and > upper class/middle or lower class alone. I refuse to touch it.>- Yes, but I am. I admit it. I see that there is an inherent prejudice here. Allow me to pose a scenario: Beverly Hills is ravaged by a terrible crime wave. Dope dealers are hanging out on every block. People are dealing drugs out of homes and every so often it gets out of hand and people are shot. Do you think that they will start abrogating these people's rights by subjecting them to house-to-house searches for something that has yet to be ruled illegal? I personally doubt it. And I doubt it because these people have more political clout, because of the enormous hue and cry that would erupt if such acts were to take place. However, if we subject people(yes people, just like the ones on Rodeo Dr.) that happen because of an accident of economics to have the government as their land lord to these unreasonable searches, then there is more of a mentalitiy of 'Good for them. It's working' But it ISN'T! You know what will work? Community groups that go down to the gun range. That arm citizens. That teach them to fire guns. That licence them to carry concealed weapons. You think the dope dealers are gonna push, if they know that the parents of their targets are armed and pissed off? No! I'm not advocating vigilantism, but there is much to be said for the ability of people to arm themselves and protect themselves, their families, and their possessions from any interloper--the same rights that Jefferson speaks of, "Life, Liberty and the Pursuit of Happiness." > I know the Bill of Rights also, and I'm not saying they should abandon it. But > until they can come up with something to deal with these gangs, I think that > the searches are appropriate. Good...You don't think they should abandon the BoR, but you think that its okay to sign away a few rights at a time to ensure their safety? One day when this government is everyhwere, when they can read your mind, when they know what you're doing, will you be totally secure. The price of liberty is eternal vigilance, and with liberty comes personal responsibility. It is easier to sign away your rights and have someone promise to protect you, but its like a tiger that you get ride on--if you get off, you'll get eaten, so you're forced to go wherever it goes. The first burden of personal responsibility begins with the individual. There's no one that can help you do that, this is something that you have to do. And if you're willing to protect yourself, then there's no one on this earth that can take that away from you without losing some of his blood in the process. Ben. ASIDE: I often wonder why people don't want us in the inner city to have guns. I wonder if its just a bit of racism that fears the empowerment of people with guns, kinda like there are some elements of the political system that are afraid to give women guns. Are they afraid that with the great equalizer, that the underclasses will one day come to their senses and realize how they've gotten shafted and decide to take out their rage? Maybe they fear what sort of destruction will result as in the Watts and recent King riots, if the rioters were armed. The roots of social unrest in the inner city has nothing to do with crime, and everything to do with economics. You give these people jobs, you give them traning, and you give them a stake in society, and you'll see how far they'll go to defend you. Its because of this frustration, of the lack of vehicles for social mobility that the inner city is the way it is. I can't tell you how intoxicating the lure of dealing drugs is. The power to do what you want, to get any woman you want, to drive any car you want, all for just a little bit of work. Right now they're frustrated, and they don't believe they're anything in this society. You see, these high and lofty ideals that are embodied in the BoR and the Declaration mean nothing. Ever been stopped and given the third degree for simply being in the wrong neighborhood? The exchange when something like: Cop: "What are you doing here?" Me: "Driving" Cop: "Where are you going?" Me: "To visit a friend." Cop: "What's the address?" Me "I didn't realize that we had a pass law in effect. Did I take a wrong turn and end up in Pretoria?" Cop: "Get out of the car." I don't believe that I've gotten as fair of a shake when it comes to authority as compared to many people in the burbs, that's why I'm skeptical of any such wonderful ideas to take away rights from the underclass. End Aside. From samman at CS.YALE.EDU Sun Apr 24 18:21:55 1994 From: samman at CS.YALE.EDU (Llywelyn) Date: Sun, 24 Apr 94 18:21:55 PDT Subject: Warrentlesss SEarches (fwd) In-Reply-To: <199404250026.RAA07388@mail.netcom.com> Message-ID: > >2)I know the value of a gun in this environment. I know how many times > >our home has been kept safe because my father has been willing to wield a > >gun against either intruders or against 'undersireable' characters coming > >around(read drug dealers, crack heads, you name it). Our part of the > >block has a reputation for not being somewhere for these pepole to hang > >out because my father and our neighbors have taken a stand against such > >scum. > > > ... > >Any comments? > > Thanks for your perspective. I have imagined that if I found it necessary > to live in such a place that I might favor choosing a building with some > sort of covenant, explicitly agreed to by all tenants, that allowed > searches for weapons. I take it that you would not find that to be a good > idea. Do you have other ideas along such lines? Yes. Should I be subject to the 'tyranny of the masses' as deToqueville put it? Conventional wisdom would say 'yes' however, I disagree. Conventional wisdom also suggests that I have a choice to live here or not. For many people living in subsidized housing, there is no choice, but rather, the choice is between there and the street. You said that if you had a choice, fine, but for most if not all of these people, there is NO choice. They cannot choose a building, they simply take what is givne to them. Such are the breaks of being poor. Also there exists another problem with it. Why should I give up my gun which I use to protect my family when its not even illegal except in places where the the government is the landlord, that is mostly poorer sections of town. Ben. From sdw at meaddata.com Sun Apr 24 18:37:57 1994 From: sdw at meaddata.com (Stephen Williams) Date: Sun, 24 Apr 94 18:37:57 PDT Subject: The un-BBS In-Reply-To: <199404242120.OAA23991@mail.netcom.com> Message-ID: <9404250138.AA05425@jungle.meaddata.com> ... > > Most systems/people on the Internet are not subsidized. This is well known. > > The critical mass of users has obviated the need for it. > > The subsidies are as follows: > > - universities that provide "free" access to students, faculty, > researchers, etc. (all those ".edu" accounts) > > - corporations that provide similar access to some or all of their > employees > > - government labs, offices, etc. > > The number of Internet users who are going through commercial services > like Netcom, Panix, Portal, etc., or through services like CompuServe > and Prodigy, is currently a small fraction of the overall total. This > will grow, but for the present discussion, most Internet users are not > paying their own bills for their usage of the Net (let alone paying to > ship NetNews around the world). Unusual use of the word 'subsidized'... Most of the above I would just call indirectly funded. I don't think you'd say that corporate employees get subsidized pencils just because it's an expense item for the corp. and they buy in bulk. I guess what you meant was 'institutionally supported'. 'Subsidized' normally means gov. grants to me. (Yes, a fraction of the above examples get gov. grants specifically for Internet expense, but not most.) Thanks for the clarification. sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From dwomack at runner.utsa.edu Sun Apr 24 18:45:58 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Sun, 24 Apr 94 18:45:58 PDT Subject: warrentless searches Message-ID: <9404250145.AA12818@runner.utsa.edu> Adam appears to be of the opinion that we are a democracy...technically, we are a representative republic. A minor quibble, perhaps, but it leads to larger issues. The entire purpose of the structure of our government (seperation of powers, varied election schedules, powers reserved to the states, the bill of rights and so forth) is to prevent the suppression of the rights of a minority by the majority. At least, that is the ideal! Guarantees of freedom are not required for popular positions. Is freedom of the press required for journals extolling the "lovely weather here in our most perfect of all possible worlds!"? Hardly. Such things could be safely written in the most authoritarian society. The majority of the people in the projects wants warrantless searches....it seems so very reasonable to say, ok, the gangs are out of control, the majority wants these searches, lets just go ahead! But, remember, you still have a minority of people who *_don't_* want these searches and seizures. Are we, in the name of expediency, to abandon the rights of this minority? A minority neither of race nor of money, but of opinion? If the majority of people decide that ownership of firearms is counter to the interests of society, will we take away this option? If the majority feels that safety will be enhanced, are we to be required to carry "papers" everywhere? This is a slippery path...if the same majority decides that decent people don't need privacy, then the days of the Clipper debates will remind us of what we have lost. Let's really bring this home...if society decides that "old people", say those over 75, cost too much to keep alive, will we let the same majority invoke forced euthanasia? Why not, the *_majority_* is all for it! No Adam, I'm not accusing you of anything, save the most terrible action of all...the willing subordination of liberty for an elusive safety that probably won't come anyway. Keep in mind that there are antisocial acts even in totalitarian states. And, if the North Koreas of the world have less gang violence...are we ready for such a trade? Again, the elimination of hard won freedoms is a terrible price. I predict that within a decade we will all regret the first step we take toward abolishing the rights our founders willingly gave their all to win. regards.... From unicorn at access.digex.net Sun Apr 24 18:47:14 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 24 Apr 94 18:47:14 PDT Subject: Warrantless searches -- Sorry to start this again.... Message-ID: <199404250147.AA04308@access1.digex.net> -> Well, for one thing, if the drugs they are dealing were not illegal, there would be no high-anxiety drug deals going on in the apartments. tw <- And if the government housing projects weren't there.... From unicorn at access.digex.net Sun Apr 24 18:48:31 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 24 Apr 94 18:48:31 PDT Subject: Warrentlesss SEarches (fwd) Message-ID: <199404250148.AA04381@access1.digex.net> -> Thanks for your perspective. I have imagined that if I found it necessary to live in such a place that I might favor choosing a building with some sort of covenant, explicitly agreed to by all tenants, that allowed searches for weapons. I take it that you would not find that to be a good idea. Do you have other ideas along such lines? <- I'm in the process of looking further, but the legality of this covenant is questionable. From jims at Central.KeyWest.MPGN.COM Sun Apr 24 19:30:04 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell - KD4CKQ) Date: Sun, 24 Apr 94 19:30:04 PDT Subject: Warrantless search -- Let's move it. In-Reply-To: <940424151622.20229e27@SCSUD.CTSTATEU.EDU> Message-ID: <9404250229.AA19759@Central.KeyWest.MPGN.COM> > You guys just keep saying the right things... My comments are below... > -------------- > Jim Sewell (jims at Central.KeyWest.MPGN.COM) said : I have replied via private mail and would like to urge others to do so as well. Sorry for helping to promote an indepth discussion of a topic only marginally inline with c'punks. Yo! Everyone! Carry this thread on in private, please. It is a very valid discussion, but not one for all c'punks. "Are there any cyphers in the room... Get them up against the wall!" -- Pink Floyd meets Big Brother? -- Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com Key West, FL 33041 CIS: 71061,1027 (305) 293-8100 "We keep coding and coding and coding..." From jims at Central.KeyWest.MPGN.COM Sun Apr 24 20:10:29 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell - KD4CKQ) Date: Sun, 24 Apr 94 20:10:29 PDT Subject: Please be patient with me. In-Reply-To: Message-ID: <9404250310.AA19895@Central.KeyWest.MPGN.COM> I'm only going to take a small part of the post. Please don't hurl rocks at me... > ASIDE: I often wonder why people don't want us in the inner city to have > guns. I wonder if its just a bit of racism that fears the empowerment of > people with guns, ... 1. Why are all "inner city" residents black? In Louisville, KY where I grew up the "inner city" was a neighborhood called Portland and it had only white trash there. You know, the kind that would shoot you if you looked at them wrong. There was a portion of the "slums" that was occupied by mostly blacks, but the real problems came from the whites. (By the way, I can call em white trash cuz I'm white and they are trash. ) 2. I'm afraid of any drugged person having a gun. I'm afraid of any resentful person, hateful person, nothing-to-live-for person, etc. having a gun... not a city area, but a mentality... a mentality that can be found in any neighborhood. 3. My philosophy: I'm sorry my great great grand daddy did something bad to your great great grand daddy, but don't blame me for it and don't expect me to "make up" for it, cuz I'm neither responsible nor able to make up for something that happened that long ago with different people involved. > Maybe they fear what sort of destruction will result as in the Watts and > recent King riots, if the rioters were armed. Uhem, they were armed... just like any group in America, some had guns, some had bricks, some had fists, some stayed home. > the BoR and the Declaration mean nothing. Ever been stopped and given > the third degree for simply being in the wrong neighborhood? The > exchange when something like: > > Cop: "What are you doing here?" > Me: "Driving" > Cop: "Where are you going?" > Me: "To visit a friend." > Cop: "What's the address?" > Me "I didn't realize that we had a pass law in effect. Did I take a wrong > turn and end up in Pretoria?" > Cop: "Get out of the car." Nope, I've had better sense than to dis the cops when I get stopped. They are in authority and if you don't recognize that then they will help you "see the light". Sounds like you had a smart attitude and the cop decided to show you who had the right end of the gun. > Now, if you haven't already deleted this due to it's inappropriateness I'd like to say : 1. I'm sorry to post it here. It is my hopes that I've stated what many identify with at least in part so it need not be followed up here again. 2. Barring a momentary lapse of reason I will not respond in public to any more messages in this thread. 3. Where is the crypto angle and how did it get so off-track? Truly folks, I hope this ends and apologize. As I said, I hope I came close enough to J.Random Poster's feelings that he will let it die here and not feel a need to reply further. I can be contacted via private email if anyone wishes to pursue this with me further. jims at mpgn.com Take care everyone! -- Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com Key West, FL 33041 CIS: 71061,1027 (305) 293-8100 "We keep coding and coding and coding..." From mdbomber at w6yx.stanford.edu Sun Apr 24 20:25:03 1994 From: mdbomber at w6yx.stanford.edu (Matt Bartley) Date: Sun, 24 Apr 94 20:25:03 PDT Subject: licence plates seen Message-ID: <199404250324.UAA18256@w6yx.stanford.edu> -----BEGIN PGP SIGNED MESSAGE----- >> Another one on a car I've seen many times is >> >> 68 ASCII >> >> I don't have an ASCII chart available. What does this one mean? >the letter "D". Hmmmmmm. What kind of car? (Dodge?) I think it's an Oldsmobile of some kind. Possibly the owner's initial. I see that car often. If I ever run into its driver I'll have to remember to ask what the significance of the 68/'D' is. -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLbs2xDSSmvXojb+5AQHH2QIAoqpSiFECrt1Wl7W19EnrW5lYOe5AbtgM bLPVjLyDTSdP2KqzDibKwk/9oS7dg66/PiIgnL6TtjuoRS4qqkeqPQ== =QSjv -----END PGP SIGNATURE----- Internet: mdbomber at w6yx.stanford.edu Matt Bartley GPS: 33 49' 117 48' PGP keys on finger and servers From samman at CS.YALE.EDU Sun Apr 24 20:36:28 1994 From: samman at CS.YALE.EDU (Llywelyn) Date: Sun, 24 Apr 94 20:36:28 PDT Subject: Please be patient with me. In-Reply-To: <9404250310.AA19895@Central.KeyWest.MPGN.COM> Message-ID: > > > ASIDE: I often wonder why people don't want us in the inner city to have > > guns. I wonder if its just a bit of racism that fears the empowerment of > > people with guns, ... > 1. Why are all "inner city" residents black? In Louisville, KY where I > grew up the "inner city" was a neighborhood called Portland and it > had only white trash there. You know, the kind that would shoot you Cause all the inner city residents I grew up with, went to school with, hung out with, and shot hoop with were black. My fault, but my response was tinged by my own experiences. > 2. I'm afraid of any drugged person having a gun. I'm afraid of any > resentful person, hateful person, nothing-to-live-for person, etc. > having a gun... not a city area, but a mentality... a mentality > that can be found in any neighborhood. So am I. But he's going to have that gun whether I like it or not. The question that arises in response is, "Can I protect myself against this drugged/hateful/nothing-to-live-for person?" And if the answer is yes, then I must ask myself how. I personally don't like the odds of hand-to-hand combat versus a gun, I like to even the odds. > 3. My philosophy: I'm sorry my great great grand daddy did something > bad to your great great grand daddy, but don't blame me for it and > don't expect me to "make up" for it, cuz I'm neither responsible > nor able to make up for something that happened that long ago with > different people involved. Very good. That's what America is about. Clean starts. You shouldn't have to pay for it, but everyone should help to chip in, because if everyone doesn't then there will be a big disaster later donw the road that is even less appealing. It seems that now a lot of rage and frustration is coming out through the only safety valve available, and that stopgap measures will no longer be sufficient. I'm just suggesting that maybe it may be in everyone's best interest to 'make up' for it now, because the social pressures that will one day be exerted may not be something that you want to see when the pot finally boils over. Plus, and this is personal, I'm for improving the lot of as many people as possible. > > the BoR and the Declaration mean nothing. Ever been stopped and given > > the third degree for simply being in the wrong neighborhood? The > > exchange when something like: > > > > Cop: "What are you doing here?" > > Me: "Driving" > > Cop: "Where are you going?" > > Me: "To visit a friend." > > Cop: "What's the address?" > > Me "I didn't realize that we had a pass law in effect. Did I take a wrong > > turn and end up in Pretoria?" > > Cop: "Get out of the car." > > Nope, I've had better sense than to dis the cops when I get stopped. > They are in authority and if you don't recognize that then they > will help you "see the light". Sounds like you had a smart attitude > and the cop decided to show you who had the right end of the gun. This is probably true. Ah well, I've always had a problem blindly following authroity and not challenging it as my parents will be the first to tell you. > 3. Where is the crypto angle and how did it get so off-track? The crypto angle is closely tied into the angle of unreasonable search and seizures. You see, the unreasonable search and seizure of our words, our thoughts, indeed the very things that a democracy is founded upon--ideas is what crypto is attempting to protect. That in order to protect these rights, and have them apply to crypto, we have to have them apply in as many places as possible, in as many schemas as possible. I question whether if a government will not give us security in our own homes, how they can give us our privacy in as elusive of a concept to the average American as cyberspace. This is the crypto angle. In order to fight for crypto, we have to fight for all the other rights because privacy is assumed and implied as the culmination of the entire BoR because isn't privacy the vehicle and the end of the rights enumerated in the BoR? We can't have privacy without being able to protect it<2nd> and that privacy isn't worth much unless the government is prohibited from invading it <4th and 5th Amendments>, etc. > Truly folks, I hope this ends and apologize. As I said, I hope I > came close enough to J.Random Poster's feelings that he will let it > die here and not feel a need to reply further. I can be contacted > via private email if anyone wishes to pursue this with me further. Very well. Contacy me via private e-mail. I can't promise quick responses as its finals here in the Elm city, but I wanted to point out the points above, especially in the last 2 paragraphs. Ben. From samman at CS.YALE.EDU Sun Apr 24 20:40:29 1994 From: samman at CS.YALE.EDU (Llywelyn) Date: Sun, 24 Apr 94 20:40:29 PDT Subject: licence plates seen In-Reply-To: <199404250324.UAA18256@w6yx.stanford.edu> Message-ID: > > >> Another one on a car I've seen many times is > >> > >> 68 ASCII > >> > >> I don't have an ASCII chart available. What does this one mean? > > >the letter "D". Hmmmmmm. What kind of car? (Dodge?) > > I think it's an Oldsmobile of some kind. Possibly the owner's initial. > I see that car often. If I ever run into its driver I'll have to > remember to ask what the significance of the 68/'D' is. As Tim May pointed out, the letter D if 68d is read and the letter 'h' if 68h is read. Its a joke. Get it? h if its read in hex, and D if its read in Decimal. Ben. ____ Renegade academician. They're a dangerous breed when they go feral. -James P. Blaylock in "Lord Kelvin's Machine" From CCGARY at MIZZOU1.missouri.edu Sun Apr 24 20:47:52 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Sun, 24 Apr 94 20:47:52 PDT Subject: the #freedom channel Message-ID: <9404250347.AA06595@toad.com> I spoke in an earlier post of the #freedom channel on the Internet chat. A brief description of #freedom. They interactively send messages to each other in code. The code is fast & they seem to be talking fluently to each other. This would seem to be an interesting matter to Cypherpunks. I have been asked for more info. on the #freedom channel. I don't know anymore than I've already talked about except that they are not a hidden or invite only channel. Of course, when you talk to them you are ignored. Apparently, they ignore other people because their machines "decrypt" our plaintext to "crypt-like" text. For anyone who would like to join the #freedom channel or acquire their encrypt/decrypt "on the fly" software, I have the following sug- gestions: 1. get on the Internet Chat system. 2. do a " /channel #freedom " command. that will get you into their channel. Immediately after getting on their channel, you will get a list of the nicknames of the users already on the channel. 3. IMMEDIATELY record on paper, the nicknames. - they may scroll off your screen quickly. 4. do a " /whois nick " on several of their nicks. This will get you their Internet email addresses. 5. Mail some of them requests for what you want. Since the channel name is "#freedom", I would suppose they are political & may want to share info. with you. If you are interested in their "on the fly" crypt/decrypt message software & you manage to get it - THEN BRING IT BACK TO CYPHERPUNKS! The stuff would make a good post on a Cypherpunk ftp site for freedom software. Note: it is possible that they may not be sophisticated with cryptography & might not want to give out their encrypt/decrypt algorithm. In which case, please try to get them in touch with one of the more experienced Cypherpunks. Cypherpunks should be able to demonstrate the uselessness of secret algorithms & in such a case give them stronger algorithms. Yours Truly, Gary Jeffers PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKKK! BBBEEEAAATTTT STATE! From joshua at cae.retix.com Sun Apr 24 21:06:22 1994 From: joshua at cae.retix.com (joshua geller) Date: Sun, 24 Apr 94 21:06:22 PDT Subject: mutual interest Message-ID: <199404250404.VAA02918@sleepy.retix.com> you four will probably recall that I have just entered and left your encrypted channel on IRC. this message is crossposted to the cypherpunks mailing list; I, and I am sure other members of this list would be interested in the details of your encryption scheme, if any of you are willing to share. regards, josh From mdbomber at w6yx.stanford.edu Sun Apr 24 21:06:41 1994 From: mdbomber at w6yx.stanford.edu (Matt Bartley) Date: Sun, 24 Apr 94 21:06:41 PDT Subject: licence plates seen Message-ID: <199404250406.VAA18364@w6yx.stanford.edu> >> >> Another one on a car I've seen many times is >> >> >> >> 68 ASCII >As Tim May pointed out, the letter D if 68d is read and the letter 'h' if >68h is read. Its a joke. > >Get it? h if its read in hex, and D if its read in Decimal. I knew it probably was a joke of some kind, but I didn't get it. Thanks for enlightening me. :-) Internet: mdbomber at w6yx.stanford.edu Matt Bartley GPS: 33 49' 117 48' PGP keys on finger and servers From tcmay at netcom.com Sun Apr 24 21:21:42 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 24 Apr 94 21:21:42 PDT Subject: The un-BBS In-Reply-To: <9404250138.AA05425@jungle.meaddata.com> Message-ID: <199404250422.VAA17668@mail.netcom.com> Stephen Williams writes: ... > Unusual use of the word 'subsidized'... Most of the above I would > just call indirectly funded. I don't think you'd say that corporate > employees get subsidized pencils just because it's an expense item for > the corp. and they buy in bulk. When the costs are underwritten by others, and the marginal cost to an employee or student is zero or near zero, I call that a subsidy. The pencil example is indeed a subsidy, just as when we often hear things like "Intel is subsidizing the costs of lunch for its employees." (Subsidies occur for various purposes.) Oxford English Dictionary, Second subsidy -- 1. help, aid, assistance (and many related variants) American Heritage, Third subsidy -- 2. Financial assistance given by one person or government to another. (and so on) > I guess what you meant was 'institutionally supported'. 'Subsidized' > normally means gov. grants to me. (Yes, a fraction of the above > examples get gov. grants specifically for Internet expense, but not > most.) See above. This meaning of subsidy is commonly used, at least by me and the dictionary makers. When a father angrily says to his son, "Look, who do you think is subsidizing your little adventures?," this is the meaning. Or the lunch example. Regardless of such nit-picking about exact meanings of words, there is no doubt that for most people on the Net today, their costs are subsidized (paid for all or in part by others) and thus their market decisions are skewed or distorted by this process. The millions of college students with Net access through their schools can hang out in MUDs and MOOs for many hours every night, knowing their costs are fixed (that is, the costs are folded in to their fees, possibly, or don't exist at all....who can say). The point is that this "free" (marginally, at least, and largely free even in overall terms) service will generally outcompete one which offers similar services but which requires the user to pay for his use in a standard sort of way. And, yes, these same arguments apply to why corporate and government users, whose access to the Net is provided by their employer, will also pick a service that has zero marginal cost to them over a service (like FidoNet) that may cost them hundreds of dollars a month for a feed (I won't get into the range of FidoNet connections, or what telecom pricing trends will means, etc.). (Again, I am making no arguments here for or against the subsidization of students or employees. Merely commenting on a competitive fact of life about the Net.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From eagle at deeptht.armory.com Sun Apr 24 21:31:31 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Sun, 24 Apr 94 21:31:31 PDT Subject: CU Crypto Session Sat Message-ID: <9404242131.aa04743@deeptht.armory.com> -----BEGIN PGP SIGNED MESSAGE----- If old Sam gets his butt in gear, I should have a tape of the crypto session in Boulder yesterday to transcribe. Here's a brief report of the doings. Dr. Dorthy Denning of Georgetown University presented the escrowed encryption proposal. She was talking Boy Scouts and telephones, teaching kindergarten. Escrowed encryption was heinously soft peddled by Denning. The ramifications of escrowed encryption privacy violations by the intelligence communities was avoided during the initial presentation. She assured everyone that the FBI, with probable cause, would get a court order for the escrowed keys from NIST and DoJ. Rebutting was Phil Zimmerman, who was applauded when introduced as being under criminal investigation. Phil talked civil liberties, and some of the uses PGP was finding in countries not nearly as free from gov't intrusion as the United States. Phil brought up the point that intelligence agencies do not play by the same rules as the DoJ and FBI. Ken Klingenstein, CU director of comp. networking services, brought up the most interesting news to me. His perception of the DoD people he was in contact with was that they considered the escrowed encryption quagmire an NSA problem and were providing Klingenstein with helpful information. Denning had been nervous through out her presentation and response to the rebuttals of Phil and Ken. Again she avoided the issue of intelligence community intrusion, focusing on organized crime. I spoke to Denning briefly after the session. Eli Nixon, an investigator for the Zimmerman defense, and I proposed legalization for the drug problem. Denning sugested that organized crime would move into new territory in such an event. Slavery. (I found that rather anti-climactic after her dramatic measured pause for effect). Denning mentioned terrorists. I rebutted with satellite surviellance. I pointed out that we could read a poker hand via computer enhancement. This visibly shook her. Escrowed encryption is completely unnecessary, and she had no rebuttal for this. My information on satellite resolution came from a physicist who worked at JPL. I shook Dr. Denning's hand and wished her luck. She either reads everything I post, or was briefed beforehand. She was quite familiar with me. She couldn't believe I would discuss classified information on satellite resolution in casual conversation. The USAF hand in attendance was as smooth as sandpaper as well. As soon as I mentioned SDI, he shot over to evesdrop on the conversation I was having with Eli Nixon, et al. All and all, a fun time in Boulder. e -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbtGUl/ScHuGXWgVAQHlkAQAwl7sAz32H/zNxDUsPsy+LLEvGUCVScXY Zwr1oGpBqNYPVzDve46CvsissDpTH08MmQelfc+zwmdCjRP6sVzgNILhlsyLihTB Qfjh48sj40ESZnbJtj81k11SSaIBJJpDvlVsEWn4RDiP5aDgRnCKQ8hGxUZmGcCG q6dWYoH3DCc= =nGJZ -----END PGP SIGNATURE----- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From tcmay at netcom.com Sun Apr 24 21:34:22 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 24 Apr 94 21:34:22 PDT Subject: Please be patient with me. In-Reply-To: <9404250310.AA19895@Central.KeyWest.MPGN.COM> Message-ID: <199404250435.VAA19245@mail.netcom.com> Jim Sewell writes: > I'm only going to take a small part of the post. Please don't hurl rocks > at me... > > > > ASIDE: I often wonder why people don't want us in the inner city to have > > guns. I wonder if its just a bit of racism that fears the empowerment of > > people with guns, ... > 1. Why are all "inner city" residents black? In Louisville, KY where I ...much stuff elided... I haven't been participating in this thread, as I have no energy for standard old statist vs. libertarian and ban guns vs. Second Amendment arguments. And I'm not going to start participating now. Why I'm writing is to say I won't "have patience" (the title of Jim's thread here) with someone who 40 minutes earlier (10:29 pm, EDT) was lecturing us all on how inappropriate this thread is and how we all ought to "take it to e-mail." I've generally noticed here (and throughout the Net, possibly throughout the Real World) there are folks who lecture about something being inappropriate---and then can't contain themselves and have to add more crap. Often the complainers about some discussion being "off-topic" are themselves the worst offenders in terms of not knowing when to let an argument just drop. (No offense to my friends for whom this applies.) Topics ebb and flow on this list, and it seems to me that the issues surrounding the door-to-door searches of a housing project have at least _some_ relevance to cryptography and the issues we usually talk about. I tend to agree, though, that the recent discussions are mostly just personal rants. Far be it from me, though, to urge that a topic no longer be discussed. And especially if less than an hour later I feel the urgent need to write even more stuff on the topic. Jeesh. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Sun Apr 24 21:39:26 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 24 Apr 94 21:39:26 PDT Subject: licence plates seen In-Reply-To: Message-ID: <199404250440.VAA19917@mail.netcom.com> > > As Tim May pointed out, the letter D if 68d is read and the letter 'h' if > 68h is read. Its a joke. > > Get it? h if its read in hex, and D if its read in Decimal. > > Ben. I didn't add to that thread. I did write several long articles about crypto, objects, toolkits, etc., but I guess stuff like this is outside the current charter of Cypherpunks, as there has been little comment on my proposals today (I'm reading my mail sequentially, and mostly I've seen stuff about guns, Oldsmobiles, inner cities, warrantless searches, housing projects, ASCII codes ("Hey, _codes_ man!"), and nothing on the threads on crypto toolkits. Oh well.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From sdw at meaddata.com Sun Apr 24 21:52:19 1994 From: sdw at meaddata.com (Stephen Williams) Date: Sun, 24 Apr 94 21:52:19 PDT Subject: The un-BBS In-Reply-To: <199404250422.VAA17668@mail.netcom.com> Message-ID: <9404250452.AA13846@jungle.meaddata.com> ... > When the costs are underwritten by others, and the marginal cost to an > employee or student is zero or near zero, I call that a subsidy. The > pencil example is indeed a subsidy, just as when we often hear things > like "Intel is subsidizing the costs of lunch for its employees." > > (Subsidies occur for various purposes.) ... > The point is that this "free" (marginally, at least, and largely free > even in overall terms) service will generally outcompete one which > offers similar services but which requires the user to pay for his use > in a standard sort of way. > > And, yes, these same arguments apply to why corporate and government > users, whose access to the Net is provided by their employer, will > also pick a service that has zero marginal cost to them over a service > (like FidoNet) that may cost them hundreds of dollars a month for a > feed (I won't get into the range of FidoNet connections, or what > telecom pricing trends will means, etc.). > > (Again, I am making no arguments here for or against the subsidization > of students or employees. Merely commenting on a competitive fact of > life about the Net.) > > --Tim May I yield... I was overly sensitive to anything that might be construed to be continuing the idea that the Internet is mostly Gov. funded... I should have known that you knew better. (I'll plead cronic exhaustion: 15 hour days for the last week to finish a project... slippery fingers deleted 1500/5MB worth of email last night... One way to catch up.) I agree with your point. sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From sameer at soda.berkeley.edu Sun Apr 24 22:16:36 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Sun, 24 Apr 94 22:16:36 PDT Subject: The un-BBS (minor corrections) In-Reply-To: <199404240936.CAA28994@mail.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Timothy C. May spake: > > > Gad, I see I made several mistakes in one paragraph: > > > I support Mike's belief that some sort of Internet II is needed. It'll > > be hard to duplicate the spectacular sense of the Internet, and almost > > certainly happen because of "planning." > > A better version: > > I support Mike Ingle's belief that some sort of Internet II is needed. > It'll be hard to duplicate the spectacular *succeess* of the Internet, > and almost *not* certainly happen because of "planning." > > One of my dreams is to be running/a-part-of my own backbone.. but not a backbone in the current hierarchal organization, but more of a web. . . each site connected to about 3-4 other sites (relatively local.. maybe in neighboring regions of the country) with highspeed links, and decentralized.. The net may be decentralized, but not decentralized enough. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbtSbHi7eNFdXppdAQFKwgP/UWkK8eaeY4IudsG/IDr6BfpOUoN6w/5z hzcWea6ro/rUowZDhrn2/npoai4MJqsiiwT6ZX7Ibz3I2UJP5gYgT6qjLa6dpBBf 0XtCZEBSK/Qi+RMU0iUyK7Yu23LZlSA5wLZ1ZPboZhC530+d8Yg+O7MUb1+0ZaDF ddOmEwBBRt4= =ltT8 -----END PGP SIGNATURE----- From ebrandt at jarthur.cs.hmc.edu Sun Apr 24 23:38:29 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Sun, 24 Apr 94 23:38:29 PDT Subject: The un-BBS In-Reply-To: <199404250422.VAA17668@mail.netcom.com> Message-ID: <9404250638.AA08925@toad.com> > When the costs are underwritten by others, and the marginal cost to an > employee or student is zero or near zero, I call that a subsidy. I call that "flat-rate". Netcom charges $30 a month (I think) with no marginal costs (right?); Harvey Mudd charges $20K a year with no marginal costs (and certain other benefits, to be sure). > The point is that this "free" (marginally, at least, and largely free > even in overall terms) service will generally outcompete one which > offers similar services but which requires the user to pay for his use > in a standard sort of way. The reason that most access providers don't charge by the packet for Internet traffic is that it's not economical to do so -- a T1 doesn't care how much you put across it. As a result, they do flat rate service, users generate more traffic, and users see a slower network connection. But until people aren't willing to pay per-packet fees in order to deter excess traffic, this will continue. Eli ebrandt at hmc.edu finger for PGP key. The above text is worth precisely its weight in gold. From sonny at netcom.com Mon Apr 25 00:17:16 1994 From: sonny at netcom.com (James Hicks) Date: Mon, 25 Apr 94 00:17:16 PDT Subject: Warrentlesss SEarches In-Reply-To: <940424200411.2022b905@SCSUD.CTSTATEU.EDU> Message-ID: <199404250718.AAA16977@mail.netcom.com> > Last time I checked, this country was a democracy. The guy who started the > searches had to get permission from the people living in the apartment to > start the searches. If most of the people in the building thought it was > a good idea, then the majority can't be wrong, right? > Adam Gerstein Didn't Pontius Pilate have a similar argument? +---------------------------------------------------------------------+ | james hicks | Give me your tired, your poor, | | | your huddled masses yearning to breathe free, | | ...can you hear | Send these, the homeless, tempest-tossed to me.| | the music?... | I lift my lamp beside the golden door! | +---------------------------------------------------------------------+ From pls at crl.com Mon Apr 25 01:21:15 1994 From: pls at crl.com (Paul Schauble) Date: Mon, 25 Apr 94 01:21:15 PDT Subject: Warrentlesss SEarches In-Reply-To: <940424200411.2022b905@SCSUD.CTSTATEU.EDU> Message-ID: On Sun, 24 Apr 1994 GERSTEIN at SCSUD.CTSTATEU.EDU wrote: > - searches, I only said that they seem like the right thing for the CHA police to > do considering their circumstances. Last time I checked, this country was a > democracy. > The guy who started the searches had to get permission from the > people living in the apartment to start the searches. If most of the people in > the building thought it was a good idea, then the majority can't be wrong, > right? > I know the Bill of Rights also, and I'm not saying they should abandon it. But > until they can come up with something to deal with these gangs, I think that > the searches are appropriate. > > > Adam Gerstein > So if a majority of your neighbors voted to have you executed and your property divided among them, then that would be OK by you, yes? After all, you say that "the majority can't be wrong". The problem here, as illustrated by the quote from 'A Man for All Seasons' is that rights must be maintained and enforced *especially* when it is difficult to do so. If the government is allowed to violate rights "because they have no other option", then such violation becomes routine, and soon no right exists. It's rather like being pregnant. From hh at cicada.berkeley.edu Mon Apr 25 03:02:50 1994 From: hh at cicada.berkeley.edu (Eric Hollander) Date: Mon, 25 Apr 94 03:02:50 PDT Subject: taming the wild pgp Message-ID: <9404250957.AA17651@cicada.berkeley.edu> i'm having a problem with pgp. i want to use it in my remailer to decrypt incoming encrypted remail requests. the problem is this: someone could send in a keyfile instead of an encrypted text. according to the pgp manual, If you want to specify a particular key ring file name, but want to see all the keys in it, try this alternative approach: pgp keyfile With no command options specified, PGP lists all the keys in keyfile.pgp, and also attempts to add them to your key ring if they are not already on your key ring. this is bad because that's also the command used to decrypt a file. how can i make sure that the only thing pgp will attempt to do is decrypt a file, and it will never take keys from the input file and add them to any keyring? e From ecarp at netcom.com Mon Apr 25 03:53:12 1994 From: ecarp at netcom.com (Ed Carp) Date: Mon, 25 Apr 94 03:53:12 PDT Subject: interesting post... Message-ID: From hh at xcf.Berkeley.EDU Mon Apr 25 04:35:50 1994 From: hh at xcf.Berkeley.EDU (Eric Hollander) Date: Mon, 25 Apr 94 04:35:50 PDT Subject: the hh remailer (remailer@soda) Message-ID: <9404251135.AA18462@xcf.Berkeley.EDU> i have added a feature to my remailer allowing a secure path to and from the remailer, for both posting (mailing) and replies. this code will be made available soon, so hopefully people will start running more of these remailers. this is excerpted from the instructions. have fun. ------- = Encrypted remail requests Like most of the traditional cypherpunks remailers, this remailer allows encrypted remail requests. To use this feature, create a file that looks like this: :: Anon-Post-To: rec.fish Subject: fillet of fish I like trout fillet... Then encrypt this file with the remailer's public key. remailer at soda.berkeley.edu's key is: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAi27mNAAAAECAONCUi/9jdl0SXGhOhT4Vvgl9uOYLgbOjU5kMXEkpFQriCYC hWfNuhH8zESs9DFTMHCXUsXYrkkm/bHdhGheaHUABRO0LlRvbW15IHRoZSBUb3Vy aXN0IDxyZW1haWxlckBzb2RhLmJlcmtlbGV5LmVkdT4= =aoJM -----END PGP PUBLIC KEY BLOCK----- Then, send your message to remailer at soda, like this: To: remailer at soda Subject: this line is ignored :: Encrypted: PGP [your encrypted file here] The remailer will decrypt it and post it to the appropriate group. This feature also works with Anon-Send-To:. = Encrypted response This feature provides a level of security beyond that of almost any other remailer which is capable of response to anonymous messages. To use this feature, first choose a passphrase. This phrase will be used to encrypt messages sent back to you. The encryption will be single-key (IDEA) encryption, not PGP's normal public-private key encryption. The reason for this is that public key encryption is actually uneccessary in this use, and single-key encryption with this protocol does not require a database (such as anon.penet.fi's database mapping aliases onto addresses) increasing the security of anonymous users. To use this feature, create a file like this, where your-pass-phrase is the phrase you have selected: :: Anon-Post-To: rec.fish Subject: fillet of sole User-Key: your-pass-phrase I like it when they cook fish like this... Then, encrypt this file with the remailer's public key, and send it in as above. When a user responds to your post (or mail), his response will be encrypted with your-pass-phrase. You can read his response by saving it to a file and using PGP on it. PGP will ask you for a passphrase; enter yours, and you will see his response to your post (or mail). This feature allows both your posts, and the responses to your posts, to be securely encrypted, protecting your privacy in both directions. = Traffic Analysis This remailer is designed to ensure that mail does not go out in the order it is received in, to make it more difficult to link a sender to a recipient by looking at mail logs. This means that there will be some random delay in your mail and your postings. From perry at snark.imsi.com Mon Apr 25 04:41:54 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 25 Apr 94 04:41:54 PDT Subject: Distributed "Family" of processors In-Reply-To: <01HBIROKFRE490NZR0@VAX1.UMKC.EDU> Message-ID: <9404251140.AA04577@snark.imsi.com> PMARKS at vax1.umkc.edu says: > Or, boy was my face red when I found out I vouched for my best > friend's public key only to find out that he worked for the NSA. So? Signing a key implies that you believe the key belongs to the person, not that you believe the person to be trustworthy. Perry From vkisosza at acs.ucalgary.ca Mon Apr 25 04:50:16 1994 From: vkisosza at acs.ucalgary.ca (vkisosza at acs.ucalgary.ca) Date: Mon, 25 Apr 94 04:50:16 PDT Subject: taming the wild pgp Message-ID: <9404251148.AA58410@acs5.acs.ucalgary.ca> While I can't say that I know a darn thing about pgp, try (from the documentation) pgp ciphertextfile [-o plaintextfile] From edgar at spectrx.sbay.org Mon Apr 25 06:47:46 1994 From: edgar at spectrx.sbay.org (Edgar W. Swank) Date: Mon, 25 Apr 94 06:47:46 PDT Subject: Remailer Musings Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Philippe Nave posted: The recent posting by Scott Collins about his remailer and the copyright incident illustrates several problems with the remailer system as I see it. In my mind, then, the solution to these problems requires remailers that leave *no trace* of message origins, including the address of the remailer itself. If this is not possible, then I for one will employ other means for anonymous communication. No matter what the remailer operator does, the node he sends remailed msgs -to- is going to add a net header revealing where the msg came - -from-, so absolute untraceability seems impossible. But there are some things we could do to make tracing more difficult. Although we can't effect the net headers added -after- we forward a msg, we could certainly add a chain of fictitious net headers to the msg -before- we forward it (after removing the real net headers which is done already) which would indicate a false location for the remailer, leaving the real remailer node appearing as only an intermediate net node. The last fictitious node could be a UUCP account which always calls you to exchange mail, so all the info in your UUCP map could be phony. The person offended by E-mail can come to you and you can pretend to cooperate by giving him the phony info. If he comes back after his wild goose chase, you can say, "you mean that SOB gave me a phony address, etc.? Thanks for letting me know; I'll cancel his UUCP account immediately!" Then just change the phony net chain to something else. Another technique is to receive mail to be forwarded at one address (the public remailer address) but forward it from another. This is easy to do with two (or more) UUCP accounts. The remailer operator himself can have a policy of accepting UUCP accounts and not checking the phone number or location. Finally, it's a good thing to have remailers in different national jurisdictions. Currently the only Cypherpunks remailer not in the USA is remail at extropia.wimsey.com in Canada. We need more remailers in more countries. Places like Hong Kong or Russia, which don't give a shit about copyrights. Denmark or Holland, which don't give a shit about kiddy porn. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbrpPN4nNf3ah8DHAQEIxAP/bqWudrEHbmOZ+o/4VPHxjsDFw/Nih7TA SKffoFH035kXvFR6gDRVX3KErb77XhH9GJ2qcKXKZNt62Cfzpofdc4WOqXMK/syZ NuaKx0PIbO0Hqq34XpZ9xX6pgSOO+L1flREjt2kIaSO78OVBFgryqrgOFSg7Hm29 3BF6bqkKIDQ= =f4bg -----END PGP SIGNATURE----- -- edgar at spectrx.sbay.org (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From frissell at panix.com Mon Apr 25 08:36:27 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 25 Apr 94 08:36:27 PDT Subject: Milgram & Authority Message-ID: <199404251536.AA05269@panix.com> E>Milgram had 66% go to the end of the board with the subjects believing E>they had killed a person with electric shock. Sorry I didn't see this thread before it trailed off into personal disputes. One of my favorites. Anyone interested in liberty or politics should have read "Obedience to Authority" in which the results of this experiment are reported for popular consumption. ************ Search term: milgram Milgram, Stanley -------------------------------- The American social psychologist Stanley Milgram, b. New York City, Aug. 15,1933, d. Dec. 20, 1984, gained wide recognition for the experiments described in his book. Obedience to Authority (1974). In one, "technicians" urged participants to give a series of electric shocks of increasingly higher voltage to "subjects" who had incorrectly answered questions. About 60 percent compiled. No voltage was actually applied: the subjects were actors who feigned agony. Milgram took the results as proof that ordinary people will inflict pain on innocent people when commanded by an authoritative figure. ************ There was also a made for TV movie starring William Shatner as the researcher. Helps you understand "how they could do that" when confronted with atrocities. DCF "Why did you use force or violence to overthrow the government of the United States?" "I vuz only followink ourders!" --- WinQwk 2.0b#1165 From MaraW at fs-gate.uchicago.edu Mon Apr 25 09:22:08 1994 From: MaraW at fs-gate.uchicago.edu (Whitney, Mara) Date: Mon, 25 Apr 94 09:22:08 PDT Subject: Help in Albuquerque Message-ID: <2DBBED10@FS-GATE.UCHICAGO.EDU> Dear Cypherpunks,, I have a native american activist friend, who lives near Albuquerque, and who is currently not connected to the net. He wishes to find information about net connectivity and also has concerns about privacy of electronic communication. Is there anyone out there who can assist? Thank you very much, Mara Whitney (maraw at fs-gate.uchicago.edu) From phantom at u.washington.edu Mon Apr 25 10:05:21 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Mon, 25 Apr 94 10:05:21 PDT Subject: taming the wild pgp Message-ID: I don't see a huge problem here with keys being added, unless someone starts sending the keyserver's databases to the remailers in an effort to crash them. I can only think of one way around it -- recompiling with the key-adding procedure commented out (at least for the version the remailer uses). If you need to add keys, use the version you've already compiled. Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From qjones at infi.net Mon Apr 25 10:10:44 1994 From: qjones at infi.net (Wayne Q Jones) Date: Mon, 25 Apr 94 10:10:44 PDT Subject: Lord Have Mercy On Us All :-( In-Reply-To: Message-ID: Told u so!!! **************************************************************************** Qjones at infi.net She kissed me- I felt the hot blush * * Qjones at larry.wyvern.com Of raging passion incinerate my heart * **************************************************************************** From iplus1hope at aol.com Mon Apr 25 10:19:07 1994 From: iplus1hope at aol.com (iplus1hope at aol.com) Date: Mon, 25 Apr 94 10:19:07 PDT Subject: anti-clipper t-shirt Message-ID: <9404251316.tn06965@aol.com> I am amazed at the response to the anti-clipper t-shirt we created. If you still haven't received your shirt, we apologize for the delay. Since word spread around the Net, we have received hundreds of orders. A picture of the shirt was included last week in an article in The Washington Post! We have gotten orders from well-known cyber authors and an MTV veejay. I wonder if Al Gore saw it... As information has spread, it seems to have gotten a bit diluted. Here is the information. The shirt says "Don't Give Big Brother a Master Key. Terminate Clipper Now." It has a graphic of a skeleton key on a chip. The shirts are XL and black only. I can't evaluate our own work, but everybody seems to like it a lot. We accept COD orders at iplus1hope at aol.com ($14.50) and check orders ($12.50) at PO Box 59152 Renton, WA 98058. Thanks. Paul Clark From matsb at sos.sll.se Mon Apr 25 10:26:18 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Mon, 25 Apr 94 10:26:18 PDT Subject: Clipper Session Key Message-ID: How do two Clipper/Capstone/Skipjack/Teressa units agree on a session key without compromising it to the bad guys tapping the line? If not known outside of the NSA, what possible solutions are there? From wcs at anchor.ho.att.com Mon Apr 25 10:31:09 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 25 Apr 94 10:31:09 PDT Subject: THE FREEDOM DAEMON - PART DOUX Message-ID: <9404251651.AA22530@anchor.ho.att.com> Gary Jeffers writes: > There has been some criticism of the ethics of my THE FREEDOM DAEMON post. > The freedom daemon is a proposed software machine for a proposed > future in which a police state captures the Internet. It did look a lot like fiction rather than a plan for real code. But parts of it didn't look like good ideas. > Under a police state & in times of strife, ethics change & > things that were at one time unthinkable become quite thinkable. Ethics don't change - some people just make different decisions about whether to apply them or not. Sometimes the applications are different, if your ethics tell you to treat bad guys differently from good guys and other people have changed sides. > However, this speculation was just a flight of fancy, so go back to > sleep & don't worry your precious little heads. Same to you, bud :-) Bill Stewart From unicorn at access.digex.net Mon Apr 25 10:52:50 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 25 Apr 94 10:52:50 PDT Subject: Wow, what a key! Message-ID: <199404251752.AA22483@access1.digex.net> |-----------------------------------------------------------------------------| | "You know it's the Turn of the Century when a girl in a bar gives you her | | e-mail address on a napkin."-Sean P. Kane | |-----------------------------------------------------------------------------| 1023 Byte PGP Public Key Avaliable Upon Request. (c)1994 by: Sean Padraic Kane ^^^^ Now that's a PGP key! From unicorn at access.digex.net Mon Apr 25 11:01:01 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 25 Apr 94 11:01:01 PDT Subject: Id List.... Release? Message-ID: <199404251800.AA22894@access1.digex.net> I have a pretty good list of ID's and their characteristics, and I'm about ready to make the list available. I thought I might try something to make it interesting. The list will be available to anyone who provides me with 10 tacky tokens from the magic money application. We'll see how this work. (s) My public key is below. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAizHPkIAAAEEAOKHLAIvCncQq/RANzQT56keJSfF/acDU3ZJlUpV4Dh2Vs7u Z5TXhF9GYrG7RVAdqYl+Vm7NkWEfvplVwWTCL2800jV96AV3UwBfmKYA7FkP+Q2W dir7k8694/kHneuxwXuQaEkkCF3W61wCCEWgj2oey74rc+BfyRibHbaiMfO5ABEB AAG0KEJsYWNrIFVuaWNvcm4gPHVuaWNvcm5AYWNjZXNzLmRpZ2V4Lm5ldD6JAJUC BRAv6i74GJsdtqIx87kBAdNYA/9/26Md1Ja9f8pa0S1RW1m6sFzweCd/66ovd2uI iQGQOBbica5tFllDA+ftzDbrFdF52QQFyXjdWaPWRQXKagudCAypqeN6Xw/Es0Hs BT+B+/jqQ9op21ZslGC02YmwcmSYhjHYFVjHiraEFFY4hWodEvKqMlwp3oaz5WEI XTYd7okAlQIFEC2PMBSYSxy3DyA5JQEBabcD/3mBj/tbg46B2l0RxfQGVBU4EY38 dAqJ7z0ZUQB3vLP0LC/xShFSIUzHBvIVvBqxNdLhAiBSq0no/NiW1eItJz94UfM2 GFrPnIyTq3DDilTEJJnHeKm1CETsB7yZNFKBegpGVqI1SvYCgLTgj79tVRR1MHbX zsbPGpdIFjKvAmkJ =LRaO -----END PGP PUBLIC KEY BLOCK----- I threw in the magic money bit so perry wouldn't complain that my message had nothing to do with cryptography. :) -uni- (Dark) From tcmay at netcom.com Mon Apr 25 11:20:47 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 25 Apr 94 11:20:47 PDT Subject: Wow, what a key! In-Reply-To: <199404251752.AA22483@access1.digex.net> Message-ID: <199404251821.LAA19988@netcom.com> Black Unicorn, who must be horny, writes: > | "You know it's the Turn of the Century when a girl in a bar gives you her | > | e-mail address on a napkin."-Sean P. Kane | > > Now that's a PGP key! > In yet another example of what Eric Hughes has dubbed "acronym overloading," of which ATM and LCD are two of the more egregious examples, PGP obviously means "Pretty Good Pussy." --Tim (ObGynCrypto bar pickup line: "If you've the lock, I've got the key.") -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jim at Tadpole.COM Mon Apr 25 11:31:26 1994 From: jim at Tadpole.COM (Jim Thompson) Date: Mon, 25 Apr 94 11:31:26 PDT Subject: Wow, what a key! Message-ID: <9404251829.AA10841@chiba.tadpole.com> There is a 'pick her locks' joke here, but I'm not going to make it. From afabbro at umich.edu Mon Apr 25 11:32:55 1994 From: afabbro at umich.edu (This Space For Rent) Date: Mon, 25 Apr 94 11:32:55 PDT Subject: anti-clipper t-shirt In-Reply-To: <9404251316.tn06965@aol.com> Message-ID: On Mon, 25 Apr 1994 iplus1hope at aol.com wrote: > I am amazed at the response to the anti-clipper t-shirt we created. If you Speaking of T-shirts...is the gentleman who was producing the other shirt (the 1984 shirt) acknowledging orders? I sent my check, address, adn e-mail address, and haven't heard a peep...if he's not, that's fine...I was just under the impression that he was, which makes me wonder if Big Brother's postal minion lost my order somewhere along the way... Sorry to address this to the whole list, but I've lost his address. Andrew Fabbro If laws are outlawed, weltschmerz at umich.edu only outlaws will University of Michigan have laws. Fnord. _____________________________________________________________ Finger afabbro at churchst.ccs.itd.umich.edu for PGP public key. PGPprint: 87 41 65 E0 C2 51 9F E5 A9 44 ED A6 6B 16 76 9E NSA bait: assassinate uranium dreamland CIA p.o.e. zimmerman From an52210 at anon.penet.fi Mon Apr 25 12:08:57 1994 From: an52210 at anon.penet.fi (Dead Socket) Date: Mon, 25 Apr 94 12:08:57 PDT Subject: Black Net Message-ID: <9404251848.AA20255@anon.penet.fi> killbarny at aol.com once said: KI> Has anyone heard of BlackNet? BlackNet is in the business of buying, selling, KI> trading, and otherwise dealing with information in all its many forms. KI> KI> Through PGP and anonymous remailers, the folks at BlackNet plan to create a KI> huge black market in data: trade secrets, processes, production methods, KI> nanotechnology, privacy databases, and chemical manufacturing. KI> KI> The only way to get in is to find a BlackNet-oriented message (one with the KI> BlackNet PGP key), then respond to it, using anonymous remailers and PGP. KI> KI> It might be found in or . If anyone KI> knows about this [or their address/key], please send. As far as I know, blacknet was one of the spoofs Detweiler (tmp at netcom.com) made to make the cypherpunks list look bad. I'm not sure if it was a Detweiler spoof, but if it wasn't, BlackNet is definitively cool. I couldn't find the original BlackNet posting, maybe somebody could repost it ? Dead Socket ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From stjude at well.sf.ca.us Mon Apr 25 12:22:12 1994 From: stjude at well.sf.ca.us (Judith Milhon) Date: Mon, 25 Apr 94 12:22:12 PDT Subject: F Y I Message-ID: <199404251922.MAA19465@well.sf.ca.us> ---------- Forwarded message ---------- Date: Sat, 23 Apr 1994 19:19:32 -0700 (PDT) Sender: James Cook Subject: New List: Investigators/Information Professionals ============================================================================ = Information Professionals List ============================================================================ = The Information Professional's List (InfoPro) is a network of information professionals comprised of private investigators, legal investigators for law firms, fee-based information brokers, investigative reporters, United Nations information personnel, corporate information officers, competitor intelligence analysts, other related professions, and also certain key resources for these groups of professionals. The diversity of this membership offers a rich pool of international expertise. The InfoPro network includes members of the following associations: Society of Competitor Intelligence Professionals Association of Independent Information Professionals National Association of Former Intelligence Officers Japan Investigative Services Association American Association of Law Libraries American Society for Information Science California Association of Licensed Investigators Special Libraries Association Association of Professional Investigators World Association of Detectives National Public Records Research Association Investigative Reporters & Editors European Information Brokers Association and others..... Representatives of Dialog, Mead Data Central, and other large information providers are also members. This is a private list. Membership is limited, and is primarily for those on the investigative side of the information professions. This professional network exists not only for discussion, but also to facilitate active networking and resource sharing. To obtain an application for membership, send E-Mail to James Cook at jcook at Netcom.com. ========================================================================= From tcmay at netcom.com Mon Apr 25 12:25:38 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 25 Apr 94 12:25:38 PDT Subject: Wow, what a key! In-Reply-To: <9404251829.AA10841@chiba.tadpole.com> Message-ID: <199404251926.MAA28155@netcom.com> > > > There is a 'pick her locks' joke here, but I'm not going to make it. > Another Floydian slip I see. Or is just another pick in the wall? --Tim, who apologizes for these wastes of bandwidth but notes that Cyperpunks seem less interested in software and more interested in housing projects, guns, Oldsmobiles, and NSA manuals these days. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jamiel at sybase.com Mon Apr 25 12:27:08 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Mon, 25 Apr 94 12:27:08 PDT Subject: Wow, what a key! Message-ID: <9404251926.AA17409@ralph.sybgate.sybase.com> At 1:29 PM 04/25/94 +0600, Jim Thompson wrote: >There is a 'pick her locks' joke here, but I'm not going to make it. OK boys, when you wanna talk crypto let the girls on the list know. -j (Yawning at the thought of a 'key') jamie -- "Sure, people mistake me for straight, but when I do get someone in bed,that's when being a femme *really* pays off." -Bryna Bank, on Butch/Femme jamie lawrence jamiel at sybase.com From sonny at netcom.com Mon Apr 25 12:40:10 1994 From: sonny at netcom.com (James Hicks) Date: Mon, 25 Apr 94 12:40:10 PDT Subject: Warrentlesss SEarches In-Reply-To: <9404251248.AA04845@snark.imsi.com> Message-ID: <199404251941.MAA28628@netcom.com> Perry said: > > > As much as I agree, this is not a message about cryptography. > > Perry > > James Hicks says: > > > Last time I checked, this country was a democracy. The guy who started the > > > searches had to get permission from the people living in the apartment to > > > start the searches. If most of the people in the building thought it was > > > a good idea, then the majority can't be wrong, right? > > > > > > > Adam Gerstein > > > > > > Didn't Pontius Pilate have a similar argument? I apologize. > > > > > > +---------------------------------------------------------------------+ > > | james hicks | Give me your tired, your poor, | > > | | your huddled masses yearning to breathe free, | > > | ...can you hear | Send these, the homeless, tempest-tossed to me.| > > | the music?... | I lift my lamp beside the golden door! | > > +---------------------------------------------------------------------+ > From ecarp at netcom.com Mon Apr 25 12:43:07 1994 From: ecarp at netcom.com (Ed Carp) Date: Mon, 25 Apr 94 12:43:07 PDT Subject: Wow, what a key! In-Reply-To: <199404251926.MAA28155@netcom.com> Message-ID: On Mon, 25 Apr 1994, Timothy C. May wrote: > > There is a 'pick her locks' joke here, but I'm not going to make it. > > > > Another Floydian slip I see. Or is just another pick in the wall? > > --Tim, who apologizes for these wastes of bandwidth but notes that > Cyperpunks seem less interested in software and more interested in > housing projects, guns, Oldsmobiles, and NSA manuals these days. While I will say that guns and housing projects are important topics, as well as the loss of our individual freedoms, I will agree with my esteemed colleague from the great state of California that this list *is* about writing code, etc. In that spirit, spurred on by my f**king netcom account being broken into by some idiot with a packet sniffer, I've been looking into hacking "pgptalk" (actually, ytalk with a popen() call to pgp and D-H key exchange) to provide the same sort of functionality for telnet. The target platforms are SunOS (which is what netcom runs) and linux. On first investigation, it doesn't look too hard to do the D-H key exchange stuff, as they are separated out into separate modules. I've got the source for telnet/telnetd, and have added enhancements (like blasting out /etc/issue on connect), so I hope it won't be to difficult a project. Sure would be nice to be able to do it in such a way that doesn't violate ITAR. Does anyone know if D-H key exchange qualifies as restricted under the ITAR? I can always do a popen() to pgp like ytalk does, and let the buyer be responsible for getting their hands on PGP or a look-alike. From jim at Tadpole.COM Mon Apr 25 12:47:53 1994 From: jim at Tadpole.COM (Jim Thompson) Date: Mon, 25 Apr 94 12:47:53 PDT Subject: Wow, what a key! Message-ID: <9404251947.AA10917@chiba.tadpole.com> Doug Barnes and I are so very close to a DH telnet (based on the Bezerkley code) that you might want to wait a bit. I apologise if I managed to offend anyone with the 'joke'. Jim From ecarp at netcom.com Mon Apr 25 12:53:01 1994 From: ecarp at netcom.com (Ed Carp) Date: Mon, 25 Apr 94 12:53:01 PDT Subject: Wow, what a key! In-Reply-To: <9404251947.AA10917@chiba.tadpole.com> Message-ID: On Mon, 25 Apr 1994, Jim Thompson wrote: > Doug Barnes and I are so very close to a DH telnet (based on the > Bezerkley code) that you might want to wait a bit. What's "a bit"? I figure I could do the hacking, it'd just take me a weekend or two, given that my work load is pretty tight right now... :( From mg5n+ at andrew.cmu.edu Mon Apr 25 13:06:59 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Mon, 25 Apr 94 13:06:59 PDT Subject: taming the wild pgp In-Reply-To: Message-ID: Matt Thomlinson wrote: > I can only think of one way around it -- recompiling with the > key-adding procedure commented out (at least for the version > the remailer uses). If you need to add keys, use the version > you've already compiled. Couldn't you just modify your remailer to search for the string "BEGIN PGP PUBLIC KEY BLOCK" and dump the message if it finds it? Or will PGP recognize if even if it doesn't have that header...? Anyway, PGP puts ID bytes at the beginning of its files, and in ascii-armor, public keys always begin with mQ and crypted messages begin with hE or hI. You could probably just dump the message if the first line of the ASCII-armoring began with mQ... From perry at snark.imsi.com Mon Apr 25 13:20:25 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 25 Apr 94 13:20:25 PDT Subject: Wow, what a key! In-Reply-To: Message-ID: <9404252019.AA05719@snark.imsi.com> Ed Carp says: > In that spirit, spurred on by my f**king netcom account being broken into > by some idiot with a packet sniffer, I've been looking into hacking > "pgptalk" (actually, ytalk with a popen() call to pgp and D-H key > exchange) to provide the same sort of functionality for telnet. The > target platforms are SunOS (which is what netcom runs) and linux. As I've mentioned previously to people, there is an actual, live, honest to god RFC for doing authentication and encryption of telnet sessions, and the 4.4 BSD release contains the actual, honest to god code. I would suggest looking at that before reinventing the wheel. All sites ought to support it -- its a big win. Perry From perry at snark.imsi.com Mon Apr 25 13:21:19 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 25 Apr 94 13:21:19 PDT Subject: Wow, what a key! In-Reply-To: <9404251947.AA10917@chiba.tadpole.com> Message-ID: <9404252020.AA05727@snark.imsi.com> Jim Thompson says: > Doug Barnes and I are so very close to a DH telnet (based on the > Bezerkley code) that you might want to wait a bit. I assume this is the Cray telnet code in 4.4 that you are talking about? Are you using the D-H in RSAREF? Perry From jim at bilbo.suite.com Mon Apr 25 14:05:27 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Mon, 25 Apr 94 14:05:27 PDT Subject: CA fingerprinting welfare applicants? Message-ID: <9404252058.AA11983@bilbo.suite.com> Has California has recently begun fingerprinting welfare applicants to help detect attempts at welfare cheating? I saw the tail-end of a news clip about this on Headline News a couple of weeks ago, but I didn't catch the whole report. Jim_Miller at suite.com From ecarp at netcom.com Mon Apr 25 14:16:24 1994 From: ecarp at netcom.com (Ed Carp) Date: Mon, 25 Apr 94 14:16:24 PDT Subject: Wow, what a key! In-Reply-To: <9404252019.AA05719@snark.imsi.com> Message-ID: On Mon, 25 Apr 1994, Perry E. Metzger wrote: > Ed Carp says: > > In that spirit, spurred on by my f**king netcom account being broken into > > by some idiot with a packet sniffer, I've been looking into hacking > > "pgptalk" (actually, ytalk with a popen() call to pgp and D-H key > > exchange) to provide the same sort of functionality for telnet. The > > target platforms are SunOS (which is what netcom runs) and linux. > > As I've mentioned previously to people, there is an actual, live, > honest to god RFC for doing authentication and encryption of telnet > sessions, and the 4.4 BSD release contains the actual, honest to god > code. I would suggest looking at that before reinventing the wheel. > All sites ought to support it -- its a big win. Well, last time I looked for it, I couldn't find it. And doesn't it use DES? What does it use for key exchange? I'd also have to hack it quite a bit to port it to linux, I think. But if you could point me to an FTP site that has the code, I'd be willing to look at it. Come to think of it, the last time I looked, I *did* find it on a Walnut Creek CD-ROM FTP server - but it wasn't complete, and it had no instructions for adding the DES code. Could you refer me to a site that has the COMPLETE code, ready-to-build? From perry at snark.imsi.com Mon Apr 25 14:21:03 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 25 Apr 94 14:21:03 PDT Subject: Wow, what a key! In-Reply-To: Message-ID: <9404252120.AA05992@snark.imsi.com> Ed Carp says: > > As I've mentioned previously to people, there is an actual, live, > > honest to god RFC for doing authentication and encryption of telnet > > sessions, and the 4.4 BSD release contains the actual, honest to god > > code. I would suggest looking at that before reinventing the wheel. > > All sites ought to support it -- its a big win. > > Well, last time I looked for it, I couldn't find it. And doesn't it use DES? The RFC doesn't specify an encryption system. Its been a while since I've looked at the Cray code. > What does it use for key exchange? I don't believe the Cray implementation had a key exchange system, but I believe that hooks for one were present in the protocol. > I'd also have to hack it quite a bit to port it to linux, I think. I believe Linux has a fairly conventional sockets library. In any case, Jim Thompson has promised us an improved version of the code, so I'd wait for his hacks... Perry From rslau at ucs.usc.edu Mon Apr 25 14:35:36 1994 From: rslau at ucs.usc.edu (Robert Lau) Date: Mon, 25 Apr 94 14:35:36 PDT Subject: CA fingerprinting welfare applicants? In-Reply-To: <9404252058.AA11983@bilbo.suite.com> Message-ID: <199404252135.OAA08718@tarazed.usc.edu> From: jim at bilbo.suite.com (Jim Miller) Date: Mon, 25 Apr 94 15:57:03 -0500 Has California has recently begun fingerprinting welfare applicants to help detect attempts at welfare cheating? Yes... Was on all local news channels for a day or two. They were asking applicants whether they thought it was an invasion of their privacy. Some said yes, others no, nothing surprising. Can't remember the name of the project or who's technology they're using... Searching for matches takes 'only a few minutes', future plans include links to other agencies, *for ID purposes only mind you* :) and faster matching... Be great if someone with more detailed info posted... Robert Lau - Systems Programmer, Unix Systems 213-740-2866 -- University Computing Services Internet: rslau at usc.edu -- University of Southern California Bitnet: rslau at uscvm -- 1020 W Jefferson, LA, CA USA, 90089-0251 UUCP: ...!uunet!usc!rslau From jim at bilbo.suite.com Mon Apr 25 15:30:49 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Mon, 25 Apr 94 15:30:49 PDT Subject: message splitting for better mixing? Message-ID: <9404252223.AA13361@bilbo.suite.com> A variation of the many "send bogus messages through the remailer" ideas... The idea: 1) write sender-side code to split message into N parts and send each part through a different remailer chain. 2) decrypt the parts as they arrive as per normal encrypted remailer messages. 3) write receiver-side code to detect "a part" and stuff it in a file until the remaining related parts arrive. When all related parts have arrived, present the complete message to receiver. Why? To increase the number of "messages" flowing through the remailers to make traffic analysis more difficult. Comments welcome. Jim_Miller at suite.com From pgf at srl.cacs.usl.edu Mon Apr 25 15:32:53 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Mon, 25 Apr 94 15:32:53 PDT Subject: The un-BBS Message-ID: <199404252219.AA04044@srl03.cacs.usl.edu> Evidence, how did the cases the FCC brought turn out? If the network had used commercial radio licenses, how much more would it have cost them (per node; I have a vague idea of the size and power of a random Amateur Packet Radio node (in computer terms and cost))? Would this have given them greater immunity in prosecution? (Hmm.. if you're passing it on, you're broadcasting it? Could encryption tech be used to "enhance" APRN to give sysops "plausible deniability?" Phil From pgf at srl.cacs.usl.edu Mon Apr 25 15:43:07 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Mon, 25 Apr 94 15:43:07 PDT Subject: The un-BBS Message-ID: <199404252238.AA04105@srl03.cacs.usl.edu> Uh, Tim, I just tried out Prodigy. The only "net" access is via email. Saying that Prodigy is on the internet is analagous to saying that fidonet is. (I don't know if I'll say whether or not you've been the victim of false advertising, or whether Prodigy has done this). Phil From blancw at microsoft.com Mon Apr 25 15:43:28 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 25 Apr 94 15:43:28 PDT Subject: Milgram & Authority Message-ID: <9404252144.AA08232@netmail2.microsoft.com> From: Duncan Frissell Anyone interested in liberty or politics should have read "Obedience to Authority" in which the results of this experiment are reported for popular consumption. ************ Helps you understand "how they could do that" when confronted with atrocities. .............................................. Q: In this book, does it say whether the test subjects were asked about their thoughts on this? Did they provide an explanation, from their own point of view, for their obedience or what they understood about the objective of the experiment - before & after? Blanc From fnerd at smds.com Mon Apr 25 16:12:17 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 25 Apr 94 16:12:17 PDT Subject: "Information-Hiding" in Crypto Programs Message-ID: <9404252311.AA19415@smds.com> Tim about raising the programming language level for crypto applications. He Orients toward Objects... > I'm not saying _how_ they would help, just that my intuition is that > the crypto community could make new strides if the imperative style of > programming ("do this," "now do this," etc.) were to be supplemented > with the descriptive style ("this is a digital cash object and these > are the messages it understands") and even the logical style (of > Prolog, for example). There are a couple different issues you could hide in a language for crypto. Obviously you can abstract bignums, numbers with a modulus, matrices, ...mathematical objects, and that would get a lot of cobwebs out of the way in many crypto algorithms. Even a Bignum Basic that could do fast modmult would be nice. Or you could make objects out of the data structures, like keys, message blocks, key rings, etc., and their operations. That would be nice because you could separate the layer of calculation from the layer of protocol. But the protocol programming would still be in an imperative style. Which has its good points. I do a lot of work in a scripting language that has procedures and lists and strings and that's about it. But the rules are understandable and it ends up the language is *readable* in the sense that you can look at a procedure and get a good idea of what it's doing without stretching your concepts too much. Which I think would be a good feature for a crypto language, especially one for experimentation, teaching and tossing ideas around. I think the language I work in gets readability by its plodding, structured-programming, imperative style (it also uses plodding long names for things). But of course protocols and transactions are big things in crypto, and they take place in time, which leads to thoughts about special control structures to handle them. Structures in time are actually one of the nifty things to implement with objects. You can have an object that stands for a whole conversation in a protocol--sort of like a file handle. So you have operations like (in no particular language): conversation = Protocol.new( some parameters ); conversation.send( message ); conversation.receive( message ); conversation.end(); You can also use objects to implement protocol layers, like: conversation0 = Protocol0.new( ... ); conversation1 = Protocol1.new( conversation0, ... ); conversation1.send( message ); ... (Some amazing things can be done with operations on objects that represent sequences in time. In the book _The Structure and Interpretation of Computer Programs_, one chapter develops a Prolog interpreter as a bunch of layered stream filters. Oops, I digress.) Another area you might want to separate out of the heart of crypto programs is I/O, both with the user and with the rest of the system--the mail system, for instance. -fnerd - - - - - - - - - - - - - - - Gradually, I become aware of a presence. Between me and sustenance stands a woman in a suit. --Michael Swaine -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From mech at eff.org Mon Apr 25 16:32:14 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 25 Apr 94 16:32:14 PDT Subject: John Perry Barlow - Euology for Cynthia Horner Message-ID: <199404252331.TAA01238@eff.org> Forwarded message: Date: Sat, 23 Apr 1994 12:05:36 -0800 From: John Perry Barlow I know that news of her death is circulating the Net and I'm getting an incredible outpouring of shock and sympathy. For any good it might do, I hope you will post this to some of the places where news of her death has appeared. I mean it to stand as her gravestone in the virtual world. Cynthia Horner's Eulogy read by John Perry Barlow at her funeral April 22, 1994 in Nanaimo, Vancouver Island, BC.. I don't know most of you, and I envy the many among you who were graced with Cynthia all her life. I only knew her a little while. We spent the last glorious year of her life together. It was the best year of my life and, I firmly believe, it was the best year of her life too. Last Sunday morning, during the last hour we spent together, we were playing with a cat which strangely green eyes. She looked at me with her own beautiful green eyes and said, "You know, James Joyce said that green eyes were a sign of the supernatural." The way she said it seemed pointed and meaningful. And hope makes me want to believe it all the more meaningful now. I don't know that I believe in the supernatural, but I do believe in miracles, and our time together was filled with the events of magical unlikelihood. I also believe that sometimes angels live among us, hidden within our fellow human beings. I'm convinced that such an angel dwelled in Cynthia. I felt this presence often in Cynthia's lightness of being, in her decency, her tolerance, her incredible love. I never heard Cynthia speak ill of anyone nor did I ever hear anyone speak ill of her. She gave joy and solace to all who met her. I feel her angel still, dancing around the spiritual periphery, just beyond the sight of my eyes, narrowed as they are with the glare of ordinary light. Her graceful goodness continues to surround me, if less focused and tangible than before. With a care that was appropriately reverential, Cynthia and I built a love which was an inspiration to all who came into contact with it. We felt, quite consciously, that it was our gift to the world. We wanted to show the hesitant the miracle that comes when two people give their hearts unconditionally, honestly, fearlessly, and without reservation or judgement. We wanted to make our union into a message of hope, and I believe we did, even though we knew that hearts opened so freely can be shattered if something should go wrong. As my heart is shattered now. So among the waves of tragedy which have crashed on me with her death is a terror that our message of hope has been changed into a dreadful warning. But I am here to tell you that had I known at the beginning that I would be here today doing this terrible thing, I would still have loved her as unhesitatingly, because true love is worth any price one is asked to pay. The other message we wished to convey was one of faith in the essential goodness and purpose of life. I have always felt that no matter how inscrutable its ways and means, the universe is working perfectly and working according to a greater plan than we can know. In the last few days, I have had to battle with the fear that everything is actually just random, that the universe is a howling void of meaningless chaos, indifferent to everything that I value. All hope has at times seemed unjustified to me. But groundless hope, like unconditional love, is the only kind worth having. It's true name is faith. As it is a shallow faith which goes untested, so it is that if we can keep our faith through this terrible test, we will emerge with a conviction of incredible and enduring strength. And this faith will become Cynthia's greatest gift to us. If we can build with our lives a monument to her light and her love, she will not have died in vain, and her death will become as much a miracle as was her life. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From kafka at desert.hacktic.nl Mon Apr 25 16:49:41 1994 From: kafka at desert.hacktic.nl (-=[ Patrick Oonk ]=-) Date: Mon, 25 Apr 94 16:49:41 PDT Subject: licence plates seen In-Reply-To: <9404241940.AA10061@hawksbill.sprintmrn.com> Message-ID: <199404252348.AA16420@xs4all.hacktic.nl> -----BEGIN PGP SIGNED MESSAGE----- paul at hawksbill.sprintmrn.com (Paul Ferguson) once said: PA> PA> PA> Matt Bartley wrote - PA> PA> > PA> > 68 ASCII PA> > PA> > I don't have an ASCII chart available. What does this one mean? PA> > PA> PA> 68 ascii is "D". PA> 68 ASCII is 44h ,,, (o o) .---------------oOO---(_)---OOo--------------------. | KAFKA at DESERT.HACKTIC.NL | | Pager: 06-5835851(1/2/3/4) | | Cryptoanarchy - xBase - PGP - House Music - MDMA | | Finger kafka at xs4all.hacktic.nl for PGP key | `--------------------------------------------------' -----BEGIN PGP SIGNATURE----- Version: 2.3a iQBVAgUBLbnWOJRymF15lPcFAQFH0AH7BQOW4W6c8Gmefxy+2pX8SIRDv3BPB9uB rfx6o6mxZN4KfmwBjThvQ4fxfTmQKhMCzXzvLk7tIUMKtVh4qTxbHg== =57S3 -----END PGP SIGNATURE----- From pgpkeys at wasabi.io.com Mon Apr 25 16:56:11 1994 From: pgpkeys at wasabi.io.com (PGP Slave Key Server) Date: Mon, 25 Apr 94 16:56:11 PDT Subject: Want to run a pgp key server? Message-ID: <199404251743.RAA02261@wasabi.io.com> The new pgp keyserver code which was being tested at wasabi.io.com for a few months seems to be fairly stable. If anyone else is interested in running a server like this, the sources are available from wasabi's ftp area: wasabi.io.com:~ftp/pub/pgpkeys/sources/pgpserver.tar.Z It's not particularly intelligently packaged for ease of installation, so anyone who wants to try it should be reasonably fluent with C and used to porting packages from system to system. At the moment it's only known to work for sure on BSDI unix. In the tar file you'll also find 'procmail', and some perl scripts for doing ftp mirroring. You'll need about 6Mb free in total while installing. Keeping your server running will involve about 3Mb of daily ftp updates, so you probably don't want to run this from a dial-up site :-) This server does *not* use pgp at all, so you ought to be safe from hassles from PKP. Just remember, you're *publishing* information... Mail me at this address if you try to install it, please. The Mgt. From pls at crl.com Mon Apr 25 17:04:52 1994 From: pls at crl.com (Paul Schauble) Date: Mon, 25 Apr 94 17:04:52 PDT Subject: Wow, what a key! In-Reply-To: <9404252019.AA05719@snark.imsi.com> Message-ID: Which RFC, and where might I get a copy? ++PLS ---------- On Mon, 25 Apr 1994, Perry E. Metzger wrote: > As I've mentioned previously to people, there is an actual, live, > honest to god RFC for doing authentication and encryption of telnet > sessions, and the 4.4 BSD release contains the actual, honest to god > code. I would suggest looking at that before reinventing the wheel. > All sites ought to support it -- its a big win. > > Perry > From pgf at srl.cacs.usl.edu Mon Apr 25 17:07:56 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Mon, 25 Apr 94 17:07:56 PDT Subject: Programming languages debate Message-ID: <199404260003.AA04223@srl03.cacs.usl.edu> Phil Fraering writes: > Aren't there freely available versions of Smalltalk for Unix? > GNU Smalltalk apparently lacks the classical graphic interface, > but from what I've seen, so does Perl ;-) > > pgf Timothy C. May responds: \Yes, and you mostly get what you pay for: a "toy" environment that /nobody I know uses for anything. (The Gnu Smalltalk is analogous to \the toy implementations of Lisp and Scheme in C....a useful pegagogic /tool, but lacking the richness that the full "environments" are so \well-known for.) (Damn, Tim's written a lot I want to respond to, I don't have an indent script handy, and even if someone else did, my emacs version isn't current. At least it fits in 50 Meg ;-) \The serious work is done in ParcPlace's VisualWorks, DigiTalk's /Smalltalk/V, or the new SmalltalkAgents from QKS. I'd like phone numbers or other contact information for these companies, if anyone has some handy. \Besides, I don't _have_ a Unix machine and I have no interest in /getting one (nor in trying to install a Unix on my Macs). The above \programs are available for Windows, Macintosh, and Unix, in varying /degrees and combinations. (VisualWorks is mostly targetting Windows, \Smalltalk/V is a cheaper alternative, for both Windows and Macs, and /SmalltalkAgents has been released for the Mac, with versions for the \PowerPC (Q2 94), and Windows32/NT and SPARCstations to follow. Which implementation of UNIX for SPARCStations? Might it be runnable under Solarisx86, or ported to some other binary Unix standard? I need to find out before I spend... /I'm not grinding an axe for Smalltalk, understand. Just commenting on \some directions. Maybe TCL is the way to go, maybe mixtures of Perl /scripts and short C programs are The One True Way (the remailers work \this way, and they are our major public success to date, with new /things like MagicMoney following the same path, so....). \The proposed language "Joule" (which some of our list members are /doing) may or may not be ideal, but in any case it is probably at \least a few years off. /--Tim May (End of current message from Tim. I hope to do several in one message). Okay, I pretty much agree with what you wrote about GNU Smalltalk. I don't know it, I've only read (most of the) standard Smalltalk book, and by comparison to the original from PARC GNU Smalltalk is missing crucial bits. My point is not that GNU Smalltalk is good compared to uncrippled Smalltalk, but that it may be better than Perl/TCL/whatever else is being proposed. One of the main merits of Perl seems to be that it's a free scripting language that isn't dependent on what shell (bash, ksh, whatever) you are using and is apparently highly environmentally independent. Oh, I give up. What I'm trying to say is that it's a Schelling point. (You'll have to look up what that is if you don't understand. I'm sorry, but it's the best way for me to describe what I mean). It gains a "developer," programmer, and user base because it is a Schelling point, not because of any actual merits as a programming language itself. Please note that I am not saying that it does not have these merits. This is according to some the same reason C is used in preference to C++, C++ in preference to Objective C, and Objective C in preference to Nicklaus Wirth's current language of the month or the Lisp or Smalltalk-like language of your choice. Perhaps we should simply ignore what's a Schelling Point and simply pick a language that's going to be the best one to implement the algorithms in, and then worry about porting the program/making it run on other systems. On to the next message. Here's Tim: \In this message I talk about C code, agents, TeleScript, Smalltalk, /PGP tools, and the general and pressing need to somehow make all the \diverse fragments of code available and (even more importantly) /comprehensible and usable. (As I'm no expert in C++ and the like, take \my comments as "moderately informed speculations.") I probably should include similar disclaimers. (Quotes from Hal Finney and Peter Murphy deleted for space considerations. It's in Tim's original message.) \...options, routes, and miscellaneous points. But I'll just make a few /notes here. (The theme of the next Cypherpunks meeting, date not yet \finalized, is "Protocols," so issues like this are presumably /relevant. Depending on the date, I may be in L.A., and would welcome \meeting with other Southland Cpunks to discuss ideas.) I'm not going to be able to make it, whenever it is. I'm trying to contribute now: \I. What We Have /* PGP...the most basic of all crypto functions (RSA \encrypt/decrypt/sign/etc.), and it took over a decade to get a usable, /public domain (?!) version. (Yes, I know about RIPEM, RSAREF, etc.) Well, it doesn't seem to help much that RSA seemed to take a hostile view of anyone "infringing on their patent." I remember ftp'ing rpem one fine day and going back to the site the next and finding that it had been removed thanks to ominous warnings from RSA. But I get the basic point. I also wonder that the effort *might* have a bottleneck in the RSA encryption algorithm itself and its patented status. You're apparently stuck with RSA in the form RSA Corp. wants you to use it, even if they do release it. It is their right to do so (if one believes that software patents are valid, although off-hand I don't know anyone who does). It's still a bottleneck. \(I mention this because _use_ of this protocol, even with a nice /manual and whatnot from Phil, Hal, Derek, and others, still mysifies \many people, and still is not easily callable from most mail programs, /as you all know. This is *terribly important point*, to wit: if the \most basic of all crypto functions is so long in gestation and so /difficult to use interoperably, what hope do we have in integrating \the vast range of crypto protocols to be found in Schneier, the Crypto /Conference Proceedings, etc? This is the problem I'd like to see \solved, hence my interested in "Computer-Aided Crypto Algorithms," or /CACA.) \* we also have fragments of C code accumulated and laboriously /developed by Bruce Schneier. ... \* there's the ProductCypher (sp?) code which Hal mentioned. ... /* code in Perl obviously exists in various places, and both Hal Finney \and Henry Strickland have written about TCL. Whether these scripting /languages, with excellent facilities for accessing Unix utilities \directly (as opposed to from deeply within a C program, like PGP), /should or can form the basis of a Crypto Toolkit that others will \actually use is unclear, to me at least. \* other programming efforts presumably exist out there in Cypherpunk /land, and some folks not on the List (unless by pseudonym, which is \quite possible....after all, ProductCypher is obviously a talented /programmer and may be one of the main folks posting algorithms and \code fragments to sci.crypt) are clearly writing code for various /purposes. \...thus ends my informal summary of what's out there (it may be /incomplete, or inaccurate in places...corrections are welcome, as \always) /II. What's Neeeded \* Consider some things we like to talk about: /- alternatives to RSA (elliptic functions, etc.) Does anyone have any pointers to references to alternatives to RSA encryption, or to any possible claim RSA might have to any alternatives? \- secret-sharing protocols /- remailer-specific code (adding latency, mixing, padding, etc.) \- dining cryptographers nets (DC-Nets, a la Chaum, Bos, etc.) /- digital cash (a vast area of diverse protocols for clearing \transactions, for blinding, for detecting double-spending, etc.) /- random number generators (Schneier, for example, supplies code \fragments for the Blum-Blum-Shub generator...need I again say that /probably few of us know how to "call" this code easily?) \- code for message pools, for chaining remailers, etc.....a lot of /this exists as scraps of Perl in various places. \- and so on \My point? How can we achieve the Crypto Singularity (tm) when these /algorithms and _conceptual functions_ (my term, meaning that each of \these embodies almost an agent-like level of behavioral /complexity....hence my interest in implementing these protocols as \classes and methods in something like Smalltalk or even the new /TeleScript) are scattered around, are hard to grok (a technical term \invented by the neural programmer Heinlein), and are more or less /going unused today? I take it since we last discussed Telescript you've learned more about it. Anyway, I think I'd hate to be implementing stuff like the above in any language for which the main advantage seems to be "it's a lot better than awk!" Is Perl being used as a true algorithmic programming language in the above cases or just a fancy JCL, anyway? \III. Some Approaches to a Crypto Toolkit /* Large collection of C programs. The Schneier approach, except on \steroids. Regularize the calling conventions, add further /documentation, generate test sample, etc. A massive undertaking, \fraught with problems. /* C and Perl, and maybe TCL. As above, but use other Unix utilities as \needed. /* A class library for crypto, in C++. Encapusulate as much of the \capability into classes and make them available. For example (and here /I'm using Smalltalkish lingo), an "RSA object"... \I'm not sure how feasible this would be in C++, as I know very little /about C++ ... \From my Lisp background (Symbolics 3600, Zetalisp, Common Lisp) and /from my experiments with Digitalk's Smalltalk/V on my Mac, I think an \object-oriented environment could be ideal. /* TeleScript. Here I will go out on a limb and predict that the \forthcoming TeleScript, which is nicely described in the latest "Byte" /by our very own Peter Wayner, could be the basis for some exciting \progress. With multi-platform capability, object orientation, and an /explicit foucs on agents running around delivering mail, encrypting, \etc., it could be a winner. I'll have to check out the article. I think when we see Telescript running we'll be able to make a decision about what it can do. I still haven't heard anything from Motorola about their hardware. Has anyone seen the PC/Mac/Unix versions of Telescript running anywhere? \(Speculatively, my notion is to embed in Telescript agents many of the /things we've been talking about, and then count on the market to make \mailers and Mosaic drivers to talk to these agents. Lots to talk about /here.) Count on the market... hold on a sec, aren't we the market? \* Speaking of Mosaic, what about using WWW/Mosaic as the basis for /transparent use? I'm already impressed that on a non-Mosaic platform \(I don't have either a SLIP or PPP connection at this time) I can use /my cut-and-paste to easily do a "lynx http::blah blah blah" and get to \a home page with arrow-selectable hypertext points. I can see /WWW/Mosaic/Lynx/etc. as a common platform (set of utilities) for \handling even encrypted traffic. More specifically, you mean use http protocols as the basis for transparent use. So you'd have http interfacing to whatever the program on the bottom was. It's just an interface. It took a while, but one question I have is, are there run-time packages or "compilers" for the Smalltalk environments you spoke of above? If not, would it be possible to write one, or to extend one of the publically available Smalltalk environments to be able to run whatever you or others write using SmalltalkAgents? Is there interoperability between SmalltalkAgents and Smalltalk/V? I'm thinking seriously of spending some money on the Smalltalk, but I'm not sure it's going to do a great deal of good if it turns out everyone else has to fork over $ 200.00 or so just to run a couple-hundred-line program I wrote over a couple nights. ... \* Integrating existing tools (PGPToolKit, Perl scripts, Schneier's /code, RSAREF) into new apps is basically *not* happening, at least not \by the Great Masses here on our list (let alone the Unwashed Masses /off the list!). \* Interoperability with dozens of mailers, on several platforms, /remains a critical problem. \* Hence, *good luck* in getting all the whizzy new protocols we like /to speculate about implemented any time soon. \This is the challenge I see. To somehow deal with this set of /problems. \Thanks for reading...and I again apologize for just sitting down and /writing this in emacs instead of using my Mac-based outline processor. \Sometimes just writing is better than planning, reorganizing, and /never finishing. \--Tim May I'd like to apologize for what I deleted and what I didn't. On to Tim's next message: \The challenge I mentioned in my last message can be summarized as /follows: \- hide the complexity of implementation in the code, so that other /programmers, and especially end-users, don't have to worry about it. I'm not sure, but as a casual observer it seems the programming community is about ten to twenty years behind the academic community in terms of agreeing on the need of hiding complexity. People seem to be sticking to C the way "scientists" are supposed to stick to Fortran. Won't it be *easier* to write this stuff in Lisp, or Smalltalk, or Modula-8? \- to pick a simplest example, a random number generator needs to /generated a good random number without the user having to worry about \a zillion related issues I guess I'm guilty of some sins... I've been planning a hardware-dependant random number generator, and I don't know if there's ever going to be a standard for scintillators+a/d boards, never mind if they're ever going to be standard on PC's. Now where did I put that pitchblend? It's all I have since they took away the red mercury... \(this may get flames....I'm not saying users should be blissfully /ignorant of some of the assumptions that went into the RNG, only that \most users want an RNG that operates consistently, has been tested by /others, etc. This is the Mathematica function method: have experts \devise the best factoring or primality testing approach, implement it /efficiently (usually in C or even machine language), and then give it \to the user as "FactorInteger[3858783237285638838513] for him to /incorporate as a canned functon.) I think a *good* overview of the sort of things Tim is talking about can be found in a book called _Programming Language Concepts_. I think the author's last name starts with an M. The book is (I think) at home, so I can't say for sure. Anyway, to reiterate: is there a way, once something is written in SmalltalkAgents, to get it running in more widespread enviroments? +-----------------------+-------------------------------------+ |"Standard Disclaymore" |"...drag them, kicking and screaming,| |pgf at srl03.cacs.usl.edu |into the Century of the Fruitbat." | +-----------------------+-- Terry Pratchett, _Reaper Man_-----+ From mech at eff.org Mon Apr 25 17:15:30 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 25 Apr 94 17:15:30 PDT Subject: Clipper hearings rescheduled - May 3 1994! Message-ID: <199404260014.UAA02411@eff.org> Both the Senate and House Clipper/Digital Telephony hearings will be held almost back-to-back on the same date. See ftp.eff.org /pub/Alerts/clip-dt.alert for more info. Forwarded message: Date: Mon, 25 Apr 1994 18:31:44 -0400 From: farber at central.cis.upenn.edu (David Farber) Subject: Clipper Day on the Hill Due to the Memorial Day in honor of Ex President Nixon, the Senate Hearing has been resheduled. Sen Leahy's hearing which had been scheduled for this Wed has been moved to May 3 at 0930 in room 216 at the Hart Senate office building. and Represenative Valentines House hearing will be May 3 in Room 2318 in the Rayburn Building at 1:00 pm. Non stop Clipper, Digital Telephony. A cast of millions (well maybe 15). Dave -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From janzen at idacom.hp.com Mon Apr 25 17:19:51 1994 From: janzen at idacom.hp.com (Martin Janzen) Date: Mon, 25 Apr 94 17:19:51 PDT Subject: Wow, what a key! In-Reply-To: <9404252120.AA05992@snark.imsi.com> Message-ID: <9404260018.AA20707@loki.idacom.hp.com> Perry E. Metzger writes: >> > As I've mentioned previously to people, there is an actual, live, >> > honest to god RFC for doing authentication and encryption of telnet >> > sessions, and the 4.4 BSD release contains the actual, honest to god >> > code. I would suggest looking at that before reinventing the wheel. >> > All sites ought to support it -- its a big win. > >Ed Carp says: >> Well, last time I looked for it, I couldn't find it. And doesn't it use DES? Not sure whether you mean the RFCs or the 4.4 BSD code. Anyway, here are a few related RFCs: 1416 E D. Borman, "Telnet Authentication Option", 02/01/1993. (Pages=7) (Format=.txt) (Obsoletes RFC1409) 1412 E K. Alagappan, "Telnet Authentication : SPX", 01/27/1993. (Pages=4) (Format=.txt) 1411 E D. Borman, "Telnet Authentication: Kerberos Version 4", 01/26/1993. (Pages=4) (Format=.txt) The text is available from ftp://ds.internic.net/rfc/rfc####.txt. Hope it helps... -- Martin Janzen janzen at idacom.hp.com From m5 at vail.tivoli.com Mon Apr 25 17:25:48 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 25 Apr 94 17:25:48 PDT Subject: Clipper hearings rescheduled - May 3 1994! In-Reply-To: <199404260014.UAA02411@eff.org> Message-ID: <9404260025.AA15261@vail.tivoli.com> > Both the Senate and House Clipper/Digital Telephony hearings will be held > almost back-to-back on the same date. See ftp.eff.org > /pub/Alerts/clip-dt.alert for more info. I can't ftp without some pain right now; is the C-Span e-mail address in the info packet? It'd be nice to send them some mail and express our urgent desire to see these. m5 From mech at eff.org Mon Apr 25 17:40:30 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 25 Apr 94 17:40:30 PDT Subject: Clipper hearings rescheduled - May 3 1994! In-Reply-To: <9404260025.AA15261@vail.tivoli.com> Message-ID: <199404260040.UAA03090@eff.org> No, it's not in there. But all ya gotta do is a whois query. See end. > > > Both the Senate and House Clipper/Digital Telephony hearings will be held > > almost back-to-back on the same date. See ftp.eff.org > > /pub/Alerts/clip-dt.alert for more info. > > I can't ftp without some pain right now; is the C-Span e-mail address > in the info packet? It'd be nice to send them some mail and express > our urgent desire to see these. % whois C-SPAN C-SPAN (C-SPAN-DOM) 400 North Capital St. Suite 650 Washington, DC 20001 Domain Name: C-SPAN.ORG Administrative Contact: Humphrey, Douglas E. (DEH18) doug at DIGEX.COM (301) 220-2020 Technical Contact, Zone Contact: Kern, Edward (EK6) ejk at DIGEX.NET 301-220-2020 Record last updated on 04-Oct-93. Domain servers in listed order: NS.DIGEX.NET 164.109.1.3 NS2.DIGEX.NET 164.109.10.23 The InterNIC Registration Services Host ONLY contains Internet Information (Networks, ASN's, Domains, and POC's). Please use the whois server at nic.ddn.mil for MILNET Information. ejk at c-span.org is a real user, and doug at c-span.org might be (did not produce a no-user message, but also did not provide an "In real life:" answer, nor did it mention mail status or presence of a .plan, which it did do for ejk. There's a c-span gopher also, that gives rather cryptic schedules, look on the "All the Gophers in the Whole Wide World" thing you find on most larger gopher servers, and it should turn up. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From dichro at tartarus.uwa.edu.au Mon Apr 25 18:12:33 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Mon, 25 Apr 94 18:12:33 PDT Subject: clipper not end of world Message-ID: <199404260112.JAA21638@lethe.uwa.edu.au> I'm reposting this 'cause i don't think it got through the first time... I seem to remember someone once writing that with the proposed clipper laws, you are allowed to encrypt messages before piping them through the clip chip, but the output must be left unaltered. The problem to this is that then whoever does the audits knows who's being sneaky. (Or something like that - i don't remember precisely.) Seems to me, if one is talking about videophone type devices, they are transmitting quite a great deal of info, and stegging in a message is quite feasible, is it not? You don't even have to do much of a hardware modification. Do something like having an HF carrier tone in the background, that anyone listening to it can't detect without the knowing what they're listenong for. Or insert a microburst transmission - it'll look like static. This is not to say, that the clip chip isn't worth fighting against, just that, as always, someone's going to come with a way around it. It's human nature, really. * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "Life begins at '040." PGP Public key available by finger * "Spaghetti code means job security!" From shaggy at phantom.com Mon Apr 25 19:23:21 1994 From: shaggy at phantom.com (the KrAziEst KaT) Date: Mon, 25 Apr 94 19:23:21 PDT Subject: hideseek Message-ID: i've written a steganography program for the pc. its called hide-and-seek and a copy is at ftp.netcom.com as either hideseek.zip or possibly hdsk40.zip, in /pub/qwerty eff suggested i tell you folks and have you look at it (source is included) if you like it, they want a copy. i'm not subscribed to the cypherpunks list so you'll have to mail me to talk to me. thanx shAg Coming, i don't enter by the gate shaggy at phantom.com Leaving i don't exit by the door shag at oregon.uoregon.edu This very body is the land of tranquil light From jmdaluz at kquest.com Mon Apr 25 20:41:11 1994 From: jmdaluz at kquest.com (Jose M. daLuz) Date: Mon, 25 Apr 94 20:41:11 PDT Subject: Clipper hearings rescheduled - May 3 1994! Message-ID: <199404260341.XAA14895@zork.tiac.net> >> Both the Senate and House Clipper/Digital Telephony hearings will be held >> almost back-to-back on the same date. See ftp.eff.org >> /pub/Alerts/clip-dt.alert for more info. > >I can't ftp without some pain right now; is the C-Span e-mail address >in the info packet? It'd be nice to send them some mail and express >our urgent desire to see these. According to the C-Span gopher: cspanviewr at aol.com (they check this more often) or viewer at c-span.org My message is going out to them tonight. Cheers ____ Jose M. daLuz | Voice: (508) 996-6101 KnowledgeQuest Online Research | Fax: (508) 996-6215 Internet: jmdaluz at kquest.com | MCI Mail: 639-1229 From hfinney at shell.portal.com Mon Apr 25 20:44:46 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 25 Apr 94 20:44:46 PDT Subject: Programming languages debate Message-ID: <199404260345.UAA04412@jobe.shell.portal.com> One thing not being emphasized in this discussion about languages, crypto scripts, and such, is that a big reason why we don't have more crypto tools is because they are a lot of work to write. I can speak from personal experience on PGP. Just going from PGP 1 to PGP 2 took over a year, almost a year and a half. That involved a lot of little cleanups: better handling of key rings, going to IDEA in place of Bass-O-Matic (the cipher used in PGP 1); adding some new packet types, etc. But PGP 1 had most of the same basic cryptographic functionality (RSA+conventional) as PGP 2. And it was amazing, really, that as much got done as it did in that time frame. Most of that is due to Phil Zimmermann's managerial abilities. People know Phil as a privacy advocate, a crypto enthusiast, a talented programmer. What they may not realize is that his greatest skills are (IMO) in personal relations. Phil is able to make things happen, to shepherd a network of easily distracted programmers from point A to point B. This means being willing to push, to call someone up and say, "do you have that done yet," and "can you have it for me tomorrow." Phil was not afraid to keep the pressure on in order to make sure progress was made. He had to constantly keep this up for over a year to get PGP 2 out. Granted, Phil was working under somewhat unusual constraints due to the unique legal situation involving the RSA patents. But most of the kinds of things we are interested in playing with can't help but infringe on some- body's "intellectual property" given the massive barbed-wire-fencing of the cryptographic concept space that's been going on (see my posting last week on Chaum's multitudinous patents). Plus, now we know that any success- ful public-domain cryptographic product is likely to leak overseas and ex- pose the author to the threat of a prison term. These are hurdles which cannot be taken lightly. I don't know whether the introduction of easier-to-use crypto tools will really change things. Pr0duct Cypher's PGPTOOLS was explicitly intended to address this problem, but the only thing I've seen so far is his own Magic Money (although I heard in email about another application being worked on). I think what we really need is some motivated programmers who are willing to learn crypto and work on projects. I think that would be a better use for this list than the kinds of discussions we have been having lately. Hal From erich at soda.berkeley.edu Mon Apr 25 21:24:50 1994 From: erich at soda.berkeley.edu (Erich von Hollander) Date: Mon, 25 Apr 94 21:24:50 PDT Subject: the soda cypherpunks ftp site Message-ID: <199404260424.VAA02113@soda.berkeley.edu> the soda cypherpunks site, with source for pgp, the remailers, and much other useful information, is moving. the new name for the site is ftp.csua.berkeley.edu. this will actually poing to soda until the summer, at which point it will move to its own machine. please start refering to the site as ftp.csua.berkeley.edu to make the transition as smooth as possible. e From romana at apple.com Mon Apr 25 21:40:21 1994 From: romana at apple.com (Romana Machado) Date: Mon, 25 Apr 94 21:40:21 PDT Subject: STEGO (SHORT) FAQ Message-ID: <199404260440.VAA01088@netcom.com> Hello from Cypherella! Thanks for your interest in Stego. I have prepared this note to answer most of the questions I've been asked about Stego. 1. Where is Stego? Stego was moved from the /Recent directory to the compression utilities directory '/cmp' in the info-mac directory at sumex-aim at stanford.edu. You can download the Mac version from there. 2. Is a PC,DOS,MSDOS version coming? I have not been developing one, for lack of suitable hardware. Fortunately, bart.simpson at glib.org, has developed a PC version that operates on TIF files, and Colin James Maroney informed me that he's made a PC verson that operates on GIF files. He is shag at oregon.uoregon.edu. I haven't tried either of these; I hope they're useful. 3. How can I get a copy of Stego by mail? Send a check or postal money order for US$15 and your address to: Romana Machado c/o Paradigm Shift Research 19672 Stevens Creek Blvd Suite 127 Cupertino, CA 95014 You will recieve the latest version of Stego and news about updates and future products. Thanks again for your interest, Romana Machado romana at apple.com Note: Many of you recieved this a blind cc, as a privacy protecting measure. From karn at qualcomm.com Mon Apr 25 22:24:35 1994 From: karn at qualcomm.com (Phil Karn) Date: Mon, 25 Apr 94 22:24:35 PDT Subject: cryptophone ideas In-Reply-To: <199404212330.AA09243@access1.digex.net> Message-ID: <199404260524.WAA24116@servo.qualcomm.com> >How hard is it to reprogram the DSP that comes with a cellular >phone right now? I've never opened one up. Can you just unsolder >a rom, read it, insert your own code for DH key exchange, add >some encryption, burn a new ROM and have a secure phone? Actually, there'd be little reason to modify the code in the DSP, at least the one in our CDMA phones. We use a DSP-16A to execute our variable-rate variant of the CELP vocoder, but we also have a 80C186 general purpose CPU that does all of the other housekeeping functions in the phone. This is where you'd probably want to add crypto code. As an aside, a lot of people seem to think that DSP chips are miniature Crays that can run any given program faster than any "ordinary" computer. They're not. DSPs are special purpose CPUs heavily optimized for the multiply-accumulate operation that is fundamental to digital filtering. They have no special gift for general purpose computing. This includes encryption. Encryption is better done on a general purpose CPU when you consider the much larger economies of scale for general purpose CPUs as compared with DSPs, not to mention ease of programming, higher clock speeds, wider availability, etc. Phil From hayden at krypton.mankato.msus.edu Mon Apr 25 22:25:15 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 25 Apr 94 22:25:15 PDT Subject: the soda cypherpunks ftp site In-Reply-To: <199404260424.VAA02113@soda.berkeley.edu> Message-ID: What does csua stand for? ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From hayden at krypton.mankato.msus.edu Mon Apr 25 22:29:13 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 25 Apr 94 22:29:13 PDT Subject: the soda cypherpunks ftp site In-Reply-To: <199404260424.VAA02113@soda.berkeley.edu> Message-ID: Also, jsut to make sure, is the home page going to be moved as well? I have this as an alias: alias cypherpunks="ftp://soda.berkeley.edu/pub/cypherpunks/Home.html" Do I need to change it? ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From karn at qualcomm.com Mon Apr 25 22:30:07 1994 From: karn at qualcomm.com (Phil Karn) Date: Mon, 25 Apr 94 22:30:07 PDT Subject: cryptophone ideas In-Reply-To: <199404212330.AA09243@access1.digex.net> Message-ID: <199404260529.WAA24133@servo.qualcomm.com> >How hard is it to reprogram the DSP that comes with a cellular >phone right now? I've never opened one up. Can you just unsolder >a rom, read it, insert your own code for DH key exchange, add >some encryption, burn a new ROM and have a secure phone? Also, it is not sufficient to incorporate encryption merely into the cellular phone itself. You need the cooperation of the base station, at least if you want to interoperate with an ordinary telephone on the land side of your connection. Now it would be possible to provide your own encryption on an end-to-end basis using a data (as opposed to voice) bearer service from the carrier, but this would require the person you call to have compatible equipment (vocoder, modem, encryption routines, keys, etc). Phil From karn at qualcomm.com Mon Apr 25 22:47:44 1994 From: karn at qualcomm.com (Phil Karn) Date: Mon, 25 Apr 94 22:47:44 PDT Subject: cryptophone ideas In-Reply-To: <9404220006.AA00614@snark.imsi.com> Message-ID: <199404260546.WAA24163@servo.qualcomm.com> >Hacking and reprogramming all the base stations is impossible. Its not >the same as reprogramming the phone. Its the difference between >learning French and getting everyone in the world to learn French. Since I work in this digital cellular business, I think I can confidently say that Perry *does* know what he is talking about. He's right -- it's not enough to simply reprogram your phone, you must take care of the other end too: the base station. NSA has already let it be known that any cellular system that can provide end-to-end encryption will not be exportable. It is not exactly clear what this means, given that once you provide a transparent *data* (as opposed to vocoded voice) bearer service, the users can do whatever they want on an end-to-end basis without the carrier's further cooperation or permission. I guess they figure this won't be a common practice. And they have indicated their willingness to allow export of *phones* with strong encryption -- but not the base stations. This underscores the uselessness of implementing strong encryption only on the mobile. Phil From karn at qualcomm.com Tue Apr 26 01:39:28 1994 From: karn at qualcomm.com (Phil Karn) Date: Tue, 26 Apr 94 01:39:28 PDT Subject: CU Crypto Session Sat In-Reply-To: <9404242131.aa04743@deeptht.armory.com> Message-ID: <199404260839.BAA28964@servo.qualcomm.com> >Denning mentioned terrorists. I rebutted with satellite surviellance. I >pointed out that we could read a poker hand via computer enhancement. This >visibly shook her. Escrowed encryption is completely unnecessary, and she Some time ago I worked out the theoretical limits on spy satellite resolution. It's a simple exercise in optics, if you make optimistic assumptions like no atmospheric distortion, etc. My only major engineering assumption was that the objective mirror had to fit inside the payload fairing of a Titan launcher, i.e., about 2 meters max. The result, at visible wavelengths and for the slant ranges typical of spy satellite orbits, was about 1 foot. This was completely consistent with the leaked KH-11 photos of the Soviet aircraft carrier published some time back in AW&ST and Deep Black. Good, but not exactly good enough to read poker hands, I would say. Believe it or not, the laws of physics apply even to classified projects. Phil From bart at netcom.com Tue Apr 26 02:01:12 1994 From: bart at netcom.com (Harry Bartholomew) Date: Tue, 26 Apr 94 02:01:12 PDT Subject: PGP Shell for Windows Message-ID: <199404260902.CAA28835@netcom.com> Newsgroups: comp.archives.msdos.announce Subject: jwps16.zip Windows PGP Shell v 1.6, J.Snyder Date: Mon, 25 Apr 1994 13:43:21 GMT Thank you for your contribution. This upload is now available as 304822 Apr 22 01:59 garbo.uwasa.fi:/windows/util/jwps16.zip : Date: Fri, 22 Apr 1994 09:01:24 GMT : From: jsnyder at ccwf.cc.utexas.edu (J Snyder) : To: win-up at uwasa.fi : Subject: JWPS16.ZIP - J's Windows PGP Shell v 1.6 : : : File name: JWPS16.ZIP : One line description: Windows PGP Shell v 1.6 : Replaces: JWPS15.ZIP : Suggested Garbo directory: : Uploader name & email: J Snyder : Author or company: J Snyder : Email address: jsnyder at ccwf.cc.utexas.edu : Surface address:7008 Fence Line Dr, Austin, Tx 78749 : Special requirements: Windows 3.1 or greater : Shareware payment required from private users: No : Shareware payment required from corporates: Negotiable : Distribution limitations: None : Demo: No : Nagware: No : Self-documenting: Yes (context-sensitive help file) : External documentation included: No : Source included: No : Size: 304566 bytes compressed/ 479149 bytes uncompressed : 10 lines description: : This Windows shell for PGP provides use of drag and drop, : encryption/decryption from the clipboard, and auto-detection : of already-encrypted files, as well as a consistent interface : for key management. : This is only a shell. PGP, which *must* be installed first, : handles all the en/de-cryption and signing. Specifically, : the PGPPATH, TZ, and TEMP environment variables must already : be set appropriately before installing JWPS. : Uploaded by the author. : : Comments, questions, bugs, or anything else to: : : jsnyder at ccwf.cc.utexas.edu ................................................................ Ari Hovila, ajh at uwasa.fi Moderating at garbo.uwasa.fi anonymous FTP archives 128.214.87.1 Computer Centre, University of Vaasa, Box 700, FIN-65101 Finland From rishab at dxm.ernet.in Tue Apr 26 03:16:39 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 26 Apr 94 03:16:39 PDT Subject: Internet Relay Chat Message-ID: I've noticed some discussions of IRC (Internet Relay Chat), both as a possible model for CP interactions, as well as a location for implementations of BlackNet (in #wares, etc.) Note that IRC, unlike MUDS, has been designed to ensure 'true-names'. While you do use nicknames, anyone can find out the machine name and user ID you are logged in from, with a /whois. Anytime you join or leave a channel, your full machine name and user ID is displayed to everyone, along with your nick. This is different from any (possibly pseudonymous) e-mail address you register for incoming mail. In #wares, people typically trade names of unauthorised FSP sites (such as the one in the LaMacchia case), which normally remain active for less than a few weeks. Though entry to IRC channels can be by invitation only, everyone knows everyone else's real (in the sense of machine and ID) identity. Not CP-friendly at all. It would be nice to have a #Cypherpunks channel, though... many of us don't mind revealing our identities to each other, and it could increase the frequency of interactive sessions greatly. ------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ------------------------------------------------------------------------------- From rishab at dxm.ernet.in Tue Apr 26 03:17:40 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 26 Apr 94 03:17:40 PDT Subject: Programming languages Message-ID: This thread on programming languages seems waaaay off the CP agenda. But then, so was the rather interesting thread on futures and derivatives... Tim May says: > My conjecture: 70% of all programmers now coding in C and planning to > learn C++ would be "better off" (more productive, more maintainable > code, fewer reinventings of the low-level wheels, etc.) with > higher-level languages. "Rapid prototyping" is another buzz phrase, > but an accurate one. Well, just as I wouldn't recommend using CASE tools without a working knowledge of C, in case 'ducking down' to a lower level is necessary, I feel that C++ is useful to know as a language with all the OO of, for instance, Smalltalk, and low level capabilities too. I've programmed in many languages and taught C++, and find that what is important for productivity is not higher-level *languages* so much as *environments* -- Smalltalk wouldn't be much fun without one. > In cases where one's reach exceeds one's grasp, as appears to be the > case with all of these crypto ideas, bridging the semantic gap and > actually getting something out is, I think, much more important than > having it run faster (but not be built at all....). Visual programming environments do greatly help in bridging this semantic gap. I don't think the argument against them (slow programs) is really valid, or will remain so for a long time. For most applications, including crypto, environments provide optimized libraries for a number of functions. Most environments, such as Visual C++, provide for links to lower levels, allowing optimization for *really* critical routines. How many people still program in assembly? I do sometimes, but more out of enjoyment than necessity ;-) ------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ------------------------------------------------------------------------------- From rishab at dxm.ernet.in Tue Apr 26 03:26:52 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 26 Apr 94 03:26:52 PDT Subject: Decentralized BBSes Message-ID: Mike Ingle : > There are occasional waves of actions against BBSes. The most recent ones > are for porn. Before that it was pirate software and phone codes. The next > one will probably be for "G-files" such as bomb plans - I remember seeing > a message about this. BBSes and online services are inherently vulnerable > because there is a responsible person to persecute. > What we need is a totally decentralized BBS. It would be something like > running Usenet over UUCP. Why not do just that? Many areas of the net transfer mail, and even newsfeeds through UUCP. ERNet, which I'm connected to in India, had to use UUCP for newsfeeds when their connectivity was at 9600 bps, 5 years ago. UUCP doesn't need phone lines or direct connections; private sites could easily hitch a ride on the Internet. Fidonet users have been distributing their message bases worldwide for years. Oh - there *is* a newsgroup, alt.binaries.pictures.erotica.children, which would have been shut down if it were a BBS, and presumably cannot be traced to individuals. I don't know if anything is ever posted to it, though. ------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ------------------------------------------------------------------------------- From perry at snark.imsi.com Tue Apr 26 04:07:12 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Tue, 26 Apr 94 04:07:12 PDT Subject: Wow, what a key! In-Reply-To: Message-ID: <9404261106.AA06893@snark.imsi.com> Paul Schauble says: > Which RFC, and where might I get a copy? Don't know off hand; I don't have a mirror of them handly as I usually do. As usual, however, the RFC index should list them. Also check the internet drafts. Try ftp.uu.net; they mirror all RFCs and internet drafts. Perry From frissell at panix.com Tue Apr 26 04:38:10 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 26 Apr 94 04:38:10 PDT Subject: Milgram & Authority Message-ID: <199404261138.AA01558@panix.com> B >Q: In this book, does it say whether the test subjects were asked B >about their thoughts on this? Did they provide an explanation, from B > B >their own point of view, for their obedience or what they understood B >about the objective of the experiment - before & after? B > B >Blanc The subjects were very upset during and after the experiment. Some broke down while administering "lethal" shocks. They often cried and begged the "researcher" to let them stop zapping the victim. In those cases where a white coated researcher with a clipboard was standing behind them, the subject was much more likely to impose greater shocks than if there was no "researcher" present. The main reason they did it is because they were being told to. Primates have a hard time disobeying authority figures or standing out from the crowd. DCF "Help the Homeless -- Teach them how to sell their identities." See. And you all thought I was a heartless right wing nut. --- WinQwk 2.0b#1165 From rishab at dxm.ernet.in Tue Apr 26 04:38:45 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 26 Apr 94 04:38:45 PDT Subject: Democracies and rights Message-ID: dwomack at runner.jpl.utsa.edu (David L Womack): > Adam appears to be of the opinion that we are a democracy...technically, > we are a representative republic. A minor quibble, perhaps, but it leads > to larger issues. > The entire purpose of the structure of our government (seperation of powers, > varied election schedules, powers reserved to the states, the bill of rights > and so forth) is to prevent the suppression of the rights of a minority by > the majority. At least, that is the ideal! Political discussions tend to become elitist, or purely intellectual. Lenin, who read Marx, discussed the problems of equality among the peasants, who couldn't read their shopping lists. > If the majority of people decide that ownership of firearms is counter to the > interests of society, will we take away this option? ... if the same majority > decides that decent people don't need privacy ... > Why not, the *_majority_* is all for it! When 'the *_majority_* is all for' something, and you ignore that on the basis of minority rights, to enforce your policy you graduate from a representative republic towards benevelant authoritarianism. Of course, the basis of democracy, rights, and 'civilized society' is an educated, moderate populace, where the majority does not let issues overwhelm their respect for those rights. But then, what happened during the McCarthy era? ------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ------------------------------------------------------------------------------- From rishab at dxm.ernet.in Tue Apr 26 04:38:51 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 26 Apr 94 04:38:51 PDT Subject: Housing Message-ID: Black Unicorn : > -> > Well, for one thing, if the drugs they are dealing were not illegal, there > would be no high-anxiety drug deals going on in the apartments. > > tw > <- > > And if the government housing projects weren't there.... .... many more would live on the streets... ------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ------------------------------------------------------------------------------- From rishab at dxm.ernet.in Tue Apr 26 04:39:09 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 26 Apr 94 04:39:09 PDT Subject: Schneier's source code Message-ID: Tim May said: > * we also have fragments of C code accumulated and laboriously > developed by Bruce Schneier. How many of us have bought the C code book > and used the code? ^^^^^^^^^^^^^^^ As far as I know, there's the book, Applied Crypto, and the source code on disk. Are you referring to the C code within the same book, the disk, or a book of source code with the stuff in the disk (which contains more than the main book)? It matters to me, because though I have the fat book, I have yet to find the energy to OCR the source code. As I'm in India, I can't get the disk. If the contents of the disk are printed in a separate book, I could get *that*. The disk contains code described, but not presented in the book, including DSA, Diffie-Hellman, etc. ------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ------------------------------------------------------------------------------- From rishab at dxm.ernet.in Tue Apr 26 04:39:48 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 26 Apr 94 04:39:48 PDT Subject: Rights are on the CP agenda Message-ID: "Jim Sewell - KD4CKQ" > Sorry for helping to promote an indepth discussion of a topic only marginally > inline with c'punks. Yo! Everyone! Carry this thread on in private, please. > It is a very valid discussion, but not one for all c'punks. While public housing projects may not be on the CP agenda, the confict between a mob-like majority willing, in order 'to reduce crime,' to impinge on the rights of minorities with different opinions is *definitely* something to discuss here. If enough criminals start using PGP, there may well be similar pressure in favour of Clipper. ------------------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab at dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA ------------------------------------------------------------------------------- From perry at snark.imsi.com Tue Apr 26 05:20:25 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Tue, 26 Apr 94 05:20:25 PDT Subject: Rights are on the CP agenda In-Reply-To: Message-ID: <9404261219.AA07058@snark.imsi.com> rishab at dxm.ernet.in says: > While public housing projects may not be on the CP agenda, the > confict between a mob-like majority willing, in order 'to reduce > crime,' to impinge on the rights of minorities with different > opinions is *definitely* something to discuss here. If enough > criminals start using PGP, there may well be similar pressure in > favour of Clipper. I would suggest that this topic is not appropriate here. I'm sure its appropriate -- in other places -- but if we do not focus on cryptography, many people will be forced to leave this mailing list and the quality will degrade. ObCrypto: When implementing D-H for key exchange followed by conventional crypto on an interactive link, remember that you likely have large amounts of key material lying around. Switch keys every few seconds using that surplus material, and exchange new keys using D-H all the time in the background. Makes the life of the guy listening in ever so much fun -- breaking one conventional key just means a few seconds of link have been compromised. Perry From werner at mc.ab.com Tue Apr 26 06:21:14 1994 From: werner at mc.ab.com (tim werner) Date: Tue, 26 Apr 94 06:21:14 PDT Subject: Rights are on the CP agenda Message-ID: <199404261321.JAA25727@sparcserver.mc.ab.com> >Date: Tue, 26 Apr 1994 08:19:59 -0400 >From: "Perry E. Metzger" > >rishab at dxm.ernet.in says: >> While public housing projects may not be on the CP agenda, the >> confict between a mob-like majority willing, in order 'to reduce >> crime,' to impinge on the rights of minorities with different >> opinions is *definitely* something to discuss here. If enough >> criminals start using PGP, there may well be similar pressure in >> favour of Clipper. > >I would suggest that this topic is not appropriate here. I'm sure its >appropriate -- in other places -- but if we do not focus on >cryptography, many people will be forced to leave this mailing list >and the quality will degrade. > >Perry Perry, I would suggest that you leave the list if you don't like it. Your only contributions have been snide little flames, anyway. tw From merriman at metronet.com Tue Apr 26 06:29:39 1994 From: merriman at metronet.com (David Merriman) Date: Tue, 26 Apr 94 06:29:39 PDT Subject: message splitting for better mixing? In-Reply-To: <9404252223.AA13361@bilbo.suite.com> Message-ID: <199404261329.AA25100@metronet.com> Jim Miller > > The idea: > > 1) write sender-side code to split message into N parts and send each > part through a different remailer chain. > > 2) decrypt the parts as they arrive as per normal encrypted remailer > messages. > > 3) write receiver-side code to detect "a part" and stuff it in a file > until the remaining related parts arrive. When all related parts > have arrived, present the complete message to receiver. > > > Why? To increase the number of "messages" flowing through the > remailers to make traffic analysis more difficult. > Would seem to be a mild nuisance to implement, but probably be quite effective - particularly if the pieces were 'masked' as uuencoded chunks of, say, a .GIF or something :-) Dave Merriman From perry at snark.imsi.com Tue Apr 26 06:29:43 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Tue, 26 Apr 94 06:29:43 PDT Subject: Rights are on the CP agenda In-Reply-To: <199404261321.JAA25727@sparcserver.mc.ab.com> Message-ID: <9404261329.AA07216@snark.imsi.com> tim werner says: > Perry, I would suggest that you leave the list if you don't like it. Your > only contributions have been snide little flames, anyway. I would suggest that if you or anyone else wishes to be rude, that you do it in private mail. Volume is too high as it is, and the topics are going far afield of cryptography. Perry From mcable at Emerald.tufts.edu Tue Apr 26 06:34:53 1994 From: mcable at Emerald.tufts.edu (Matthew Cable) Date: Tue, 26 Apr 94 06:34:53 PDT Subject: Internet Relay Chat In-Reply-To: Message-ID: On Mon, 25 Apr 1994 rishab at dxm.ernet.in wrote: > > I've noticed some discussions of IRC (Internet Relay Chat), both as a possible > model for CP interactions, as well as a location for implementations of > BlackNet (in #wares, etc.) > > Note that IRC, unlike MUDS, has been designed to ensure 'true-names'. While > you do use nicknames, anyone can find out the machine name and user ID you are > logged in from, with a /whois. Anytime you join or leave a channel, your full > machine name and user ID is displayed to everyone, along with your nick. This > is different from any (possibly pseudonymous) e-mail address you register for > incoming mail. Fraid not....it's a trivial matter to fake the username, and if yer a smart cookie, faking the hostname is just as easy. > > In #wares, people typically trade names of unauthorised FSP sites (such as the > one in the LaMacchia case), which normally remain active for less than a few > weeks. Though entry to IRC channels can be by invitation only, everyone knows > everyone else's real (in the sense of machine and ID) identity. actually....the people on #warez (not -s, -z) just sit around and discuss how eLEeT!@#!@$! they are, then kick everyone off, hardly a revolutionary movement. *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* mcable@[jade,emerald,cs].tufts.edu \|/ wozz at wozz.ext.tufts.edu Matthew Cable <0-0> wozzeck at mindvox.phantom.com MTUC Jackson Labs ----o00-O-00o----- http://www.cs.tufts.edu/~mcable/ Tufts University GCS/MU -d+ -p+ c++++ l++ u++ e+ m++(*) s++ !n h+ f* g+ w++ t+ r- y+ *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* From dmandl at lehman.com Tue Apr 26 06:43:35 1994 From: dmandl at lehman.com (David Mandl) Date: Tue, 26 Apr 94 06:43:35 PDT Subject: Milgram & Authority Message-ID: <9404261342.AA00547@disvnm2.lehman.com> > From: Duncan Frissell > > Milgram, Stanley > -------------------------------- > [...] Milgram took the results as > proof that ordinary people will inflict pain on innocent people when > commanded by an authoritative figure. I would agree, but I'd add an important qualifier: "in this country" (or "in this world," or whatever). I think it's important to keep in mind exactly how obedience to authority is inculcated in people from birth. _I_ don't think it's inborn. The goal should be breaking this pattern and, if it's too late for adults, at least try to raise kids to think for themselves and not follow orders so unquestioningly. --Dave. From ravage at bga.com Tue Apr 26 06:56:56 1994 From: ravage at bga.com (Jim choate) Date: Tue, 26 Apr 94 06:56:56 PDT Subject: CU Crypto Session Sat In-Reply-To: <199404260839.BAA28964@servo.qualcomm.com> Message-ID: <199404261356.AA04333@zoom.bga.com> > > >Denning mentioned terrorists. I rebutted with satellite surviellance. I > >pointed out that we could read a poker hand via computer enhancement. This > >visibly shook her. Escrowed encryption is completely unnecessary, and she > > Some time ago I worked out the theoretical limits on spy satellite > resolution. It's a simple exercise in optics, if you make optimistic > assumptions like no atmospheric distortion, etc. My only major > engineering assumption was that the objective mirror had to fit inside > the payload fairing of a Titan launcher, i.e., about 2 meters max. The > result, at visible wavelengths and for the slant ranges typical of spy > satellite orbits, was about 1 foot. This was completely consistent > with the leaked KH-11 photos of the Soviet aircraft carrier published > some time back in AW&ST and Deep Black. Good, but not exactly good > enough to read poker hands, I would say. > > Believe it or not, the laws of physics apply even to classified projects. > > Phil > > > A much simpler, computationaly anyway, solution is to look at Hubble... From joshua at cae.retix.com Tue Apr 26 07:07:01 1994 From: joshua at cae.retix.com (joshua geller) Date: Tue, 26 Apr 94 07:07:01 PDT Subject: Internet Relay Chat Message-ID: <199404261406.HAA03192@sleepy.retix.com> > On Mon, 25 Apr 1994 rishab at dxm.ernet.in wrote: > > I've noticed some discussions of IRC (Internet Relay Chat), both as a possible > > model for CP interactions, as well as a location for implementations of > > BlackNet (in #wares, etc.) > > > > Note that IRC, unlike MUDS, has been designed to ensure 'true-names'. While > > you do use nicknames, anyone can find out the machine name and user ID you are > > logged in from, with a /whois. Anytime you join or leave a channel, your full > > machine name and user ID is displayed to everyone, along with your nick. This > > is different from any (possibly pseudonymous) e-mail address you register for > > incoming mail. > > Fraid not....it's a trivial matter to fake the username, and if yer a > smart cookie, faking the hostname is just as easy. as far as I know, you have to hack the server to fake hostname. historically this practice has been frowned upon by the majority of IRC administrators. but yes, faking username is trivial. josh From avalon at coombs.anu.edu.au Tue Apr 26 08:19:22 1994 From: avalon at coombs.anu.edu.au (Darren Reed) Date: Tue, 26 Apr 94 08:19:22 PDT Subject: Internet Relay Chat In-Reply-To: Message-ID: <9404261519.AA09810@toad.com> With some experimentation, it is possible to have partially anonymous channels (all messges to/from the channel can appear as a singular name) but all inter-server messages must retain full identity which is a loss. Also, commands such as "/who #channel" and "/names #channel" currently return full info...and "/whois" will show you being on it...these can be changed, easily enough, but to have text traverse server-server with no id. would not work if you desired /kick and /mode. I'll work on fixing these three commands tonight. I might add, that this seriously screws with the most common (ircII) client and any others which keep their own private channel membership lists because the same person always enters and leaves >:-) Do cypherpunks believe this kind of anonymity is of any use ? av From sandfort at crl.com Tue Apr 26 08:34:28 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 26 Apr 94 08:34:28 PDT Subject: Milgram & Authority In-Reply-To: <199404261138.AA01558@panix.com> Message-ID: C'punks, On Tue, 26 Apr 1994, Duncan Frissell wrote regarding the experiments in which test subjects were told to give "victims" supposedly ever increasing jolts of electricity: > . . . > The main reason they did it is because they were being told to. Primates > have a hard time disobeying authority figures or standing out from the > crowd. > . . . Also, if memory serves me, they were told that the "researcher" would take "full responsibility" for the test subjects actions. This allowed the subjects to proceed since, in their minds, they were "only following orders." No one seemed to question the idea that it is possible for one person to take responsibility for the actions of another. I have asked myself many times, what would I have done? I like to think I would have refused, but I honestly don't know. Scary thought, huh? S a n d y From freeman at netcom.com Tue Apr 26 08:37:09 1994 From: freeman at netcom.com (Jay Reynolds Freeman) Date: Tue, 26 Apr 94 08:37:09 PDT Subject: CU Crypto Session Sat Message-ID: <199404261538.IAA10897@netcom.com> Phil Karn comments on spy-satellite resolution: > [Technical argument with which I agree, leading to approximate one-foot > resolution limit, deleted.] Phil's argument was for a 2-meter aperture at typical slant ranges in the visible-light band. I once did the calculation, also for a 2-meter aperture, with other circumstances being as optimal as I could make them; namely, looking straight down from a rather low perigee (I picked 200 Km), working in the near UV (where it still penetrates the atmosphere reasonably well -- I picked 3000 Angstroms as a round number), and with perfect seeing (which depends on luck, weather and exposure times, and perhaps on telescope and/or image-processing technology). For a circular aperture, the nominal resolving power (in radians) -- that is, the Airy disc radius to the first minimum -- is 1.22 * wavelength / aperture diameter, which for this case works out to 0.183 microradian. Multiplying by 200 Km gives 3.66 cm resolution on the ground. If one shapes the aperture to match the pattern under study, one can drive that factor of 1.22 down to as little as 0.5, but such shaping would likely be useful only for specific patterns not likely in the actual observation. I am told that careful image processing can sometimes resolve things a little below the Airy-disc limit, but not far -- the information really goes away fast at higher angular frequencies. So all in all, I am inclined to think that the best ground resolution attainable with a 2-meter aperture from orbit is about an inch. That is in fact just about enough to read a poker hand -- the spots on the cards are an inch or so apart -- but you might have trouble telling the face cards apart, as well as telling hearts from diamonds and clubs from spades. That is, if cards were well spread out you might see that a certain card had five black spots on it, or had a "face". I should probably explain about "Airy disc": The term crops up often in the study of astronomical imaging. The image of a point light source by perfect optics is a bulls-eye, a bright central spot surrounded by alternating light and dark rings, called the "Airy disc" after the physicist who first described it analytically. The 1.22 * wavelength / aperture is the angle from the center of the bright spot to the middle of the first dark ring. Of course, a possible way around this limit is to put up a larger, segmented mirror... -- Jay Freeman PS: References to physics texts on request... From hfinney at shell.portal.com Tue Apr 26 08:56:46 1994 From: hfinney at shell.portal.com (Hal) Date: Tue, 26 Apr 94 08:56:46 PDT Subject: message splitting for better mixing? Message-ID: <199404261557.IAA02689@jobe.shell.portal.com> Jim Miller > > The idea: > > 1) write sender-side code to split message into N parts and send each > part through a different remailer chain. > > 2) decrypt the parts as they arrive as per normal encrypted remailer > messages. > > 3) write receiver-side code to detect "a part" and stuff it in a file > until the remaining related parts arrive. When all related parts > have arrived, present the complete message to receiver. Here is a program I found in the usenet archives which will do some of the splitting and merging features. Note that the merge is smart in that you just cat the pieces together and process them. The main feature of the prog is that you can reconstruct even with a few missing pieces, necessary because of the unreliability of remailer email. I don't think the splitting is cryptographically strong, but each piece could be separately encrypted if desired. > Path: ghost.dsi.unimi.it!rpi!zaphod.mps.ohio-state.edu!cs.utexas.edu!uunet!newsflash.concordia.ca!clyde.concordia.ca!altitude!mirkwood.CAM.ORG!hebrais > From: hebrais at mirkwood.CAM.ORG (Philippe Hebrais) > Newsgroups: alt.sources > Subject: shade -- split a file with shadows > Message-ID: > Date: 13 Dec 92 07:57:05 GMT > Organization: Secte des adorateurs des semiconducteurs > Lines: 675 > X-Newsreader: MeNews 2.8.0 > > > SSSSS HH HH AAA DDDD EEEEEEE > SS SS HH HH AA AA DD DD EE > SSS HH HH AA AA DD DD EE > SSS HH HH AA AA DD DD EE > SSS HHHHHHH AAAAAAA DD DD EEEE > SSS HH HH AA AA DD DD EE > SSS HH HH AA AA DD DD EE > SS SS HH HH AA AA DD DD EE > SSSSS HH HH AA AA DDDD EEEEEEE > > `shade' is a file splitting and merging utility. It takes a large > file and splits it into uniformly sized blocks. It can also output > extra blocks (called shadows). These shadows can be used to recover > missing sections if they get corrupted or it they are lost. With a > single shadow, `shade' can recover ANY single missing block. As many > shadows are needed as there are blocks missing. If too few blocks > and shadows are available, nothing can be recovered. > > For example, foo.bar (259042 bytes) is split into 5 sections > of 45000 bytes, 1 section of 34042 bytes and 2 shadows of > 45000 bytes. Each of these 8 parts is sent through email. > Even if any two of these eight parts gets lost, the original > foo.bar can be reconstructed. > > `shade' is a simple application of the chinese remainder theorem > for polynomials with coeficients modulo two. For more information > see the comments at the beginning of project.c. > > > > SAMPLE USAGE > > Split "bar" (111042 bytes) into 20000 byte chunks and output 2 > shadows. All these parts will be uuencoded and output to > foo.uu.001, foo.uu.002, etc. > > % shade -u -k 2 -l 20000 -o foo bar > [001] [002] [003] [004] [005] [006] [aaa] [aab] Done. > > Merge these parts back together: > > % rm foo.uu.003 foo.uu.005 > % cat foo.uu.* | shade -m -u > Merging bar (111042 bytes) > Got section 4 (20000 bytes) > Got section 1 (20000 bytes) > Got section 2 (20000 bytes) > Got section 6 (11042 bytes) > Got shadow 1 (20000 bytes) > Got shadow 2 (20000 bytes) > > Missing: [003] [005] > > Recovering 2 sections: > [001] [002] [aaa] [004] [aab] [006] > > > > DISTRIBUTION > > Shade is copyright Philippe Hebrais 1992. You have the permission > to use this code is anyway you feel appropriate as long as you give > credit where it is due. There is no warranty of any kind. I am not > responsible for any damage caused directly or indirectly by this > program. > > > AUTHOR > , > Philippe Hebrais > > -- > Philippe Hebrais hebrais at mirkwood.cam.org > Voix: (514)731-9146 uunet!philmtl!altitude!mirkwood!hebrais From sameer at soda.berkeley.edu Tue Apr 26 08:57:58 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Tue, 26 Apr 94 08:57:58 PDT Subject: Internet Relay Chat In-Reply-To: <9404261519.AA09810@toad.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Darren Reed spake: > Do cypherpunks believe this kind of anonymity is of any use ? > I don't quite understand exactly what your server does, but there exists a server which provides anonymity by leeching off a standard server. For example, a user desiring anonymity would do: /server irc.caltech.edu and then /server anon.irc.host portnumber And if there is one of the anon servers running on that portnumber then the person appears on the irc completely identity-protected. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLb06WXi7eNFdXppdAQH9yQP/cXDpLUqvSpz8r3+lGn+DVwzUvIFoDSCA /npnIlMDEvPtOlSe/k8KjJeBDjWUMiEmkKOY3yAY+ZUSeQ/3GnHSK8t9XMYui+FY txHVJ2+B54Rp+fX4uWNwzqjcCNbhUaksoiEb8QrFaDPczX1kq4s0vpVua/leDGg2 HTG8C9SfL8Y= =dLeo -----END PGP SIGNATURE----- From hfinney at shell.portal.com Tue Apr 26 09:06:47 1994 From: hfinney at shell.portal.com (Hal) Date: Tue, 26 Apr 94 09:06:47 PDT Subject: spy satellites Message-ID: <199404261607.JAA03345@jobe.shell.portal.com> Two points re the spy satellite thread. First, spy satellites want to be close to what they are looking at, so they can see it better. That means they are generally in low orbits, and low orbits are fast orbits. Typical speeds are on the order of 10,000 mph. This means that any given spot is in view of a particular satellite for only a few minutes on each pass, and due to the earth's rotation it is hard to pass repeatedly over the same spot frequently. This means you need a large number of satellites in order to provide much coverage, and even then you will probably get snapshots at an interval of hours at best (I don't know how many satellites are flying). This is OK for military bases where you are looking at construction, ships, and other large equipment, but it is not at all adequate for tracking the movement of terrorists. Secondly, any technology which did allow the government to surveil us well enough to track the physical movements and meetings of terrorists would be far more of a threat than any Clipper chip! Offering satellite surveillance as an alternative to Clipper jumps from the frying pan into the fire, IMO. Hal From markh at wimsey.bc.ca Tue Apr 26 09:12:20 1994 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Tue, 26 Apr 94 09:12:20 PDT Subject: message splitting for better mixing? Message-ID: > Here is a program I found in the usenet archives which will do some of the > splitting and merging features. Note that the merge is smart in that you > just cat the pieces together and process them. The main feature of the prog > is that you can reconstruct even with a few missing pieces, necessary because > of the unreliability of remailer email. I don't think the splitting is > cryptographically strong, but each piece could be separately encrypted if > desired. You can also get shade from either ftp.wimsey.bc.ca:/pub/crypto/software/dist/???????/Misc/shade.tar.gz and shade.patch.gz or ftp.dsi.unimi.it:/pub/security/crypt/code/shade.tar.gz If you're outside the U.S. and Canada please use the Italian site. Mark -- Mark Henderson markh at wimsey.bc.ca - RIPEM MD5: F1F5F0C3984CBEAF3889ADAFA2437433 ViaCrypt PGP key fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 low security key fingerprint: EC E7 C3 A9 2C 30 25 C6 F9 E1 25 F3 F5 AF 92 E3 cryptography archive maintainer -- anon ftp to ftp.wimsey.bc.ca:/pub/crypto From hfinney at shell.portal.com Tue Apr 26 09:18:27 1994 From: hfinney at shell.portal.com (Hal) Date: Tue, 26 Apr 94 09:18:27 PDT Subject: Milgram & Authority Message-ID: <199404261618.JAA04119@jobe.shell.portal.com> From: Duncan Frissell > The subjects were very upset during and after the experiment. Some broke > down while administering "lethal" shocks. They often cried and begged the > "researcher" to let them stop zapping the victim. I saw a documentary about this research about ten years ago, and they made a point which hasn't come up here: that Milgram, in subjecting his exper- imental subjects to such psychological stress (many were traumatized for months afterwards about what they had done) was being just as unethical, just as unfeeling and unthinking, as his experiment was designed to show his sub- jects as being. Why was Milgram willing to push his subjects to such lengths? Was his obedience to the "authority" of abstract scientific research any more defensible than his subjects' obedience to that authority? In a strained attempt to tie this thread to the list, I will point out that our own efforts to distribute cryptographic tools will be judged by their consequences, not by our hopes. We have as much responsibility as Milgram to consider the likely results if we succeed. It will be a different world, and, we hope, a better one. But some things will be worse, of that there is little doubt. We must constantly weigh the bad against the good and take actions on that basis, rather than blindly and unthinkingly seeking to push the env- elope just to see what happens. Hal From hfinney at shell.portal.com Tue Apr 26 09:19:07 1994 From: hfinney at shell.portal.com (Hal) Date: Tue, 26 Apr 94 09:19:07 PDT Subject: Internet Relay Chat Message-ID: <199404261620.JAA04231@jobe.shell.portal.com> If you did hack your own IRC server, would it be possible to eavesdrop on channels like #warez, without anyone knowing, and without fear of being kicked off? It seems to me that this would be the true hacker's approach if it were possible. Hal From avalon at coombs.anu.edu.au Tue Apr 26 09:32:48 1994 From: avalon at coombs.anu.edu.au (Darren Reed) Date: Tue, 26 Apr 94 09:32:48 PDT Subject: Internet Relay Chat In-Reply-To: <199404261620.JAA04231@jobe.shell.portal.com> Message-ID: <9404261632.AA10453@toad.com> > > If you did hack your own IRC server, would it be possible to eavesdrop > on channels like #warez, without anyone knowing, and without fear of being > kicked off? It seems to me that this would be the true hacker's approach > if it were possible. > > Hal Yes. But, there is a catch...you only get traffic for #warez if your server is meant to see it...ie someone on your server is on that channel or your server forms part of the spanning tree for that channel. It's not difficult, but if you get caught..*ouch* av From mnemonic at eff.org Tue Apr 26 09:34:28 1994 From: mnemonic at eff.org (Mike Godwin) Date: Tue, 26 Apr 94 09:34:28 PDT Subject: Milgram & Authority In-Reply-To: <199404261618.JAA04119@jobe.shell.portal.com> Message-ID: <199404261633.MAA24470@eff.org> Hal writes: > I saw a documentary about this research about ten years ago, and they made > a point which hasn't come up here: that Milgram, in subjecting his exper- > imental subjects to such psychological stress (many were traumatized for > months afterwards about what they had done) was being just as unethical, just > as unfeeling and unthinking, as his experiment was designed to show his sub- > jects as being. Why was Milgram willing to push his subjects to such lengths? > Was his obedience to the "authority" of abstract scientific research any more > defensible than his subjects' obedience to that authority? I have my doubts about the ethics of Milgram's research. But it's difficult not to be grateful to him for his having done it. --Mike From ccumming at lglan.usafe.af.mil Tue Apr 26 09:55:27 1994 From: ccumming at lglan.usafe.af.mil (Cummings, Clarke A. - SMSgt) Date: Tue, 26 Apr 94 09:55:27 PDT Subject: How to Subscribe Message-ID: <2DBDBE12@524po1.usafe.af.mil> subscription instructions??? Or is this a **private** line. From joshua at cae.retix.com Tue Apr 26 10:06:03 1994 From: joshua at cae.retix.com (joshua geller) Date: Tue, 26 Apr 94 10:06:03 PDT Subject: Internet Relay Chat Message-ID: <199404261705.KAA03233@sleepy.retix.com> > If you did hack your own IRC server, would it be possible to eavesdrop > on channels like #warez, without anyone knowing, and without fear of being > kicked off? It seems to me that this would be the true hacker's approach > if it were possible. it's been done. this practice is also frowned upon by the generality of irc administrators. josh From cs000rrs at selway.umt.edu Tue Apr 26 11:53:50 1994 From: cs000rrs at selway.umt.edu (Ryan R Snyder) Date: Tue, 26 Apr 94 11:53:50 PDT Subject: crypto workbench In-Reply-To: <199404261705.KAA03233@sleepy.retix.com> Message-ID: Can someone please tell me where I might find a copy of the crypto workbench I've heard so much about? Thanks! Ryan Snyder, Consultant | --->Finger me for my PGP public key.<--- ___ University of Montana CIS| |\ /| CS000RRS at SELWAY.UMT.EDU | Copyright 1994 by Ryan R. Snyder. | 0 | RYE at ILLUMINATI.IO.COM | |/_\| RYE at CYBERSPACE.ORG | From tcmay at netcom.com Tue Apr 26 12:01:11 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 26 Apr 94 12:01:11 PDT Subject: Schneier's source code In-Reply-To: Message-ID: <199404261901.MAA07237@netcom.com> Rishab Ghosh wrote: > > * we also have fragments of C code accumulated and laboriously > > developed by Bruce Schneier. How many of us have bought the C code book > > and used the code? ^^^^^^^^^^^^^^^ > > As far as I know, there's the book, Applied Crypto, and the source code on disk. > Are you referring to the C code within the same book, the disk, or a book of That was a typo on my part. There is no separate "book" of code, just the diskettes. Someone in Cypherpunks has a novel solution: print code in the most easily OCRable font---I think the suggestion was that OCR-A and OCR-B, or somesuch, are optimized for this (one would think so from the names, but I had thought they had something to do with the magnetic ink printing on checks...). I'm sure Schneier would be entertain the idea of a special "exportable" version of his code in which purchasers paid the $30 he charges and received a loose-leaf book of very neatly and precisely printed code, ready for easy OCRing. And why not make it error-correctable? That is, provide a printed version that can be scanned, OCRed, then error-corrected for any minor character recognition errors? It may not be "human-readable," (*) but it's _printed_ and that meets the letter of the law. (*) And I can imagine human-readable versions that have the ECC stuff at the end of each line, or in a block below, or whatever. But this would not be the standard, of course. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From michael.shiplett at umich.edu Tue Apr 26 13:06:44 1994 From: michael.shiplett at umich.edu (michael shiplett) Date: Tue, 26 Apr 94 13:06:44 PDT Subject: Schneier's source code In-Reply-To: <199404261901.MAA07237@netcom.com> Message-ID: <199404262006.QAA22248@totalrecall.rs.itd.umich.edu> "tcm" == Timothy C May writes: tcm> Someone in Cypherpunks has a novel solution: print code in the tcm> most easily OCRable font---I think the suggestion was that OCR-A tcm> and OCR-B, or somesuch, are optimized for this (one would think tcm> so from the names, but I had thought they had something to do tcm> with the magnetic ink printing on checks...). One of the computer magazines ("Compute"?) in the '80s used to supply source in a bar code format which was readily scanned into one's machine using one of those "light wands." I don't know what export restrictions might apply to this distribution method. michael From frissell at panix.com Tue Apr 26 13:22:17 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 26 Apr 94 13:22:17 PDT Subject: Milgram & Authority In-Reply-To: Message-ID: On Tue, 26 Apr 1994, Sandy Sandfort wrote: > subjects to proceed since, in their minds, they were "only following > orders." No one seemed to question the idea that it is possible for one > person to take responsibility for the actions of another. > > I have asked myself many times, what would I have done? I like to think > I would have refused, but I honestly don't know. Scary thought, huh? > > > S a n d y > I've worried about the same thing myself. The best way to fight these tendancies is to "follow the tracks back to the barn." Uncover the illusion and place it in context. Whenever I visited Disneyland, I used to follow all the tracks back to the barns. Most of the rides there are rail vehicles even the submarine ride. You can see the reality of the place by observing the tracks. In the case of experiments like this you can be aware of the existence of the researcher and avoid trusting him. In the larger world, you can keep a death's grip on reality and note that people giving you orders are just men who have their own reasons for doing things. Trace the power relationships back to the barn. Never be afraid to jinx sideways to throw them off your tail. Practice violating small orders so that when it really counts, you'll be able to violate big orders smoothly without even having to think about it. Not to attack others facing a different world but how many jews could have saved themselves during the 1930s by choosing to become illegal aliens in the US or the UK. Practice disobedience. DCF Privacy 101 -- Don't get a driver's license from the state or country where you live. You gain absolutly no benefit from having one and not having one could easily save your life someday. You can drive a car in the US with a license from any nation on earth. From Lyle_Seaman at transarc.com Tue Apr 26 13:27:18 1994 From: Lyle_Seaman at transarc.com (Lyle_Seaman at transarc.com) Date: Tue, 26 Apr 94 13:27:18 PDT Subject: punknet Message-ID: A couple of my neighbors and I were talking about setting up a short-distance radio LAN (we talked about just running coax, but one of them is across a street and about 60 yds down, we don't want to buy/lease rights-of-way, etc). While I know my way around a soldering iron, I haven't designed a circuit in 10 years, and even then they weren't terribly complicated. Pointers to commercially available hardware or kit plans would be appreciated. -- Lyle Transarc 707 Grant Street 412 338 4474 The Gulf Tower Pittsburgh 15219 "Gossip is what makes the world go round. I have very few secrets. I would be deeply concerned if a device were marketed that could stop interception..." Emma Nicholson, MP. From blancw at microsoft.com Tue Apr 26 13:31:43 1994 From: blancw at microsoft.com (Blanc Weber) Date: Tue, 26 Apr 94 13:31:43 PDT Subject: Milgram & Authority Message-ID: <9404261932.AA17296@netmail2.microsoft.com> From: Hal We have as much responsibility as Milgram to consider the likely results if we succeed. It will be a different world, and, we hope, a better one. But some things will be worse, of that there is little doubt. We must constantly weigh the bad against the good and take actions on that basis, rather than blindly and unthinkingly seeking to push the envelope just to see what happens. ......................................................... I was thinking that perhaps Phil Zimmerman is under "fire" at this time because the powers-that-be have concluded that he pushed the envelope of liberty to an unacceptable degree; that he has been categorized by them as having taken a "bad" action without forethought in regard of the adverse consequences which will befall society, if everyone is in full possession of their very own secret code. Reading what Hal said earlier about PhilZ's qualities of character, I was thinking - if this is the kind of person whom they would define as a criminal, that his actions would be considered irresponsible and damaging, then it makes sense that from their perspective he should be subjected to investigation and prosecution (persecution?). Were their concerns based on the fact that he has introduced a dangerous tool into the "herd"? Was it that he had overstepped the boundaries of the authority allowed to him as a citizen unit? Was it that they feel threatened by what he represents to them in the kind of person he is (not respecting of their authority), or by the situation which was created when he made available his software to all? I'm examining the perspective from which one makes conclusions about human actions per se; how decisions about which actions to take depend upon how one interprets the situation. This discussion originally developed from the question of whether humans have herd instincts and whether this explains their behavior in the face of "authority". In a herd, the bovines don't have much room to see beyond the next cow, and it would be difficult to see why those in front will go in one direction or another, but it would be easy to follow along based on the presumption that the ones at the front who have the better view will also know why what direction to take better than those stuck somewhere in the middle. This experiment was a contrived fabrication, an 'experiment'. The information available about it was mostly limited to what the researcher provided, and some exaggerated behavior from the actors (I guess it was mostly sound?). I expect that the test subjects believed that the 'tortured ones' were in consent to being subjected to the supposed suffering with which they were being inflicted (right?), unlike a real circumstance wherein the torture would have been repelled and the participants would have had no cause to deliver it. In real life, there must be cause for behavior - things must make sense to the person who is interpreting the situation and making decisions about what to do. >From the perspective of many on this list, it's wrong to abdicate from personal responsibility even under stressful circumstances; on the other hand, the above example presents good argument for authoritative types who think it is necessary to lead people around by the nose because otherwise, it is claimed, they will not be able to make good moral decisions when left to their own devices (or Phil Zimmerman's devices). That they should be subject to an external authority because they cannot be trusted to know when to accept responsibility. Blanc From deeb at meceng.coe.neu.edu Tue Apr 26 13:40:54 1994 From: deeb at meceng.coe.neu.edu (Stephen Humble) Date: Tue, 26 Apr 94 13:40:54 PDT Subject: Schneier's source code In-Reply-To: <199404262006.QAA22248@totalrecall.rs.itd.umich.edu> Message-ID: <9404262039.AA02429@meceng.coe.neu.edu> michael shiplett sez: > tcm> Someone in Cypherpunks has a novel solution: print code in the > tcm> most easily OCRable font---I think the suggestion was that OCR-A > tcm> and OCR-B, or somesuch, are optimized for this (one would think > tcm> so from the names, but I had thought they had something to do > tcm> with the magnetic ink printing on checks...). > > One of the computer magazines ("Compute"?) in the '80s used to > supply source in a bar code format which was readily scanned into > one's machine using one of those "light wands." I don't know what > export restrictions might apply to this distribution method. Something that an unaided human can't read easily might run into problems. Why not use a font that's pleasant to read and include a checksum for each line? The reduced character set should make errors reading the checksums themselves less frequent and easier to detect. No OCR is perfect so you may as well be prepared to deal with errors. Stephen From jims at Central.KeyWest.MPGN.COM Tue Apr 26 13:46:55 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Tue, 26 Apr 94 13:46:55 PDT Subject: PGP Question: Message-ID: <9404262046.AA00927@Central.KeyWest.MPGN.COM> -----BEGIN PGP SIGNED MESSAGE----- I've looked in the docs for the answer but it is successful in evading me. My question: I have changed my ID string from my name to my name "-1024" and "-512" to differentiate between the different keys I have. Of course, using the -ke to do this has added a "Also known as" to my key. Since my name is the same in both and the mentioned keysizes are all that have changed I'd like to remove the AKA. Can I do this? If so how? Thanks, Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLb19ClZo7sR6KUT1AQFQwwP8Cg1tHgG3vSOO07YtGOjrJcgKWe/9Pyr3 IKtIRV0msg8pp1RrTwp/rDiWi11DG3VxAYWbZZ8Fnf8Y5prPRCwL5vGs2WZqFoXi rMSQCxlacUBt4hbzeQQ9IzzYgA8+9YTP9RIVY9k+sd1iu9tsIcP8yjPDJ9jcBgpb BEyCWAPDpXQ= =XMdl -----END PGP SIGNATURE----- From david at infopro.com Tue Apr 26 13:47:12 1994 From: david at infopro.com (Dragon (David Fiedler)) Date: Tue, 26 Apr 94 13:47:12 PDT Subject: Milgram & Authority In-Reply-To: Message-ID: <9404261346.aa23931@infopro.infopro.com> Duncan Frissell writes: > > Not to attack others facing a different world but how many jews could have > saved themselves during the 1930s by choosing to become illegal aliens in > the US or the UK. Don't you know how the US and UK physically turned back boatloads of people trying this? -- Dragon From jpp at markv.com Tue Apr 26 13:55:47 1994 From: jpp at markv.com (jpp at markv.com) Date: Tue, 26 Apr 94 13:55:47 PDT Subject: DId you ever think... In-Reply-To: <9404241823.AA04159@prism.poly.edu> Message-ID: <9404261354.aa06997@hermix.markv.com> > From: rarachel at prism.poly.edu (Arsen Ray Arachelian) > Date: Sun, 24 Apr 1994 14:23:19 -0400 (EDT) > > [...] so I certainly do not put it beyond their agenda, (D.Denning > on AOL mentioned that she didn't know if the IDEA cypher that PGP uses > was broken >YET< but she would comment no further. :-) Spreading inuendoes In Crypto 93 is described a class of 2^55 (if I remember correctly) IDEA keys for which IDEA offers scant security. Your chances of getting one of these is only 2^55/2^128 == 1 in 2^73 if you choose your IDEA keys with a uniform distribution from the IDEA keyspace. (The authors also propose a simple patch -- XOR each key part just before use with 0DAE. Does any one know of plans to implement this in PGP, or of reports that this scheme doesn't solve the problem, or introduces other problems?) So, DD wasn't lying, or even necesarily being tricky. Other cyphers have fallen before, and some cracks _are_ visible in IDEA already. Also, after reading Crypto '92 and '93 for a while, I am more and more impresed and suprised with the work that NSA put into creating DES from Lucifer. Impressed that it was so good, and suprised that the work was so honest (as far as anyone will report to date anyway.). j' -- O I am Jay Prime Positive jpp at markv.com 1250 bit fingerprint B06229 = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit fingerprint 2A915D = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys via `finger jpp at markv.com', or via email to pgp-public-keys at io.com Your feedback is welcome directly or via my symbol JPP on hex at sea.east.sun.com Resist the Clipper Chip, write "I oppose Clipper" to Clipper.petition at cpsr.org From perry at snark.imsi.com Tue Apr 26 14:13:46 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Tue, 26 Apr 94 14:13:46 PDT Subject: Milgram & Authority In-Reply-To: <9404261346.aa23931@infopro.infopro.com> Message-ID: <9404262113.AA08436@snark.imsi.com> Dragon says: > Duncan Frissell writes: > > Not to attack others facing a different world but how many jews could have > > saved themselves during the 1930s by choosing to become illegal aliens in > > the US or the UK. > > Don't you know how the US and UK physically turned back boatloads of > people trying this? I personally know someone who succeeded. The key was, I suppose, that he wasn't coming over with a boatload of other people. However, none of this has anything to do with cryptography. Perry From tcmay at netcom.com Tue Apr 26 14:17:42 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 26 Apr 94 14:17:42 PDT Subject: Milgram & Authority Message-ID: <199404262118.OAA25105@netcom.com> Duncan Frissell writes: >Never be afraid to jinx sideways to throw them off your tail. Practice >violating small orders so that when it really counts, you'll be able to >violate big orders smoothly without even having to think about it. > >Not to attack others facing a different world but how many jews could have >saved themselves during the 1930s by choosing to become illegal aliens in >the US or the UK. > >Practice disobedience. I heard a hilarious version of this, perhaps on another list a while back. Someone who had an office with several chairs for visitors in it was faced with people asking where they should sit. Visitor: "Where should I sit?" Office owner: "There." (points) visitor sits down... Office owner: "Sit over there." (points to another chair) visitor complies... Office owner: "No, go sit over there," (etc.) The point being that people who ask to be ordered around, when the situation doesn't warrant it (sometimes it may be appropriate/polite to ask where to sit, for example), deserve to be shown the folly of their ways. With regard to Hal's earlier point about the implications of cryptography, I don't worry much about it. Sure, the path we take in history will undoubtedly mean some folks who would have lived will now die....such is the nature of nearly all choices. (By not studying medicine and becoming an itinerant doctor in Africa, I have undoubtedly "killed" hundreds or even thousands of people living on the bare margin of survival who might likely have lived had one additional doctor been available. And so on.) Protecting my own privacy, my own financial dealings, using the currency of the form I wish to use (rather than which the State tries to compell me to use), and using other things on the Cypherpunks agenda can hardly be considered in the same class as coercing by physical force, murdering others, etc. I know Hal was not comparing use of crypto to coercion, but it needs to be said that what we are doing is fully moral by my standards. As to the Milgram case, I have no sympathies for the "traumatized." They knew they were subjects in an experiment, and were probably being paid for the experience. Besides, being one of the subjects I would think would be quite a memorable experience. In any case, since they actually harmed no one, but only were given a glimpse into their own psyches, what's the damage? (That they "felt" damaged is not enough, else every psychotherapist who aroused unwelcome memories and every party to a conversation who caused uncomfortable feelings would be similarly open to such claims of damage.) (Of course, the reality is that in today's world, Milgram's experiment would probably be labeled as torture--of the test subjects told to pull the levers--and he and his institution would be sued for multiple millions of dollars. One more reason for data havens, medical havens, and such.) If we go down the path of worrying about "psychic pain" inflicted on others, then how can we operate in a world of failed marriages and relationships, of hurt feelings, and of other such psychic damages? Emotional and psychological assault is part of the world, and is not at all the same as physical assault. We're losing track of this lately. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From bogus@does.not.exist.com Tue Apr 26 14:24:07 1994 From: bogus@does.not.exist.com () Date: Tue, 26 Apr 94 14:24:07 PDT Subject: CU Crypto Session Sat In-Reply-To: <199404261538.IAA10897@netcom.com> Message-ID: <9404262122.AA01185@helpmann.ebt.com> Phil Karn comments on spy-satellite resolution: > [Technical argument with which I agree, leading to approximate one-foot > resolution limit, deleted.] ... goes away fast at higher angular frequencies. So all in all, I am inclined to think that the best ground resolution attainable with a 2-meter aperture from orbit is about an inch. That is in fact just about enough to read a ... Of course, a possible way around this limit is to put up a larger, segmented mirror... -- Jay Freeman Could the same effect (as a segmented mirror) be achieved by taking multiple pictures (from the same mirror) and processing them together? E.g. does synthetic aperture radar actually produce higher resolution than achievable from a single "snapshot"? If so, then this might work (at least for slow-moving targets :-)... Enchoiring Mimes Want to Know! -- dat at ebt.com (David Taffs) From panzer at dhp.com Tue Apr 26 14:38:18 1994 From: panzer at dhp.com (Panzer Boy) Date: Tue, 26 Apr 94 14:38:18 PDT Subject: Internet Relay Chat In-Reply-To: <199404261620.JAA04231@jobe.shell.portal.com> Message-ID: And as I read down the list people seem to believe this is possible. I fall into the category of "until I see it..." -Matt (panzer at dhp.com) "That which can never be enforced should not be prohibited." From panzer at dhp.com Tue Apr 26 14:42:51 1994 From: panzer at dhp.com (Panzer Boy) Date: Tue, 26 Apr 94 14:42:51 PDT Subject: Internet Relay Chat In-Reply-To: Message-ID: On Tue, 26 Apr 1994, Panzer Boy wrote: > And as I read down the list people seem to believe this is possible. > I fall into the category of "until I see it..." I hate it when I do this, 4 hours of sleep and a 10 hour work day can do that to you. Forgot to delete the "cc" line in the previous post. I haven't seen anyone do the IRC spy thing, and I don't quite see how it's possible without OP status or a hacked server... If the masses that have stated that it's possible would like to demonstrate, please send me mail as I would be very welcome to see this... -Matt (panzer at dhp.com) "That which can never be enforced should not be prohibited." From exabyte!smtplink!mikej at uunet.UU.NET Tue Apr 26 15:12:18 1994 From: exabyte!smtplink!mikej at uunet.UU.NET (exabyte!smtplink!mikej at uunet.UU.NET) Date: Tue, 26 Apr 94 15:12:18 PDT Subject: Where to get PGP Message-ID: <9403267674.AA767400589@smtplink.exabyte.com> -----BEGIN PGP SIGNED MESSAGE----- WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) (Last modified: 26 April 1994 by Mike Johnson) The latest commercial version is 2.4 The latest freeware Mac version is 2.3 The latest freeware version for all other platforms is 2.3a If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in Phoenix, Arizona, USA. The commecial version of PGP is fully licensed to use the patented RSA and IDEA encryption algorithms in commercial applications, and may be used in corporate environments in the USA and Canada. It is fully compatible with, functionally the same as, and just as strong as the freeware version of PGP. Due to limitations on ViaCrypt's RSA distribution license, ViaCrypt only distributes executable code and documentation for it, but they are working on making PGP available for a variety of platforms. Call or write to them for the latest information. The latest information I have from them on compiled versions are: MS-DOS 2.4 Unix 2.4 (several different platforms) WinCIM CSNAV 2.4 Mac version expected late this summer. ViaCrypt David A. Barnhart, Product Manager 2104 West Peoria Avenue Phoenix, Arizona 85029 Tel: (602) 944-0773 Fax: (602) 943-2601 E-Mail: 70304.41 at compuserve.com E-Mail: wk01965 at worldlink.com Credit card orders only. (800)536-2664 (8-5 MST M-F) The freeware version of PGP is intended for noncommercial, experimental, and scholarly use. It is available on thousands of BBSes, commercial information services, and Internet anonymous-ftp archive sites on the planet called Earth. This list cannot be comprehensive, but it should give you plenty of pointers to places to find PGP. Although the latest freeware version of PGP was released from outside the USA (New Zealand), it is not supposed to be exported from the USA under a strange law called the International Traffic in Arms Regulations (ITAR). Because of this, please get PGP from a site outside the USA if you are outside of the USA. This data is subject to change without notice. If you find that PGP has been removed from any of these sites, please let me know so that I can update this list. Likewise, if you find PGP on a good site elsewhere (especially on any BBS that allows first time callers to access PGP for free), please let me know so that I can update this list. Thanks to Gary Edstrom and Hugh Miller for providing part of this data. FTP sites: soda.berkeley.edu /pub/cypherpunks/pgp (DOS, MAC) Verified: 21-Dec-93 ftp.demon.co.uk /pub/amiga/pgp /pub/archimedes /pub/pgp /pub/mac/MacPGP ftp.informatik.tu-muenchen.de ftp.funet.fi ghost.dsi.unimi.it /pub/crypt Verified: 21-Dec-93 ftp.tu-clausthal.de (139.174.2.10) wuarchive.wustl.edu /pub/aminet/util/crypt src.doc.ic.ac.uk (Amiga) /aminet /amiga-boing ftp.informatik.tu-muenchen.de /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2) black.ox.ac.uk (129.67.1.165) /src/security/pgp23A.zip (MS-DOS executables & docs) /src/security/pgp23srcA.zip (Unix, MS-DOS, VMS, Amiga sources, docs, info on building PGP into mailers, editors, etc.) /src/security/pgp23A.tar.Z (Same as PGP22SRC.ZIP, in Unix tar format) /src/security/macpgp2.3.cpt.hqx (Macintosh version) iswuarchive.wustl.edu pub/aminet/util/crypt (Amiga) csn.org /mpj/README.MPJ contains variable directory name -- read this first. /mpj/help explains how to get to hidden directory containing PGP /mpj/I_will_not_export/crypto_???????/pgp/ contains current PGP /mpj/I_will_not_export/crypto_???????/pgptools/ contains related tools /mpj/public/pgp/ contains PGP shells, faq documentation, etc. ftp.netcom.com /pub/mpj (see README.MPJ -- similar layout to csn.org//mpj) /pub/gbe/pgpfaq.asc -- frequently asked questions answered. nic.funet.fi (128.214.6.100) /pub/crypt/pgp23A.zip /pub/crypt/pgp23srcA.zip /pub/crypt/pgp23A.tar.Z van-bc.wimsey.bc.ca (192.48.234.1) /m/ftp2/crypto/RSA/PGP/2.3a/pgp23A.zip /m/ftp2/crypto/RSA/PGP/2.3a/pgp23srcA.zip ftp.uni-kl.de (131.246.9.95) qiclab.scn.rain.com (147.28.0.97) pc.usl.edu (130.70.40.3) leif.thep.lu.se (130.235.92.55) goya.dit.upm.es (138.4.2.2) tupac-amaru.informatik.rwth-aachen.de (137.226.112.31) ftp.etsu.edu (192.43.199.20) princeton.edu (128.112.228.1) pencil.cs.missouri.edu (128.206.100.207) StealthPGP: The Amiga version can be FTP'ed from the Aminet in /pub/aminet/util/crypt/ as StealthPGP1_0.lha. Also, try an archie search for PGP using the command: archie -s pgp23 (DOS Versions) archie -s pgp2.3 (MAC Versions) ftpmail: For those individuals who do not have access to FTP, but do have access to e-mail, you can get FTP files mailed to you. For information on this service, send a message saying "Help" to ftpmail at decwrl.dec.com. You will be sent an instruction sheet on how to use the ftpmail service. Another e-mail service is from nic.funet.fi. Send the following mail message to mailserv at nic.funet.fi: ENCODER uuencode SEND pub/crypt/pgp23srcA.zip SEND pub/crypt/pgp23A.zip This will deposit the two zipfiles, as 15 batched messages, in your mailbox with about 24 hours. Save and uudecode. BBS sites: Hieroglyphics Vodoo Machine (Colorado) DOS version only (303) 443-2457 Verified: 26-Dec-93 Colorado Catacombs BBS (Longmont, CO) v.32bis/v.42bis 14,400 baud (303) 938-9654 (Boulder, CO number) 8 data bits, 1 stop, no parity (303) 678-9939 (Longmont, CO number) Exec-Net (New York) Host BBS for the ILink net. (914) 667-4567 The Ferret BBS (North Little Rock, Arkansas) (501) 791-0124 also (501) 791-0125 Carrying RIME, Throbnet, Smartnet, and Usenet Special PGP users account: login name: PGP USER password: PGP This information from: Jim Wenzel PGP 2.3A has been posted to the FidoNet Software Distribution Network and should soon be up on most if not all Canadian and U.S. nodes carrying SDN software. It has also been posted on almost all of the major private North American BBS systems, thence to countless smaller boards. Consult a list of your local BBSes; most with a sizeable file inventory should carry the program under the filenames listed below. If you find a version of the PGP package on a BBS or FTP site and it does not include the PGP User's Guide, something is wrong. The manual should always be included in the package. If it isn't, the package is suspect and should not be used or distributed. The site you found it on should remove it so that it does no further harm to others. Here is the result of an archie search for pgp: Host gatekeeper.dec.com Location: /.0/BSD/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 16 23:10 pgp Host hpcsos.col.hp.com Location: /mirrors/.hpib1/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 17 00:10 pgp Host netcom.com Location: /pub/halliday FILE -rwx------ 212992 Nov 27 20:21 pgp Location: /pub/kevitech FILE -rwxr-xr-x 89643 Dec 3 05:46 pgp Location: /pub/torin DIRECTORY drwx--x--x 4096 Jan 11 18:59 pgp Host quepasa.cs.tu-berlin.de Location: /.4/pub/bsd/386bsd-0.1/unofficial/doc/software FILE -rw-rw-r-- 12121 Feb 2 1993 pgp Host files1zrz.zrz.tu-berlin.de Location: /pub/mail DIRECTORY drwxr-xr-x 1024 Jan 11 1993 pgp Host sun.rz.tu-clausthal.de Location: /pub/atari/misc DIRECTORY drwxr-xr-x 512 Dec 30 18:56 pgp Host ftp.uni-kl.de Location: /pub1/unix/security DIRECTORY drwxrwxr-x 512 Feb 24 1993 pgp Host minnie.zdv.uni-mainz.de Location: /pub/atari/misc DIRECTORY drwxr-xr-x 512 Dec 30 17:56 pgp Host info1.rus.uni-stuttgart.de Location: /afs/.rus.uni-stuttgart.de/sw/rs_aix32/pgp-2.3/bin FILE -rwxr-xr-x 211318 Aug 23 1993 pgp Host info2.rus.uni-stuttgart.de Location: /afs/rus.uni-stuttgart.de/sw/rs_aix32/pgp-2.3/bin FILE -rwxr-xr-x 211318 Aug 23 1993 pgp Host jhunix.hcf.jhu.edu Location: /pub/public_domain_software/NetBSD/usr/src/usr.bin/file/magdir FILE -rw-r--r-- 478 Jun 9 1993 pgp Host bloom-picayune.mit.edu Location: /pub/usenet-by-hierarchy/alt/security DIRECTORY drwxrwxr-x 512 Mar 14 00:17 pgp Host mintaka.lcs.mit.edu Location: /pub DIRECTORY drwxr-xr-x 512 Jun 18 1993 pgp Host cecelia.media.mit.edu Location: /pub FILE -rw-r--r-- 321424 Nov 30 20:27 pgp Host josquin.media.mit.edu Location: /pub FILE -rw-r--r-- 321424 Nov 30 20:27 pgp Host archive.egr.msu.edu Location: /pub DIRECTORY drwxr-xr-x 512 Mar 9 18:58 pgp Host xanth.cs.odu.edu Location: /pub DIRECTORY drwxrwxr-x 512 Oct 18 00:00 pgp Host arthur.cs.purdue.edu Location: /pub/pcert/tools/unix DIRECTORY drwxr-xr-x 512 Jul 31 1993 pgp Host f.ms.uky.edu Location: /pub2/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -rw-r--r-- 478 Dec 17 02:10 pgp Host dime.cs.umass.edu Location: /pub/rcf/exp/build/pgp-2.3 FILE -rwxr-xr-x 241916 Mar 15 15:42 pgp Location: /pub/rcf/exp/build/pgp-2.3/src FILE -rwxr-xr-x 241916 Mar 15 15:41 pgp Host granuaile.ieunet.ie Location: /ftpmail-cache/ie/tcd/maths/ftp/src/misc DIRECTORY drwxr-xr-x 512 Dec 2 11:43 pgp Host walton.maths.tcd.ie Location: /src/misc DIRECTORY drwxr-xr-x 512 May 30 1993 pgp Location: /src/misc/pgp-2.0/src FILE -rwxr-xr-x 316640 Oct 18 1992 pgp Host cs.huji.ac.il Location: /pub/security DIRECTORY drwxrwxr-x 512 Oct 26 19:26 pgp Host ftp.germany.eu.net Location: /pub/comp/msdos/local/utils DIRECTORY drwxr-xr-x 512 Jul 12 1993 pgp Host csn.org Location: /mpj/public DIRECTORY drwxr-xr-x 512 Mar 14 20:30 pgp Host isy.liu.se Location: /pub/misc DIRECTORY drwxr-xr-x 512 Sep 19 00:00 pgp - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQCNAi0aFSUAAAEEAOCOKpaLepvJCFgIR4m+UvZe0IN8g7Guwc+6GH4u6UGTPxQO iAhk/MJ7E8LE4c55A1G8to2W4y3aKAHvi9QCYKnsLV8Ag0BYWo3bGGTPEfkS7NAI N+Zy6vSjuF1D6MUnbvrQJ5p4efz7a28iYRKoAdan2bfnvIYWUD9nBjyFM+vFAAUR tDdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajQgW2V4cCAz MSBEZWMgOTRdiQCVAgUQLTqfXj9nBjyFM+vFAQGU7wP/ZuuHfdAnCIblNCtbLLG8 39CSg6JIVa3KWfe0WIz6dXFU3cvl2Wt094kJgZ+Nmq01INWlib2lTOznbkA9sV1W q0aJSBHFWQH29qGmIdEqThs7A5ES2w8eRjJD80lxHodRIkBcC5KI6x4Mxo8cib5V BrwsvtG0+81HD6Mrpvc+a0GJAJUCBRAtJc2rZXmEuMepZt0BAe4hA/9YANYPY4Z3 1pXv2mT6ReC09cZS5U3+xxC5brQdLsQGKuH6QVs/b5oc6NV84sh8A9tZyHG2067o 3XIEyN7PPQzRm2UUnHHqw9lBCNhMiFQsAJi4W+m8zXrVrpJWK0Wv61eV2/XIQl0V d4lxu0r+MNRP6ID6FBzA4C9rO+RYEZmwOIkAlQIFEC0aGRzb/VZRBVJGuQEBfaUD /3c2h//kg843OIcYHG4gMDqdeeZLzGlp3RVvh0Rs3/T0YylJZGjPL2L/BF/vfLlB 9E2Urh9mDG/7hiB5FncrUnkmN63IkSj+K9YyfPyYxBVx06Srj8ZzYynh0N+zledd 6cnwxRXhaD3Wc4EfSNR7BH9M2rjkGzyb5to9cgBb0ng+ =BLg5 - -----END PGP PUBLIC KEY BLOCK----- ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp:csn.org//mpj/README.MPJ for crypto stuff | | |||/ /_\ | aka mpj at netcom.com mpjohnson at ieee.org mikej at exabyte.com | | |||\ ( | m.p.johnso at nyx.cs.du.edu CIS 71331,2332 PGP key by finger | | ||| \ \_/ |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLb2GQD9nBjyFM+vFAQGhkAP/SNtm2H+Id/P7ohoBIboe41GVKHWYxAyO I+wopaNMMLKpwQsIk16lFpJFL2HvtanZtJo7A8iIE/cQqzeQ55yaieepnPH6AbJB Mh1o81EywgrOUAp/D05aO6xUNlvSAEPaBe4FutxUacXsRrk4PUS4Upx1kbHCq68O BxcKObtAVhU= =mA3W -----END PGP SIGNATURE----- From tcmay at netcom.com Tue Apr 26 15:12:19 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 26 Apr 94 15:12:19 PDT Subject: Synthetic Apertures to Increase Resolution In-Reply-To: <9404262122.AA01185@helpmann.ebt.com> Message-ID: <199404262213.PAA21727@netcom.com> > > Could the same effect (as a segmented mirror) be achieved by taking multiple > pictures (from the same mirror) and processing them together? E.g. does > synthetic aperture radar actually produce higher resolution than achievable > from a single "snapshot"? If so, then this might work (at least for slow-moving > targets :-)... > dat at ebt.com (David Taffs) Yes, but the positional accuracy required (on the order of the wavelength) would be prohibitive to achieve. (Such things may be possible for the NRO's DSP (more acronym overloading: DSP stands for Defense Support Program) satellites to implement. I haven't heard any speculations that this is actually being done.) Synthetic Aperture Radar is feasible becuase the wavelengths are so much larger. The new Keck Telescope will eventually use a second telescope, now under construction, located some distance away, for very long baseline interferometry...I have no idea if it can be made to work as an actual synthetic aperture. Jay Freeman man know. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From bogus@does.not.exist.com Tue Apr 26 15:17:51 1994 From: bogus@does.not.exist.com () Date: Tue, 26 Apr 94 15:17:51 PDT Subject: anti-clipper t-shirt In-Reply-To: Message-ID: <9404262217.AA01294@helpmann.ebt.com> If you get the address (and/or other info), please let me know -- I lost it too, but would be interested in ordering... Date: Mon, 25 Apr 1994 14:29:59 -0400 (EDT) From: This Space For Rent Mime-Version: 1.0 Sender: owner-cypherpunks at toad.com Precedence: bulk Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Length: 981 On Mon, 25 Apr 1994 iplus1hope at aol.com wrote: > I am amazed at the response to the anti-clipper t-shirt we created. If you Speaking of T-shirts...is the gentleman who was producing the other shirt (the 1984 shirt) acknowledging orders? I sent my check, address, adn e-mail address, and haven't heard a peep...if he's not, that's fine...I was just under the impression that he was, which makes me wonder if Big Brother's postal minion lost my order somewhere along the way... Sorry to address this to the whole list, but I've lost his address. Andrew Fabbro If laws are outlawed, weltschmerz at umich.edu only outlaws will University of Michigan have laws. Fnord. _____________________________________________________________ Finger afabbro at churchst.ccs.itd.umich.edu for PGP public key. PGPprint: 87 41 65 E0 C2 51 9F E5 A9 44 ED A6 6B 16 76 9E NSA bait: assassinate uranium dreamland CIA p.o.e. zimmerman From eichin at paycheck.cygnus.com Tue Apr 26 15:31:53 1994 From: eichin at paycheck.cygnus.com (Mark W. Eichin) Date: Tue, 26 Apr 94 15:31:53 PDT Subject: Schneier's source code In-Reply-To: <199404262006.QAA22248@totalrecall.rs.itd.umich.edu> Message-ID: <9404262213.AA05847@paycheck.cygnus.com> Quoth michael.shipett at umich.edu: >> One of the computer magazines ("Compute"?) in the '80s used to >> supply source in a bar code format which was readily scanned into Actually, BYTE used to publish things in "BYTEcode", a simple barcode system (narrow for 0, wide for 1, or something like that, no modulation of the gap like you find in UPC) and they had articles spread over several years on how to build simple readers, both hardware side and software side. (One even involved wrapping the page around a coffee can, placing it on a turntable, and then having a latching device to move the wand "up" one "track" on signal from the computer... so it could automatically retry bad tracks...) If people really care to resurrect it, I could go digging, email me if you'd like me to try. I don't think BYTE ever had any trouble with exporting it -- but then, I don't recall ever seeing crypto software in that form. (Carl Helmers, one of the founders of BYTE, is on the net these days, and might have useful input...) Quoth tcmay at netcom.com: >> easily OCRable font---I think the suggestion was that OCR-A and OCR-B, >> or somesuch, are optimized for this (one would think so from the >> names, but I had thought they had something to do with the magnetic >> ink printing on checks...). Magnetic ink printing is done with MICR fonts (Magnetic Ink Character Recognition, or something like that... Under version 10 of the X Window System, there was a screen font based on MICR. Pretty ugly.) The OCR fonts really are designed for OCR... I don't recall the distinction between A and B, I think the latter actually has lower case as well as upper case :-), but you can find an OCR font for TeX/MetaFont in one of the standard places (archie CTAN if you don't have a place to start from...) There are also print-wheels (remember daisywheel printers?) for the font, and many of the Computer Output Microfiche services from the 70's and 80's printed all microfiche in one of the OCR fonts for easy future retrieval. Anyone out there have experience with modern OCR systems (not the highest tech Kurzweil units, but something your average hacker could get cheap for his PC or Mac) and know if OCR fonts are even worth the trouble these days? I'd guess that a good monospace Courier font would be just as readable to modern scanners. After all, Dr. Dobbs (April 1994) has listings for Blowfish encryption code, in C, in about a 6pt Courier font; I note, however, that they also have them up for ftp (ftp://ftp.mv.com/pub/ddj/1994.04/blowfish.asc) so perhaps it doesn't matter how easy it is to scan. _Mark_ ... just me at home ... From eichin at paycheck.cygnus.com Tue Apr 26 15:32:15 1994 From: eichin at paycheck.cygnus.com (Mark W. Eichin) Date: Tue, 26 Apr 94 15:32:15 PDT Subject: CU Crypto Session Sat In-Reply-To: <9404262122.AA01185@helpmann.ebt.com> Message-ID: <9404262226.AA05855@paycheck.cygnus.com> A couple of years ago, IEEE Spectrum did an article which took the premise that spy-satellite optics could be made that were as good as the Hubble Space Telescope optics (for various reasons, pointing Hubble at the earth "just wouldn't work" :-) They came up with some number like "1 foot resolution" -- and then did some processing on a photograph to demonstrate what that meant. The picture used was a rear view of a VW Bug, with a copy of Isvestia resting on the upper edge of the trunk. Basically, you could tell there was something sitting there, but you couldn't read the headlines :-) Unfortunately, my library is at the moment unindexed, due to a recent move, or I'd include a reference to the article; perhaps someone else here saw it... it covers the physics involved rather well, and lists a lot of the relevant engineering details. _Mark_ ... just me at home ... From blancw at microsoft.com Tue Apr 26 15:37:37 1994 From: blancw at microsoft.com (Blanc Weber) Date: Tue, 26 Apr 94 15:37:37 PDT Subject: Milgram & Authority Message-ID: <9404262138.AA23699@netmail2.microsoft.com> From: Timothy C. May If we go down the path of worrying about "psychic pain" inflicted on others, then how can we operate in a world of failed marriages and relationships, of hurt feelings, and of other such psychic damages? ....................................... What about the psychic trauma caused by Clipper? You could probably make a case for that, in terms of psychological warfare, given the current attitudes. Blanc From erich at soda.Berkeley.EDU Tue Apr 26 15:51:00 1994 From: erich at soda.Berkeley.EDU (Erich von Hollander) Date: Tue, 26 Apr 94 15:51:00 PDT Subject: the soda cypherpunks ftp site In-Reply-To: Message-ID: <199404262250.PAA22378@soda.Berkeley.EDU> In message , "Robe rt A. Hayden" writes: >What does csua stand for? computer science undergraduate association, the group that owns and runs soda.berkeley.edu. e From mg5n+ at andrew.cmu.edu Tue Apr 26 15:51:57 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 26 Apr 94 15:51:57 PDT Subject: punknet In-Reply-To: Message-ID: <8hjNeRO00awTACnUU3@andrew.cmu.edu> Lyle_Seaman at transarc.com wrote: > A couple of my neighbors and I were talking about setting up a > short-distance radio LAN (we talked about just running coax, > but one of them is across a street and about 60 yds down, we > don't want to buy/lease rights-of-way, etc). While I know > my way around a soldering iron, I haven't designed a circuit > in 10 years, and even then they weren't terribly complicated. > Pointers to commercially available hardware or kit plans > would be appreciated. Well, I did something similiar about 3 years ago with a friend. But we just laid a wire down on the street one evening, spread roofing tar over it (the liquid sealant type) and let it dry overnight. :) If your street has had many patches/repairs over the years, it's unlikely a casual observer would notice. (Those that did notice ours thought it was pretty creative...) But anyway, on the radio circuit: Building a radio transceiver isn't too difficult...but connecting it to your computer could be. Probably the easiest thing to do is get a simple analog transciever, and use a error-correcting modem. Unfortunately that wouldn't be much better than doing it over the phone anyway... But let me know how you're project works out, I might be interested in doing something similiar. From erich at soda.Berkeley.EDU Tue Apr 26 15:52:01 1994 From: erich at soda.Berkeley.EDU (Erich von Hollander) Date: Tue, 26 Apr 94 15:52:01 PDT Subject: the soda cypherpunks ftp site In-Reply-To: Message-ID: <199404262251.PAA22639@soda.Berkeley.EDU> In message , "Robe rt A. Hayden" writes: >Also, jsut to make sure, is the home page going to be moved as well? I >have this as an alias: > >alias cypherpunks="ftp://soda.berkeley.edu/pub/cypherpunks/Home.html" > >Do I need to change it? yeah, it probably will change, but it's probably still soda for now. i'll update you later on that one. e From karn at qualcomm.com Tue Apr 26 16:21:19 1994 From: karn at qualcomm.com (Phil Karn) Date: Tue, 26 Apr 94 16:21:19 PDT Subject: Schneier's source code In-Reply-To: <9404262213.AA05847@paycheck.cygnus.com> Message-ID: <199404262320.QAA00764@servo.qualcomm.com> Oh come on, all this talk about OCR makes it sound like nobody would ever be willing to just type in the code by hand. It only need be done once, and the task could easily be divided up for a group. The listings for any particular cipher just aren't that long. Phil From johnsonc at chem.udallas.edu Tue Apr 26 16:33:15 1994 From: johnsonc at chem.udallas.edu (Carrie A. Johnson) Date: Tue, 26 Apr 94 16:33:15 PDT Subject: prime numbers Message-ID: <9404262331.AA13940@chem.udallas.edu> I'm just wondering if anyone knows whether or not (1+4k) can be written as the sum of squares or not, and if so, what the proof of that is? Anyone care to share?? Thank you, Carrie Anne Johnson -- What? Because I kill indiscriminately? -Tom Servo From bogus@does.not.exist.com Tue Apr 26 16:42:21 1994 From: bogus@does.not.exist.com () Date: Tue, 26 Apr 94 16:42:21 PDT Subject: Synthetic Apertures to Increase Resolution In-Reply-To: <199404262213.PAA21727@netcom.com> Message-ID: <9404262341.AA01385@helpmann.ebt.com> From: tcmay at netcom.com (Timothy C. May) > > Could the same effect (as a segmented mirror) be achieved by taking multiple > pictures (from the same mirror) and processing them together? E.g. does > synthetic aperture radar actually produce higher resolution than achievable > from a single "snapshot"? If so, then this might work (at least for slow-moving > targets :-)... > dat at ebt.com (David Taffs) Yes, but the positional accuracy required (on the order of the wavelength) would be prohibitive to achieve. (Such things may be possible for the NRO's DSP (more acronym overloading: DSP stands for Defense Support Program) satellites to implement. I haven't heard any speculations that this is actually being done.) Synthetic Aperture Radar is feasible becuase the wavelengths are so much larger. The new Keck Telescope will eventually use a second telescope, now under construction, located some distance away, for very long baseline interferometry...I have no idea if it can be made to work as an actual synthetic aperture. Jay Freeman man know. I wasn't thinking so much of interferometry techniques (although my reference to synthetic radar certainly implies them), but rather something on the order of a filter which might work (independent of the wavelength of light) as follows: Take, for example, the square box pixellation (is this the right word here?) used to blot out people's faces on TV sometimes. Put a long (preferably continuous) series of images into the computer, and build a model of the movement of the person's head (the camera isn't perfectly still; assume that the person, however, does stay still). Use the data about how adjacent pixels change over time to improve the model of what the person's face really looks like. This is independent of the wavelength of light -- it does of course depend on the resolution of the square pixels used to blot the peron's face, but not particularly on the wavelength or resolution of the camera (assuming it is much better than the square blotches). I first noticed this effect watching Court TV's coverage of the William Kennedy Smith rape trial (I was home sick at the time), while the victim testified. I felt that as the person (and camera) moved around, I could gradually form a better opinion of what the person looked like than just provided by the square blotches, by noting when and how the (macro-)pixels changed. Of course, just filtering a single frame would be better than looking at the sharp-edged squares. I'm talking about averaging all these filtered images over time, compensating for movement of the camera and subject. It would seem to me that over long enough time, perhaps using more sophisticated mathematics than just averaging (although just plain averaging seems like the right operation here), if there was actually enough movement to provide enough resolution, you could eventually get to a real photographic-quality image of the person. This process might be similar to CAT scans, where a lot of low-resolution "pictures" are combined to create a high-resolution image, except the distribution would be temporal rather than spatial. ObCryptoJustification: I think is relevant to c'punks, because it involves decryption of an encrypted signal (recovering the face of a person when it was intentionally distorted). Does this mean that if people like Court TV really want to blur people's faces, they need to add crypto-secure noise instead of just averaging the micro-pixels into macro-pixels? I think so! ObRandomOtherThreadWithMarginalCryptoJustificationButInReplyToOtherCpunksMsgs: and also ObAdditionalMetaDiscussionAboutWhatIsAppropriateForThisList: I also thought the license plate joke was definately relevant to c'punks, because it was actually a code, where the cleartext domain was conceptual rather than textual, just like this mail talks about a domain in 2-space (or 3-space) images, rather than text. Also, the fact that the "plaintext" was actually a pun involving multiple coding schemes made it relevant to this list also IMHO. Also, I think short humor is appropriate for any list, at least if it is both funny and computer-related, but I admit that may be stretching it for some here. I assume that coding (as distinguished from ciphering) is indeed relevant to this list... -- dat at ebt.com (David Taffs) From johnsonc at chem.udallas.edu Tue Apr 26 16:57:18 1994 From: johnsonc at chem.udallas.edu (Carrie A. Johnson) Date: Tue, 26 Apr 94 16:57:18 PDT Subject: cute.. ;) In-Reply-To: Message-ID: <9404262355.AA11245@chem.udallas.edu> > == 1+4000 = 4001? I know this isn't your question. give me the real number haha... cute. oops, I guess I forgot an essential part of the problem.... that should be "If (1+4k) is _prime_, can it be expressed as the sum of squares? If so, what's the proof of this..." btw, for technicalities sake, let k be a variable!! cute matt ;) thanks again.... Carrie Anne > From kafka at desert.hacktic.nl Tue Apr 26 17:01:32 1994 From: kafka at desert.hacktic.nl (-=[ Patrick Oonk ]=-) Date: Tue, 26 Apr 94 17:01:32 PDT Subject: Remailer Musings In-Reply-To: Message-ID: <199404270001.AA01887@xs4all.hacktic.nl> -----BEGIN PGP SIGNED MESSAGE----- edgar at spectrx.sbay.org (Edgar W. Swank) once said: ED> in Canada. We need more remailers in more countries. Places like ED> Hong Kong or Russia, which don't give a shit about copyrights. Denmark ED> or Holland, which don't give a shit about kiddy porn. I'd like to inform you that, contrary to popular belief, child pornography is illegal in The Netherlands. Patrick ,,, (o o) .---------------oOO---(_)---OOo--------------------. | KAFKA at DESERT.HACKTIC.NL | | Pager: 06-5835851(1/2/3/4) | | Cryptoanarchy - xBase - PGP - House Music - MDMA | | Finger kafka at xs4all.hacktic.nl for PGP key | `--------------------------------------------------' -----BEGIN PGP SIGNATURE----- Version: 2.3a iQBVAgUBLbtzMpRymF15lPcFAQFfXwH/WUo+JwI4Cz3CTXOdmxSKUjMeOcWXHWBh o2Z1mTPJL2zGF6MofmtQrDrG4QKnUMOK0Xx/ghhOfGmmruR1lL8UIw== =g8wf -----END PGP SIGNATURE----- From merriman at metronet.com Tue Apr 26 17:14:17 1994 From: merriman at metronet.com (David Merriman) Date: Tue, 26 Apr 94 17:14:17 PDT Subject: anti-clipper t-shirt In-Reply-To: <9404262217.AA01294@helpmann.ebt.com> Message-ID: <199404270014.AA08577@metronet.com> I've already ordered my "1984" T-shirt, but saw the reference to another anti-Clipper T-shirt, as well. What are the gory details on the non-1984 shirt (price, where to order, size(s?), etc). Email would be fine, to save what's left of the bandwidth :-) Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCNAi12VeYAAAEEAOqndSk+w1iAtW1nJDtdajTZEZEOuMjeKoFbXWuMK8H93Ckx Ba6c0Z8+STXtscP2WWKwRUVcrM0iZa2X4/7Z/Brl31aaA4DT6AVoxet3CLY0JUfi FciusBFCfPB6wfDdwABLZAzTd49YDyWI/Fq0MlNJ3JAeTFwhPeJ9eOnzcfP1AAUR tCVEYXZlIE1lcnJpbWFuIDxtZXJyaW1hbkBtZXRyb25ldC5jb20+ =3ppL -----END PGP PUBLIC KEY BLOCK----- From barobins at watserv1.uwaterloo.ca Tue Apr 26 17:29:55 1994 From: barobins at watserv1.uwaterloo.ca (Bill Robinson) Date: Tue, 26 Apr 94 17:29:55 PDT Subject: Canada and SIGINT Message-ID: I'm pursuing a personal research project on the Communications Security Establishment, Canada's own tiny version of the National Security Agency. I'm looking to make contact with anyone who has information, rumours, innuendo, hearsay, or whatever on this subject, or who is also just interested in it. If anyone *is* interested, I have put together an introductory briefing on CSE containing background information about the organization, its facilities, and its mandate, along with my somewhat speculative analysis of how its activities may relate to Canada's laws on eavesdropping. No secrets are revealed, but there is a fair amount of information that is pretty hard to find. E-mail me if you want me to send you a copy (at roughly 30k, it seemed a bit long to ship out to everybody :-). Ciao, Bill Robinson barobins at watserv1.uwaterloo.ca From fhalper at pilot.njin.net Tue Apr 26 18:35:50 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Tue, 26 Apr 94 18:35:50 PDT Subject: Detweiler Message-ID: <9404270135.AA27300@pilot.njin.net> Who is Detweiler? Reuben From mg5n+ at andrew.cmu.edu Tue Apr 26 19:15:44 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 26 Apr 94 19:15:44 PDT Subject: Reply to long post by TCMay In-Reply-To: <199404241946.MAA05741@mail.netcom.com> Message-ID: > II. What's Neeeded > > * Consider some things we like to talk about: > > - alternatives to RSA (elliptic functions, etc.) This isn't a technical problem, but I think having some RSA alternatives would put us in a better position politically. What sort of systems are availiable? (For my own personal inquisitiveness, I have developed some ideas for systems that might work, but I really can't be sure of their effectiveness/security.) > - secret-sharing protocols You mean like DH? Alternatives to DH? > - remailer-specific code (adding latency, mixing, padding, etc.) Well, Karl Barrus has done a lot of work here, but let me restate my call for more remailers - BTW: Why don't you set up a remailer on your Netcom account, since you seem to like them so much? > - dining cryptographers nets (DC-Nets, a la Chaum, Bos, etc.) We could do this... You want to build a DC-Net for the remailers or something? > - digital cash (a vast area of diverse protocols for clearing > transactions, for blinding, for detecting double-spending, etc.) Yep, the old digicash problem... > - random number generators (Schneier, for example, supplies > code fragments for the Blum-Blum-Shub generator...need I > again say that probably few of us know how to "call" this code > easily?) We have lots of RNGs...What do you want to DO with them? > - code for message pools, for chaining remailers, etc.....a lot of > this exists as scraps of Perl in various places. Well, we have message pools, but perhaps software to automatically scan them and pick out messages for you would be helpful... Your point about the Crypto Toolkit is well-taken, especially in light of your comment about Mathematica. We need some sort of universal interface that everyone can use, that is easy to understand, and have it be able to work with different mail packages and different systems. Maybe we need some kind of new interpreted (for universal portability) data-manipulations language, so we can write crypto tools and everyone could use them on every platform. Or maybe we just need to write a cypherpunks mail program, that could automatically handle PGP, anonymous remailer chainings, and remailer reply protocols. I know Ian Smith was working on something like this... One other potential project - on-the-fly file encryption/decryption for multi-user unix systems would be a big plus for security (like secure drive but not for the whole disk). If a hacker got into you account, all they'd have is a bunch of encrypted files. We could set it up to work with existing accounts so that after you enter your account, you have to enter a second password to get to your files, preferably by secure key-exchange protocols. It's a shame I don't know enuf about unix to hack it myself. :( From evidence at netcom.com Tue Apr 26 19:42:32 1994 From: evidence at netcom.com (Evidence Inc.) Date: Tue, 26 Apr 94 19:42:32 PDT Subject: CA fingerprinting welfare applicants? In-Reply-To: <9404252058.AA11983@bilbo.suite.com> Message-ID: The short answer is yes. ------------------------------------------------------------------------- Evidence, Inc. | The Internet Cops are watching, Evidence at Nowhere.Nil | aren't they? ------------------------------------------------------------------------- "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you..... AT&T" ------------------------------------------------------------------------- On Mon, 25 Apr 1994, Jim Miller wrote: > > > Has California has recently begun fingerprinting welfare applicants > to help detect attempts at welfare cheating? I saw the tail-end of a > news clip about this on Headline News a couple of weeks ago, but I > didn't catch the whole report. > > > Jim_Miller at suite.com > From evidence at netcom.com Tue Apr 26 19:53:14 1994 From: evidence at netcom.com (Evidence Inc.) Date: Tue, 26 Apr 94 19:53:14 PDT Subject: The un-BBS In-Reply-To: <199404252219.AA04044@srl03.cacs.usl.edu> Message-ID: On Mon, 25 Apr 1994, Phil G. Fraering wrote: > Evidence, how did the cases the FCC brought turn out? > I don't really remmeber. I think they ended up settling-- the guy got a small fine in return for a guilty plea. But, that is just a guess! > If the network had used commercial radio licenses, how much more > would it have cost them (per node; I have a vague idea of the > size and power of a random Amateur Packet Radio node (in computer > terms and cost))? A lot more. Commercial licenses are expensive, and the number of frequencies available is smaller. Also, commercial equipment is more expensive. Finally, if it were on commercial freq's, then Amateur Radio Op's couldn't use it... What would be the point? > > Would this have given them greater immunity in prosecution? > Yes, the FCC reg's against commercial transmission only apply to amateur radio. If they had been using commercial freq's, it would not have been illegal. > (Hmm.. if you're passing it on, you're broadcasting it? Could > encryption tech be used to "enhance" APRN to give sysops "plausible > deniability?" > No, the FCC interpretation was that Amateurs have an obligation to make sure that all transmissions from their stations conform to the requirements of the FCC Part 97 rules. Broadcasting encrypted communcations on amateur radio is itself a violation of the rules. That's right!! the government has already banned encryption.... on Ham Radio. Evidence Inc. Evidence at Nowhere.Nil From pls at crl.com Tue Apr 26 20:01:00 1994 From: pls at crl.com (Paul Schauble) Date: Tue, 26 Apr 94 20:01:00 PDT Subject: CU Crypto Session Sat In-Reply-To: <199404260839.BAA28964@servo.qualcomm.com> Message-ID: On Tue, 26 Apr 1994, Phil Karn wrote: > Some time ago I worked out the theoretical limits on spy satellite > resolution. It's a simple exercise in optics, if you make optimistic > assumptions like no atmospheric distortion, etc. My only major > engineering assumption was that the objective mirror had to fit inside > the payload fairing of a Titan launcher, i.e., about 2 meters max. The > result, at visible wavelengths and for the slant ranges typical of spy > satellite orbits, was about 1 foot. This was completely consistent > with the leaked KH-11 photos of the Soviet aircraft carrier published > some time back in AW&ST and Deep Black. Good, but not exactly good > enough to read poker hands, I would say. > What do you get if you assume the largest mirror that can fit in the shuttle cargo bay? ++PLS From tcmay at netcom.com Tue Apr 26 20:19:11 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 26 Apr 94 20:19:11 PDT Subject: CryptScript and Other Software Tools In-Reply-To: Message-ID: <199404270320.UAA02848@netcom.com> (I'll only respond to the points Matthew Ghil made about Crypto Toolkits and such, not to his reactions to my laundry lists of projects and code.) > Your point about the Crypto Toolkit is well-taken, especially in light > of your comment about Mathematica. We need some sort of universal > interface that everyone can use, that is easy to understand, and have it > be able to work with different mail packages and different systems. Understand that I'm in no way suggesting Mathematica syntax for these functions and modules (though there are certainly worse choices....). But what the developers of Mathematica (henceforth MMA) did was to provide functional tools for scientists and casual programmers (and nonprogrammers) that did not require them to know C or to accumulate their own C and FORTRAN libraries. MMA mainly is a collection of more than 1200 functions, with user-defined funtions acting as keywords. The market success of MMA (courses at most schools, about 20 books, a journal, etc.), and its cousin Maple (a competitor actually, but also a cousin), not to mention MathCAD, shows a market exists for higher-level language tools. (However, MMA and Maple and other such products are _environments_ requiring the product to run, with sometimes cumbersome means of hooking to outside code and resources. This rules these out for most users, who don't have MMA or SmalltalkAgents or the like. Still, there's _some_ chance that such tools could be used for building standalone apps. But I would have to agree with any criticisms that Unix and C and such are more available--now.) There's little doubt that C is more efficient, blah blah. But the success in using Perl to write the remailer scripts in shows that efficiency is not always the only concern. A lot more to be said on this whole issue. I'm not sure everyone here is interested, though. And I detect some impatience with the very idea that these things need discussing....the idea that "Cypherpunks write code" seems to be interpreted by some that what we should all do is just to sit down and start pounding out C code. (A good idea, of course. For those with the skills and the time. But implementing something other than another cipher, such as we've seen several of here, is *conceptually nontrivial*. For example, suppose a DC-Net is desired as the target. Several efforts have started, but none has reported any significant progress. Most of the efforts seem stillborn. There are reasons for this, I think. The old "semantic gap" between the descriptions in papers (themselves often incomplete or confusing) and the tools available. I shudder to think at the difficulties in writing C code from scratch to implement even a crude DC-Net, absent crypto primitives like bit commitment (the idea of choosing a bit then not being able to change it....done cryptographically, of course) and the other "tools" that are assumed in a real-world system but which are nonexistent in C.) > Maybe we need some kind of new interpreted (for universal portability) > data-manipulations language, so we can write crypto tools and everyone > could use them on every platform. Or maybe we just need to write a In line with PostScript and its newer cousin Telescript, I jokingly suggested to Peter Wayner in a recent message that a crypto version of such a crypto-protocol-oriented language be called "CryptScript." The idea being that of a collection of tools and utilities, unified in a language that can more seamlessly incorporate the current concepts and protocols of modern cryptography. (Telescript itself looks intriguing.) As I said in a private message to Hal Finney, I'm not at all trying to set or focus the agenda of others. Rather, I'm just trying to focus my own agenda through discussion. If others get something out of this discussion, great. If they don't, at least discussion of crypto protocols and integration with languages and tools is no more off-topic than most discussions here. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From VACCINIA at UNCVX1.OIT.UNC.EDU Tue Apr 26 20:45:48 1994 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Tue, 26 Apr 94 20:45:48 PDT Subject: VMS remailer? Message-ID: <01HBNDSTBYK2000HMI@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- For people wanting to get more remailers going there seems to be a serious apathy for helping people get them going. After posting that I had come into possesion of a VAX account from which I might run a remailer and then asking for some help, I got all of ZERO responses (except from people asking me to help them if I did manage to get any information). Since I had already checked out the available code which only seems to work on UNIX accounts, perhaps someone might inform me that one cannot run a remailer from a VMS account. I assume this is the case since no one deigned to answer. Pretty bogus. Scott G. Morham !The First, Vaccinia at uncvx1.oit.unc.edu ! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbyNrD2paOMjHHAhAQGy5gP/X0OgIotYPnF9+MneK9g+JGqVlhwQCZel B/Dy7Unb+c25TIjo7C3IwLzGZkst+3Lnt3SlPKUoqmpYRESiPeONZs+G1Ra6gXeD Hl/7eQFAQp+4T5medwDmp69m7gn3dMKQcVmBmSN8uZ5MN4KiaKuzExWPHNTAxWDD KpZQr2Pfcx4= =sG2o -----END PGP SIGNATURE----- From klbarrus at owlnet.rice.edu Tue Apr 26 20:55:56 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Tue, 26 Apr 94 20:55:56 PDT Subject: prime numbers In-Reply-To: <9404262331.AA13940@chem.udallas.edu> Message-ID: <9404270355.AA17650@flammulated.owlnet.rice.edu> Carrie A. Johnson wrote: > I'm just wondering if anyone knows whether or not (1+4k) can be >written as the sum of squares or not, and if so, what the proof >of that is? Hm... interesting. There is a related problem about every integer being represented as the sum of four squares, but you ask if (1+4k) can be written as a sum of squares, without mentioning a limit on the number of squares. If this is the case, then each number of the form (1+4k) is easily represented as the sum of squares: 4 is represented as 2^2 up to k times, and 1 is just 1^2. So for example 21 is 1^2 + 2^2 + 2^2 + 2^2 + 2^2 + 2^2. Pretty cheesy, eh? ;) -- Karl L. Barrus: klbarrus at owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories From warlord at ATHENA.MIT.EDU Tue Apr 26 21:05:59 1994 From: warlord at ATHENA.MIT.EDU (Derek Atkins) Date: Tue, 26 Apr 94 21:05:59 PDT Subject: RSA-129 Message-ID: <199404270405.AAA02384@charon.MIT.EDU> We are happy to announce that RSA-129 = 1143816257578888676692357799761466120102182967212423625625618429\ 35706935245733897830597123563958705058989075147599290026879543541 = 3490529510847650949147849619903898133417764638493387843990820577 * 32769132993266709549961988190834461413177642967992942539798288533 The encoded message published was 968696137546220614771409222543558829057599911245743198746951209308162\ 98225145708356931476622883989628013391990551829945157815154 This number came from an RSA encryption of the `secret' message using the public exponent 9007. When decrypted with he `secret' exponent 106698614368578024442868771328920154780709906633937862801226224496631\ 063125911774470873340168597462306553968544513277109053606095 this becomes 200805001301070903002315180419000118050019172105011309190800151919090\ 618010705 Using the decoding scheme 01=A, 02=B, ..., 26=Z, and 00 a space between words, the decoded message reads THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE To find the factorization of RSA-129, we used the double large prime variation of the multiple polynomial quadratic sieve factoring method. The sieving step took approximately 5000 mips years, and was carried out in 8 months by about 600 volunteers from more than 20 countries, on all continents except Antarctica. Combining the partial relations produced a sparse matrix of 569466 rows and 524338 columns. This matrix was reduced to a dense matrix of 188614 rows and 188160 columns using structured Gaussian elimination. Ordinary Gaussian elimination on this matrix, consisting of 35489610240 bits (4.13 gigabyte), took 45 hours on a 16K MasPar MP-1 massively parallel computer. The first three dependencies all turned out to be `unlucky' and produced the trivial factor RSA-129. The fourth dependency produced the above factorization. We would like to thank everyone who contributed their time and effort to this project. Without your help this would not have been possible. Derek Atkins Michael Graff Arjen Lenstra Paul Leyland From hughes at ah.com Tue Apr 26 21:07:56 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 26 Apr 94 21:07:56 PDT Subject: prime numbers In-Reply-To: <9404262331.AA13940@chem.udallas.edu> Message-ID: <9404270403.AA16974@ah.com> > I'm just wondering if anyone knows whether or not (1+4k) can be >written as the sum of squares or not, and if so, what the proof >of that is? [primes, that is] There's a nice proof in Chapter 15 of Hardy & Wright. (Need I say the title? _An Introduction to the Theory of Numbers_, still one of the best introductory number theory books around.) The basic reason is that -1 is always a quadratic residue for a prime 1 mod 4. (You can simply calculate this with quadratic reciprocity.) Therefore \exists x: p | ( x^2 + 1 ). This yields an existence after looking at primes in the ring Z[i], the Gaussian integers. If you really want to know more, go buy a copy of the book. It's well worth it. Eric From cfrye at mason1.gmu.edu Tue Apr 26 21:29:11 1994 From: cfrye at mason1.gmu.edu (Curtis D Frye) Date: Tue, 26 Apr 94 21:29:11 PDT Subject: VMS remailer? Message-ID: <9404270428.AA11234@mason1.gmu.edu> I'm not a programmer, but you might write to a LISTSERV site and ask for the source code for the LISTSERV managing software. I would assume that you would need to make the following modifications: o Read the intended user's address from the first line of the message o Run the VMS version of a shell script to delete all header information above the intended address (like X-Anon-To:cfrye at mason1.gmu.edu) o Make the LISTSERV software use that X-Anon-To address as the desination, as opposed to a distribution list o Destroy all records of the incoming message, which is interesting on a VMS account as they are usually kept around for a day (I think?) OK folks, what am I missing? Curt From bryner at chem.utah.edu Tue Apr 26 21:48:36 1994 From: bryner at chem.utah.edu (Roger Bryner) Date: Tue, 26 Apr 94 21:48:36 PDT Subject: help Message-ID: info, please From jeremy at crl.com Tue Apr 26 22:03:16 1994 From: jeremy at crl.com (Jeremy Cooper) Date: Tue, 26 Apr 94 22:03:16 PDT Subject: Internet Relay Chat In-Reply-To: Message-ID: > Note that IRC, unlike MUDS, has been designed to ensure 'true-names'. While > you do use nicknames, anyone can find out the machine name and user ID you are > logged in from, with a /whois. Anytime you join or leave a channel, your full > machine name and user ID is displayed to everyone, along with your nick. This > is different from any (possibly pseudonymous) e-mail address you register for > incoming mail. Site name may be true, but there is no insurance that the user ID is right. IRC asks the client for the username at startup. It is possible to recompile IRC and have it search for a environment variable containing the user ID you wish to use (or put it on the command line if you like.) I have done this myself. _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -=== From tcmay at netcom.com Tue Apr 26 22:15:12 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 26 Apr 94 22:15:12 PDT Subject: RSA-129...what's the big deal? In-Reply-To: <199404270405.AAA02384@charon.MIT.EDU> Message-ID: <199404270516.WAA18438@netcom.com> Derek Atkins reports to us: > > We are happy to announce that > > RSA-129 = 1143816257578888676692357799761466120102182967212423625625618429\ > 35706935245733897830597123563958705058989075147599290026879543541 > = 3490529510847650949147849619903898133417764638493387843990820577 * > 32769132993266709549961988190834461413177642967992942539798288533 Of course. What else could it be? First, to check your result, firing up Mathematica 2.2 gives: Timing[3490529510847650949147849619903898133417764638493387843990820577 32769132993266709549961988190834461413177642967992942539798288533] {0.0666667 Second, 11438162575788886766923577997614661201021\ 829672124236256256184293570693524573389783059712356395870\ 5058989075147599290026879543541} That is, it took MMA only 0.066 second, mostly overhead, to multiply your two factors to the product you gave. But much more interesting is seeing how long MMA's "FactorInteger" function takes to find the factors: Timing[FactorInteger [11438162575788886766923577997614661201021\ 829672124236256256184293570693524573389783059712356395870\ 5058989075147599290026879543541]] {4194 Second, {{3490529510847650949147849619903898133417764638493387843990820577, 1}, {32769132993266709549961988190834461413177642967992942539798288533, 1}}} So, this took slightly longer, 4194 seconds, or a bit over an hour, but MMA had no problem factoring this number. Why such a big deal? MMA was even able to extract the magic words: ExtractMagicWords [%] { NOTE THAT THE TIMING ABOVE HAS A CERTAIN DATE VALUE } You people at the universities sure do know how to waste taxpayer money! --Tim May P.S. My congratulations. No practical use to factor just one such number, given 10^72 particles in the Universe, but the methods used to harness so many machines may be useful in all kinds of problems. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From warlord at ATHENA.MIT.EDU Tue Apr 26 22:34:22 1994 From: warlord at ATHENA.MIT.EDU (Derek Atkins) Date: Tue, 26 Apr 94 22:34:22 PDT Subject: RSA-129...what's the big deal? In-Reply-To: <199404270516.WAA18438@netcom.com> Message-ID: <199404270533.BAA04222@charon.MIT.EDU> [stuff deleted] > That is, it took MMA only 0.066 second, mostly overhead, to multiply > your two factors to the product you gave. [more stuff deleted] > So, this took slightly longer, 4194 seconds, or a bit over an hour, > but MMA had no problem factoring this number. Why such a big deal? Cute, Tim! (Uhh, you're about 3 weeks too late for this ;-) Actually, the *first* thing I did when I received these factors was fire up a trusty mathematics package and verify the product: bc. :-) Although I admit that RSA-129 dprobably does not have any cosmic significance with regards to protecting any vital data, it is a data point: it is the largest number of its type to ever have been factored. As a result, it tells us that 425-bit keys are not secure, and keys not much bigger are not secure, either, today! But you are right, we are learning alot about factoring and distributed problems as a result of this exercise (at least I feel that I have learned alot). -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord at MIT.EDU PP-ASEL N1NWH PGP key available From karn at qualcomm.com Tue Apr 26 22:43:14 1994 From: karn at qualcomm.com (Phil Karn) Date: Tue, 26 Apr 94 22:43:14 PDT Subject: CU Crypto Session Sat In-Reply-To: <9404262226.AA05855@paycheck.cygnus.com> Message-ID: <199404270543.WAA01303@servo.qualcomm.com> >A couple of years ago, IEEE Spectrum did an article which took the >premise that spy-satellite optics could be made that were as good as >the Hubble Space Telescope optics (for various reasons, pointing July 1986. Most of the issue was devoted to articles on "national technical means" for verifying arms control agreements. This has always been jargon for spy satellites and other not-so-public capabilities. Phil From jdwilson at gold.chem.hawaii.edu Tue Apr 26 23:04:14 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Tue, 26 Apr 94 23:04:14 PDT Subject: Detweiler In-Reply-To: <9404270135.AA27300@pilot.njin.net> Message-ID: On Tue, 26 Apr 1994, Frederic Halper wrote: > Date: Tue, 26 Apr 94 21:35:40 EDT > From: Frederic Halper > To: cypherpunks at toad.com > Subject: Detweiler > > Who is Detweiler? > Reuben Check out the archives via FTP at soda.berkeley.edu - there should be *volumes* of responses there (he rarely sent less than 100 lines for even his briefest of tomes. -Jim -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQBNAi2Ig+EAAAECALImsR18LE9I6NKICf8TVhbV6yJgF95ynGHnWnNo1ERfdqzk Zl3Icl2N5klNM3KQ9zM3uN/z55smi2QOiD3hL80ABRO0L0phbWVzIEQuIFdpbHNv biA8amR3aWxzb25AZ29sZC5jaGVtLmhhd2FpaS5lZHU+ =JTj1 -----END PGP PUBLIC KEY BLOCK----- ................................ . == = = James D. Wilson. . " " " P. O. Box 15432............................. . " " /\ " Honolulu, HI 96830-5432......Fr. Excelsior........ . \" "/ \" jdwilson at gold.chem.hawaii.edu.FRC/FAM/AASR/GWB/OTO. ................................................................... From jpp at markv.com Tue Apr 26 23:13:03 1994 From: jpp at markv.com (jpp at markv.com) Date: Tue, 26 Apr 94 23:13:03 PDT Subject: DId you ever think... Message-ID: <9404262311.aa18899@hermix.markv.com> > From: uri at watson.ibm.com > Date: Tue, 26 Apr 1994 20:00:44 -0500 (EDT) > > jpp at markv.com says: > > Also, after reading Crypto '92 and '93 for a while, I am more and > > more impresed and suprised with the work that NSA put into creating > ^^^ > > DES from Lucifer. > > Surely you mean IBM? [Also a similar message which I unfortuenatly deleted so I can't credit the author :(] No, my writing ability is not in error here -- my mental model of the history of DES is what is in error. I will now update my personal model of DES development to include two steps at IBM. Lucifer -> proto-DES at IBM, and proto-DES -> DES at NSA. Learn something new every day... Since about 1977 I wondered what the 'rediscovered crypto techniques' were. Thanks! j' From sameer at soda.berkeley.edu Tue Apr 26 23:44:35 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Tue, 26 Apr 94 23:44:35 PDT Subject: the soda cypherpunks ftp site In-Reply-To: <199404262251.PAA22639@soda.Berkeley.EDU> Message-ID: Erich von Hollander spake: > > > >alias cypherpunks="ftp://soda.berkeley.edu/pub/cypherpunks/Home.html" > > > >Do I need to change it? > > yeah, it probably will change, but it's probably still soda for now. i'll > update you later on that one. > Eventually I think that WWW pages will be accessed through www.csua.berkeley.edu.. I'm not quite sure. From cfrye at mason1.gmu.edu Wed Apr 27 00:26:28 1994 From: cfrye at mason1.gmu.edu (Curtis D Frye) Date: Wed, 27 Apr 94 00:26:28 PDT Subject: VMS Anonymous Remailer/LISTSERV Software Message-ID: <9404270726.AA27890@mason1.gmu.edu> Thanks, this sounds like a start, the only question is do I have to have root capabilities to implement this? Do you know of a LISTSERV site I might contact? *** It sounds like you would need only your own account for email access, though the amount of traffic may attract your sysop's attention :-). Or, to leave the programming running "resident", you may require root priviledges after all. If there are hooks in the listserv source code allowing it to fire whenever a new message comes in, you wouldn't. I'm sorry, it's really late -- I'm trying to say that you probably won't need root priviledges to set up the remailer if you could have a daemon-like software agent waiting for the mail to come in. There, that wasn't so hard! I know that in the UNIX world, users have set up remailers in Netcom accounts and university accounts without root priviledges. For a complete list of publically accessible mailing lists, which includes LISTSERV's, look in the newsgroup news.answers and find the eight-part posting entitled something like "Guide to Publically Accessible Mailing Lists". I used the search term "Mailing List" and found it after a few tries. If you don't have access to Netnews, mail me and I'll get them for you. One LISTSERV location I know of is news-admin at auvm.american.edu. Yeah, it's an Internet address, but there should be a human on the other end. I wish I could help technically, but I hope this information gets you started on a successful project. Don't hesitate to ask if you think I could help out. g'night! Curt From cdodhner at indirect.com Wed Apr 27 00:29:30 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Wed, 27 Apr 94 00:29:30 PDT Subject: Reply to long post by TCMay In-Reply-To: Message-ID: On Tue, 26 Apr 1994, Matthew J Ghio wrote: > Well, we have message pools, but perhaps software to automatically scan > them and pick out messages for you would be helpful... please Please PLEASE! SOMEBODY WRITE ONE OF THESE!! I have been trying for about six months on and off and can't get it to work at all! Happy Hunting, -Chris From peace at BIX.com Wed Apr 27 01:54:20 1994 From: peace at BIX.com (peace at BIX.com) Date: Wed, 27 Apr 94 01:54:20 PDT Subject: Crypto scripting language Message-ID: <9404262356.memo.56878@BIX.com> >> > I was most >> > taken by the idea of a "Crypto Toolkit". I think it would be understand- >> > able to write the code in plain, vanilla C (as opposed to C++). One >> > good reason is the widespread availability of C compilers, especially >> > with UNIX. Additionally, C++ compilers do take up more space (although >> > this would be more of an issue with PCs. >> >> I think Tim had in mind something that was accessible more from a higher- >> level language than C or C++; ideally, something interpreted so you could >> sit down and type in a few commands to get something useful. Perl and >> TCL are two languages which Tim mentioned and which have been discussed >> here in the past. Smalltalk might do, although it is not as "freely" avail- >> able. >Yes, this is mostly what I meant. Lots of stuff here, and I really >should use my outline processor to do a better job of outlining >options, routes, and miscellaneous points. But I'll just make a few >notes here. (The theme of the next Cypherpunks meeting, date not yet >finalized, is "Protocols," so issues like this are presumably >relevant. Depending on the date, I may be in LEA., and would welcome >meeting with other Southland Cpunks to discuss ideas.) I wrote a cryptographic scripting language that has been implemented in a commercial product. I hesitate to post it here due to its length. If there is a place to send it where it can be archived for public down-load, I could do that. I am in the process of writing it up for a symposium, but have other things that I would rather do. If I could modify it to improve it's integration w/ telescript, I would like to do it, but I don't have telescript, does anyone here have it? Peace From MIKEINGLE at delphi.com Wed Apr 27 02:38:04 1994 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Wed, 27 Apr 94 02:38:04 PDT Subject: Clipper Key Exchange Message-ID: <01HBNPYJTZDE9S87TE@delphi.com> matsb at sos.sll.se (Mats Bergstrom) writes: Subj: Clipper Session Key >How do two Clipper/Capstone/Skipjack/Tessera units agree on a session key >without compromising it to the bad guys tapping the line? If not known >outside of the NSA, what possible solutions are there? In the case of the MYK-78, the simple Clipper chip to be used in phones and similar devices, that's your problem. You have to do a Diffie-Hellman exchange or RSA or something externally. Or hire a courier. This will cause compatibility problems between different manufacturers' Clipper devices, unless they agree on a standard up front. Probably everyone will clone AT&T Clipper devices, since they are going to be the first to market. If the government buys a large batch, that will set the standard. Without at least a de-facto protocol standard, the system would be almost useless. There is also the problem of adding encryption to the V.x standards for fax, LAPM for modems, etc. Each of these devices will need some kind of key exchange. The Capstone and Tessera (same thing, different package) have the ability to do a modexp operation. From this you can internally do DH exchange or RSA. As I remember, the Capstone does up to 1024 bit modexp, comparable to PGP in security. Skipjack is just a symmetric cipher like DES, except it has an 80-bit key and has (according to the review team) all of DES's problems fixed. --- Mike From frissell at panix.com Wed Apr 27 02:58:07 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 27 Apr 94 02:58:07 PDT Subject: Milgram & Authority Message-ID: <199404270957.AA27448@panix.com> To: cypherpunks at toad.com D >Don't you know how the US and UK physically turned back boatloads of D >people trying this? D > D >-- D >Dragon D > But these were people trying to travel en masse on (falsely acquired) immigrant visas. I was suggesting individual tourists overstaying. DCF Privacy 101 - A few years ago, Rebecca Schaefer told the State of California where she lived. Her killer used that information to find her and kill her. Only give out your address on a need to know basis. --- WinQwk 2.0b#1165 From perry at snark.imsi.com Wed Apr 27 04:28:50 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 27 Apr 94 04:28:50 PDT Subject: Schneier's source code In-Reply-To: <199404262320.QAA00764@servo.qualcomm.com> Message-ID: <9404271128.AA09334@snark.imsi.com> Phil Karn says: > Oh come on, all this talk about OCR makes it sound like nobody would ever > be willing to just type in the code by hand. It only need be done once, > and the task could easily be divided up for a group. The listings for any > particular cipher just aren't that long. Furthermore, assuming your request to export Bruce's floppy is accepted, this whole nonsense is over, and assuming its rejected, a lawsuit can be started to assure that the nonsense will be over with. I think it pays to spend more time hacking law and less hacking code in this instance. I must admit, however, that I may be the origin of some of this stuff. I was talking about a year ago about printing the PGP sources in a book in OCR B. Perry From werner at mc.ab.com Wed Apr 27 04:33:08 1994 From: werner at mc.ab.com (tim werner) Date: Wed, 27 Apr 94 04:33:08 PDT Subject: Schneier's source code Message-ID: <199404271132.HAA02577@sparcserver.mc.ab.com> >Date: Tue, 26 Apr 1994 16:20:22 -0700 >From: Phil Karn > >Oh come on, all this talk about OCR makes it sound like nobody would ever >be willing to just type in the code by hand. It only need be done once, >and the task could easily be divided up for a group. The listings for any >particular cipher just aren't that long. After you do it, would you send me a copy? :-) But seriously, isn't the point that you may make some silly typing mistake that compiles anyway, but ruins the algorithm? tw From rishab at dxm.ernet.in Wed Apr 27 05:36:16 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Wed, 27 Apr 94 05:36:16 PDT Subject: Faking hostnames and inconvenient anon IP Message-ID: joshua geller : > [on IRC] > > Fraid not....it's a trivial matter to fake the username, and if yer a > > smart cookie, faking the hostname is just as easy. > > as far as I know, you have to hack the server to fake hostname. > > historically this practice has been frowned upon by the majority > of IRC administrators. Oh, there are other ways of faking hostnames, depending on your level of access to systems (your closest nameserver, for example). My point was that it's not quite as convenient to have anon IRC (or any other IP protocol) as it is to send anon mail through a remailer. ------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! ------------------------------------------------------------------------------- From perry at bacon.imsi.com Wed Apr 27 05:45:37 1994 From: perry at bacon.imsi.com (Perry E. Metzger) Date: Wed, 27 Apr 94 05:45:37 PDT Subject: Tessera Message-ID: <9404271245.AA23175@bacon.imsi.com> I saw my first Tessera PC-MCIA card last night. Quite a scary piece of hardware. Its cheap, its fairly well engineered, and its based on our favorite escrowed key technology. "Mycotronics. We make fascism affordable." Perry From nowhere at bsu-cs Wed Apr 27 05:58:46 1994 From: nowhere at bsu-cs (Anonymous) Date: Wed, 27 Apr 94 05:58:46 PDT Subject: No Subject Message-ID: <199404271258.HAA25276@bsu-cs.bsu.edu> On Wed, 27 Apr 94 08:45:30 EDT, perry at bacon.imsi.com (Perry E. Metzger) writes - > "Mycotronics. We make fascism affordable." Perry, While I agree with your sentiment, it's "Mykotronx." - spooge From m5 at vail.tivoli.com Wed Apr 27 06:04:49 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 27 Apr 94 06:04:49 PDT Subject: No Subject In-Reply-To: <199404271258.HAA25276@bsu-cs.bsu.edu> Message-ID: <9404271304.AA17970@vail.tivoli.com> Anonymous writes: > > "Mycotronics. We make fascism affordable." > ..."Mykotronx." Indeed. Mycotronics makes digital mushrooms, I believe. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From jims at Central.KeyWest.MPGN.COM Wed Apr 27 06:30:58 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Wed, 27 Apr 94 06:30:58 PDT Subject: Milgram & Authority In-Reply-To: <9404262138.AA23699@netmail2.microsoft.com> Message-ID: <9404271330.AA04421@Central.KeyWest.MPGN.COM> > > From: Timothy C. May > > If we go down the path of worrying about "psychic pain" inflicted on > others, then how can we operate in a world of failed marriages and > relationships, of hurt feelings, and of other such psychic damages? > ....................................... > > What about the psychic trauma caused by Clipper? Has the government been covertly working on artificial intelligence and such? I wasn't aware that we were anywhere NEAR the ability to incorporate psychic abilities in computer chips! Will Clipper read our minds as well as our data? Will it plant "You are not a crook" thoughts in our heads? What does the government plan to do with such a chip? Will they prevent crimes before they happen? Will the psychic impressions gathered by the Clipper be admissible in court? [Insert smileys to taste, simmer for 15 minutes, then throw the whole kettle soup out since it's only a joke. Obviously they meant psychological trauma etc.] ObCrypt: Has anyone heard of work in the area of encrypting all information on a computer and build the authentication software into the operating system so the only practical chance of intrusion is a forgetful operator? -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From ecarp at netcom.com Wed Apr 27 06:46:52 1994 From: ecarp at netcom.com (Ed Carp) Date: Wed, 27 Apr 94 06:46:52 PDT Subject: Milgram & Authority In-Reply-To: <9404271330.AA04421@Central.KeyWest.MPGN.COM> Message-ID: On Wed, 27 Apr 1994, Jim Sewell wrote: > ObCrypt: Has anyone heard of work in the area of encrypting all information > on a computer and build the authentication software into the > operating system so the only practical chance of intrusion is a > forgetful operator? Yes, in fact, that's been talked about. There's a DES-based loop driver for disks floating around, and I've kicked around the idea of hacking exec() and the back-end to gcc so that ld would use PGP to digitally sign a binary based on a serial number in the kernel, and having exec() use PGP to verify that the binary hadn't been tampered with. I suppose the same idea could also be used to encrypt binaries, so that the binary couldn't be tampered with and would only run on that machine. Not a real problem to implement, really. From jims at Central.KeyWest.MPGN.COM Wed Apr 27 06:50:05 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Wed, 27 Apr 94 06:50:05 PDT Subject: The un-BBS In-Reply-To: Message-ID: <9404271349.AA04551@Central.KeyWest.MPGN.COM> > > No, the FCC interpretation was that Amateurs have an obligation > to make sure that all transmissions from their stations conform > to the requirements of the FCC Part 97 rules. Broadcasting encrypted > communcations on amateur radio is itself a violation of the rules. > That's right!! the government has already banned encryption.... on > Ham Radio. Not entirely true... The rules governing amateur radio operators says that you can not use any secret codes or ciphers whose intent is to obscure meaning. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ASCII is a code but it is used in packet and such to convey information in an agreed upon format, not to obscure the meaning of the message. My contention is that a signature, while encrypted, is not encrypted to obscure the meaning. It says it is a sig, it is a sig, and contains no other information that is not readily available (email addresses can be included, but it is retrievable with a commonly available program PGP.) Oh, and don't let the 2 by 3 format of my callsign mislead you. It's my original callsign... I didn't want to bother with making everyone learn a new one. [If anyone has specific ham radio questions not relating to crypto, please feel free to write email to me.] -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From jims at Central.KeyWest.MPGN.COM Wed Apr 27 07:16:38 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Wed, 27 Apr 94 07:16:38 PDT Subject: The un-BBS In-Reply-To: <9404271349.AA04551@Central.KeyWest.MPGN.COM> Message-ID: <9404271416.AA04727@Central.KeyWest.MPGN.COM> My prior post should have been: use any secret codes or ciphers whose intent is to obscure meaning. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Sorry for the format problem... I hate tabs. -- Tantalus Inc. Bringing people together Jim Sewell-KD4CKQ 2407 N. Roosevelt Blvd. to have a little fun. Internet: jims at mpgn.com Key West, FL 33041 CIS: 71061,1027 (305) 293-8100 "We keep coding and coding and coding..." From Rolf.Michelsen at delab.sintef.no Wed Apr 27 07:20:49 1994 From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen) Date: Wed, 27 Apr 94 07:20:49 PDT Subject: The un-BBS In-Reply-To: <9404271349.AA04551@Central.KeyWest.MPGN.COM> Message-ID: On Wed, 27 Apr 1994, Jim Sewell wrote: > > My contention is that a signature, while encrypted, is not encrypted > to obscure the meaning. It says it is a sig, it is a sig, and contains > no other information that is not readily available (email addresses can > be included, but it is retrievable with a commonly available program PGP.) A randomized signature or signature with random padding can be used as a subliminal channel... (insert creepy music here :-) -- Rolf ---------------------------------------------------------------------- Rolf Michelsen Phone: +47 73 59 87 33 SINTEF DELAB Email: rolf.michelsen at delab.sintef.no 7034 Trondheim Office: C339 Norway "On the internet nobody knows you're a dog" ---------------------------------------------------------------------- From pgf at srl.cacs.usl.edu Wed Apr 27 08:24:04 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Wed, 27 Apr 94 08:24:04 PDT Subject: Tessera Message-ID: <199404271519.AA07960@srl03.cacs.usl.edu> Perry, how do you know it's well engineered? Phil From perry at snark.imsi.com Wed Apr 27 08:44:19 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 27 Apr 94 08:44:19 PDT Subject: Tessera In-Reply-To: <199404271519.AA07960@srl03.cacs.usl.edu> Message-ID: <9404271543.AA10204@snark.imsi.com> "Phil G. Fraering" says: > Perry, how do you know it's well engineered? The person who had the card has been playing with it extensively. I don't know if he wants the fact that he has some made public, so I won't mention his name. Perry From wcs at anchor.ho.att.com Wed Apr 27 08:49:25 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 27 Apr 94 08:49:25 PDT Subject: Information on Internet/Cryptology Message-ID: <9404271548.AA00641@anchor.ho.att.com> Yeah, the Internet is awfully big these days. (I started reading Usenet in the early 1980s when there was less than 1/2 MB per day of news and you could really read it all at 1200 baud :-) It's busier now...) For cryptography, the interesting places I know of are: - Usenet newsgroups: sci.crypt is the main technical crypto newsgroup talk.politics.crypto is the main random-discussion newsgroup alt.privacy.clipper is intended for Clipper discussions alt.privacy is a general-purpose priovacy newsgroup (there are others.) alt.security.pgp is for discussion of PGP and how to use it - cypherpunks mailing list (send mail to cypherpunks-request at toad.com to get help) is a fairly buysy (25-50 msgs/day) mailing list which deals with topics like writing crypto code, discussing protocols, using crypto to build privacy, political activism, etc. Signal/Noise ratio is usually pretty good. - ftp sites (file transfer protocol - log on as "anonymous", password=yourlogin, rsa.com - RSA's ftp site ftp.funet.fi - Finnish University Network ftp site, where most of the interesting code that's outside the US goes. garbo.uwasa.fi - Another good site in Finland; I think the name's right. ftp.csua.berkeley.edu (formerly soda.berkeley.edu) - home of the cypherpunks ftp archives ftp.eff.org - Electronic Frontier Foundation's ftp includes some crypto discussions There's also the World Wide Web, which I don't currently have software for, so I don't know if there are good Web sites yet (I've seen a lot of Web addresses go by, but most seem to really be ftp sites.) For finding code, "archie" is useful - telnet to ds.internic.net or archie.ans.net or archie.rutgers.edu , log in as archie, no password, and then type help to find out how to use it - it tells you where to find code for ftp. (Most archie sites actually tell you "There are too many users on right now, here's a list of other archie sites", and you randomly pick one in Korea or Israel or somewhere that's not too busy :-) Good luck! Bill # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465 From ejohnson at pmip.dist.maricopa.edu Wed Apr 27 08:55:14 1994 From: ejohnson at pmip.dist.maricopa.edu (Eric Johnson) Date: Wed, 27 Apr 94 08:55:14 PDT Subject: anti-clipper t-shirt Message-ID: <199404271554.IAA08454@pmip.dist.maricopa.edu> : I've already ordered my "1984" T-shirt, but saw the reference to another : anti-Clipper T-shirt, as well. What are the gory details on the non-1984 : shirt (price, where to order, size(s?), etc). I think that was probably my shirt you are referring to (the "original" 1984 shirt :-). Both John Blair and I were at CFP '94, and we both got the "We're behind schedule" line from a NSA employee who was representing only himself at the conference. The shirt idea I had was to take the Big Brother Inside logo that has been floating around, and use that for the front of a "anti-clipper" shirt, as you put it. On the back, I originally planned to use a !Key Escrow (the words Key Escrow inside a universal red circle/slash), but decided to use the "We're behind schedule" instead. Who knows, maybe there is another shirt in the making... My shirts are supposedly printed (I haven't seen them yet). I've received several orders, but I have been deliberately circumspect on the list; I made one "RFI" (request for interest) to cypherpunks. All the rest of my "advertising" has gone to those who initially expressed interest via email. To see John's .gifs: http://phoenix.aps.muohio.edu/users/jdblair/t-shirt.html (for those who don't have it, John is jdblair at nextsrv.cas.muohio.edu) To see my .gifs: ftp://pmip.maricopa.edu/pub/1984.gif ftp://pmip.maricopa.edu/pub/bbi.gif If you are interested in ordering a shirt from me, send email. --Eric From hfinney at shell.portal.com Wed Apr 27 08:59:14 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 27 Apr 94 08:59:14 PDT Subject: Crypto scripting language Message-ID: <199404271600.JAA23655@jobe.shell.portal.com> From: peace at BIX.com > I wrote a cryptographic scripting language that has been implemented in > a commercial product. I hesitate to post it here due to its length. > If there is a place to send it where it can be archived for public > down-load, I could do that. I am in the process of writing it up for > a symposium, but have other things that I would rather do. If I could > modify it to improve it's integration w/ telescript, I would like to > do it, but I don't have telescript, does anyone here have it? I'd like to hear more about your scripting language. You could post it for ftp to soda.berkeley.edu, or if it is something which should be export- controlled you could consider asking mpj at csn.org to put it up on his U.S.-only site. In the mean time, perhaps you could describe the language here. What is its syntax like? Interpreted or compiled? What kind of special crypto support does it have? If you actually own the rights to it, I'm sure we would be interested in looking at it. Re Telescript: I sent away a few months ago for General Magic's press kit. Telescript is a scripting language which they describe as being like "Postscript for net communications" (not an exact quote). Later this year, PDA's (Personal Digital Assistants, like Newton) will be released which run GM software, including the Magic Cap software. Magic Cap provides a graphical user interface that is said to be easier to use, with pictures of desks, buildings, etc. for the user to tap on. It will also run Telescript for its communications. As I understand it, users will use Telescript to write agent scripts, which will then be sent into the net where they can seek out information, negotiate payment if necessary, even trade or sell things. RSA is used for authen- tication and protection. It appears that these agents will require special software platforms where they will run. They won't just be able to surf the internet as it is today. Instead, they will only run on Telescript servers, where typically sellers of goods, services, and information will have their own agents waiting to make deals. AT&T is starting up a special network specifically for this purpose called PersonaLink. (It will also do ordinary email, presumably, as this would be a subset of agent capabilities.) In considering whether Telescript could become a new standard for commun- ications and networking, one flaw I see is that it appears that the software itself must be proprietary. This would suggest that it will be difficult to see Telescript servers spread through the Internet as WWW or gopher has done, for example. The internet as it is today does not mesh that well with pro- prietary software. Perhaps GM has a strategy for this but my impression is that they intend to create their own network and put their efforts there. I don't have any information on the language itself, so it's hard to judge its suitability for crypto based protocols. The RSA authentication and encryp- tion is built in at some level, but I don't know whether it is transparent (which would make it hard to replace) or explicitly called from the scripts (which might suggest that other alternatives could be hooked in). But the fact that the language is communications-oriented, and perhaps there- fore is already set up to deal with the unreliability and delays we often see with electronic communications, could be a good starting point. Hopefully when the PDAs hit the shelves in a few months we will start to see more infor- mation on Telescript. Hal From wcs at anchor.ho.att.com Wed Apr 27 09:01:23 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 27 Apr 94 09:01:23 PDT Subject: Milgram & Authority Message-ID: <9404271600.AA00957@anchor.ho.att.com> Duncan writes: > Privacy 101 - A few years ago, Rebecca Schaefer told the State of > California where she lived. Her killer used that information to find her > and kill her. Only give out your address on a need to know basis. The San Francisco papers had a few articles a week ago about the San Francisco police giving out somebody's address from motor-vehicle records to her ex-boyfriend who was stalking her, as well as other private data - he got the information several times as she moved around. It's supposedly a misdemeanor, but of course the computers don't keep track of who requested what data, so they don't know which cop you can't trust. (Anybody who tries stalking me using motor vehicle records will either wonder how I keep all my furniture in that little box, or else have to figure out how to find my streeet address from my mailing address, not that that's real hard...) Bill From dday at houston.geoquest.slb.com Wed Apr 27 09:04:35 1994 From: dday at houston.geoquest.slb.com (Dan Day) Date: Wed, 27 Apr 94 09:04:35 PDT Subject: clipper not end of world Message-ID: <199404271604.LAA07155@mudd.se.houston.geoquest.slb.com> > From: Mikolaj Habryn > Seems to me, if one is talking about videophone type devices, > they are transmitting quite a great deal of info, and stegging in a > message is quite feasible, is it not? You don't even have to do much of a > hardware modification. Do something like having an HF carrier tone in the > background, that anyone listening to it can't detect without the knowing > what they're listenong for. Or insert a microburst transmission - it'll > look like static. In one of his novels, James P. Hogan had a clever way to insert clandestine messages. There was a moon-earth communications link, and the traffic over the link was monitored to make sure no one was giving away secrets from the installation on the moon to a mole on the earth end. The problem was that they were doing the surveillance on the cleaned-up data stream. The transmission protocol had the semi-standard error correction, whereby blocks of data were transmitted, the checksum was calculated and compared, and bad blocks were thrown away followed by a request for a resend. The spies on the moon merely contrived to send the occassional "bad block" which actually contained the message they wanted to piggyback on the datastream. A listening post monitored the raw data stream and extracted those "bad blocks" which had the right data signature, and the hidden messages were stored and decoded. The people checking the received data which passed the error check never saw the message and assumed all was well, since their own communications gear had already editted it out of the data stream. From wcs at anchor.ho.att.com Wed Apr 27 09:12:28 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 27 Apr 94 09:12:28 PDT Subject: Schneier's source code Message-ID: <9404271611.AA01104@anchor.ho.att.com> > >Oh come on, all this talk about OCR makes it sound like nobody would ever > >be willing to just type in the code by hand. It only need be done once, .... > But seriously, isn't the point that you may make some silly typing mistake > that compiles anyway, but ruins the algorithm? Since it's perfectly legal to *import* crypto code to the US, that's simple - ship it back to the US to check if it's correct. You also do checksums for each page and maybe each line, and have them run the checksums to make sure they've typed the page correctly as well, but use the ship-back-here method for final diffs. Meanwhile, since much of crypto is eventually about economics, it's worth pointing out that you can probably hire typists in Russia who speak English and C well enough to type it in accurately, and pay them an amount of money that's small here and quite large there. I don't know if Russia has crypto import/export laws? There's certainly Russian crypto software available in the West. From rishab at dxm.ernet.in Wed Apr 27 09:18:27 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Wed, 27 Apr 94 09:18:27 PDT Subject: Publishing code books Message-ID: Tim May wrote: > Someone in Cypherpunks has a novel solution: print code in the most > easily OCRable font---I think the suggestion was that OCR-A and OCR-B, > or somesuch, are optimized for this (one would think so from the > names, but I had thought they had something to do with the magnetic > ink printing on checks...). > > I'm sure Schneier would be entertain the idea of a special > "exportable" version of his code in which purchasers paid the $30 he > charges and received a loose-leaf book of very neatly and precisely > printed code, ready for easy OCRing. I think that it's a great idea for enterprising cypherpunk publishers to print "exportable versions of restricted code." There should be a good market, whether or not code is OCR-able. There may be a lot of unavailable code that could be worth typing. As a matter of fact, any plain font OCRs very well. The costs of such publishing would be very low, and I for one wouldn't mind paying >$50 for such 'code books'. Phil Karn wrote: > Oh come on, all this talk about OCR makes it sound like nobody would ever > be willing to just type in the code by hand. It only need be done once, > and the task could easily be divided up for a group. The listings for any > particular cipher just aren't that long. But the listings for a library of ciphers are. Besides OCRs are quite good nowadays, you don't really have to print in an OCR font. ------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! ------------------------------------------------------------------------------- From rarachel at prism.poly.edu Wed Apr 27 09:30:31 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 27 Apr 94 09:30:31 PDT Subject: Faking hostnames and inconvenient anon IP In-Reply-To: Message-ID: <9404271617.AA29790@prism.poly.edu> > Oh, there are other ways of faking hostnames, depending on your level of access > to systems (your closest nameserver, for example). My point was that it's not > quite as convenient to have anon IRC (or any other IP protocol) as it is to send > anon mail through a remailer. In that case one of us (who owns a machine directly plugged into the net) should set up an anon server that doesn't check for user/host names, or better yet, provide a bouncing off point for anonymous telnet... Say something like you telnet to port 666 on toad.com, and then you're given an anonymous temporary id. At that point, you are prompted with a menu for what to do... telnet to another site, ftp into another side, call an IRC server from somewhere, etc. All the anon server would have to do is bounce packets... I think this idea came up before... an anon packet forwarding service of sorts... If a user goes through several of these, s/he is granted pretty decent anonimity... Perhaps another play on this would work with encrypted packets? Where each user who dials into one of these packet bouncers talks to it via a PGP like RSA and key-exchange system. All the IRC server will see is that someone named anon7 logged in from eminar.toad.com... Of course if the sysadmins who run irc's are true assholes, they'll blacklist the anons, but if there are enough anon packet bounces on the network, this will be pretty hard. They'll just have to recognize that the right of privacy is one that outweighs their desire to keep logs. Granted anon packet bouncers can be used to throw junk mail or messages thought irc's, but we could install a time delay in the anon forwarding software so that it can receive quickly, but only send slowly. (Slowly enough for one person to type to an IRC, but not for a script to send thousands of messages. Granted, there are still other forms of abuse available, but if we could limit one we could still get somewhere and not have the IRC sysadmins bitch too hard.... From rarachel at prism.poly.edu Wed Apr 27 09:39:29 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 27 Apr 94 09:39:29 PDT Subject: Publishing code books In-Reply-To: Message-ID: <9404271626.AA00241@prism.poly.edu> How about publishing them as scantron coded circles with a checksum at the end. Granted this will be expensive, but it can be made portable, and we could also include some decoding software that will do the OCR for you. Most modern scanners are TWAIN compatible these days.. For those that are not, we could have the program accept different file formats. TIFF,PCX, etc. and have it scan the picture and resolve it into binary in minutes. We should also include the plaintext versions of the source code in the same book in a large, clear OCRalble font... say Courier at 14 points. This way you are guaranteed that you can get at the sources... The scantron version could also be compressed to a ZIP file let's say... Text files compress pretty well, so it shouldn't be a problem, and the book can include the decoding software. Would this be exportable? Do you guys remember those old Commodore program listings that had a checksum at the end of every line? We could do the same thing to verify OCR to typos. If an error occurs, we could go and enter the text or binary pattern in by hand. Another option is the new 2D barcodes which can store a lot more info than the regular kind. Are bar codes on paper exportable? We could simply include some software to read off the pages with a scanner and be done with it. Even so, I'm sure that >SOMEONE< outside the USA would be very willing to pay a secretary to type in the source code of a book. :-) Whatever happened to the mafias and undergrounds of other countries? I'd imagine they'd have the most to gain from crypto software... Hell, they probably already typed in all the code in all the crypto books... In this day and age, this shouldn't be a problem anymore... From rarachel at prism.poly.edu Wed Apr 27 09:44:23 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 27 Apr 94 09:44:23 PDT Subject: clipper not end of world In-Reply-To: <199404271604.LAA07155@mudd.se.houston.geoquest.slb.com> Message-ID: <9404271631.AA00507@prism.poly.edu> About sending bad blocks... if your receiving party can listen in on the transmission, you could simply change the program for them to include another checksum somewhere else in the middle of the block. Say, packet a has a bad checksum, then its a candidate for hidden info.. so you check your secret checksum. If it matches, you decode the compressed block. Obviously, your transmitter should send the steggoed data twice due to possible real errors which would eat your cyphermessage for lunch. Of course the repeats would have to look different than the originally sent stegoed packets or else the warden might get suspicious if he decides to have a look at the bad packets... From cyphpunk at aol.com Wed Apr 27 09:50:16 1994 From: cyphpunk at aol.com (cyphpunk at aol.com) Date: Wed, 27 Apr 94 09:50:16 PDT Subject: RSA-129 Cracked Message-ID: <9404271222.tn47240@aol.com> "Business Wire MORRISTOWN, N.J.--April 26, 1994--A Bellcore scientist has guided an international team in cracking a code once thought uncrackable. The team consisted of three academics and more than 600 volunteers on the Internet from around the world, and the code they cracked was based on a 129-digit number called RSA 129. The renowned number is: 114,381,625,757,888,867,669,23 5,779,976,146,612,010,218, 296,721,242,362,562,561,842,93 5,706,935,245,733,897,830, 597,123,563,958,705,058,989,07 5,147,599,290,026,879,543,541 The 129-digit number is called RSA 129 for its originators, Ronald Rivest, Adi Shamir and Leonard Adleman (RSA). The three embedded a message using the code in 1977 and challenged anyone to crack it. The achievement of Arjen Lenstra and the team has important implications for future security technologies, since the codes protecting such security are often based on the difficulty of factoring very long numbers--that is, breaking a number down into prime numbers. (A prime number is only evenly divisible by one and itself). In France, similar codes protect telephone ''smart cards.'' And they have other applications besides telecommunications--in banking, in the security systems of nuclear power stations, and in the military. Lenstra, Bellcore's factoring expert, guided the global effort to factor RSA 129. Lenstra designed the computational software used by the Internet volunteers, and the software used in the final stages of factoring. Dr. Paul Leyland, a computer-systems manager at Oxford University in England, and two students, Derek Atkins, from M.I.T., and Michael Graff of Iowa State University, monitored the day-to-day progress and managed the hundreds of volunteers on the Internet. ''In 1977, this would have been unimaginable,'' says Bellcore's Lenstra. ''The evolution of computing technologies and of the Internet has made the network vulnerable -- but, ironically enough, provides the means for protecting it by enabling the use of larger numbers than would have been feasible or necessary a few years ago.' Bellcore, on behalf of most of the nation's local telephone companies, evaluates the security of networks. This includes studying cryptographic systems and trying to break them. To ensure 'trustworthy networks,'' Bellcore examines ways to protect the privacy of information traveling on the networks as well as information stored in network databases. This role is critical, as the emerging information superhighway will foster new ways of doing business electronically. The ability to factor large numbers could potentially threaten many security codes based on a widely used cryptographic system created by Rivest, Shamir, and Adleman. The RSA system is based on the principle that it's infeasible to factor large numbers equalling the product of two large primes. Lenstra and the team broke RSA 129 down into two prime numbers, one of 64 digits, one of 65. Identifying these two primes allowed them to break the code. The numbers were: 3,490,529,510,847,650,949,147,849,619,903,898,133, 417,764,638,493,387,843,990,820,577 32,769,132,993,266,709,549,961 ,988,190,834,461,413,177, 642,967,992,942,539,798,288,53 3 The RSA code acts like a locked box with two keys. One key is a large, composite number which the owner may distribute publicly. Anyone can use that key to open the box and put a message in for the owner. But once the message is put in, the locked box can only be opened again by the owner, who has the second key, which is composed of the two factors of the composite number. Only the owner knows these numbers, because he or she has purposely constructed the composite number from two large prime numbers. ''Cracking the RSA code provides a very useful benchmark on the difficulty of factoring numbers, and thus provides very useful guidance to users of the RSA cryptosystem as to how large their prime numbers should be,'' says Rivest of MIT. The use of modern security technology, such as the RSA system, is an important aspect of Bell Atlantic's ability to provision a secure information highway, says Ravi Ganesan, Manager of Center of Excellence for Electronic Commerce at Bell Atlantic. ''These security tools are critical enablers for the long-term viability of electronic commerce technologies, which we are aggressively pursuing,'' he adds. ''Consequently, the analysis of these security technologies, and the quantification of their strength and vulnerabilities, is critical. In this context, the efforts of Arjen Lenstra and others at Bellcore in providing Bell Atlantic state-of-the-art evaluations of important security tools is invaluable.'' Background This attack on RSA 129 originated last summer after Bellcore's Lenstra was asked by Atkins, Leyland and Graff to suggest a factoring challenge that would involve volunteers on the Internet. Lenstra proposed the formidable RSA 129. The team eventually involved volunteers on every continent but Antarctica. Volunteers worked in the Australia, Belgium, Brazil, Canada, Chile, Denmark, Finland, France, Germany, Holland, Ireland, Israel, Italy, Japan, New Zealand, Norway, Portugal, South Africa, Spain, Sweden, Switzerland, the United Kingdom, the United States and Venezuela. ''We wanted to demonstrate, in public, how a team of enthusiasts could factor a number of the same size as those being used to protect commercial information,'' Leyland says. As the international mathematical challenge began, the problem was broken into thousands of tiny pieces and sent to the Internet volunteers to perform the preliminary calculations on their computers, on their own time. Graff corresponded on the Internet with potential volunteers, dividing the work between them. They then sent the results to Atkins at M.I.T. to be checked for accuracy. Atkins arranged for the use of a file server at M.I.T. to collect and process the work of the volunteers. He also handled system administration, making sure the data was backed up regularly. Leyland became the team's chief trouble shooter, and also produced regular status reports to keep the volunteers informed and interested. Once compiled and checked, the data was sent to Lenstra, who in turn assembled the data in one mammoth calculation on a MasPar supercomputer to produce the factors of RSA 129. ''Just as it was impossible to predict in 1977 that RSA 129 would be broken, so it is impossible to predict how quickly other such codes can be broken,'' Lenstra says. ''But the ability to break codes is getting better all the time, aided by increasingly powerful computing tools. Bellcore's work supports its customers in designing and implementing telecommunications systems that use longer numbers to assure the privacy and security of information traveling and stored on their networks,'' he added. Bellcore performs research and other technical services for the telecommunications companies of Ameritech, Bell Atlantic, BellSouth, NYNEX, Pacific Bell, Southwestern Bell and U S WEST, as well as Cincinnati Bell, Inc., The Southern New England Telephone Company and other leaders in industry and government." "BELLCORE NEWS RELEASE: BROKE CODE THOUGHT UNCRACKABLE 4/26/94" _San_Jose_Mercury_News_, 27 April 1994:Business Section. From pgf at srl.cacs.usl.edu Wed Apr 27 09:52:10 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Wed, 27 Apr 94 09:52:10 PDT Subject: Gee... Message-ID: <199404271647.AA08268@srl03.cacs.usl.edu> All those cryptographers, and their solution to exporting restricted source code is to print them up as barcode in books.\ How about tarring the code together, encrypting it, and e-mailing the message out? Phil (Who thinks that the whole point of cypherpunks *was* supposed to be that modern electronics and networking would make standard spook blind drops and the like obsolete). From pgf at srl.cacs.usl.edu Wed Apr 27 10:02:50 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Wed, 27 Apr 94 10:02:50 PDT Subject: Rights are on the CP agenda Message-ID: <199404271658.AA08309@srl03.cacs.usl.edu> >Perry, I would suggest that you leave the list if you don't like it. Your >only contributions have been snide little flames, anyway. >tw Hmm, werner at mc.ab.com. Tim Werner. Let me fire up nn... Okay, setting for ten days... (1st offence)... Plonk! From rarachel at prism.poly.edu Wed Apr 27 10:05:32 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 27 Apr 94 10:05:32 PDT Subject: Gee... In-Reply-To: <199404271647.AA08268@srl03.cacs.usl.edu> Message-ID: <9404271650.AA01260@prism.poly.edu> <> Gee, how about getting arrested for exporting munitions? From pgf at srl.cacs.usl.edu Wed Apr 27 10:10:16 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Wed, 27 Apr 94 10:10:16 PDT Subject: Gee... Message-ID: <199404271705.AA08360@srl03.cacs.usl.edu> >Gee, how about getting arrested for exporting munitions? That'll happen with the book'o'barcodes too, and you can't use an anonymous remailer for that. Phil From blancw at microsoft.com Wed Apr 27 10:13:56 1994 From: blancw at microsoft.com (Blanc Weber) Date: Wed, 27 Apr 94 10:13:56 PDT Subject: Milgram & Authority Message-ID: <9404271615.AA15924@netmail2.microsoft.com> From: Duncan Frissell Privacy 101 - < daily affirmation from DF deleted > --- WinQwk 2.0b#1165 ......................................................... What does "WinQwk 2.0b#1165" stand for? Blanc From sonny at netcom.com Wed Apr 27 10:17:20 1994 From: sonny at netcom.com (James Hicks) Date: Wed, 27 Apr 94 10:17:20 PDT Subject: Publishing code books In-Reply-To: <9404271626.AA00241@prism.poly.edu> Message-ID: <199404271717.KAA09192@netcom.com> > Another option is the new 2D barcodes which can store a lot more info than > the regular kind. Are bar codes on paper exportable? Just for general information, the 2D MaxiCode system by United Parcel Service is mentioned in a LA Times article (4/13/94,D8). Your can get 100 bits/square inch. +---------------------------------------------------------------------+ | james hicks | Give me your tired, your poor, | | | your huddled masses yearning to breathe free, | | ...can you hear | Send these, the homeless, tempest-tossed to me.| | the music?... | I lift my lamp beside the golden door! | +---------------------------------------------------------------------+ From habs at warwick.com Wed Apr 27 10:29:23 1994 From: habs at warwick.com (Harry S. Hawk) Date: Wed, 27 Apr 94 10:29:23 PDT Subject: Publishing code books In-Reply-To: Message-ID: <9404272004.AA13555@cmyk.warwick.com> > But the listings for a library of ciphers are. Besides OCRs are quite good > nowadays, you don't really have to print in an OCR font. But not good enough. You can spell check a newspaper article but not "code." OCR fonts I think would help. I think the code would still have to be manually proofed ... From rarachel at prism.poly.edu Wed Apr 27 10:32:44 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 27 Apr 94 10:32:44 PDT Subject: CU Crypto Session Sat In-Reply-To: Message-ID: <9404271720.AA02143@prism.poly.edu> <> Mirrors could be sectional. Many mirrors can be joined together into a much larger mirror. Take a look at those put it together yourself model kits. Often the box is much smaller than the finished object. The mirror size is limited by the cargo bay, but it doesn't have to fit in the cargo bay when it is assembled. Consequently There could be more than one trip to catch the satelite and add more mirror segments to it. (Although this w would be very hard to accomplish, it isn't impossible... Take a pice of paper. Draw a circle. Draw another circle around it, etc.) Of course the camera would have to be built with the maximum mirror circumfrence/area in mind, but it can be done. Assuming that the satelite isn't too likely to get hit by debris, the mirror fragments could be made from some thin, flexible, light material so that many fragments can be carried out in space.. say some form of aluminum? or plastic? Anyone know about this? From juola at bruno.cs.colorado.edu Wed Apr 27 10:36:05 1994 From: juola at bruno.cs.colorado.edu (juola at bruno.cs.colorado.edu) Date: Wed, 27 Apr 94 10:36:05 PDT Subject: Gee... Message-ID: <199404271735.LAA10571@bruno.cs.colorado.edu> >Gee, how about getting arrested for exporting munitions? That'll happen with the book'o'barcodes too, and you can't use an anonymous remailer for that. I believe that's the question under discussion -- whether or not a book'o'barcodes would pass under the ITAR regulations. Given that the book itself passes (has already passed), what changes would need to be made so that the book could still be exported but be much easier to enter into a machine than having to retype the whole thing. Patrick From tcmay at netcom.com Wed Apr 27 10:39:52 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 27 Apr 94 10:39:52 PDT Subject: Liberating Schneier's Code? Message-ID: <199404271740.KAA12811@netcom.com> In typical Cypherpunks fashion, we are beating this one to death! (How else can we keep our message traffic high enough to keep using the Cypherpunks list as a plaintext channel to carry messages stego'ed in the right-hand margins?) - some want the source code printed in OCRable form - some just want it typed in by volunteers and then distributed - and others are expecting the Karns case to get the export situation resolved soon enough anyway Need I point out that the source code already exists in machine-readable form on the $30 disketter Schneier is selling? All it takes is for someone to order it, then put the code on an ftp site. Outside the U.S. And there are of course _many_ ways to get such a diskette outside the U.S. "This post is for disussion purposes only and is not to be construed as an inducement to infringe the property rights of Schneier or his publisher or to violate the ITAR, COCOM, or Sales to Pinko Nations Laws." (had to put this in) Yes, this solution "violates" Schneier's "property rights," but so do the main alternatives above that folks are discussing. (And I'm not being sarcastic here in my quotes around "violates" and "property rights." There are complicated issues here. Bruce Schneier himself said he wanted to include the disk with every copy or at least have an ftp site, so I don't think money is the main issue. And he's presumably selling quite a few copies of the book, anyway.) Independent of the Schneier book, I do think there needs to be a code repository of useful code. Mark Riordan has some at his RIPEM site, there's the RSAREF code that RSADSI makes available, and several other code ftp sites I've seen (and which I've collected for the Cypherpunks FAQ I'm getting closer to releasing). --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From dmandl at lehman.com Wed Apr 27 10:41:41 1994 From: dmandl at lehman.com (David Mandl) Date: Wed, 27 Apr 94 10:41:41 PDT Subject: Gee... Message-ID: <9404271741.AA29944@disvnm2.lehman.com> > From: "Phil G. Fraering" > > All those cryptographers, and their solution to exporting restricted > source code is to print them up as barcode in books.\ > > How about tarring the code together, encrypting it, and e-mailing the > message out? See you in jail. Anyone can get this stuff out of the country surreptitiously. I think the point was to get it out _legally_, through the law's _own_ loopholes. Then they're completely powerless to stop it or persecute the responsible parties in any way. It also makes any further attempts to stop the export of the algorithm pointless (though I guess that wouldn't stop them anyway--the government has spent billions of dollars protecting "secrets" that have long since been leaked by renegade CIA agents.) --Dave. From pcw at access.digex.net Wed Apr 27 10:57:45 1994 From: pcw at access.digex.net (Peter Wayner) Date: Wed, 27 Apr 94 10:57:45 PDT Subject: Mirrors... Message-ID: <199404271757.AA17139@access1.digex.net> I was just at a talk at the Space Telescope Institute that described a telescope that would be suspended from a balloon over the South Pole. There was no one mirror. It was a composite of 10 smaller mirrors that were layed out over a grid. They did all sorts of studies on the harmonics. It was not clear to me, though, that the array could be folded up. I'm sure that they needed very careful alignment. -Peter From pcw at access.digex.net Wed Apr 27 11:00:41 1994 From: pcw at access.digex.net (Peter Wayner) Date: Wed, 27 Apr 94 11:00:41 PDT Subject: Liberating Schneier's Code? Message-ID: <199404271800.AA17333@access1.digex.net> In re Schneier's property rights: ` He didn't write most of it. The stuff I donated to the collection is freely distributable (but not public domain). I suspect that someone else could put together their own collection. From karn at qualcomm.com Wed Apr 27 11:06:14 1994 From: karn at qualcomm.com (Phil Karn) Date: Wed, 27 Apr 94 11:06:14 PDT Subject: Schneier's source code In-Reply-To: <9404271611.AA01104@anchor.ho.att.com> Message-ID: <199404271805.LAA07284@servo.qualcomm.com> There is also the interesting realization that even if the Schneier source code were to be mailed or FTP'ed outside the country, without actual evidence of those acts there would be nothing to disprove an assertion that it was typed in from the legally exportable book. But, as they say, "that would be wrong". I'm *still* waiting for a response to my CJ request for this disk. They either ignore my calls or put me off with "it's coming soon", but it's now almost May and I still don't have an official ruling on my "15-day" request, which was filed in early March. Phil From afabbro at umich.edu Wed Apr 27 11:07:46 1994 From: afabbro at umich.edu (This Space For Rent) Date: Wed, 27 Apr 94 11:07:46 PDT Subject: Asimov && RSA-129 In-Reply-To: <199404271647.AA08268@srl03.cacs.usl.edu> Message-ID: On Wed, 27 Apr 1994, Phil G. Fraering wrote: > (Who thinks that the whole point of cypherpunks *was* supposed to be that > modern electronics and networking would make standard spook blind drops > and the like obsolete). ah, but one day when we are truly computerized, the ability to hand-write messages and pass them on obsolete paper will be such an esoteric enterprise that it will be reserved for eccentrics, SCA reenactors, and spies. (wasn't there an Asimov story about man rediscovering the ability to do math by hand after centuries of calculator dependency?) -=*=- I do have another observation...I read the "RSA-129 Cracked" piece but as a true cryptologic novice who hasn't even finished reading _Applied Cryptography_, I was uncertain of the implications of this. As I understood it, the team cracked a specific message encoded with RSA-129 after about 10 months of work by dozens of people working in concert. Since my goal is to achieve a level of encryption that the government (read: NSA) cannot penetrate, this brought some questions to mind. Assuming that the NSA, with its massive budget and ability to design/manufacture/buy special-purpose hardware, could duplicate the efforts of all those on the "crack" team, does this mean that the NSA can break any RSA-129-encoded message in ~10 months? Or would it be reasonable to assume that they can work faster? >From Schneier's book, I draw the conclusion that while this is significant, it does not affect current RSA usage, which uses longer keys...1024-bit/308-digit for "the most paranoid use" (Schneier). Am I correct in assuming that this news has little bearing on current PGP use? Andrew Fabbro If laws are outlawed, weltschmerz at umich.edu only outlaws will University of Michigan have laws. Fnord. _____________________________________________________________ Finger afabbro at churchst.ccs.itd.umich.edu for PGP public key. PGPprint: 87 41 65 E0 C2 51 9F E5 A9 44 ED A6 6B 16 76 9E NSA bait: assassinate uranium dreamland CIA p.o.e. zimmerman From karn at qualcomm.com Wed Apr 27 11:54:51 1994 From: karn at qualcomm.com (Phil Karn) Date: Wed, 27 Apr 94 11:54:51 PDT Subject: Liberating Schneier's Code? In-Reply-To: <199404271800.AA17333@access1.digex.net> Message-ID: <199404271851.LAA07387@servo.qualcomm.com> > He didn't write most of it. The stuff I donated to the collection > is freely distributable (but not public domain). I suspect that > someone else could put together their own collection. ...which would be more up to date, too. When I created a copy of the disk to send to NSA along with my second CJ request, I found I had to go back several versions of PGP to get the version of IDEA that had been printed in the book. That's the problem with books -- they're hard to update. Phil From karn at qualcomm.com Wed Apr 27 11:55:03 1994 From: karn at qualcomm.com (Phil Karn) Date: Wed, 27 Apr 94 11:55:03 PDT Subject: CU Crypto Session Sat In-Reply-To: <9404271720.AA02143@prism.poly.edu> Message-ID: <199404271854.LAA07395@servo.qualcomm.com> >Mirrors could be sectional. Many mirrors can be joined together into a much >larger mirror. Take a look at those put it together yourself model kits. Remember that when they're joined, they must maintain an accuracy of a small fraction of a wavelength to not spoil the results. I'm not saying this is impossible, only very, very difficult. Even for (especially for?) a well-funded black project. Phil From pcw at access.digex.net Wed Apr 27 12:02:01 1994 From: pcw at access.digex.net (Peter Wayner) Date: Wed, 27 Apr 94 12:02:01 PDT Subject: Liberating Schneier's Code? Message-ID: <199404271901.AA21941@access1.digex.net> Yes, books are hard to update, but hardware is even harder. What is going to happen to all of those Capstone chips that use the "old" unfixed version of MD-5? Imagine what would happen if the Capstone was widely used in the country? It could easily cost many millions to update an algorithm in hardware. From sandfort at crl.com Wed Apr 27 12:32:49 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 27 Apr 94 12:32:49 PDT Subject: Gee... In-Reply-To: <9404271741.AA29944@disvnm2.lehman.com> Message-ID: C'punks, On Wed, 27 Apr 1994, David Mandl wrote: > > From: "Phil G. Fraering" > > . . . > > How about tarring the code together, encrypting it, and e-mailing the > > message out? > > See you in jail. > > Anyone can get this stuff out of the country surreptitiously. > I think the point was to get it out _legally_, through the law's > _own_ loopholes. Then they're completely powerless to stop it > or persecute the responsible parties in any way. . . . Wrong on both counts. Getting it out legally would be nice--it's a great *fallback* position--but that's not the object of the game. The idea is to get it out and make it widely available. Period. The Constitution and other laws are not magic talismans. It is fantasy thinking that technical compliance with the government's laws renders them "completely powerless." A Smith & Wesson beats four-of-a-kind. S a n d y, (Attorney-out-law) From tcmay at netcom.com Wed Apr 27 12:52:33 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 27 Apr 94 12:52:33 PDT Subject: Level of Discourse on the Cypherpunks List Message-ID: <199404271953.MAA28959@netcom.com> This post is about the level and quality of discourse here on this list. Because of the number of posts I make (and one hopes, the quality?), I get a fair amount of personal mail directed at me from people with personal gripes about the way the list discussion is working, or not working, or "should be run," and so on. Some of these points I even agree with...and sometimes I tell my e-mailers this. But several things need to be said: - the list has more than 700 names on it, last time I checked (send the message "who cypherpunks" (in the body) to majordomo at toad.com) - these folks have diverse interests - often newbies join the list and have things they want to get off their chest; their agenda sometimes dominates the discussion until they've exhausted what they wanted to say (or burn out and leave the list) - old-timers who have been on the list for many months, and sometimes since the beginning in October 1992, have seen the main themes many times and may not want to contribute each time a thread comes up - the list is an anarchy: it is not "run" by any one person, although Eric Hughes has certain powers as List Administrator, and John Gilmore has other powers (as owner of the machine on which the list runs). [Please, not another debate about who owns the list, about how our words are not owned by Hughes et. al., etc. And, please, not another meta-debate about why shouldn't we debate this. One of the problems with a community of 700, any of whom can take the "floor" at any time, is that any statement gets a rebuttal, every debate becomes contentious. _This_ paragraph will likely be angrily rebutted by at least one of you out there.] - I repeat: the list is an anarchy. There is no voting, no membership, no Board of Directors, no formal policies or charter. Just a collection of relatively common memes. This whole issue came up again when a list member sent me a message saying he had been lurking on the list for several weeks and that he would "give it another couple of weeks" to see if the S/N ratio--for the things that interested him--could be improved. I wrote him the following reply. I have of course edited out his comments and replaced them with vanilla comments. "I've been lurking for several weeks. I'm unhappy with the large number of posts which have little to do with this list. I'm more interested in crypto methods, software, etc., and had hoped to see more discussion of that." There's certainly a lot of what you are talking about, wouldn't you say? Yes, a lot of other stuff, too. That is, mixed in with all the political stuff, the jokes, etc., is a fair amount of commentary on algorithms, new code, status of exising programs, etc. This certainly will appear to be fragmentary (e.g., a bunch of short comments about D-H code), but this is because Cypherpunks is a mailing list, not an essay list exclusively. Most of the main stuff has been written about at least several times, so newcomers cannot possibly expect a steady flow of tutorials, incisive essays, etc. (And a steady flow of tutorials would turn-off a lot of others, ironically.) "I'm not willing to read 60-80 messages a day to find the stuff I'm interested in. Or to find the associations with the alleged topics at hand." [the last is my correspondents choice of phrasing.] Then you are probably best off leaving the list, as nobody will tailor their posts to match your exact needs, or even your approximate needs. "I'll stay for another few weeks, then leave if things haven't improved. However, I'd be interested in corresponding by mail with others who are interested in working on code." There have been at least half a dozen such attempts to create spin-off lists, or subsets of the main list. There was a "hardware punks" list, a "steganography list," and at least several regional sub-lists. All have died for lack of interest. or at least are dormant. For example, the "DC-Net list" was formed a year ago, by some guys who were tired of reading about topics that didn't interest them. There was one message, the welcome message, and then nothing more. C'est la vie. (I joined several of these sub-lists, out of a sense of duty and mild curiousity to see how they would do, and there's now zero traffic on them. It's a critical mass problem: the Cypherpunks have the critical mass to sustain discussions---perhaps sustain them too long, some might say.) "Maybe I misunderstood what the cpunks list was all about..." The best way is to lead by example. So, where are your posts? I look forward to them. But complaining that not all of the posts are to your liking is pointless. I can't change what other people write, can I? Nor can you. The thing you can change is what _you_ write. Besides, and this will be my final point, the list has been running since October 1992, with an average of 400 people on it (700 recently). Most topics have been covered at least several times, and sometimes a dozen times. The "old-timers" will thus usually sit-out these nth rehashings of TEMPEST, or the powers of the NSA, or steganography, or whatever. If you want a higher level of discourse, begin it. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From sameer at soda.berkeley.edu Wed Apr 27 12:56:05 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Wed, 27 Apr 94 12:56:05 PDT Subject: Faking hostnames and inconvenient anon IP In-Reply-To: <9404271617.AA29790@prism.poly.edu> Message-ID: <199404271955.MAA16184@soda.berkeley.edu> > In that case one of us (who owns a machine directly plugged into the net) > should set up an anon server that doesn't check for user/host names, or > better yet, provide a bouncing off point for anonymous telnet... Say > something like you telnet to port 666 on toad.com, and then you're given Well starting sometime this summer I'm going to start selling shell accounts, and I don't plan on spending much time verifying that there is a TrueName associated with any given account. All I will care is that I get my money and that the account isn't used to violate any security. I'll only have a 14.4 analog connection to the net at first but as time goes on I'll get a faster link. (As people pay me..) (If I get a report that the account has been abused, I probably just shut it off with no refund.. I'll develop a more specific policy when the time comes.) It's not exactly what you wanted, but it's privacy. From CCGARY at MIZZOU1.missouri.edu Wed Apr 27 13:02:09 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Wed, 27 Apr 94 13:02:09 PDT Subject: Faking hostnames & CHATTERBOXES Message-ID: <9404272002.AA09603@toad.com> About faking hosts names being inconvenient: A week or two ago I did a post FREEDOM DEAMON in which I suggested the idea of the "CHATTERBOX". A "CHATTERBOX" would be the Internet Chat equivalent of a remailer. Other names for "CHATTERBOXES" would be "RECHATTERERS" or "RECHATS". It would hide the location of the user. It would also have the cap- ability to send commands without disclosing location. For instance, you could TELNET really anonymously! Lots of other things too! Someone feel free to write it. Still another way to get rid of host name.- Some- one once TELNETed to a foreign country computer, then that computer was kind enough to allow user to IRC to Internet Chat. Who was that "masked man?" Yours Truly, Gary Jeffers PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKKK! BBBEEEAAATTTT STATE! From dmandl at lehman.com Wed Apr 27 13:13:34 1994 From: dmandl at lehman.com (David Mandl) Date: Wed, 27 Apr 94 13:13:34 PDT Subject: Gee... Message-ID: <9404272009.AA01638@disvnm2.lehman.com> From: Sandy Sandfort > On Wed, 27 Apr 1994, David Mandl wrote: > > > Anyone can get this stuff out of the country surreptitiously. > > I think the point was to get it out _legally_, through the law's > > _own_ loopholes. Then they're completely powerless to stop it > > or persecute the responsible parties in any way. . . . > > Wrong on both counts. Getting it out legally would be nice--it's a great > *fallback* position--but that's not the object of the game. The idea is > to get it out and make it widely available. Period. First of all, the above was not my position (though I have no big problem with it). I was just explaining the point of this thread, which the previous poster seemed to be unaware of. Now, are you saying I'm wrong about it being easy to get crypto software out of the country illegally? If so, you've got to be kidding. This stuff has probably crossed the border fifty times TODAY. Everyone on this list knows that. If simply getting crypto code out of the country By Any Means Necessary was the goal, this thread would never have been started, Perry would never have considering publishing code in machine-readable form, and no one would have done the little test with Schneier's book (Hal?...I forget who it was). The point was to get it out in such a way that no one had to hide from the lawman or pretend the code was written overseas, and we could all walk in the sun. Me, I have no problem with people exporting it illegally to their heart's content. > The Constitution and other laws are not magic talismans. It is fantasy > thinking that technical compliance with the government's laws renders > them "completely powerless." A Smith & Wesson beats four-of-a-kind. Your point? Sure, the government can do whatever they want. So? I have no interest in the Constitution and the "Law" (though I obey the latter because I'm not keen to spend the rest of my life in jail). I just don't care. All I was doing above was explaining this thread to someone who seemed to miss the whole point. > S a n d y, (Attorney-out-law) From m5 at vail.tivoli.com Wed Apr 27 13:19:08 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 27 Apr 94 13:19:08 PDT Subject: Faking hostnames and inconvenient anon IP In-Reply-To: <199404271955.MAA16184@soda.berkeley.edu> Message-ID: <9404272018.AA19034@vail.tivoli.com> Sameer writes: > Well starting sometime this summer I'm going to start selling > shell accounts, and I don't plan on spending much time verifying > that there is a TrueName associated with any given account. Most (all?) private PO box places won't give out a box without a "real" US mail address and some form of ID. Is this due to legal requirements (direct or indirect)? If so, can we not look forward to such restrictions being placed on those who supply electronic PO boxes? -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From unicorn at access.digex.net Wed Apr 27 13:26:48 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 27 Apr 94 13:26:48 PDT Subject: Gee... In-Reply-To: Message-ID: <199404272026.AA26676@access1.digex.net> > > C'punks, > > On Wed, 27 Apr 1994, David Mandl wrote: > > > > From: "Phil G. Fraering" > > > . . . > > > How about tarring the code together, encrypting it, and e-mailing the > > > message out? > > > > See you in jail. > > > > Anyone can get this stuff out of the country surreptitiously. > > I think the point was to get it out _legally_, through the law's > > _own_ loopholes. Then they're completely powerless to stop it > > or persecute the responsible parties in any way. . . . > > Wrong on both counts. Getting it out legally would be nice--it's a great > *fallback* position--but that's not the object of the game. The idea is > to get it out and make it widely available. Period. Concur. > > The Constitution and other laws are not magic talismans. It is fantasy > thinking that technical compliance with the government's laws renders > them "completely powerless." A Smith & Wesson beats four-of-a-kind. If you're looking for the moral high ground, then you need to respect the "spirit" of the regulation. Only in the case that you really make a good faith effort to comply with the regulation, can you hold yourself out as morally pure with regards to United States export regulations. Since the spirit of this regulation is: 1> Keep high technology and strong crypto in the United States and OUT of foreign hands. 2> Empower the Federal Government by limiting the economic marketability of strong crypto through strict market regulation outside the U.S. 3> Keep the private sector out of the Strong Crypto Business. Getting the code, concepts, media, academic materials, or anything that might by furthest stretch of the imagination allow a foreigner to re- produce strong crypto is out of the question. You can't have it both ways. I want to comply. I want to export. Instead it must be realized that the real question is HOW to get it out in a way that has not been thought of, or will not be checked, or is not yet regulated. (Read, Don't Get Caught.) I think Mr. Sandfort has the right idea here by noting the importance of not only release, but wide distribution. Only then do the laws become "powerless." In any event, there is still the risk that extreme measures might be taken to hold on to centralist powers. (Total ban on crypto, born classified notion, see Innman or the current position on export, that posting to the internet is per se the constructive equiv. of export). I must add that I don't support the violation of export regulation, particularly in public or semi-public forums. I only note that the belief that both the letter and spirit of law (which is in this day and age very centralist) and the cypherpunk goals can co-exist is intellectually inconsistent in many instances. One cannot serve cypherpunks and centralism both. The real goal is to serve cypherpunks and stay free of criminal/civil action. > > S a n d y, (Attorney-out-law) > -uni- (Dark) From dmandl at lehman.com Wed Apr 27 13:29:03 1994 From: dmandl at lehman.com (David Mandl) Date: Wed, 27 Apr 94 13:29:03 PDT Subject: tcmay on wfmu-fm (nyc) Message-ID: <9404272028.AA01808@disvnm2.lehman.com> New York City-area cypherpunks: Tim May has graciously agreed to be on my radio show again this Saturday (via telephone). We'll be talking about the Big Brother aspects of Clipper/Capstone, and maybe a bit about Digital Telephony if we get to it. The vital stats: WFMU (East Orange, NJ) 91.1 FM Saturday, April 30, 12 noon local time (my show runs from 11 to 1). No, I won't be taping it. Tell all your friends. --Dave. From unicorn at access.digex.net Wed Apr 27 13:37:17 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 27 Apr 94 13:37:17 PDT Subject: Gee... In-Reply-To: <9404272009.AA01638@disvnm2.lehman.com> Message-ID: <199404272036.AA27278@access1.digex.net> > > From: Sandy Sandfort > > > On Wed, 27 Apr 1994, David Mandl wrote: > > > > > Anyone can get this stuff out of the country surreptitiously. > > > I think the point was to get it out _legally_, through the law's > > > _own_ loopholes. Then they're completely powerless to stop it > > > or persecute the responsible parties in any way. . . . > > > > Wrong on both counts. Getting it out legally would be nice--it's a great > > *fallback* position--but that's not the object of the game. The idea is > > to get it out and make it widely available. Period. > > First of all, the above was not my position (though I have no big problem > with it). I was just explaining the point of this thread, which the > previous poster seemed to be unaware of. Now, are you saying I'm wrong > about it being easy to get crypto software out of the country > illegally? If so, you've got to be kidding. This stuff has probably > crossed the border fifty times TODAY. Yes, perhaps. > Everyone on this list knows that. > If simply getting crypto code out of the country By Any Means Necessary > was the goal, this thread would never have been started, Perry would > never have considering publishing code in machine-readable form, and > no one would have done the little test with Schneier's book (Hal?...I > forget who it was). By any means necessary includes by means legally suspect, but not explicitly forbidden. > The point was to get it out in such a way that > no one had to hide from the lawman or pretend the code was written > overseas, and we could all walk in the sun. Me, I have no problem > with people exporting it illegally to their heart's content. In a public forum, this was probably the goal. In general it is not. Perry, I suspect, has too much to lose to be caught exporting. To suggest that the point was to find a legal solution is to dodge the basic question. The point is to get the stuff out. Finding a legal solution is one method. Don't lose sight of the end. The end is still in many ways, revolutionary. Cypherpunks, from all I can tell, is partly the political movement to empower the individual at the expense of the state. The fact that the state has the upper hand for the moment only varies method, not intent. > > The Constitution and other laws are not magic talismans. It is fantasy > > thinking that technical compliance with the government's laws renders > > them "completely powerless." A Smith & Wesson beats four-of-a-kind. > > Your point? Sure, the government can do whatever they want. So? So even the exportation of crypto "technically" compliant is dangerous. It could merely trigger more drastic measures. Instead, the focus is or should be on getting the genie out of the bottle for good, so that even extreme measures yield nothing. > I have no interest in the Constitution and the "Law" (though I obey > the latter because I'm not keen to spend the rest of my life in jail). > I just don't care. All I was doing above was explaining this thread > to someone who seemed to miss the whole point. In so far as the law is a matter of perspective, I think everyone should try to embrace the concepts of the law, and in particular, the constitution. Just because our contemporaries have lost sight, or made (drastic) departures, doesn't mean the document, or the doctrine, is useless. > > S a n d y, (Attorney-out-law) > -uni- (Dark) From mccoy at ccwf.cc.utexas.edu Wed Apr 27 13:41:18 1994 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Wed, 27 Apr 94 13:41:18 PDT Subject: CU Crypto Session Sat In-Reply-To: <199404271854.LAA07395@servo.qualcomm.com> Message-ID: <199404272041.PAA11305@flubber.cc.utexas.edu> Phil Karn writes: [sat stuff and big mirrors...] > >Mirrors could be sectional. Many mirrors can be joined together into a much > >larger mirror. Take a look at those put it together yourself model kits. > > Remember that when they're joined, they must maintain an accuracy of a > small fraction of a wavelength to not spoil the results. They do not need to be joined. There already exist examples of "large" telescopes on the ground that combine the light received by multiple smaller mirrors into a single "synthetic image." The individual mirrors can be small for easy transportation and can be added over time to keep increasing the resolution... jim From sameer at soda.berkeley.edu Wed Apr 27 13:45:36 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Wed, 27 Apr 94 13:45:36 PDT Subject: Faking hostnames and inconvenient anon IP In-Reply-To: <9404272018.AA19034@vail.tivoli.com> Message-ID: <199404272045.NAA23049@soda.berkeley.edu> > > > Sameer writes: > > Well starting sometime this summer I'm going to start selling > > shell accounts, and I don't plan on spending much time verifying > > that there is a TrueName associated with any given account. > > Most (all?) private PO box places won't give out a box without a > "real" US mail address and some form of ID. Is this due to legal > requirements (direct or indirect)? If so, can we not look forward to > such restrictions being placed on those who supply electronic PO > boxes? > > -- > | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | > | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | > | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | > From nobody at shell.portal.com Wed Apr 27 14:37:49 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Wed, 27 Apr 94 14:37:49 PDT Subject: No Subject Message-ID: <199404272138.OAA20693@jobe.shell.portal.com> rarachel at prism.poly.edu (Arsen Ray Arachelian) wrote: > < e-mailing the message out?>> > > > Gee, how about getting arrested for exporting munitions? People have been doing that for years and no one's gotten arrested yet. :) In case you haven't noticed, people outside the US requesting crypto stuff usually don't have too much trouble finding a volunteer willing to send it to them. From karn at qualcomm.com Wed Apr 27 14:50:02 1994 From: karn at qualcomm.com (Phil Karn) Date: Wed, 27 Apr 94 14:50:02 PDT Subject: CU Crypto Session Sat In-Reply-To: <199404272041.PAA11305@flubber.cc.utexas.edu> Message-ID: <199404272149.OAA07705@servo.qualcomm.com> >They do not need to be joined. There already exist examples of "large" Okay, "joined" in the sense that the light collected by each mirror must be added coherently to produce the final image. This coherent addition requires precise control of the phase of each component to a small fraction of a wavelength. This is hard. Someday there may be phased array antennas operating at optical wavelengths. Not yet. Phil From nelson at crynwr.com Wed Apr 27 15:16:55 1994 From: nelson at crynwr.com (Russell Nelson) Date: Wed, 27 Apr 94 15:16:55 PDT Subject: a test server? Message-ID: Is there a PGP test server anywhere? I'd like to use its public key to encrypt a message, mail it to the server, and have it mail the plaintext back to me. I'd also like to have it look up my pubic key in the appropriate repository (which is?) and verify that my message was signed properly. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From nelson at crynwr.com Wed Apr 27 15:31:21 1994 From: nelson at crynwr.com (Russell Nelson) Date: Wed, 27 Apr 94 15:31:21 PDT Subject: Gee... In-Reply-To: <199404271647.AA08268@srl03.cacs.usl.edu> Message-ID: Date: Wed, 27 Apr 1994 11:47:24 -0500 From: "Phil G. Fraering" (Who thinks that the whole point of cypherpunks *was* supposed to be that modern electronics and networking would make standard spook blind drops and the like obsolete). Nope. The whole point is to hack, and hacking legal systems can be just as much fan as hacking computers, especially when the legal system you're hacking doesn't understand computers. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From monad at tigger.jvnc.net Wed Apr 27 15:45:50 1994 From: monad at tigger.jvnc.net (otchayanie) Date: Wed, 27 Apr 94 15:45:50 PDT Subject: Faking hostnames and inconvenient anon IP Message-ID: Quoth Arsen Ray Arachelian : > >In that case one of us (who owns a machine directly plugged into the net) >should set up an anon server that doesn't check for user/host names, or >better yet, provide a bouncing off point for anonymous telnet... Say >something like you telnet to port 666 on toad.com, and then you're given >an anonymous temporary id. At that point, you are prompted with a menu for >what to do... telnet to another site, ftp into another side, call >an IRC server from somewhere, etc. All the anon server would have to do >is bounce packets... I think this idea came up before... an anon packet >forwarding service of sorts... > >If a user goes through several of these, s/he is granted pretty decent >anonimity... Perhaps another play on this would work with encrypted >packets? Where each user who dials into one of these packet bouncers >talks to it via a PGP like RSA and key-exchange system. > >All the IRC server will see is that someone named anon7 logged in from >eminar.toad.com... > in actuality, the code for this exists, has existed for some time, and has even seen some use. it is a simple telnet reflector that functions more or less in the manner you are envisioning; the irc user simply directs the client to the address and port of the 'anon server,' which grants the user its own hostname and an incremented username starting with 'an001;' these and subsequent packets are forwarded to an actual server nearby. the code was written by all-time incorrigible irc hooligan Hendrix, who also brought us the annoybots, tsunami floodbots, and countless other innovations without which irc just wouldn't be the same. the anonirc.c code is available via anon ftp at ftp.rahul.net /pub/jimi, which also houses countless other quasi-legitimate utilities and patches. the project of anonimity on irc seems to be a valuable one, notwithstanding the legion of users whose baser traits are augmented by the prospect of utter irresponsibility. the crytographic frontier on the irc is, for me at least, perhaps much more desirable territory; and of course the two used in sensible conjunction would be ideal. while there is a rudimentary form of encryption built into the unix irc client software, i confess i have only seen it used thoughtfully on one occasion, and sadly, it was to conceal the intentions of parties involved in an 'op war.' on the lighter side, i have recently seen a number of users invoking weak (or perhaps mock) encryption of the form 'CLIPPER::.' so perhaps the interest is fomenting, parody can often turn trash into gold, when well executed. ---------- monad at tigger.jvnc.net apologia pro mea vita "The infant's first step is its first step towards death." Kozma Prutkov From 71431.2564 at CompuServe.COM Wed Apr 27 15:49:33 1994 From: 71431.2564 at CompuServe.COM (Bradley W. Dolan) Date: Wed, 27 Apr 94 15:49:33 PDT Subject: CIA & FBI, a marriage made in ___? Message-ID: <940427210730_71431.2564_FHA73-1@CompuServe.COM> Does it concern anybody besides me that the CIA [with a bunch of underemployed manpower] is jumping into bed with the FBI [whose spokesman recently testified to Congress that they didn't have enough manpower to enforce the Crime Bill on us]? Does it make anybody nervous besides me that this is occurring at the same time that the 2ond and 4th amendments are being dispensed with? While the Clipper chip and digital telephony bill are being foisted on us? Is there a trend here? Ties to political aspects of crypto ought to be pretty damn obvious. Brad bdolan at well.sf.ca.us --------------------------------------------------------------------- William J. Clinton, on MTV: <> <> [...] Now, having said that, a lot of the Asian societies that <> are doing very well now have low crime rates and high economic growth <> rates, partly because they have very coherent societies with strong <> units where the unit is more important than the individual, whether <> it's the family unit or the work unit or the community unit. <> <> My own view is that you can go to the extreme in either <> direction. And when we got organized as a country and we wrote a <> fairly radical Constitution with a radical Bill of Rights, giving a <> radical amount of individual freedom to Americans, it was assumed <> that the Americans who had that freedom would used it responsibly. <> That is, when we set up this country, abuse of people by government <> was a big problem. So if you read the Constitution, it's rooted in <> the desire to limit the ability of government's ability to mess with <> you, because that was a huge problem. It can still be a huge <> problem. But it assumed that people would basically be raised in <> coherent families, in coherent communities, and they would work for <> the common good, as well as for the individual welfare. <> <> What's happened in America today is, too many people <> live in areas where there's no family structure, no community <> structure, and no work structure. And so there's a lot of <> irresponsibility. And so a lot of people say there's too much personal <> freedom. When personal freedom's being abused, you have to move to limit <> it. That's what we did in the announcement I made last weekend on the <> public housing projects, about how we're going to have weapon sweeps <> and more things like that to try to make people safer in their communities. ------------------------------------------------------------------ Guess Who? Here is the theory: "It is thus necessary that the individual should finally come to realize that his own ego is of no importance in comparison with the existence of his nation; that the position of the indiviual ego is conditioned solely by the interests of the nation as a whole .. that above all the unity of a nation's spirit and will are worth far more than the freedom of the spirit and will of an individual..." "This state of mind, which subordinates the interests of the ego to the conservation of the community, is really the first premise for every truly human culture...The basic attitiude from which such activity arises, we call - to distinguish it from egoism and selfishness - idealism. By this we understand only the individual's capacity to make sacrifices for the community, for his fellow men." These statements were made in our century by the leader of a major Western nation. His countrymen regarded his viewpoint as uncontroversial. His political program implemented it faithfully. The statements were made by Adolf Hitler. He was explaining the moral philosopy of Nazism [National Socialism]. _The Ominous Parallels: The End of Freedom in America_, Leonard Peikoff, Stein & Day, NY, 1982. ISBN 0-8128-2850-X From jester at grex.cyberspace.org Wed Apr 27 16:09:40 1994 From: jester at grex.cyberspace.org (Thomas Riggley) Date: Wed, 27 Apr 94 16:09:40 PDT Subject: Accounts... Message-ID: This brings up an interesting point to which I have been trying to create a person list myself. Certain systems out there offer Free account to anyone without any sort of identity check.. I have only found a couple myself and all of them seem to limit access to News and ftp unless you send them money... However I am still looking for these computers which seem to offer the best anonymous access to anyone... Could you please e-mail me ANY sights that offer free/cheap internet access via telnet that do not check id? -Tom -=><=--=><=--=><=--=><=--=><=--=><=--=><=--=><=--=><=--=><=--=><=- * * * Thomas Riggley jester at cyberspace.org * * * * What ever happened to privacy?! * * * -=><=--=><=--=><=--=><=--=><=--=><=--=><=--=><=--=><=--=><=--=><=- From mg5n+ at andrew.cmu.edu Wed Apr 27 16:39:02 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Wed, 27 Apr 94 16:39:02 PDT Subject: Schneier's source code In-Reply-To: <199404271805.LAA07284@servo.qualcomm.com> Message-ID: <8hjjRrq00awI8QG0ZD@andrew.cmu.edu> Phil Karn wrote: > I'm *still* waiting for a response to my CJ request for this disk. > They either ignore my calls or put me off with "it's coming soon", > but it's now almost May and I still don't have an official ruling > on my "15-day" request, which was filed in early March. How long did your original request take? It could be that they're just being slow as usual, or you've got them in a tough position and they don't know what to do. If the latter, my guess is that they'll delay it as long as possible, but eventually approve it. Here's why: if they deny it, they're setting themselves up as a target for a lawsuit that they'll likely lose. If they lose the lawsuit, it will basically be the end of most crypto regulation. If they approve it, however, although it will be a setback, they could claim the power to deny requests in the future (even though the set precedent makes it less likely that they would). I'm curious as to what your plan of action would be if it is denied. Have you asked the EFF or other groups about their willingness to provide legal funding for this? From mg5n+ at andrew.cmu.edu Wed Apr 27 16:43:25 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Wed, 27 Apr 94 16:43:25 PDT Subject: Liberating Schneier's Code? In-Reply-To: <199404271901.AA21941@access1.digex.net> Message-ID: Peter Wayner > Yes, books are hard to update, but hardware is even harder. > What is going to happen to all of those Capstone chips that use > the "old" unfixed version of MD-5? Imagine what would happen > if the Capstone was widely used in the country? It could easily > cost many millions to update an algorithm in hardware. Capstone chips do not use MD5. The algorithm in question was the gubmint's Secure Hash Algorythm, which is not the same as MD5. I don't think capstone uses SHA anyway... From kafka at desert.hacktic.nl Wed Apr 27 17:17:40 1994 From: kafka at desert.hacktic.nl (Kafka) Date: Wed, 27 Apr 94 17:17:40 PDT Subject: Anonymous remailer for Waffle Message-ID: I made a simple remailer for Waffle. Please don't flame me on the code. You install it by putting an entry in your /waffle/system/aliases file. The arguments are remail If the username of your remailer is "anon", your uucpname is "foobar", and your full nodename is "bla.org", you have to put the following line in /waffle/system/aliases: anon | remail anon foobar foobar.bla.org FUTURE I want to make it penet style, but with support of PGP, chaining and a database of (passworded) anon accounts. Future versions will read the uucpname from the /waffle/system/static file. (I was too lazy to do that now). To make it possible to reply, I think the following approach will do: the 'reply-to:' address will be " (NickName Anon-ID=XXXXXX)" where XXXXXX is the number of the anon account you want to send mail to, and NickName your (possible) nickname. Header-fields: X-Anon-To: (newsgroup or e-mail address) X-Anon-Encrypted: PGP (to let the remailer know it is encrypted) Please let me know your comments... Patrick :) ---------------------- cut here --------------------------- #include #include #include #include #include #include #include #define MAIL 0 #define NEWS 1 main(int argc, char *argv[]) { const char *Months[]={"Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul","Aug","Sep","Oct","Nov","Dec", NULL}; const char *Days[]={"Mon","Tue","Wed","Thu","Fri","Sat","Sun",NULL}; char UnixDate[30]; char type = 0; char c[1024]; FILE *f; char to[1024]; char from[60]; char subj[128]; char cmd[128]; char *fname; char *template = "XXXXXX"; struct dosdate_t d; struct time t; c[0] = '\0'; if (argc < 4) { printf("Usage: remail \n"); printf("Example: remail remail desert desert.hacktic.nl\n"); return; } while (strlen(gets(c)) != 0 && ! feof(stdin)) { if (strstr(c, "Subject: ") != NULL) strcpy(subj, &c[9]); if (strstr(c, "From: ") != NULL) strcpy(from,&c[6]); if (strstr(c, "X-Anon-To: ") != NULL) strcpy(to,&c[11]); } if (strstr(to, "@") != NULL) && (strstr(to, "!") != NULL) type = MAIL; else type = NEWS; gettime(&t); _dos_getdate(&d); sprintf(UnixDate, "%s, %d %s %d %02d:%02d:%02d GMT", Days[d.dayofweek], \ d.day, Months[d.month-1], d.year,t.ti_hour, t.ti_min, t.ti_sec); if (type == MAIL) { fname = mktemp(template); f = fopen(fname, "wt"); fprintf(f, "From %s %s remote from %s\n", argv[1], UnixDate, argv[2]); fprintf(f, "From: %s@%s\n", argv[1], argv[3]); fprintf(f, "To: %s\n", to); fprintf(f, "Subject: %s\n", subj); fprintf(f, "Date: %s\n\n", UnixDate); while (! feof(stdin)) putc(getc(stdin), f); fclose(f); sprintf(cmd, "rmail -f %s -u %s %s < %s", argv[1], argv[1], to, fname); system(cmd); unlink(fname); } else if (type == NEWS) { fname = mktemp(template); f = fopen(fname, "wt"); fprintf(f, "Path: %s!%s\n", argv[1], argv[2]); fprintf(f, "From: %s@%s\n", argv[1], argv[3]); fprintf(f, "Subject: %s\n", subj); fprintf(f, "Date: %s\n", UnixDate); fprintf(f, "Newsgroups: %s\n\n", to); while (! feof(stdin)) putc(getc(stdin), f); fclose(f); sprintf(cmd, "rnews < %s", fname); system(cmd); unlink(fname); } } ---------------------- cut here --------------------------- begin 600 remail.exe M35I, !@ 0 @ X ___* H /@ $ ^U!J<@ M ! M M M M M M M M M M "Z< (NB1:- K0PS2&++@( BQXL ([:HY( C :0 M (D>C ")+J@ Z($!Q#Z* (O'B]BY_W_\\J[C84,F. 5U]H#-@/?9B0Z* +D! M -/C@\,(@^/XB1Z. (S:*^J+/F $@?\ G,'OP "B3Y@!(''H 5R* ,^^ -R M(K$$T^]'.^]R&8,^8 0 = >#/O@# '4.OP 0.^]W!XO]ZP/IW &+WP/:B1Z@ M (D>I "AD KV([ M$I7S2%?T^?ZCM*+Y_LSP"Z.!HT"OTX%N: %*\_\\ZJ# M/LH#%'9'@#Z2 -R0'<'@#Z3 !YR-[@!6+L" ,TAR@/-(7(@M$B[ M 0#-(7(70*.H $B.P+1)S2%R"K@!6+L ,TA

C0 /\VB #_-H8 _S:$ . at Y M 5#H- at 8NC@:- E97ODX%OTX%Z*T 7U[#5EPXOLM$R*1 at +-(;D. +I( .G5 !ZX #7-(8D> M= ",!G8 N 0US2&)'G@ C 9Z +@%-@ ",!H( MN EC,J.VKJ@ N EQ19T ,TA'QZX!"7%%G@ S2$?'K@%)<46? #- M(1\>N 8EQ1: ,TA'\.!_CP%= 0RY.L"M/^+UXO>.]]T(R: /_]T&('^/ 5T M!B8Z9P'K!"8X9P%W!B:*9P&+TX/#!NO9.]=T&XO:)H _ ";&!_\&= +I6 "Z.'HT"Z.K_N , 4. at 4!0 0!5 MB^R![)0)5E<6C4;64!ZXJ@!0N1H Z/L&%HU&QE >N,0 4+D0 .CK!L=&^B ! MQH:H^P"#?@0$?1.X)P%0Z+$<6;A< 5#HJ1Q9Z0 #ZV.XC0%0C8:H^U#H(2)9 M60O = ^-AK'[4(V&[/90Z-(A65FXEP%0C8:H^U#H ")960O = ^-AJ[[4(V& M;/=0Z+$A65FXG@%0C8:H^U#HWR%960O = ^-AK/[4(V&J/=0Z) A65F-AJC[ M4. at _&5E0Z*,A60O = CW!HP"( !T@[BJ 5"-AJCW4.BD(5E9"\!T!L9&_P#K M!,9&_P&-1O!0Z&$$68U&]%#HBP-9BD;SM !0BD;PM !0BD;QM !0_W;VBD;U MM #1X(U6U /"B]C_-XI&]+0 4(I&^+0 T>"-5L8#PHO8_S>XK %0C4:H4.AA M((/$$H!^_P!T ^D) ?]V^N at A&5F)1ORXS %0_W;\Z+ at 565F+^(M>!O]W!(U& MJ%"+7@;_=P*XSP%05^B[%8/$"HM>!O]W!HM>!O]W KCJ 5!7Z*05@\0(C8:H M]U"X]P%05^B4%8/$!HV&[/90N/\!4%?HA!6#Q :-1JA0N P"4%?H=16#Q ;K M2_\%?2;_#HH"? R+'I0"_P:4 HH'ZPBXB@)0Z/,668M="O]%"H@'M #K(5?_ M#HH"? R+'I0"_P:4 HH'ZPBXB@)0Z,P665#H^QI96?<&C (@ '2M5^A=$EG_ M=OR-AJCW4(M>!O]W HM>!O]W K at 7 E"-AFSV4.AB'X/$#(V&;/90Z"D06?]V M_.C"!5GI^@" ?O\!= /I\0#_=OKH#QA9B4;\N#$"4/]V_.BF%%E9B_B+7@;_ M=P2+7@;_=P*X- )05^BM%(/$"(M>!O]W!HM>!O]W KA! E!7Z)84@\0(C8;L M]E"X3@)05^B&%(/$!HU&J%"X6P)05^AW%(/$!HV&J/=0N&4"4%?H9Q2#Q ;K M2_\%?2;_#HH"? R+'I0"_P:4 HH'ZPBXB@)0Z.4568M="O]%"H@'M #K(5?_ M#HH"? R+'I0"_P:4 HH'ZPBXB@)0Z+X565#H[1E96?<&C (@ '2M5^A/$5G_ M=ORX=@)0C89L]E#H91Z#Q :-AFSV4. at L#UG_=OSHQ0197UZ+Y5W#58OL at SZ" M B!U!;@! .L3BQZ" M'CBT8$B8=.!?\&@@(SP%W#58OL5E>_ 0"+=@B+Q at O M=!XS_^L.B]Z#Q at +_-^C,'EE _B#/ !T!XL<@#\ =>9'@WX& '0,_W8&Z*\> M604# /X@?\ ('(#Z8 B\<%#P!0Z,L*68O0"\!T<(M>!(D7@\(/@^+PBW8( MB\8+P'0J at SP ="7K%8O>@\8"_S=2Z/4(65F+T(O:Q@< 0H,\ '0/BQR /P!U MW^L&B]K&!P!"B]K&!P!"@WX& '0:B]K'!P$ @\("_W8&4NB["%E9B]"+VL8' M $*+PBO'ZP(SP%]>7<(& %6+[+1#,L"+5 at 3-(7()BUX&B0\SP.L$4.A. 5W# M58OLM$.P 8M6!(M.!LTA<@0SP.L$4. at S 5W#58OL5HMV!+0JS2&(1 2(%(AT M 8E, EY=PU6+[%:+=@2T+,TAB"R(3 &(= *(5 ->7/_ETX%@SZ" @!UZ^CR^?\6A +H>_KH^_F#?@8 =1,+]G4( M_Q:& O\6B +_=@3H"_I97EW"!@!5B^PSP%!0_W8$Z*;_7<-5B^RX 0!0,\!0 M_W8$Z)3_7<,SP%"X 0!0,\!0Z(7_P[@! %!0,\!0Z'G_PU6+[%:+=@2T*LTA MB0R)5 )>7<-5B^Q6BW8$M"S-(8D,B50"7EW#N WS2&*PK0 PU6+[+@!-XI6 M!,TA7<-5B^Q6BW8$"_9\%8/^6'X#OE< B3;Z XJ$_ .8B_#K#??>@_XC?^G' M!OH#__^)-I0 N/__7EW" @!5B^Q6BW8$5NB\_XO&7EW" @!5B^RX $2+7 at 3- M(9(E@ !=PU6+[(/L(E97!HM^"AX'BUX(@_LD=UB ^P)R4XM&#(M.#@O)?1& M?@8 = O&!2U']]GWV(/9 (UVWN,/D2O2]_.1]_.(%$;C">OQ*]+W\X at 41@O M=?6-3M[WV0/._$Z*!"P*B^5=P at P 58OL M,\!0_W8&_W8$N H 4+ 4+!A4.AJ_UW"! !5B^R+7 at 31XX&GS /__;1"BD8* MBUX$BTX(BU8&S2%R NL%4.CD_IE=PU6+[%:+=@B+5 at 8+]G4#OHX%_W8$"])U M!;A6!.L"B\)05N at P!EE94.B0_[A:!%!6Z T;65F+QEY=P at 8 58OL@^P"5E>+ M=@:+?@16,\!0 at SW_=06X @#K [@! $%BP50Z)[_B_"-1OY05NA%_5E9"\!T MUXO&7UZ+Y5W"! !5B^Q65Q[%=@3$?@C\T>GSI1/)\Z0?7UY=P@@ 58OLBUX$ MT>/WA\P# @!T!K@% %#K$K0_BUX$BTX(BU8&S2%R NL$4.@>_EW#N at 4 .Q;* M W,KB]K1X\>'S , (O:L033X\:'C at +_B\+3X 6* HO:T^.)AY@"0CL6R at -R MU:". IA0Z"O^60O =0:!)HP"__VX )0]P:, @ "= 6X 0#K C/ 4#/ 4+B* M E#H[!B#Q B at G@*84.CW_5D+P'4&@2:< O_]N "4/<&G ( G0%N ( ZP(S MP% SP%"XF@)0Z+ at 8@\0(PU6+[+@! % SP%!0_W8$Z&3^@\0(7<-5B^RT08M6 M!,TA<@0SP.L$4.A5_5W#BL;H @"*PM00AN#H @"&X 20)Q1 )ZK#58OL@>R6 M %97QT;N #'1NQ0 ,=&Z@ ZT97N?__,L#RKO?125_#-H@%1_Y.['4O4U%2 M!HV&:O\K^(V&:O]05_]V"/]6"@O =07'1NH! ,=&[% 7[NC;YJ_P=:65O# M!OR-OFK_B7[\BW[\BW8&K K =!(\)701-H@%1_Y.['_NZ*S_Z^GIU0.)=O"L M/"5TYXE^_#/)B4[RB4[^B$[UQT;X___'1O;__^L!K#+DB]"+V(#K((#[8',3 MBI]I!(/[%W8#Z8@#T>,N_Z=-#^E^ X#] '?X at T[^ >O0@/T =^V#3OX"Z\6 M_0!WXH!^]2MT XA6]>NU at V;^W^L$@T[^(+4%ZZ> _0!W3?=&_@( =2F#3OX( MM0'KD^DS XM^!#:+!8-&! * _0)S$@O >0;WV(-._@*)1OBU ^EO_X#]!'77 MB4;V_L7I8O^ _01SRK4$_T;VZ57_DBPPF(#] G<9M0*'1O at +P'S1T>"+T-'@ MT> #P@%&^.DS_X#]!'6;AT;V"\!TM='@B]#1X-'@ \(!1O;I%_^#3OX0Z67_ M at 4[^ O[OZ5G_MPCK"K<*ZPJW$+/I MK&1O4 B%;[,]*(5OJ+?@0VBP7K M$+<*QD;Z 8A6^XM^!#:+!9E'1XEV!O=&_A = 4VBQ5'1XE^!(U^NPO =0T+ MTG4)@W[V '4'Z6C^@T[^!%)05XK'F%"*1OI04^B#^Q8'BU;V"])] ^GR .G] M (A6^XEV!HU^NHM>!#;_-T-#B5X$]T;^( !T$#:+%T-#B5X$%@?HG?VP.JH6 M!UKHE/TVQ at 4 QD;Z (-F_ON-3KHK^8?/BU;V.]%_ HO1Z9\ B78&B%;[BWX$ M-HL%@T8$ A8'C7Z[,N0VB06Y 0#IP@")=@:(5ON+?@3W1OX@ '4--HL]@T8$ M AX'"__K"S;$/8-&! 2,P O'=04>![]B!.A5_3M.]G8#BT[VZ84 B78&B%;[ MBWX$BT[V"\E] [D& %=1C5Z[4U*X 0 C1OY0BT;^J0 != FX" "#1 at 0*ZP># M1 at 0(N 8 4.CR!!8'C7Z[]T;^" !T&(M6^ O2?A'H]_PF@#TM=0%)*]%^ XE6 M\B: /2UT"XI&]0K =!1/)H@%@W[R 'X*BT[V"\E] _].\NC%_(OWBW[\BU[X MN 4 (T;^/04 =1.*9ON _&]U#8-^\@!_!<=&\@$ ZQN _'AT!8#\6'41 at T[^ M0$M+ at V[R GT%QT;R #3O+W1OX" '4,ZP:P(.A^_$L[V7_V]T;^0 !T"[ P MZ&W\BD;[Z&?\BU;R"])^)RO**]HFB at 0\+70(/"!T!#PK=0E: M_(EV!HM^!/=&_B =0LVBSV#1 at 0"'@?K!S;$/8-&! 2X4 J1NP#1NXFB07W M1OX0 '0'1T$.'0\=#QT/Q0O+"U6+[%97BWX$_W8&Z&<568OP0%#_=@97 MZ$L-@\0&B\<#QE]>7<-5B^R+1 at 2+U('J ([PG,'HYP ,\#K"<<&E ( +C_ M_UW#58OLBT8$BU8& P:< (/2 (O("])U$('! )R"CO,+](MZ%0 BT<"H_X$ZPV+WC/ H_P$ MH_X$HP %4^CV_EO#_P\['OP$=!B+=P*+!*@!=0\#!XD$BS\#^XEU HO>ZP/H M,@"+/P/[BP6H 70!PP$'B_<#\(E< HO?BW\&.]]T#HD^ 6+=P2)=02)? ;# MQP8 !0 PXLV 4+]G00BWP&B5P&B5T$B7\&B7<$PXD> 6)7P2)7P;#5E>+ M](M$!@O =%(%!0!R-B7^_ST( ',#N @ @S[\! !T'XL> 4+VW0-B],Y!W,: MBU\&.]IU]>AF .LAZ(H ZQSH' #K%S/ ZQ.+\(/&"#DW<^GH:___!XO#!00 M7U[#4#/ 4%#H-OY;6R4! '0),])24. at H_EM;6% SVU-0Z!W^6UL]__]T%(O8 MB1[\!(D>_ at 180(D'@\,$B\/#6S/ PU SVU-0Z/;]6UL]__]T%HO8H?X$B4<" MB1[^!%A B0>#PP2+P\-8,\##*0>+\P,WB_X#^$")!(E< HEU H/&!(O&PXOL M4U!14. at 5_UN+V O =!\>!_R+^(MV_HL,@\8$5H/I!='I\Z6)1O[H)/Y;BU[^ M@\0&PXO"@\((.]%W-8O1.Q[^!'4/B0?_!P/#4U#H2_U;6^L>B_L#^(E= BO0 M*1>+]P/RB7P"0HD5B\N+W^@W_HO9@\,$PU9758OLBUX(BT8*"\!T-PO;="V# MZP2+#TF+T(/"!8/B_H/Z"',#N@@ .\IR#'<%@\,$ZPCHA__K ^A/_XO#ZPU0 MZ&7^ZP93Z)#],\!;75]>P_\F- 4 (\&!@6/!@@%CP8*!2Z,'M(2B38,!8D^ M#@7\C@:0 +Z #+D)JQ C,6'UI.+-HH 1D:Y 0" /I( W(1C@:, (O^L7\R MP/*NXVZ \7]0B\$#PT E_O^+_"OX@RP.OD"\!T!T*J"L!U 4.&X#+ M^>,5K$DL(G0/!"(\7'4'@#PB=0*L20OVP^GJ[ED#RBZ.'M(2B1X"!4,#VXOT MB^PKZW+FB^6)+ at 0%XPZ)=@"#Q0(VK K X/IT\#/ B48 +HX>TA*+- at P%BSX. M!?\V"@7_-@@%H0(%HX0 H00%HX8 _R8&!597BPZ* %'H-_U9B_ at +P'0B'AX' MCAZ, #/V_/.D'XOX!O\VC@#H&?U;B]@'HQ %"\!U ^E=[C/ N?__@#T = R) M/X/# O*N)C@%=?2)!U]>H1 %HX@ PP !5B^R#["Y6'E<&%@>+1 at B,V at O M= :Q!-/H \*)1O*+=@:)=O2,7O:X 2F-?M*)?OB,1OI&S2&*!#P@= L\"70' M/ UT T;K[[@!*8U^XHE^_(Q&_LTA!HX&D "+=@2_@ "Y?P#\K(3 = 6JXOBP M *H'51Z-7O*.'I NH N !+-O\V+@ V_S8P "Z,%CX4+HDF/!3-(?HNCA8^ M%"Z+)CP4^S:/!C -H\&+@ ?77,&4. at 7\^L$M$W-(0=?'UZ+Y5W#58OL@^P( M5E>+?@0+_W4=N!(%4. at 3!UD+P'4+QP:4 ( ,\#IU0"X 0#ISP"X&@50Z/8& M68E&^@O =0G'!I0 @#IAP!7Z*D/604% (E&_H%^_H ?@C'!I0 % #K;?]V M_NC!^UF+\ O =0C'!I0 " #K6(-^_ at 5U"<8$ ,9$ 0WK*HI&_ at 3^B 1&Z&7R MB 1&N"(%4%;HY/E968OP5U#HV_E968OPQ at 0-1BMV_O\V$ 7_=OJ-1OQ0Z$SP MB_ at +P'40QP:4 @ 5NB,^EFX___K*_\6A )75O]V^NAC_H/$!HE&^/]V_.AN M^EE6Z&GZ68-^^/]U!;C__^L",\!?7HOE7<-5B^PSP%#_=@3H)0!968O0 at _K_ M=!KW1 at 8" '0&]\(! '4$,\#K"<<&E % +C__UW#58OLBTX(M$.*1@:+5 at 3- M(7(#D>L$4.B^\5W#58OLBU8$.Q;* W()N 8 4.BI\>L/B]K1X\>'S , %+H M P!97<-5B^RT/HM>!,TA<@S1X\>'S , #/ ZP10Z'KQ7<-5B^R#[ 2+1 at 0[ M!LH#<@:X!@!0ZUN+7 at 31X_>'S , G0%N $ ZTRX $2+7 at 3-(7(^]L* =36X M 4(SR8O1S2%R+E)0N )",\F+TAN .MF.7T.= 6X___K7H,] 'PI]T4"" !U"HO'!04 M.44*=4;'!0 B\<%!0 Y10IU.(M%"(E%"NLPZRZ+108#!4"+\"DU4(M%"(E% M"E"*10284.B+#8/$!CO&= WW10( G4&@TT"$.N?,\!?7EW#58OL@^P"5E?' M1OX (L^R at .^B at +K$O=$ @, = A6Z&+_6?]&_H/&$(O'3PO =>>+1OY?7HOE M7<-5B^R#[ )65XMV",=&_@ B]Y&B@^*P3QR=0BZ 0"_ 0#K((#Y=W4%N@(# MZPB ^6%U#;H""<=&_H OP( ZP0SP.MIB at Q&@/DK= ^ /"MU'X#Y='0%@/EB M=16 ^2MU HH,@^+\@\H$QT;^@ &_ P" ^71U!H'* $#K'8#Y8G4&@+7 at 2+1OZ)!XO'7UZ+Y5W" M!@!5B^R#[ 16BW8*_W8&C4;^4(U&_%#H-/^)1 (+P'0@@'P$ 'TG_W;\BT;^ M"T8$4/]V".C-!(/$!HA$! K ?0W&1 3_QT0" SP.M!BD0$F%#H&N]9"\!T M!8%, @ "N "4/=$ @ "= 6X 0#K C/ 4#/ 4%;HX F#Q @+P'0'5NB?_5GK MPL=$# B\9>B^5=P@@ 5KZ* H!\! !\$Z'* [$$T^ %B@*+UH/&$#O"=^> M? 0 ? 0SP.L"B\9>PU6+[.C/_XO0"\!U!#/ ZPU2_W8$_W8&,\!0Z"3_7<-5 MB^RXYB!0_W8$_W8&C48(4.CV\%W#58OL5E>+=@2#/ !]"HM4!@,40HOZZPN+ M!)DSPBO"B]"+^/=$ D =2R+3 J#/ !]'>L)28O9@#\*=0%'B\)*"\!U\.L0 MB]E!@#\*=0%'B\)*"\!U\(O'7UY=P@( 58OL5E>+=@2+?@I6Z#?]60O = 6X M___K1X/_ 740 at SP ?@M6Z'S_F2E&!AE6"(%D E_^QP0 (M$"(E$"E?_=@C_ M=@:*1 284.A\[H/$"(/Z_W4*/?__=06X___K C/ 7UY=PU6+[(/L!%:+=@2* M1 284.C=[UF)5OZ)1OR#^O]U!3W__W0=@SP ?0U6Z!/_F0%&_!%6_NL+5N@& M_YDI1OP95OZ+5OZ+1OQ>B^5=PU97OQ0 OHH"ZQ.+1 (E ,] -U!5;H?OQ9 M@\80B\=/"\!UYE]>PU6+[%:+=@3W1 ( G0#Z,C__W0&BT0(B40*4(I$!)A0 MZ$8'@\0&B00+P'X(@V0"WS/ ZQZ#/ !U#HM$ B5__ at T@ (E$ NL(QP0 (-, M A"X__]>7<(" %6+[%:+=@3_!%;H! !97EW#58OL5HMV! OV=0:X___IEP"# M/ !^#?\,BUP*_T0*B@?I at P"#/ !\5/=$ A !=4WW1 (! '1&@4P"@ "#? 8 M= Q6Z%/_"\!TS>O Z\GW1 ( G0#Z!K_N $ 4+B+?@0>!PO_=!JP M (HEN?___/*N]]%)= N+/A %"_^)?OYU"S/ ZRJ#1OX"BW[^BST+_W3OB at 4* MP'3I.N!UZ8O9@#D]=>*+=@3SIH?+==E'B\=?7HOE7<-5B^Q65XM^!(OWZP.( M%$;_#HH"? Z+'I0"_P:4 HH'M #K"+B* E#HLOY9B] ]__]T!8/Z"G75 at _K_ M=0@[]W4$,\#K$<8$ /<&C (0 '0$,\#K HO'7UY=PU6+[%97'@>+?@2+=@:+ M3 at C1Z?SSI7,!I(M&!%]>7<-5B^R#[ I65XM^!%?HX@=9B]"#^@9] ^F; (OW M _*#QOJX)@505NAW!UE9"\!T ^F# ,9$ B['1OY! .MRBD;^B 3'1OQ! .M= MBD;\B$0!QT;Z00#K1XI&^HA$ \=&^$$ ZS&*1OB(1 3'1O9! .L;BD;VB$0% M,\!05^B$^%E9/?__=02+Q^LO_T;V at W[V6G[?_T;X at W[X6G[)_T;Z at W[Z6GZS M_T;\@W[\6GZ=_T;^@W[^6GZ(,\!?7HOE7<-5B^R+3 at 2T/(M6!LTA<@+K!%#H M-^I=P at 0 58OLBUX$*\DKTK1 S2%=P@( 58OL@^P$5E>+=@:+?@CWQ@# =0BA M] ,E , +\#/ 4/]V!. at E^%E9B4;^]\8 71X(S[V XO'J8 !=0>X 0!0Z-_I M at W[^_W4C at S[Z P)T"O\V^@/HR^GI[0#WQX = 0SP.L#N $ B4;^ZPSWQ@ $ M=#>X4 !0Z]SWQO =!G_=@0SP%#H3_^+^ O ?0/IM0!7Z/CW6>L2_W8$_W;^ MZ#;_B_ at +P'ULZ9P 5O]V!.B= %E9B_ at +P'Q:,\!05^B)\5E9B4;\J8 =!Z! MS@ @]\8 @'0>)?\ #2 4+@! %!7Z&;Q@\0&ZPKWQ@ "= 17Z/[^]T;^ 0!T M&O?& %T%/?&\ !T#K@! %!0_W8$Z#SW@\0&"_]\+_?& -T!;@ $.L",\"+ MUH'B__ at +T%+W1OX! '0$,\#K [@ 5H+T(O?T>.)E\P#B\=?7HOE7<-5B^R# M[ *P 8M.!O?! @!U"K "]\$$ '4"L "+5 at 2Q\").!@K!M#W-(7(:B4;^BT8& M)?^X#0" BU[^T>.)A\P#BT;^ZP10Z(SHB^5=PU6+[+CF(%"XF@)0_W8$C48& M4. at XZUW#58OL5HMV!O\,5HI&!)A0Z 4 65E>7<-5B^Q65XM^!HI&!**>!8,] M_WTZ_P6+70K_10J(!_=% @@ =0/I]0" /IX%"G0*@#Z>!0UT ^GD %?HDO=9 M"\!U ^G8 +C__^G7 .G/ /=% I =0?W10(" '4&@TT"$.OC at 4T" &#?08 M=$6#/0!T"5?H6?=9"\!URHM%!O?8B06+70K_10J at G@6(!_=% @@ =0/IA@" M/IX%"G0'@#Z>!0UU>%?H)O=9"\!T;^N5ZVN*1028T>"+V/>'S , "'03N ( M4#/ 4%"*10284.A_Z(/$"( ^G at 4*=1_W10) '48N $ 4+ at N!5"*10284.C. M!8/$!CT! '48N $ 4+B>!5"*10284.BV!8/$!CT! '0*]T4" )U ^D__Z"> M!;0 7UY=PU6+[+B: E#_=@3HSOY965W#58OL@^P"5E>+?@2+1@:)1O[W10(( M '0IZQI7BUX(_T8(B@>84.BB_EE9/?__=04SP.E5 8M&!O].!@O ==SI10'W M10) '4#Z=\ @WT& '4#Z9@ BT4&.T8&"+V/>' MS , "'03N ( 4#/ 4%"*10284. at .YX/$"/]V!O]V"(I%!)A0Z&T$@\0&.T8& MLO_P5]%(M="O]%"HMV"/]&"(H$B >T .L/5XM>"/]& M"(H'4.A<_5E9/?__=0/ISOZ+1@;_3 at 8+P'7'ZQG_=@;_=@B*10284. at + X/$ M!CM&!G,#Z:G^BT;^7UZ+Y5W"!@!5B^R#[ 165XM&!#L&R at -R"K@& %#H>^7I MIP"+1 at A /0( <@V+7 at 31X_>'S , G0%,\#IC #_=@C_=@;_=@3H".>#Q :) M1OY /0( <@V+7 at 31X_>'S , 0'4%BT;^ZV*+3OZ+=@8>!XO^B][\K#P:="T\ M#70%JN+TZQSB\ 93N $ 4(U&_5#_=@3HO>:#Q 9;!_R*1OVJ._MU NN9ZR!3 MN $ 4/?9&\!04?]V!.C9Y8/$"(M>!-'C at 8_, P "6RO[EU]>B^5=PU6+[%97 MBW8$BWX*.70.=0R#?@@"?P:!__]_=@:X___II "#/C(% '4.@?Z: G4(QP8R M!0$ ZQ.#/C % '4,@?Z* G4&QP8P!0$ @SP = ^X 0!0,\!04%;HGO:#Q CW M1 ($ '0'_W0(Z*WL68-D O/'1 8 (O&!04 B40(B40*@WX( G0^"_]V.L<& MA +0)H-^!@!U&%?H3>U9B48&"\!U ^EW_X-, @3K ^EN_XM&!HE$"HE$"(E\ M!H-^" %U!(-, @@SP%]>7<-5B^Q65XM^!HMV!%?_=@C_-.C%^(/$!@$\BQS& M!P"+QU]>7<(& %6+[(M>!,8' +@))%"-1 at 10_W8&C48(4.B%YEW#58OLBUX$ MQ@< N DD4(U&!%#_=@;_=@CH:>9=PU6+[%97_(M^!!X'B]!_R+ M?@:+]S+ N?__\J[WT8M^!/.DBT8$7UY=PU6+[%>,V([ BWX$,\#\N?__\JZ1 M]]!(7UW#58OL5E>+7@:*!Y at +P'4%BT8$ZT@>!_R+?@2+WS/ N?__\J[WT8?* MBWX&B^\SP+G___*N0??1B_6LA_N'RO*NB]]U!#O*R( %97BWX$BW8&.S[* W(*N 8 4.B"XNG? (M& M"$ ] @!S!3/ Z=$ B]_1X_>'S , "'0/N ( 4#/ 4%!7Z$_C@\0(B]_1X_>' MS , 0'4._W8(5E?HJ "#Q ;IG "+W]'C@:?, __]B7;ZBT8(B4;^ZTW_3OZ+ M7OK_1OJ*!XA&_3P*=03&! U&BD;]B 1&C89X_XO6*]"!^H ?"/^#?OX =:F-AGC_*_"+ MQ at O =B%6C89X_U!7Z" @\0&B] [QG0. at _K_=,6+1@@#PBO&ZP.+1 at A?7HOE M7<-5B^R+7 at 31X_>'S ,! '0&N 4 4.L?M$"+7 at 2+3@B+5@;-(7(/4(M>!-'C M at 8_, P 06.L$4.ABX5W#5EQ?7L, M 0F]R;&%N9"!#*RL at +2!#;W!Y&%M<&QE.B!R96UA:6P@ I simply had to pass this article along to c'punks... Newsgroups: comp.org.eff.talk From: milles at fi.gs.com (Stevens Miller) Subject: NSA remarks at "Lawyers and the Internet" Date: Tue, 26 Apr 1994 17:04:33 GMT I'm a computer programmer and attorney who is a member of the Committee on Technology and the Practice of Law, a task force assembled by the Association of the Bar of the City of New York. Last Friday we held a conference on "Lawyers and the Internet." Approximately 200 lawyers attended. Speaking in favor of the Clipper proposal was Stuart Baker of the NSA. I won't repeat his substantial arguments, but his formal approach (which Mike Godwin tells me is becoming a standard component of the government's pro-Clipper road show) is worth some attention. Parroting his own words at CFP, Baker told us: - The debate over the Clipper proposal is "really just a culture clash among net-heads." - Those opposing the proposal are late-coming counter-culturists, "who couldn't go to Woodstock because they had to do their trig homework." - Opponents envision themselves as would-be "cybernauts in bandoliers and pocket-protectors." I quote these remarks (as best I can from memory; my hands were shaking too much to write clearly at this point) to make it clear that our government's representative has reached a conclusion about the community opposing its plan. He has concluded that the members of that community are so beneath his respect that it is more appropriate to make fun of them than it is to respond to their views. As Godwin pointed out later, the NSA really just doesn't care what anyone says. That, he said, is why Baker repeatedly invokes the spectre of child-molestation as the chief evil Clipper will prevent; by that invocation is much meritorious debate deflected. Baker replied to this by emphasizing the reality of the pedophilia potential of networks, telling us that many users of networks "are teenaged boys with inept social skills." Regardless of the law-enforcement potential of this plan, it is worth noting that an official spokesman for the government endorses it by pointing out that its opponents valued their studies more highly than they did rock and roll. That because the popular image of the bookworm can be juxtaposed against that of Rambo in a funny way, bookworms don't have to be taken seriously. That if you play with computers as a youngster, your community, your parents and your own brain can't save you. That the government must protect you from your own ineptitude, whether you want its help or not. The message was pretty clear: Stuart Baker doesn't care what you say, but he wants the power to listen. --- Stevens R. Miller |"The complete truth is not the (212) 227-1594 | prerogative of the human judge." sharp at echonyc.com | New York, New York | - Supreme Court of Israel From nowhere at bsu-cs Wed Apr 27 17:35:56 1994 From: nowhere at bsu-cs (Anonymous) Date: Wed, 27 Apr 94 17:35:56 PDT Subject: No Subject Message-ID: <199404280035.TAA11691@bsu-cs.bsu.edu> Since I haven't seen this article float through the list, I hope John doesn't mind it being reposted. From: gnu at toad.com (John Gilmore) Newsgroups: alt.politics.org.nsa,comp.org.eff.talk Subject: Why is clipper worse than "no encryption like we have today"? Date: 27 Apr 94 08:50:17 GMT Organization: Cygnus Support, Mt. View, California Mike Tighe wrote: > But the NSA is not going to control the keys, are they? I thought it was > going to be under the control of two independent agencies. And even if they > are leaked, how is that worse then the system we have today, where no keys > are required? It's worse because the market keeps moving toward providing real encryption. If Clipper succeeds, it will be by displacing real secure encryption. If real secure encryption makes it into mass market communications products, Clipper will have failed. The whole point is not to get a few Clippers used by cops; the point is to make it a worldwide standard, rather than having 3-key triple-DES with RSA and Diffie-Hellman become the worldwide standard. We'd have decent encryption in digital cellular phones *now*, except for the active intervention of Jerry Rainville of NSA, who `hosted' a meeting of the standards committee inside Ft. Meade, lied to them about export control to keep committee documents limited to a small group, and got a willing dupe from Motorola, Louis Finkelstein, to propose an encryption scheme a child could break. The IS-54 standard for digital cellular doesn't describe the encryption scheme -- it's described in a separate document, which ordinary people can't get, even though it's part of the official accredited standard. (Guess who accredits standards bodies though -- that's right, the once pure NIST.) The reason it's secret is because it's so obviously weak. The system generates a 160-bit "key" and then simply XORs it against each block of the compressed speech. Take any ten or twenty blocks and recover the key by XORing frequent speech patterns (like silence, or the letter "A") against pieces of the blocks to produce guesses at the key. You try each guess on a few blocks, and the likelihood of producing something that decodes like speech in all the blocks is small enough that you'll know when your guess is the real key. NSA is continuing to muck around in the Digital Cellular standards committee (TR 45.3) this year too. I encourage anyone who's interested to join the committee, perhaps as an observer. Contact the Telecommunications Industry Association in DC and sign up. Like any standards committee, it's open to the public and meets in various places around the country. I'll lend you a lawyer if you're a foreign national, since the committee may still believe that they must exclude foreign nationals from public discussions of cryptography. Somehow the crypto conferences have no trouble with this; I think it's called the First Amendment. NSA knows the law here -- indeed it enforces it via the State Dept -- but lied to the committee. -- John Gilmore gnu at toad.com -- gnu at cygnus.com -- gnu at eff.org Can we talk in private? Join me in the Electronic Frontier Foundation. Not if the FBI and NSA have their way. Ask membership at eff.org how. From fnerd at smds.com Wed Apr 27 17:42:54 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Wed, 27 Apr 94 17:42:54 PDT Subject: Detweiler Message-ID: <9404272225.AA00903@smds.com> > > Who is Detweiler? > Reuben > Sounds like a good bumper sticker, T-shirt or grafito-- along the lines of "Who is John Galt?" -fnerd don't quote me - - - - - - - - - - - - - - - Gradually, I become aware of a presence. Between me and sustenance stands a woman in a suit. --Michael Swaine -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From karn at qualcomm.com Wed Apr 27 18:11:38 1994 From: karn at qualcomm.com (Phil Karn) Date: Wed, 27 Apr 94 18:11:38 PDT Subject: Schneier's source code In-Reply-To: <8hjjRrq00awI8QG0ZD@andrew.cmu.edu> Message-ID: <199404280111.SAA08153@servo.qualcomm.com> As you can tell from John Gilmore's files (ftp://ftp.cygnus.com/pub/export) I filed my original request, for the book itself, by fax on Feb 12. The letter in response was dated March 2, but I didn't receive it in the mail until March 8. That puts it within their 15 business day limit if you don't count the mail delay. My second request (for the floppy containing exactly what was in the book) was filed by fax on March 8. I had to revise the title, so the actual filing date is more like March 10 (that's the date you get if you call up their automatic license status system and punch in the case number). That makes it 7 weeks, well over their 3-week (15 business day) limit. Odd that it should take so long to clear information that has previously been cleared on another medium, eh? Yes, I think they're clearly stalling since either way they rule they're putting themselves in a tough spot. That was exactly my intention. As to what to do next, I don't know. I don't think the 15-day rule is binding in the sense that 10 days is binding under the FOIA (not that that makes any difference, of course). They say that CJ requests normally take upwards of two months, and could claim that the 15-day rule is something they advertise without actually promising to meet it. Just like 2-day priority mail. It has occurred to me that it wouldn't hurt for others to file CJ requests for other cases of published cryptographic source code, to help build up a foundation of these things. There are plenty of examples to choose from. For a list, see http://www.quadralay.com/www/Crypt/DES/source-books.html. Filing CJ requests is actually quite easy; see John's "CJR kit" (in the aforementioned FTP directory on ftp.cygnus.com) for all the details. If you do file a CJ request, be sure to send a copy to John so he can include it in the files. Phil From albright at scf.usc.edu Wed Apr 27 18:42:14 1994 From: albright at scf.usc.edu (Julietta) Date: Wed, 27 Apr 94 18:42:14 PDT Subject: your mail In-Reply-To: <199404280032.TAA11447@bsu-cs.bsu.edu> Message-ID: <199404280141.SAA23059@nunki.usc.edu> Stevens Miller wrote: > I simply had to pass this article along to c'punks... > > I'm a computer programmer and attorney who is a member of the Committee > on Technology and the Practice of Law, a task force assembled by the > Association of the Bar of the City of New York. Last Friday we held a > conference on "Lawyers and the Internet." Approximately 200 lawyers > attended. > > Speaking in favor of the Clipper proposal was Stuart Baker of the NSA. (Stuart said:) > - The debate over the Clipper proposal is "really just a culture clash > among net-heads." > - Those opposing the proposal are late-coming counter-culturists, "who > couldn't go to Woodstock because they had to do their trig homework." > > - Opponents envision themselves as would-be "cybernauts in bandoliers and > pocket-protectors." > He has concluded that the members of that community are so beneath > his respect that it is more appropriate to make fun of them tha.. > users of networks "are teenaged boys with inept social skills." > That because the popular image of the bookworm can be juxtaposed against that > of Rambo in a funny way, bookworms don't have to be taken seriously. > > That if you play with computers as a youngster, your community, your parents > and your own brain can't save you. That the government must protect you > from your own ineptitude, whether you want its help or not. What a great letter! And what a sorry and inaccurate statement this Stuart Baker has made regarding the Net. Not only is it not peopled solely by "teenage boys with inept social skills"- the National Information Highway is gearing up to be in every home, school, hospital, etc in America. By trying to pin the anti- Clipper campaign against a group of young renegade computer hackers, Baker is trying to reduce the credibility of the arguement against Clipper as a serious threat to our rights by showing that only a few, marginalized "punk" kids are opposing this issue. The NSA is launching a smear campaign, obviously, to discredit those in opposition to its grand scheme of being able to listen to every supposedly private phone and data transmission in America. By marginalizing the opposition in this way, the NSA hopes to gain the trust and backing of the mainstream, who have bought the Image of the Net as some kind of haven for computer hackers. We obviously need to respond to this sort of tactic with some P.R. work of our own. By utilizing some of the analogies which the average person can understand, we can try to combat this serious threat to our right to privacy. Perhaps we need to make a concerted effort to get more articles published in mainstream magazines regarding this issue. I am currently completing a piece on computer surveillance and privacy issues- perhaps this summer I can put something together for the mainstream media. I am sure that plenty of you all can write- we should make sure the word gets out to the masses reagrding the true nature of the Net and regarding the Clipper isssue in particular, now that we know what tactic the NSA is going to take. Ciao for now, Julie "I am not a teenaged boy" :) __________________________________________________________________________ Julie M. Albright Ph.D Student Department of Sociology University of Southern California albright at usc.edu From unicorn at access.digex.net Wed Apr 27 19:06:47 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 27 Apr 94 19:06:47 PDT Subject: CIA & FBI, a marriage made in ___? In-Reply-To: <940427210730_71431.2564_FHA73-1@CompuServe.COM> Message-ID: <199404280206.AA18197@access3.digex.net> > > > Does it concern anybody besides me that the CIA [with a bunch of > underemployed manpower] is jumping into bed with the FBI [whose > spokesman recently testified to Congress that they didn't have > enough manpower to enforce the Crime Bill on us]? Yes it bothers me, but not for the reasons that you think. First, be careful about characterizing the change as the CIA jumping in bed with the FBI. What is really happening is that the FBI is taking over some of the counterintelligence functions of the CIA. I liken this battle to the desire of each branch of the armed services to have their own air wing. When you need close air support, it doesn't have the navy to work for first. In this case, the move is an attempt to head off legislation that would be much more restrictive on the CIA. Believe me, the CIA is more upset about it than you are. They are hardly "jumping into bed" with anyone. Bent over a chair is more like it. The FBI, understaffed in counterintelligence anyhow, also has a distinctly different philosophy and approach to CI. Law enforcement seeks to apply interdiction. Find the criminal, catch the criminal in the act, imprison the criminal. Historical example: The Walker Case. The FBI blew it in a big way when they snagged the documents at the drop spot. As a result, they never followed the handler connection back. The CIA prefers observation. Find the criminal, watch the criminal, walk the cat backwards (catch the handler, perhaps some others, depending on the degree of cell compartmentalization). Disinformation through the exposed spy is also a powerful tool. It not only disrupts intelligence activities, but erodes trust in legitimate information. In intelligence the feeling usually is that observation is best. The goal being to learn about the enemy. In law enforcement the feeling is that the crime must be stopped. The goal being to enforce "justice." Note that this represents a simplification of the bumps around the edges. The usurpation of CIA's CI functions bothers me because of the doctrinal distinction, not because it empowers the FBI. > > Does it make anybody nervous besides me that this is occurring > at the same time that the 2ond and 4th amendments are being > dispensed with? While the Clipper chip and digital telephony > bill are being foisted on us? Yes it makes me nervous, but not for the reasons you think. See below. > Is there a trend here? Yes. I'm not sure if my version is close to yours, however. The trend is to use the intelligence and federal law enforcement agencies for domestic politics. The NSA to promote the economic regulation of the crypto market. The FBI to further the executive's domestic survell. technology agenda, and put out the crime fire at home. The CIA to demonstrate, via a parade of horrors, how bad the problem is, and be the fall guy for the FBI. This is a perversion. I discussed this before on the list and in usenet. Using the NSA as a public relations tool to the degree you see today is an idea that only the intelli-clueless Clinton would think of. Intelligence and law enforcement are not the President's personal program advocates. It detracts from real business and it destroys the credibility of the agencies in the eyes of the public. This makes it hard for real business to be addressed. Ames was exposed for quite a long time. His public capture and arrest complete with media fanfare were as politically timed as the rest of the rhetoric out there. I've spoken in private with at least one list reader on this matter in the last week or so, it's really not a new concept. It does surprise me that it has become as political as it has. I have long maintained that these uses of intelligence betray a basic ignorance of intelligence application and intelligence agencies in general. I have the greatest respect for the office of the Presidency, however. > Ties to political aspects of crypto ought to be pretty damn > obvious. Yes, I'm tired of the issue being framed as a crime problem that needs political attention through law enforcement when in actuality it is a question of regulation and domestic policy. > Brad bdolan at well.sf.ca.us > > > > --------------------------------------------------------------------- > William J. Clinton, on MTV: [X=Y Y=X] Other speaker: [X=Y Y=X] > > The statements were made by Adolf Hitler. He was explaining the > moral philosopy of Nazism [National Socialism]. > > _The Ominous Parallels: The End of Freedom in America_, Leonard > Peikoff, Stein & Day, NY, 1982. ISBN 0-8128-2850-X > > > -uni- (Dark) From dichro at tartarus.uwa.edu.au Wed Apr 27 19:13:55 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Wed, 27 Apr 94 19:13:55 PDT Subject: Faking hostnames and inconvenient anon IP In-Reply-To: <9404271617.AA29790@prism.poly.edu> Message-ID: <199404280208.KAA11054@lethe.uwa.edu.au> > In that case one of us (who owns a machine directly plugged into the net) > should set up an anon server that doesn't check for user/host names, or > better yet, provide a bouncing off point for anonymous telnet... Say > something like you telnet to port 666 on toad.com, and then you're given > an anonymous temporary id. At that point, you are prompted with a menu for > what to do... telnet to another site, ftp into another side, call > an IRC server from somewhere, etc. All the anon server would have to do > is bounce packets... I think this idea came up before... an anon packet > forwarding service of sorts... > > If a user goes through several of these, s/he is granted pretty decent > anonimity... Perhaps another play on this would work with encrypted > packets? Where each user who dials into one of these packet bouncers > talks to it via a PGP like RSA and key-exchange system. There's something similar to this in ftp.germany.eu.net:/pub/networks it's called inet, or something similar. basically you set it up to run on a site, and dependig on which port of said site you telnet to, it bounces packets to somewhere else. so, at ports 2000-2010 on toad.com, you have 11 different anon-irc servers, 2011 has somewthing else, and so on. I'm sure that someone could hack up the source code to inclde anything you damn well want. * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "Life begins at '040." PGP Public key available by finger * "Spaghetti code means job security!" From karn at qualcomm.com Wed Apr 27 19:34:53 1994 From: karn at qualcomm.com (Phil Karn) Date: Wed, 27 Apr 94 19:34:53 PDT Subject: your mail In-Reply-To: <199404280141.SAA23059@nunki.usc.edu> Message-ID: <199404280234.TAA08301@servo.qualcomm.com> I have met a few NSA employees and contractors from time to time, and they've all generally impressed me as intelligent and reasonable people who just happen to work for a bad institution -- except Baker. He *is* that bad institution. I had the dubious pleasure of meeting Baker in person a year ago during a CPSR-sponsored conference in DC. I had argued vigorously with him during a break before I realized that he was NSA's general counsel; afterwards, I realized that if I didn't have a file with them before, I certainly would later. :-) I argued that the bad guys would have strong cryptography no matter what laws were passed, so we might as well make sure the good guys could have it too. His retort, repeated quite a few times, was, "So, your attitude toward the government is "Fuck 'em if they can't take a joke?" It wasn't exactly a reasoned, logical debate. One of the most arrogant people I've ever met. He would have been right at home in the old Nixon White House. But then again, I keep remembering the rule: don't get mad, get even. Write code... Phil From bdolan at well.sf.ca.us Wed Apr 27 20:47:28 1994 From: bdolan at well.sf.ca.us (Brad Dolan) Date: Wed, 27 Apr 94 20:47:28 PDT Subject: Re. FBI & CIA Message-ID: <199404280347.UAA19470@well.sf.ca.us> >From: Black Unicorn >Subject: Re: CIA & FBI, a marriage made in ___? >To: 71431.2564 at CompuServe.COM (Bradley W. Dolan) >Date: Wed, 27 Apr 1994 22:06:25 -0400 (ADT) > >> >> >> Does it concern anybody besides me that the CIA [with a bunch of >> underemployed manpower] is jumping into bed with the FBI [whose >> spokesman recently testified to Congress that they didn't have >> enough manpower to enforce the Crime Bill on us]? > > >Yes it bothers me, but not for the reasons that you think. > >First, be careful about characterizing the change as the CIA >jumping in bed with the FBI. What is really happening is that >the FBI is taking over some of the counterintelligence functions >of the CIA. [...] > >Believe me, the CIA is more upset about it than >you are. They are hardly "jumping into bed" with anyone. Bent over a >chair is more like it. O.K., so it's rape. They're still in bed together. And I don't think I'm going to like the progeny. >The usurpation of CIA's CI functions bothers me because of the doctrinal >distinction, not because it empowers the FBI. Both aspects bother me. Further empowerment of the FBI bothers me more. >> >> Does it make anybody nervous besides me that this is occurring >> at the same time that the 2ond and 4th amendments are being >> dispensed with? While the Clipper chip and digital telephony >> bill are being foisted on us? > >Yes it makes me nervous, but not for the reasons you think. > >See below. > >> Is there a trend here? > >Yes. I'm not sure if my version is close to yours, however. > Opposite side of the same coin, I think. You worry (correctly) that a politicized intelligence/law enforcement establishment won't be very good at intelligence/law enforcement. I worry that it may become good at something else. > >The trend is to use the intelligence and federal law enforcement agencies >for domestic politics. The NSA to promote the economic regulation of the >crypto market. The FBI to further the executive's domestic survell. >technology agenda, and put out the crime fire at home. The CIA to >demonstrate, via a parade of horrors, how bad the problem is, and be the fall >guy for the FBI. [...] >This is a perversion. I discussed this before on the list and in usenet. >Using the NSA as a public relations tool to the degree you see today is >an idea that only the intelli-clueless Clinton would think of. >Intelligence and law enforcement are not the President's personal program >advocates. >It detracts from real business and it destroys the >credibility of the agencies in the eyes of the public. Yes >This makes it hard for real business to be addressed. Yes >I have the greatest respect for the office of the Presidency, however. If I keep an image of Washington or Jefferson firmly fixed in mind, I can maintain just a shred of respect. >-uni- (Dark) bd From wet!naga Wed Apr 27 20:49:49 1994 From: wet!naga (Peter Davidson) Date: Wed, 27 Apr 94 20:49:49 PDT Subject: Crypto scripting language Message-ID: >Date: Wed, 27 Apr 1994 09:00:10 -0700 >From: Hal >To: cypherpunks at toad.com >Subject: Re: Crypto scripting language > >From: peace at BIX.com >> I wrote a cryptographic scripting language that has been implemented in >> a commercial product. [...] > >I'd like to hear more about your scripting language. >[...] In the mean time, perhaps you could describe the language here. What >is its syntax like? Interpreted or compiled? What kind of special crypto >support does it have? > [...] >Hal Well, I don't know anything about peace at BIX.com's crypto scripting language but according to my manual for Dolphin Encrypt Advanced Version (a different product from DE) the program supports a script language. It's an interpreted language. It's explained in an 11-page appendix in the manual. From a quick perusal: The script is contained in a textfile. You run DE with a command like DE2 @XXX.SCR and it reads XXX.SCR and interprets the commands. Apparently the script language is designed only for use with the Dolphin Encrypt program itself (so you can't use it to encrypt with DES, etc.). I don't have much use for scripting crypto applications myself (though if there were lots of encryption/decryption to be done daily I could see a use), so I can't post any that I've written for my own use only, but here's two of the sample scripts from the DEAV disk: #TEST2.SCR #Script for testing Dolphin Encrypt #Last mod.: 1992-05-02 if not there_are_any C:\TEMP\*.TXT output: output: There are no C:\TEMP\*.TXT else encrypt C:\TEMP\*.TXT C:\TEMP\*.ENC /c /b8 if exit_status = 0 decrypt C:\TEMP\*.ENC C:\TEMP\*.DEC /b- if exit_status = 0 run DCOMPARE C:\TEMP\*.TXT C:\TEMP\*.DEC if exit_status = 0 output: File comparisons OK else output: File comparison error! endif endif endif endif // VIEWENC.SCR // A script for decrypting and viewing text files in the current directory // which have been encrypted as files with extension .ENC. // No input parameters required // Use: DE2 @VIEWENC.SCR // Last modified: 1993-03-25 set escape on // Allow termination from script // by pressing the Escape key. output // Print a blank line decrypt *.ENC *.DEC // Decrypt the .ENC file(s) if not successful // Check if decryption successful. output: Decryption error! // Print message if not. else // Otherwise: beep // Pause so that user can wait: Press a key ... // verify successful decryption. save screen // Save the video screen. DFR *.DEC // View the plaintext files using DFR restore screen // Restore the video screen. beep // Get the user's attention. output // output a blank line output: Decrypted plaintext files: DIR *.DEC /w // Show decrypted files on disk. output // output a blank line ask: Purge decrypted file(s)? if answer = Y purge *.DEC /d // /d means display file names. if not successful // If error occurred beep // attract user's attention wait // and wait for a keypress. endif endif if printer // If output redirected to printer eject // issue a formfeed. endif endif Lessee now ... for those interested, Dolphin Software's address is ... got it right here ... 48 Shattuck Square #147, Berkeley, CA 94704. From jpp at markv.com Wed Apr 27 21:29:15 1994 From: jpp at markv.com (jpp at markv.com) Date: Wed, 27 Apr 94 21:29:15 PDT Subject: DId you ever think... In-Reply-To: <9404271310.AA14921@buoy.watson.ibm.com> Message-ID: <9404272128.aa01523@hermix.markv.com> > From: uri at watson.ibm.com > Date: Wed, 27 Apr 1994 09:10:16 -0500 (EDT) > > Wrong again. There was no "proto-DES". From Lucifer to DES took a > few years and significant redesign, but NSA didn't help (however > they sure as hell wanted to keep updated on what was going on, so > we were telling them [or rather - the team who designed it,'cause > I joined later on :-]). Are you saying that IBM developed DES entierly on their own? This doesn't fit my model at all. But, I'm not afraid to be wrong. > > Learn something new every day... > > Please do! (:-) Gladly! Please tell (learn) me: what was the history of the development of DES. How were DES, IBM, NSA, NIST (then NBS), and FIPS related? Wasn't there some concern on IBM's part about liability -- Thus the us Governments participation, including the 'secret' changes to DES? > > Since about 1977 I wondered what the 'rediscovered > > crypto techniques' were. > > Will you bet your ass it was the only technique in consideration? Why would I do that? j' From ebrandt at jarthur.cs.hmc.edu Wed Apr 27 21:31:14 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Wed, 27 Apr 94 21:31:14 PDT Subject: stop mailing to remail@infinity, please Message-ID: <9404280431.AA14522@toad.com> Somebody has been repeatedly (probably by a script) trying to remail through me to "remail at infinity.hip.berkeley.edu", which bounces back to me (unknown user). If it's somebody on this list, could you stop? Otherwise I'll have to have something grep for it so I can source- block the sender, and I don't really want to get into looking at incoming traffic. Eli ebrandt at hmc.edu From jpp at markv.com Wed Apr 27 21:47:48 1994 From: jpp at markv.com (jpp at markv.com) Date: Wed, 27 Apr 94 21:47:48 PDT Subject: Weak IDEA keys... Message-ID: <9404272147.aa04864@hermix.markv.com> Well, I re-read the article, and here is the real dope. In Crypto '93 Joan Daemen, Rene' Govaerts, and Joos Vandewalle write: Abstract. Large classes of weak keys have been found for the block cipher algorithm IDEA, previously known as IPES [2]. IDEA has a 128-bit key and encrypts blocks of 64 bits. For a class of 2^23 keys IDEA exhibits a linear factor. For certain class of 2^35 keys the cipher has a global characteristic with probability 1. For another class of 2^51 keys only two encryptions and solving a set of 16 nonlinear boolean equations with 12 variables is sufficient to test if the used key belongs to this class. If it does, its particular value can be calculated efficiently. It is shown that the problem of weak keys can be eliminated by slightly modifying the key schedual of IDEA. [Typo's are probably mine :)] So, it isn't as bad as I thought. Chances are about 2^51/2^128 == 1/2^77 that you will get a bad key if you choose keys at random with even distribution from the IDEA key space. PGP tries to do exactly this. Once again, though, let me ask: has any one done anything about implementing the _very_simple_ patch the authors describe? PGP 2.5, or 2.6 anyone? I am not _really_ paranoid, but I would hate it if a critical message about the March 15th assassination plot were to fall into the wrong hands because of a bad choice of IDEA keys. A related technical question: are there other easy to compute 2^n x 2^n -> 2^n 'invertable' functions than the three used in IDEA? (namely (1) xor, (2) sum mod 2^n and (3) product mod (2^n)+1 with 0 taken to represent 2^n.) j' From rarachel at prism.poly.edu Wed Apr 27 22:32:09 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 27 Apr 94 22:32:09 PDT Subject: your mail In-Reply-To: <199404280032.TAA11447@bsu-cs.bsu.edu> Message-ID: <9404280519.AA11789@prism.poly.edu> I'm going to take this opportunity to find out how many of your are in NYC or will be in NYC for PC-Expo? I just got a flyer today announcing it. Since I noticed that Stevens Miller's phone number is in the 212 area code I might call him and see if he'd be interested in lending a hand with giving out free secure crypto software at PcExpo... I bounced this idea around before, and now it's time to actually work on it. :-) Who can join in and for which days? All we have to do is hand out free cypherpunk disks to people entering/leaving PCExpo and maybe some flyers along with the disks. They'll think its some sort of promo, and they'll be quite correct. I'll be a Cypherpunks promo. From nobody at jarthur.cs.hmc.edu Wed Apr 27 22:40:15 1994 From: nobody at jarthur.cs.hmc.edu (nobody at jarthur.cs.hmc.edu) Date: Wed, 27 Apr 94 22:40:15 PDT Subject: stop mailing to remail@infinity, please Message-ID: <9404280540.AA14869@toad.com> Eli Brandt wrote: > Otherwise I'll have to have something grep for it so I can > source-block the sender, and I don't really want to get into > looking at incoming traffic. Yeah, aside from the privacy problems here, there are other reasons for not looking at mail going through your remailer. I run a remailer, and one night a few weeks ago, we had a power failure here during the night, so the system got hosed. When I was setting it back up in the morning, I saw the incoming mail which hadn't gone into the filter. Well, there were some messages in there which ... well, let me just say that someone was using my remailer for a purpose which I would have rather not known about. Sometimes ignorance is bliss. From schirado at lab.cc.wmich.edu Wed Apr 27 22:55:09 1994 From: schirado at lab.cc.wmich.edu (Schirado) Date: Wed, 27 Apr 94 22:55:09 PDT Subject: PROGRAMMING: Assessment wanted. Message-ID: <9404280555.AA15128@lab.cc.wmich.edu> I'm not a programmer, so this is all over my head. I'm just throwing this out as a public service. I will forward mail to the original author. *** If a subscriber has the time and interest, I can supply them with sources to build a new public key cryptography system based on unpatented and UNPATENTABLE (because they are already published) cryptographic systems which have an entire level of better security than that RSA rubbish. So far, it appears that keys in the neighborhood of 100-200 bits are equivalent to the "600" bits for RSA and the "military grade" claims of 1024 bits (PGP) should be easily doable in around 300-400 bits. Requirements: You need to either have a good grasp on finite mathematics (fields, rings, and such..just a basic understanding is all that is necessary) or willing to spend the time to learn it (about a week if you are already math-inclined). You need programming skill too (of course). I would also recommend that you use a different compression system from that LZ-based stuff that half the world is using in favor of higher order Markov tree things (I will supply complete references for this too). I am doing this because I have the necessary information but lack the time to develop this project further. [...] Okay, for a good overview paper of doing it in hardware (the software solution is also possible..just that you can't do it quite the same..online that is), see _An Implementation of Elliptic Curve Cryptosystems Over F-2-155_ , IEEE Journal on Selected Areas in Communications, Vol. 11, #5, June 1993 (page 804). Essentially, nonsupersingular elliptic curves over the finite group of characteristic 2 become reducible to the discrete logarithm problem. Watch when you are looking for papers and doing the research for stuff by Neal Koblitz..he really knows his stuff and wrote a very good introductory book to finite arithmetic and cryptology, although the elliptic curve system in the book was written before the hole in the supersingular case was known. Elliptic curve cryptosystems appear to be the strongest known public key cryptosystem on a per-bit basis in existence. The algorithm is still horrendously slow (just like RSA-based stuff) so don't expect to be doing the encryption/decryption in real time unless you're building it in hardware. The paper mentioned above has all the references you'll need. Use a good solid block cypher for actual encryption and just encrypt a seed using the public key stuff. Do us all a favor and publish it in library as well as full-blown software package form and allow for plug-in encryption modules as well as key management systems so the software doesn't have to be done all over again each time. Same with any compression software you put in it. As far as compression (lossless) goes, you'll have to search for the papers on that because my copy appears to have been borrowed and not returned. Look for "Prediction by Partial Matching" or "PPM". This is a multiple-order Markov solution which does better than the LZ-based things. From snyderra at dunx1.ocs.drexel.edu Wed Apr 27 23:24:43 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Wed, 27 Apr 94 23:24:43 PDT Subject: Gee... Message-ID: <199404280623.CAA07975@dunx1.ocs.drexel.edu> At 12:21 PM 4/27/94 -0700, Sandy Sandfort wrote: >Wrong on both counts. Getting it out legally would be nice--it's a great >*fallback* position--but that's not the object of the game. The idea is >to get it out and make it widely available. Period. Maybe of your game. My game is to get cryptography available to all, without violating the law. This mean fighting Clipper, fighting idiotic export restraints, getting the government to change it's stance on cryptography, through arguements and letter pointing out the problems (I love Phil Karn's CJ request, because it points out some of the idiocy behind some of the regulations). This means writing or promoting strong cryptography. By violating the law, you give them the chance to brand you "criminal," and ignore/encourage others to ignore what you have to say. >The Constitution and other laws are not magic talismans. It is fantasy >thinking that technical compliance with the government's laws renders >them "completely powerless." A Smith & Wesson beats four-of-a-kind. I'm not sure I understand what you are saying here. Them being the laws or the government? Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From nobody at jarthur.cs.hmc.edu Thu Apr 28 00:41:41 1994 From: nobody at jarthur.cs.hmc.edu (nobody at jarthur.cs.hmc.edu) Date: Thu, 28 Apr 94 00:41:41 PDT Subject: spooks on cypherpunks Message-ID: <9404280741.AA15944@toad.com> NetSurfer Robert Mathews be aware From mimir at illuminati.io.com Thu Apr 28 01:26:58 1994 From: mimir at illuminati.io.com (Al Billings) Date: Thu, 28 Apr 94 01:26:58 PDT Subject: Gee... In-Reply-To: <199404271647.AA08268@srl03.cacs.usl.edu> Message-ID: On Wed, 27 Apr 1994, Phil G. Fraering wrote: > How about tarring the code together, encrypting it, and e-mailing the > message out? Since that is illegal and spooks and other government entities are on this list, perhaps that is why the legal loopholes are being discussed? -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Al Billings aka Grendel Grettisson | Internet: mimir at illuminati.io.com | | Nerd-Alberich - Lord of the Nerd-Alfar | Sysop of The Sacred Grove | | Admin for Troth, the Asatru E-mail List| (206)322-5450 | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From eagle at deeptht.armory.com Thu Apr 28 01:50:55 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Thu, 28 Apr 94 01:50:55 PDT Subject: spooks on cypherpunks Message-ID: <9404280150.aa02224@deeptht.armory.com> Thanks for the hot fucking tip, Sparky. What was your first clue? I suggest you not only learn to live with it, you learn to compete at their level. You can ftp my Psychological Warfare Primer for Online Activists at ftp.eff.org /pub/EFF/Issues/Activism/psychwar.primer You have the right to free speech, and you have the right to dissent. Use it or loose it slick. Imagine some spook taking a shit in a public restroom. They're human. And they fuck up regular as well. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From nobody at shell.portal.com Thu Apr 28 02:23:20 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Thu, 28 Apr 94 02:23:20 PDT Subject: Digital_Auction Message-ID: <199404280924.CAA05119@jobe.shell.portal.com> > X-From: Sameer >> In that case one of us (who owns a machine directly plugged into the net) >> should set up an anon server that doesn't check for user/host names, or > Well starting sometime this summer I'm going to start selling shell > accounts, and I don't plan on spending much time verifying that there is a > TrueName associated with any given account. All I will care is that I get > my money and that the account isn't used to violate any security. What is the smallest unit of access? We should use that for digital cash. Let's say I purchase 100 units of access on your system. You issue a certificate that I have this access on demand. Then when we have an IRC digital auction for the blueprints of Megacorp's new xray laser, I can display my certificate and make a bid. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCVAi2/ZzEAAAEEOQGMwT6H90aJMTmkf3bLdMVyJ3hyBDoh8ruQfa2x/8tTEPhs 0dyOMroWwMMFQHY5Gdc7etULE6G3W8Q8CGotwFIEUMCXEc9UBeePv3WaU3ovZ/Dz bdvnTeH8KYpQhV68bi1jvX3ahM2tk5jRwK8zP9+YHv5ZpbQlubVI6pRIYxGNuGfP zntP48UABRG0CG5lb24gPEA+ =CTOG -----END PGP PUBLIC KEY BLOCK----- From erich at soda.Berkeley.EDU Thu Apr 28 03:16:08 1994 From: erich at soda.Berkeley.EDU (Erich von Hollander) Date: Thu, 28 Apr 94 03:16:08 PDT Subject: your mail In-Reply-To: <199404280234.TAA08301@servo.qualcomm.com> Message-ID: <199404281015.DAA07257@soda.Berkeley.EDU> > I had the dubious pleasure of meeting Baker in person a year ago > during a CPSR-sponsored conference in DC. I had argued vigorously with > him during a break before I realized that he was NSA's general > counsel; afterwards, I realized that if I didn't have a file with them > before, I certainly would later. :-) > > I argued that the bad guys would have strong cryptography no matter > what laws were passed, so we might as well make sure the good guys > could have it too. His retort, repeated quite a few times, was, "So, > your attitude toward the government is "Fuck 'em if they can't take a > joke?" It wasn't exactly a reasoned, logical debate. maybe he's a subgenius. [note to whichever nsa employee is reading this: check out the book of the subgenius for more info on this. it's really good reading, anyway.] about the bad guys getting strong crypto: let's review the des story for a moment, keeping in mind that clipper in the 90s may be a repeat of des in the 70s: des came out of the lucifer project at ibm in the early 70s and was adopted as a standard in 1976. at the time it was published, the design criteria of the s-boxes were classified, and this worried many people. everyone suspected that the nsa had hidden a backdoor of some kind in the s-boxes. the truth behind the s-boxes finally came out in 1990 when biham and shamir published the idea of differential cryptanalysis. it turns out that the design of the s-boxes is optimized against differential cryptanalysis and also that the 16 rounds were chosen specifically to defeat differential cryptanalysis. ibm researchers and the nsa knew about that in the early 70s. so the nsa did two things: they made sure that des was safe against differential cryptanalysis, in case some other entity had also discovered it, and also they classified the criteria of the design, to make sure that the public wouldn't find out about differential cryptanalysis. the nsa came out looking bad, but in retrospect, both of these actions really were for the benefit cryptography users. of course the 56 bit key size is more suspicious now than ever, and i would be very surprised if a des breaking machine didn't exist somewhere in the world. could clipper be the repeat of this story? on the surface, it all looks pretty suspicious, and maybe the character of the nsa has changed since the 70s, but we can't dismiss the possibility that it really is somehow in our own best interests. remember, they know more about cryptography than any other group anywhere in the world. e From an52210 at anon.penet.fi Thu Apr 28 03:21:23 1994 From: an52210 at anon.penet.fi (Dead Socket) Date: Thu, 28 Apr 94 03:21:23 PDT Subject: Clipper hearings rescheduled - May 3 1994! Message-ID: <9404281007.AA25732@anon.penet.fi> mech at eff.org (Stanton McCandlish) once said: [duff steleted] ME> ejk at c-span.org is a real user, and doug at c-span.org might be (did not ME> produce a no-user message, but also did not provide an "In real life:" ME> answer, nor did it mention mail status or presence of a .plan, which it ME> did do for ejk. There's a c-span gopher also, that gives rather cryptic ME> schedules, look on the "All the Gophers in the Whole Wide World" thing you ME> find on most larger gopher servers, and it should turn up. Try 'telnet c-spac.org 25', 'HELO ', 'VRFY doug'. Patrick ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From sis2209 at sisvax.sis.port.ac.uk Thu Apr 28 04:14:20 1994 From: sis2209 at sisvax.sis.port.ac.uk (Agent Orange) Date: Thu, 28 Apr 94 04:14:20 PDT Subject: questions. Message-ID: <9404281114.AA18648@toad.com> Date sent: 28-APR-1994 I am currently getting together resources for a research paper on the growth of encryption systems, from enigma to present day. Part of the paper will examine the direction taken by encryption schemes in the future (with particular reference to the likely acceleration of computing power, greater need for personal privacy, etc etc) The paper will be written from the viewpoint of an encryption-aware programmer, rather than that of an expert cryptanalyst! Plenty of example code and practical applications will form the backbone of this study, not pages of mathematics. Are there any papers currently circulating dealing with the future of encryption? Has anyone else on this list already investigated this area, I'd appreciate any information you can submit (ftp addrs?), via this mailing list or private email if you wish. Nick =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= System Operator of Psycho BBS, +44 483 418467 HST/v32bis Archimedes and PC shareware sis2209 at sisvax.sis.port.ac.uk 885Mb online huttonnc at axpvms.pa.dec.com From perry at snark.imsi.com Thu Apr 28 05:28:57 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 28 Apr 94 05:28:57 PDT Subject: Crypto scripting language In-Reply-To: Message-ID: <9404281228.AA14356@snark.imsi.com> 1) This is not the sort of "scripting language" that was being discussed. What was proposed was a system in which one could combine primitive operations to perform various kinds of cryptography. As an example, one could say something like "take a block of text, MD5 hash it, take the hash, and raise this other number to the hash value modulo this other prime number". What you are showing is a piss-poor shell scripting language. 2) Until such time as Dolphin Encrypt's algorithm is subjected to real analysis, it must be assumed to be a useless piece of garbage. Perry Peter Davidson says: > > > >Date: Wed, 27 Apr 1994 09:00:10 -0700 > >From: Hal > >To: cypherpunks at toad.com > >Subject: Re: Crypto scripting language > > > >From: peace at BIX.com > >> I wrote a cryptographic scripting language that has been implemented in > >> a commercial product. [...] > > > >I'd like to hear more about your scripting language. > >[...] In the mean time, perhaps you could describe the language here. What > >is its syntax like? Interpreted or compiled? What kind of special crypto > >support does it have? > > > [...] > >Hal > > Well, I don't know anything about peace at BIX.com's crypto scripting > language but according to my manual for Dolphin Encrypt Advanced > Version (a different product from DE) the program supports a script > language. It's an interpreted language. It's explained in an 11-page > appendix in the manual. From a quick perusal: The script is > contained in a textfile. You run DE with a command like DE2 @XXX.SCR > and it reads XXX.SCR and interprets the commands. Apparently the > script language is designed only for use with the Dolphin Encrypt > program itself (so you can't use it to encrypt with DES, etc.). > > I don't have much use for scripting crypto applications myself (though > if there were lots of encryption/decryption to be done daily I could > see a use), so I can't post any that I've written for my own use only, > but here's two of the sample scripts from the DEAV disk: > > #TEST2.SCR > #Script for testing Dolphin Encrypt > #Last mod.: 1992-05-02 > > if not there_are_any C:\TEMP\*.TXT > output: > output: There are no C:\TEMP\*.TXT > else > encrypt C:\TEMP\*.TXT C:\TEMP\*.ENC /c /b8 > if exit_status = 0 > decrypt C:\TEMP\*.ENC C:\TEMP\*.DEC /b- > if exit_status = 0 > run DCOMPARE C:\TEMP\*.TXT C:\TEMP\*.DEC > if exit_status = 0 > output: File comparisons OK > else > output: File comparison error! > endif > endif > endif > endif > > // VIEWENC.SCR > // A script for decrypting and viewing text files in the current directory > // which have been encrypted as files with extension .ENC. > // No input parameters required > // Use: DE2 @VIEWENC.SCR > // Last modified: 1993-03-25 > > set escape on // Allow termination from script > // by pressing the Escape key. > output // Print a blank line > decrypt *.ENC *.DEC // Decrypt the .ENC file(s) > if not successful // Check if decryption successful. > output: Decryption error! // Print message if not. > else // Otherwise: > beep // Pause so that user can > wait: Press a key ... // verify successful decryption. > save screen // Save the video screen. > DFR *.DEC // View the plaintext files using DFR > restore screen // Restore the video screen. > beep // Get the user's attention. > output // output a blank line > output: Decrypted plaintext files: > DIR *.DEC /w // Show decrypted files on disk. > output // output a blank line > ask: Purge decrypted file(s)? > if answer = Y > purge *.DEC /d // /d means display file names. > if not successful // If error occurred > beep // attract user's attention > wait // and wait for a keypress. > endif > endif > if printer // If output redirected to printer > eject // issue a formfeed. > endif > endif > > Lessee now ... for those interested, Dolphin Software's address is > ... got it right here ... 48 Shattuck Square #147, Berkeley, CA 94704. > From rishab at dxm.ernet.in Thu Apr 28 05:51:08 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Thu, 28 Apr 94 05:51:08 PDT Subject: ITAR and non-US citizens Message-ID: What's my legal position if I buy a 'munition' in NY and walk out of the US? What's my legal position if I ftp PGP from a US site? Who's violated ITAR? If I have, and it's proved, anything they can do? I don't suppose India, or any other government for that matter, will extradite someone for getting something out of the US that can't harm them. Can non-US citizens file CJ (or FOIA) requests? ------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! ------------------------------------------------------------------------------- From frissell at panix.com Thu Apr 28 06:03:10 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 28 Apr 94 06:03:10 PDT Subject: Phil Z in the WSJ Message-ID: Get today's Wall Street Journal. Phil and PGP are profiled in the left hand "profile" column on page 1. Usual crypto errors. "PGP is more unbreakable than any code in history." They spelled our name wrong too. It's "cypherpunks" not cipherpunks. DCF From frissell at panix.com Thu Apr 28 06:11:50 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 28 Apr 94 06:11:50 PDT Subject: Faking hostnames and inconvenient anon IP In-Reply-To: <9404272018.AA19034@vail.tivoli.com> Message-ID: On Wed, 27 Apr 1994, Mike McNally wrote: > Most (all?) private PO box places won't give out a box without a > "real" US mail address and some form of ID. Is this due to legal > requirements (direct or indirect)? If so, can we not look forward to > such restrictions being placed on those who supply electronic PO > boxes? It is not a legal requirement. It is an administrative requirement of the USPS. They threaten to withhold delivery of mail addressed to people at mail receiving services for whom there is no form on file. In practice they don't enforce this requirement and as long as a mail receiving service files "enough" forms, all mail is delivered. Even without a cooperating mail receiving service, it is trivial to open a box using "employment ID" printed up in Word for Windows. They don't check closely. DCF Privacy 101: Since anyone in the land of the free and the home of the brave can start a business or a school without permission, anyone can issue his own "employment ID" or "school ID." Kids - try this at home. From jims at Central.KeyWest.MPGN.COM Thu Apr 28 06:31:47 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Thu, 28 Apr 94 06:31:47 PDT Subject: NSA snobs. In-Reply-To: <199404280141.SAA23059@nunki.usc.edu> Message-ID: <9404281331.AA11005@Central.KeyWest.MPGN.COM> > > Stevens Miller wrote: [ Stuart Baker's (of the NSA) comments deleted ] > We obviously need to respond to this sort of tactic with some P.R. > work of our own. > I am sure that plenty of you all can write- we should make sure the word > gets out to the masses reagrding the true nature of the Net and regarding > the Clipper isssue in particular, now that we know what tactic the NSA is > going to take. I agree with Julie that we need some P.R. for this. I also think we should do it by writing and getting the word out. However, I think we should form a small informal group of people seriously interested in putting together a well thought out document that is factual and without emotional flair that a member of the press would respect, could understand, and might pass on to the public. I want to propose that this small group develop a document to the best of their abilities, refine it, and when they think it is ready post it to the list for a "final lookover". I am willing to organize the initial document work if there is interest. If you think you'd like to help with the first stages of this "PR Kit" please contact me via email. If there is sufficient interest I will let the rest of the list know and we can communicate via email to keep the list traffic down at first. When we have it's first form then everyone on the list will have a chance to comment before it is mailed out. If you think this is a good idea and want to help then let me know. ALSO, if you just think this is a good idea but would rather not help build the initial document, let me know anyway so I can gauge interest in it. While I applaud the efforts of Jeff Davis with his mass mailings I feel a newsperson might be tempted to dismiss him offhand since he is one person. If this is put together by the group and we let the press know we are programmers, lawyers, physicists, real estate salespeople, etc. etc. etc. and include the name (email address/pseudonym/etc) of anyone on the list who wishes to be named then we will have a better chance of being taken seriously. Let me know what you think, Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From matsb at sos.sll.se Thu Apr 28 06:34:12 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Thu, 28 Apr 94 06:34:12 PDT Subject: Spy Satellite Resolution In-Reply-To: <9404262226.AA05855@paycheck.cygnus.com> Message-ID: Mark W. Eichin wrote: > number like "1 foot resolution" -- and then did some processing on a > photograph to demonstrate what that meant. > > The picture used was a rear view of a VW Bug, with a copy of Isvestia > resting on the upper edge of the trunk. Basically, you could tell > there was something sitting there, but you couldn't read the headlines A previous poster suggested 1 inch with the latest technology on a clear day. In any case this has grave implications for the privacy in outdoor activities like under-the-sky-copulation. A simple protection is available: a heat source to produce chaotic air turbulence. A campfire? From sdw at meaddata.com Thu Apr 28 07:11:40 1994 From: sdw at meaddata.com (Stephen Williams) Date: Thu, 28 Apr 94 07:11:40 PDT Subject: Detweiler In-Reply-To: <9404270135.AA27300@pilot.njin.net> Message-ID: <9404281411.AA03336@jungle.meaddata.com> > > Who is Detweiler? > Reuben > What ever you do: DON'T say his name three times! :-) sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From mg5n+eartdjp7xy633zeul7cwkz3c6zly7n1l98k233yemu0 at andrew.cmu.edu Thu Apr 28 07:14:36 1994 From: mg5n+eartdjp7xy633zeul7cwkz3c6zly7n1l98k233yemu0 at andrew.cmu.edu (Anonymous) Date: Thu, 28 Apr 94 07:14:36 PDT Subject: ILF: Computers abort Titan launching Message-ID: Brought to you by the Information Liberation Front (Reuters) CAPE CANAVERAL - Computers detected potential trouble and aborted Tuesday's launch of a Titan rocket and its military cargo in the final seconds of countdown, the Air Force said. It was the second attempt in three days to get the powerful booster off the ground and into orbit with what is said to be the world's largest and most sophisticated eavesdropping satellite, called the Aquacade. Air Force officials said the rocket would not be ready for a third blastoff try before Thursday. From jims at Central.KeyWest.MPGN.COM Thu Apr 28 07:28:57 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Thu, 28 Apr 94 07:28:57 PDT Subject: Directory of 'punks Message-ID: <9404281428.AA11444@Central.KeyWest.MPGN.COM> As another thought, would there be interest in compiling a list of cypherpunks who agreed to be included, their occupations, and any notable experiences such as "Served for 3 years on the Foreign Affairs Committee" or whatever. With tools like a "press kit" and a directory of members we will become viewed as a cross-section of America, citizens with a point of view shared by many, contributors to the general welfare of society rather than a bunch of fanatical computer geeks that haven't given anything to society. (well, maybe...it's a tough battle.) Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From paul at poboy.b17c.ingr.com Thu Apr 28 07:33:07 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Thu, 28 Apr 94 07:33:07 PDT Subject: AT&T, Clipper, & Saudi Arabia Message-ID: <199404281433.AA10239@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- Dear AT&T: If you'll roll over for us on Clipper, we will suitably incentivize you. /s/ The Clinton Administration I suppose most of us would consider a $4B contract a "suitable incentive." While there's probably no direct evidence of a quid pro quo, it strikes me as a bit odd that the President is personally intervening in a purely commercial deal. OTOH this is the second time Clinton has intervened in a deal with the Saudis. On the gripping hand, I don't recall anyone intervening to get business for Boeing (Peace Shield, the Saudi C3I network), McDonnell (F-15s), and so on. Thanks a lot, AT&T. - -Paul - -- Paul Robichaux, KD4JZG | Out the 10Base-T port, through the router, perobich at ingr.com | over the leased line, off the bridge, past Intergraph Federal Systems | the firewall... nothing but net. Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLb/JLCA78To+806NAQGPrwP+Jf+B7B/AXogJi/APH71KpgT1wGi8QahK Qn3rSx5baRxfpwlHafecV+3TV6OJt8L7je1VlSm3dIJp7vVDPmsKDvV8QD1/Skd9 u3eMIzpKsspje2hG9olS/6Dm6huPAPUHb+Lpx/jD5P2VuYcsiMhyO4shCZw9hMUU ZiiClgJuBf8= =XuPw -----END PGP SIGNATURE----- From perry at snark.imsi.com Thu Apr 28 07:38:55 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 28 Apr 94 07:38:55 PDT Subject: Directory of 'punks In-Reply-To: <9404281428.AA11444@Central.KeyWest.MPGN.COM> Message-ID: <9404281438.AA14659@snark.imsi.com> "Jim Sewell" says: > With tools like a "press kit" and a directory of members we will Members of what? Perry From grm at bighorn.dr.att.com Thu Apr 28 07:49:33 1994 From: grm at bighorn.dr.att.com (G.R.Martinez) Date: Thu, 28 Apr 94 07:49:33 PDT Subject: Cypherpunks PR (was: NSA snobs.) In-Reply-To: <9404281331.AA11005@Central.KeyWest.MPGN.COM> Message-ID: <9404280848.ZM10257@dr.att.com> On Apr 28, 9:31, Jim Sewell wrote: > ... > I agree with Julie that we need some P.R. for this. I also think we > should do it by writing and getting the word out. Jolly good idea... the more signatures the better. -- gerald.r.martinez at att.com / grmartinez at attmail.att.com / att!drmail!grm @ AT&T GBCS Bell Labs, Denver (303) 538-1338 @ WWW: http://info.dr.att.com/hypertext/people/grm.html & life is a cabernet ...o&o ))) From smb at research.att.com Thu Apr 28 07:59:07 1994 From: smb at research.att.com (smb at research.att.com) Date: Thu, 28 Apr 94 07:59:07 PDT Subject: AT&T, Clipper, & Saudi Arabia Message-ID: <9404281459.AA22961@toad.com> -----BEGIN PGP SIGNED MESSAGE----- Dear AT&T: If you'll roll over for us on Clipper, we will suitably incentivize yo u. /s/ The Clinton Administration I suppose most of us would consider a $4B contract a "suitable incentive." While there's probably no direct evidence of a quid pro quo, it strikes me as a bit odd that the President is personally intervening in a purely commercial deal. OTOH this is the second time Clinton has intervened in a deal with the Saudis. On the gripping hand, I don't recall anyone intervening to get business for Boeing (Peace Shield, the Saudi C3I network), McDonnell (F-15s), and so on. Can we please confine paranoia to reasonable areas -- like AT&T's sales of secure phones to the government? The U.S. government has a very long record of pushing American products against foreign competitors, such as Boeing versus Airbus. Of course, there is a quid pro quo here -- but it's Clinton reminding the Saudis about Desert Storm. --Steve Bellovin P.S. It goes without saying that I'm speaking for myself, not AT&T. From brendan at oc3s-emh1.army.mil Thu Apr 28 08:08:49 1994 From: brendan at oc3s-emh1.army.mil (Brendan McKenna) Date: Thu, 28 Apr 94 08:08:49 PDT Subject: Spy Satellite Resolution In-Reply-To: Message-ID: <9404281508.AA23043@toad.com> : : Mark W. Eichin wrote: : : > number like "1 foot resolution" -- and then did some processing on a : > photograph to demonstrate what that meant. : > : > The picture used was a rear view of a VW Bug, with a copy of Isvestia : > resting on the upper edge of the trunk. Basically, you could tell : > there was something sitting there, but you couldn't read the headlines : : A previous poster suggested 1 inch with the latest technology on a clear : day. In any case this has grave implications for the privacy in outdoor : activities like under-the-sky-copulation. A simple protection is : available: a heat source to produce chaotic air turbulence. A campfire? : Oh come on! Who cares who you're screwing outside? Do you honestly think that any of us here is doing anything that warrants that kind of scrutiny by the intelligence community? Just because something is possible doesn't make it cheap and easy to use. Besides, on with that sort of angular resolution, the area of the image is also reduced, so they'd have to be pretty interested in you in particular, and have a real good idea of where to look for you when the satellite was overhead. Besides, do you really think that your activities are so important that the NRO would be willing to devote the time and money necessary to find you and photograph you (or any other member of this list) with their precious resources? It's not like the sky is blanketed with these satellites to the point where anyone in the US would have to worry about what they were doing outdoors..... Of course, perhaps the comments were meant facetiously, and I've meerly overreacted here -- wouldn't be the first time. Brendan From jims at Central.KeyWest.MPGN.COM Thu Apr 28 08:16:57 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Thu, 28 Apr 94 08:16:57 PDT Subject: Directory of 'punks In-Reply-To: <9404281438.AA14659@snark.imsi.com> Message-ID: <9404281516.AA00624@Central.KeyWest.MPGN.COM> > > > "Jim Sewell" says: > > With tools like a "press kit" and a directory of members we will > > Members of what? I was talking about compiling a list of cypherpunk members that agreed to be included in a directory and their occupations so we can show the "world" that we aren't just a bunch of fanatics but rather "real folks". If we can say... "Here's a list of 200 members of the cypherpunks mailing list. As you can see, we have members that are lawyers, salespeople, commercial pilots, doctors, etc. As you can see we are not a scattered bunch of students with nothing better to do, as some would have you believe, but rather a legitimate cross-section of the nation that just happens to be a bit more knowlegable about things like clipper. "Although not everyone in this directory agrees, the ones listed below have agreed to attach their names to our document regarding XXXX". ... we will have a much stronger position from which to fight the not-good things like Clipper, etc. Alternate: Do you think we should forget the names and such and just compile stats as to how many Doctors, etc are on the list and simply use that? i.e."Our group consists of 5 professors of higher education level, 18 professional land surveyors, 9 contract laborers, and 1 computer geek from 18 different countries including Australia, India, ...." I think this would carry much more weight with the press when we have something to say. Besides, I'm curious as to the makeup of the group too. Of course, this entire thing depends on the willingness of the members to be included. If such a list is built it should only have entries for people who EXPLICITLY agreed to be included and ONLY the information they wish to have added. What do you think? Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From paul at poboy.b17c.ingr.com Thu Apr 28 08:19:13 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Thu, 28 Apr 94 08:19:13 PDT Subject: AT&T, Clipper, & Saudi Arabia In-Reply-To: <199404281457.AA25910@ingr.ingr.com> Message-ID: <199404281519.AA10680@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- > Can we please confine paranoia to reasonable areas -- like AT&T's sales > of secure phones to the government? The U.S. government has a very long > record of pushing American products against foreign competitors, such as > Boeing versus Airbus. I have great respect for you, Steve, but in this case I must humbly disagree with you. The US government does have a very long record of promoting US products for foreign sales, but it is certainly rare for the President himself to get involved so publically. Do you really think that selling 50,000 secure phones would be _that_ attractive to AT&T? It would certainly be attractive to the particular business unit in charge of selling them, but not nearly as attractive as the promise of help in the future. > Of course, there is a quid pro quo here -- but it's Clinton reminding the > Saudis about Desert Storm. Considering that the Saudis paid for a large fraction of the monetary cost of Desert , and that they have made or attempted to make substantial FMS and civilian purchases from the US, they very well may feel that they have discharged their debt. I think it's reasonable to visualize a conversation in which the administration promised to "help AT&T in the future" in exchange for AT&T's adoption of Clipper. It certainly may not have been as blatant as my satirical letter, but that doesn't make it less plausible. - -Paul - -- Paul Robichaux, KD4JZG | Out the 10Base-T port, through the router, perobich at ingr.com | over the leased line, off the bridge, past Intergraph Federal Systems | the firewall... nothing but net. Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLb/UACA78To+806NAQFltgP+ILjjQTG2EOlnj9+csJHC5q8v2cwXwaUo Y5MMShgVShUB4xe3knS6UPShEW2YemGGzvfWWIO+O1hgiXLWKbxclnRB/UCgne4G J+0TJzwZGu6WxD/IEoOMvFkFisJauqpeL4uP7DgaWtAcV5LeBg4mKoTgxGvZaE7i r4nNBLkJdI4= =IB4g -----END PGP SIGNATURE----- From sandfort at crl.com Thu Apr 28 08:26:23 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 28 Apr 94 08:26:23 PDT Subject: Gee... In-Reply-To: <199404280623.CAA07975@dunx1.ocs.drexel.edu> Message-ID: C'punks, On Thu, 28 Apr 1994, Bob Snyder wrote quoting me: > >. . . Wrong on both counts. Getting it out legally would be nice--it's > >a great *fallback* position--but that's not the object of the game. . . > Maybe of your game. My game is to get cryptography available to all, > without violating the law. . . . > > By violating the law, you give them the chance to brand you "criminal," and > ignore/encourage others to ignore what you have to say. Do you think your fastidious compliance with the law will keep them from branding you a criminal, anyway? Wake up. The whole purpose of wide-spread availability and use of strong crypto is to what "others" say or think, irrelevant. Strong crypto means never having to say you're sorry. > >The Constitution and other laws are not magic talismans. It is fantasy > >thinking that technical compliance with the government's laws renders > >them "completely powerless." A Smith & Wesson beats four-of-a-kind. > > I'm not sure I understand what you are saying here. Them being the laws or > the government? The "them" was that of the original writer (you?), which I took to mean the government. In the context of my statement, either will serve. The "Smith & Wesson" statement was offered as a (humorous?) analogy. In poker four-of-a-kind is a good hand only as long as everyone plays by the rules. When force enters the picture, the rules--as the president's shills would say--"are no longer operative." The essence of government is guns, not laws. Get it? S a n d y From hughes at ah.com Thu Apr 28 08:37:34 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 28 Apr 94 08:37:34 PDT Subject: Anonymous remailer for Waffle In-Reply-To: Message-ID: <9404281532.AA19806@ah.com> >To make it possible to reply, I think the following approach >will do: the 'reply-to:' address will be > " (NickName Anon-ID=XXXXXX)" Reply addresses in address comments (the parentheses) don't work reliably. They're comments--various mailers do odd things with them, like drop them. The question is reliability not function, because it will work a lot of the time. Eric From jims at Central.KeyWest.MPGN.COM Thu Apr 28 08:47:35 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Thu, 28 Apr 94 08:47:35 PDT Subject: Directory of 'punks Message-ID: <9404281547.AA01037@Central.KeyWest.MPGN.COM> Thank you for the preliminary (<2 hrs) response to the posting. I have not gotten a "that's a bad idea" letter yet of the 7 replies so I will assume this is a "Good Thing" tm. In the interest of the mailing list volume I ask that you hold your information for now. I will certainly accept "it's a bad idea" mail. I will put together a format for replies and post it to the list and anyone interested can fill in the blanks and mail it back to me. I'm going to take my time and try to think of any useful information so we only have to do this once (good for you and me). Look here for the survey and email it back if you want to be included in a list of c'punks. Also, please let me know if there is anything you DON'T want included and I will honor that as well. Thanks for your comments, I'll keep the list informed of what I know when it becomes available. Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From hughes at ah.com Thu Apr 28 09:00:03 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 28 Apr 94 09:00:03 PDT Subject: your mail In-Reply-To: <199404281015.DAA07257@soda.Berkeley.EDU> Message-ID: <9404281555.AA19849@ah.com> >could clipper be the repeat of this story? on the surface, it all >looks pretty suspicious, and maybe the character of the nsa has >changed since the 70s, but we can't dismiss the possibility that it >really is somehow in our own best interests. remember, they know more >about cryptography than any other group anywhere in the world. Clipper has a front door. Skipjack doesn't. Skipjack may be a fine cipher, but I sure as hell don't want Clipper. Last I heard you couldn't get one without the other. Eric From hughes at ah.com Thu Apr 28 09:00:56 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 28 Apr 94 09:00:56 PDT Subject: No Subject In-Reply-To: <199404280032.TAA11447@bsu-cs.bsu.edu> Message-ID: <9404281556.AA19863@ah.com> >- The debate over the Clipper proposal is "really just a culture clash >among net-heads." >- Those opposing the proposal are late-coming counter-culturists, "who >couldn't go to Woodstock because they had to do their trig homework." FWIW, these are recycled jokes. He used exactly the same lines at CFP-94. Eric From lefty at apple.com Thu Apr 28 09:01:44 1994 From: lefty at apple.com (Lefty) Date: Thu, 28 Apr 94 09:01:44 PDT Subject: spooks on cypherpunks Message-ID: <9404281600.AA05551@internal.apple.com> Some anonymous "contributor" informs us, without benefit of evidence, that > >NetSurfer >Robert Mathews are "spooks" and advises us to > >be aware to which the ever-popular Jeff Davis replies > >Thanks for the hot fucking tip, Sparky. What was your first clue? I can only suppose that you're asking this out of the sudden realization that you're in desperate need of one. >Use it or loose it slick. Imagine some spook taking a shit in a public >restroom. They're human. And they fuck up regular as well. Presumably this is as distinguished from taking a shit on a public mailing list. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From mccoy at ccwf.cc.utexas.edu Thu Apr 28 09:02:44 1994 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Thu, 28 Apr 94 09:02:44 PDT Subject: AT&T, Clipper, & Saudi Arabia In-Reply-To: <199404281519.AA10680@poboy.b17c.ingr.com> Message-ID: <199404281601.LAA21156@tramp.cc.utexas.edu> paul at poboy.b17c.ingr.com (Paul Robichaux) writes: > > Can we please confine paranoia to reasonable areas -- like AT&T's sales > > of secure phones to the government? The U.S. government has a very long > > record of pushing American products against foreign competitors, such as > > Boeing versus Airbus. > > I have great respect for you, Steve, but in this case I must humbly > disagree with you. The US government does have a very long record of > promoting US products for foreign sales, but it is certainly rare for > the President himself to get involved so publically. No it is not. This is the second time Clinton has lobbied the Saudi's in favor of US companies (the first was when he helped McDonnel-Douglass and Boeing get a $6B contract for jet transports.) The other companies competing for the contract were Northern Telecom (Canadian), Siemens AG (Germany), Alcatel NV (France), and Telecom AB L.M Ericsson/NEC (joint Swedish and Japanese venture). As long as the U.S. still has points in the region it seems reasonable for us to use them in favor of US companies, doesn't it? For a full article on the matter check out page B4, col 4 of today's WSJ (which has the PGP article in it so you might want it anyway :) jim From hughes at ah.com Thu Apr 28 09:03:18 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 28 Apr 94 09:03:18 PDT Subject: Faking hostnames and inconvenient anon IP In-Reply-To: <9404272018.AA19034@vail.tivoli.com> Message-ID: <9404281559.AA19895@ah.com> >If so, can we not look forward to >such restrictions being placed on those who supply electronic PO >boxes? Evidently this _has_ been discussed. It came out at one of the CFP-94 sessions, that some telecomm and law group had considered this very issue. I'll call it what I did then, during the Q&A. Identity escrow. Eric From nelson at crynwr.com Thu Apr 28 09:07:18 1994 From: nelson at crynwr.com (Russell Nelson) Date: Thu, 28 Apr 94 09:07:18 PDT Subject: spooks on cypherpunks In-Reply-To: <9404280741.AA15944@toad.com> Message-ID: From: nobody at jarthur.cs.hmc.edu Date: Thu Apr 28 00:36:57 PDT 1994 NetSurfer Robert Mathews be aware Sorry, but this is no help. It's impossible to distinguish Agents Provocateur from merely incompetent people. You need to deal with the latter, and so the former fall out in the wash. If the cypherpunk movement is to be an effective non-violent force, it must realize that secrecy is no help. The best designed action will work even if your enemy helps you plan it and carry it out. Karn's CJR is an example of this. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From nelson at crynwr.com Thu Apr 28 09:09:48 1994 From: nelson at crynwr.com (Russell Nelson) Date: Thu, 28 Apr 94 09:09:48 PDT Subject: Gee... In-Reply-To: <199404280623.CAA07975@dunx1.ocs.drexel.edu> Message-ID: Date: Thu, 28 Apr 1994 02:24:39 -0400 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) At 12:21 PM 4/27/94 -0700, Sandy Sandfort wrote: >The Constitution and other laws are not magic talismans. It is fantasy >thinking that technical compliance with the government's laws renders >them "completely powerless." A Smith & Wesson beats four-of-a-kind. I'm not sure I understand what you are saying here. Them being the laws or the government? He's saying that power is granted to the government by the people. The Constitution is an agreement between the people and the government. As long as the government obeys the Constitution, the people will support it. That's why the executive branch (at very least) swears to uphold the Constitution. It's up to the people to ensure that the government comply with the Constitution. It's not the government's job to enforce the Constitution against itself, although, the Constitution is structured so as to present the three branches of government with a zero-sum game. The plan is that the easiest way a branch can get more power is to take it from another branch. That way, the government gets involved with fighting amongst itself for power rather than taking more from the people. You might enjoy Gene Sharp's three-book set entitled _The Politics of Nonviolent Action_. It goes into great depth on the source of governmental power over people. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From paul at poboy.b17c.ingr.com Thu Apr 28 09:14:58 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Thu, 28 Apr 94 09:14:58 PDT Subject: AT&T, Clipper, & Saudi Arabia In-Reply-To: <199404281601.LAA21156@tramp.cc.utexas.edu> Message-ID: <199404281615.AA11058@poboy.b17c.ingr.com> > > I have great respect for you, Steve, but in this case I must humbly > > disagree with you. The US government does have a very long record of > > promoting US products for foreign sales, but it is certainly rare for > > the President himself to get involved so publically. > No it is not. This is the second time Clinton has lobbied the Saudi's in > favor of US companies (the first was when he helped McDonnel-Douglass and > Boeing get a $6B contract for jet transports.) The other companies > competing for the contract were Northern Telecom (Canadian), Siemens AG > (Germany), Alcatel NV (France), and Telecom AB L.M Ericsson/NEC (joint > Swedish and Japanese venture). As long as the U.S. still has points in the > region it seems reasonable for us to use them in favor of US companies, > doesn't it? "Is too." "Is not." In this case, "rare" is accurate when applied with respect to the long history of US government involvement, not to this particular president; as you point out, this is the second time that Clinton has inserted himself into the loop. It wouldn't be too surprising to see him do it again. However, this sort of intervention *is* rare by past standards. Do you recall any non-FMS contracts where Presidents Bush, Reagan, Carter, or Ford went to bat so overtly for US products? -Paul From hayden at krypton.mankato.msus.edu Thu Apr 28 09:14:58 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Thu, 28 Apr 94 09:14:58 PDT Subject: Directory of 'punks In-Reply-To: <9404281547.AA01037@Central.KeyWest.MPGN.COM> Message-ID: This is certainly an interesting idea, but then I have to wonder if I should put my name into it, as I am a college student, 23-year old cumputer geek (not nerd :-), ex-navy, gay, politically active, subversive. I'd hate to be a shining example of what the establishment fears... ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From frissell at panix.com Thu Apr 28 09:31:58 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 28 Apr 94 09:31:58 PDT Subject: NPR Clipper Transcript Message-ID: National Public Radio Broadcast 28APR94 Morning Edition @ approx :20 past the first/third hour Bob Edwards (?): ... in the age of digital communication: the debate over encryption technology ... first, headlines from Carl Castle .... [Headline News] BE: The new era of digital communication has brought with it some very thorny problems concerning personal privacy. Three months ago, the Clinton administration announced a new encryption technology, called the "Clipper Chip" --- a device that encodes voice communications so that eavesdroppers can't understand what's being said. Privacy advocates are angry because the government will keep the keys to the Clipper Chip code, enabling the National Security Agency and the FBI to listen in. Critics say the Clipper policy will threaten privacy in the soon-to-be-deployed information technology on which the messages will include very personal documents and highly sensitive business communications. Next week, committees in both the Senate and the House will hold hearings on the controversy. NPR's John McChesney (sp) reports. JMcC: Today's digital encryption technology is so good that it's made law enforcement officials fearful that they're about to lose the wire tapping capabilities they already have. That's the reason the Clinton administration has proposed new technology that will keep law enforcement in the loop, so to speak. Clipper is part of what the administration hopes will become a new encryption standard. Jeff Greibledinger heads the Justice Department's Narcotics Division. JG: Clipper can be put into telephone or fax or similar hardware and provides extraordinarily strong encryption, using an algorithm that's been in use by the government now for a number of years. JMcC: Two people conversing will be able to activate Clipper encryption on their telephones, so that to an eavesdropper their conversation will be meaningless gibberish. In fact, Clipper's code is so complex, the government says it needs to keep the key, so that it can unlock the code and listen in if it thinks the laws are being broken. Thus the controversy, and there's a virtual canyon of difference between the government and privacy advocates, with both sides painting dark, disturbing visions of our digital future. Federal officials warn that the information super highway could become a lawless road, travelled by terrorist conspirators and kiddie porn merchants peddling their sordid wares over global networks, while lawmen are left standing by in uncomprehending helplessness. Civil libertarians, on the other hand, foresee a nearly omniscient government able to dip at will into the digital pipelines and pull up data containing the most intimate details of our personal and professional lives. JPB: The problem with cyberspace is that essentially every time you do anything there, you leave some kind of data trail. JMcC: John Perry Barlow writes about digital technology for Wired Magazine. JPB: In the physical world, you've got walls and doors that you can lock. But, you know, in the virtual world everything you do is visible except that which you explicitly make invisible. And the only way in which you can make things invisible is by using cryptography. And the only way in which you can make them invisible to the government is by using the strong cryptography that they don't want you to have. JMcC: The government may not *want* you to have strong encryption, but so far it hasn't said that you *can't* have it. Strong, private encryption software, to which the government will *not* have a key, will still be available on the domestic market. Administration spokesmen insist that Clipper, and other government data encryption standards yet to come, will be strictly voluntary. But that's a straddle that appears to have satisfied no one. Critics say that nobody with criminal intentions would be stupid enough to use the codes that the government has keys to. And others say that the administration is being disingenuous --- that it's using the levers of government to ensure that Clipper becomes *the* standard. One such skeptic is Jerry Berman of the Electronic Frontiers Foundation. JB: The government, while it says it's a voluntary system, they are determined to drive the market, to use government buying power to make this a defacto standard. If every government agency, the IRS, Treasury, and the Health Care System use Clipper Chip, there will be a tremendous market incentive to move towards Clipper as a potential standard. Second of all, they are making it very difficult for other encryption schemes to compete on the market by continuing to hold that any powerful encryption scheme available in the United States cannot be exported. It's a munition. It's a weapon. JMcC: The export restriction has infuriated the American software industry, which says it stands to lose more than $6 billion each year it's in effect. But it's the potential loss of privacy, rather than the loss of profit, that will undoubtedly remain at the center of the Clipper debate. Government backers of Clipper say there are sufficient legal restraints now in place to prevent illegal invasions of our privacy. Again, the Justice Department's Jeff Greibledinger: JG: A wiretap without lawful authorization is a Federal felony offense, punishable by up to five years in prison. That's true right now, even for unencrypted communications. It will be no less true in the future, when encryption is available. JMcC: Greibledinger says the Clipper system would make it even harder for government officials to gather information illegally. They key to each Clipper chip's code will be split into two parts, which will be held in escrow by two separate government agencies. A wiretap order would have to include separate, documented applications to these two agencies for the keys. But skeptics say that the excesses of the FBI under J. Edgar Hoover should be kept in mind during this debate. They also point out that modern digital technology is changing the terms of the debate about privacy. In the first place, there will be a lot more information about our private lives on the networks of the future than there is on the phone lines of today. And secondly, as critics like Jerry Berman point out, powerful computers connected to digital networks greatly increase the efficiency of spying, making it possible instantly to pull together a detailed personal portrait of any citizen. JB: What kind mail you're sending and to whom What kind of telephone calls you're making and to whom What kind of banking transactions and where you are, and What kind of vacation you're taking and What kind of movies you're watching --- all at the same time. JMcC: And all of the information surging through the digital pipelines of the future can be far more easily searched than could the mail and telephone calls of the past. Stanford Professor Martin Hellman, a noted pioneer in cryptographic technology, who opposes Clipper, says old-time wire taps required an expensive human being to monitor each and every call. MH: But once you have information in computer readable form, you can scan approximately 10 billion words for $1. You heard me right --- 10 billion words for $1! So the fact that we're going to computer readable information makes this much more dangerous. JMcC: Vermont's Senator Patrick Leahy heads a Senate Technology Sub-Committee that will hold hearings on the Clipper chip next week. He worries that concern about Clipper could slow down the deployment of the broadband communications networks the administration has been promoting. PL: We've had already some 48,000 people sign on to an electronic petition through Internet to say they're against it. The administration has set off alarms that probably they didn't need to set off, in some instances. Because I don't think that they laid the groundwork for this at all. And in some other areas, they've set off alarms that so far do not have adequate answers. JMcC: Nearly everyone agrees that the stakes in this debate are high --- finding the proper balance point between privacy and public safety in the digital age. Some observers believe that the Clinton administration may be softening its stand on Clipper now. Administration spokesmen are emphasizing that they've solicited alternative ideas from the computer and software industries. In San Francisco, I'm John McChesney reporting. BE: The time is 29 minutes past the hour. *************************** Transcribed by Lois Frissell From jim at rand.org Thu Apr 28 09:39:56 1994 From: jim at rand.org (Jim Gillogly) Date: Thu, 28 Apr 94 09:39:56 PDT Subject: SHA and Capstone [Re: Liberating Schneier's Code?] In-Reply-To: Message-ID: <9404281639.AA17753@mycroft.rand.org> > Matthew J Ghio writes: > Capstone chips do not use MD5. The algorithm in question was the > gubmint's Secure Hash Algorythm, which is not the same as MD5. I don't > think capstone uses SHA anyway... Yes, Capstone uses SHA. I append a chunk from the most recent NIST Capstone release. Do we start calling it SHA-1? Will Capstone chips with SHA-2 interoperate with the ones already burned? Hmm. Jim Gillogly 7 Thrimidge S.R. 1994, 16:37 _______________________________________________________________________ CAPSTONE CHIP TECHNOLOGY CAPSTONE is an NSA developed, hardware oriented, cryptographic device that implements the same cryptographic algorithm as the CLIPPER chip. In addition, the CAPSTONE chip includes the following functions: 1. The Digital Signature Algorithm (DSA) proposed by NIST as a Federal Information Processing Standard (FIPS); 2. The Secure Hashing Algorithm (SHA) recently approved as FIPS 180; 3. A Key Exchange Algorithm based on a public key exchange; 4. A general purpose exponentiation algorithm; 5. A general purpose, random number generator which uses a pure noise source. _______________________________________________________________________ From rarachel at prism.poly.edu Thu Apr 28 09:57:08 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Thu, 28 Apr 94 09:57:08 PDT Subject: Crypto scripting language In-Reply-To: <9404281228.AA14356@snark.imsi.com> Message-ID: <9404281644.AA26626@prism.poly.edu> Speaking of crypto script languages, I just found a program called UBASIC (It's only for PC's but maybe we can get the author to port it...) It has bignums built in and is VERY fast. It also contains a A^B MOD C function... Just the thing for RSA... also has prime testing functions, a prime picking function, etc... Its interpreted basic none-the-less, but I'd say it would make a nice little script language, no? You can get it from ftp oak.oakland.edu in the pub/msdos/ubasic directory... From pgf at srl.cacs.usl.edu Thu Apr 28 10:05:26 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Thu, 28 Apr 94 10:05:26 PDT Subject: spooks on cypherpunks Message-ID: <199404281700.AA26556@srl03.cacs.usl.edu> Hey! He forgot about Fox Moulder! Hanno Reactionist From cfrye at mason1.gmu.edu Thu Apr 28 10:10:13 1994 From: cfrye at mason1.gmu.edu (Curtis D Frye) Date: Thu, 28 Apr 94 10:10:13 PDT Subject: NSA snobs. Message-ID: <9404281710.AA14212@mason1.gmu.edu> Jim- Sounds like a great plan. I'm in a crunch until 13 May but would be willing to help after that. Count me in! Curt From peace at BIX.com Thu Apr 28 10:11:34 1994 From: peace at BIX.com (peace at BIX.com) Date: Thu, 28 Apr 94 10:11:34 PDT Subject: PGP in Wall Street Journal Message-ID: <9404281301.memo.63866@BIX.com> PGP and Phil Zimmermann are featured on the front page of today's (Thursday) Wall Street Journal. Anyone interested should get a copy and read it. From barrett at powder.add.itg.ti.com Thu Apr 28 08:29:13 1994 From: barrett at powder.add.itg.ti.com (barrett at powder.add.itg.ti.com) Date: Thu, 28 Apr 94 10:29:13 EST Subject: FYI: ATF and other stuff Message-ID: <9404281047.AA0260@powder.add.itg.ti.com> As some of you know, the net has been abuzz with ATF stuff. I have inclosed the text of the joint announcement by Tripoli and HPRMA. Please read. The bottom line is that it looks like we will have one more hurdle in order to be legal with our purchase or HPR motors. That hurdle is a Federal explosives "user license". It seems to be faily easy to get. Lou, do you have one of these? I have talked to the ATF and they are sending me an application. I suspect that I can make copies. It also appears that I/we will have to store our "class B" motors in a magazine. I have asked the ATF to send me information on what is needed. I talked to Mike Platt and he was said that it doesn't matter what kind of container you store them in, you CAN'T store them in a residence. I don't know how may of you have class B motors (or 54mm reloads), but I have plenty! I have made some initial investigation of local explosives "places" to see if I can rent some space in an existing magazine. I have not had any luck, but I stil need to do some more leg work. I will keep you posted. To leave on a up note, there will be an Outlaw launch June 11-12th in Brookshire. Should be a good tune up for LDRS. How many of you are going to LDRS? Mark and I made it last year, I hope that we can get a few more this year. Stu Barrett 512-250-6677 ============================================================ JOINT COMMUNIQUE OF THE HIGH POWER ROCKET MANUFACTURERS AND DEALERS ASSOCIATION AND THE TRIPOLI ROCKETRY ASSOCIATION TO THE HIGH-POWER ROCKET COMMUNITY 25 April 1994 Introduction & Brief History Since its inception in the late 1970s, the participants in the hobby of high power rocketry have consisted primarily of a small, tightly-knit group of experimenters and dedicated hobbyists. For most of these years, high-power rocketry had a very limited scope, was never really promoted to the general public, and, in fact, the general public was almost completely unaware of its existence. This has been true up until recently. Since the creation of the Tripoli Rocketry Association, specifically intended to cater to the high-power rocket enthusiast, and the embracing of high-power rocketry by the National Association of Rocketry, the hobby of high-power rocketry has experienced an accelerated rate of growth. The advent of the publication and widespread commercial distribution of High Power Rocketry magazine brought knowledge of the hobby to countless thousands of people who had never even heard of the existence of any hobby rocket motor larger than an Estes "D" engine. This flourishing of the hobby, and its supporting industry, has not gone unnoticed by the Federal regulators. 1993 NFPA Meetings In 1993, two meetings of the National Fire Protection Association's (NFPA) Committee on Pyrotechnics were held: the spring meeting in Colorado Springs, Colorado, and the fall meeting in Long Island, New York. At both of those meetings, while discussing the draft version of NFPA 1127, Code for High Power Rocketry, certain non-rocketry related committee members raised questions concerning the purchasing and storage requirements of high-power rocket motors relative to Bureau of Alcohol, Tobacco, and Firearms (BATF) regulations. The committee agreed collectively that all unanswered questions of Federal regulatory authority concerning high-power rocketry should be addressed before continuing with the 1127 code. At the Long Island NFPA meeting, it was suggested by the committee representative from the BATF that a request be made to the Washington headquarters of the BATF for clarification concerning the particular items in question. It is important to note that a former BATF representative who had been a member of the committee for many years had previously stated that the BATF was not interested in regulating high-power rocketry, but that this position could change in the future depending on circumstances. The BATF Letters and the Spring 1994 NFPA Meeting According to the NFPA/BATF request concerning clarification of this matter, three letters were mailed: two from a specific manufacturer, and one from the Trade Association. On the last day of the most recent meeting of the Committee of Pyrotechnics, held on 18-20 April 1994 in Salt Lake City, Utah, BATF provided a written response to the manufacturer's letters. This letter indicated, "...products which have been classified by the Department of Transportation (DOT) as a flammable solid 4.1 or as explosives 1.4c, which are within the 62.5 grams limit contained in NFPA 1122 and conform to the requirements of model rocket motors set forth in 16 CFR section 1500.85(a)(8)(ii)...," would meet BATF's requirements for exemption from licensing and explosive storage requirements. The significance of this letter was that all of those rocket motor products which have not been classified as a flammable solid 4.1 or as an explosive 1.4c were subject to the Federal explosives law, including all applicable licensing and storage requirements. It quickly became evident that a literal interpretation of the letter dictated that no existing hobby rocket motor product met all the requirements listed for exemption from the Federal explosives laws. Members of the Rocket Caucus became extremely concerned at this point. Upon bringing this fact to the attention of the two BATF representatives attending the NFPA meeting, the representatives explained that a clerical error had apparently been made in BATF's letter to the manufacturer. They clearly stated that BATF never intended that Federal licensing or storage requirements be made applicable to single-use hobby rocket motors containing no more than 62.5 grams of propellant or hobby rocket reload kits using propellant grains containing no more than 62.5 grams of propellant each. A request to obtain this intention in writing from the BATF is being submitted this week. Reasoning Behind the BATF's Decision According to BATF regulations, hobby rocket motors are considered to be "propellant actuated devices", a category of products exempt from the licensing and storage provisions of the Federal explosives laws. No weight limits are currently listed for this exemption in the regulations. In their letter to the manufacturer, the BATF explained that "During the early 1970's when the Bureau of Alcohol, Tobacco and Firearms (BATF) was assigned the responsibility of enforcing the Federal explosives laws, it was clear that we did not intend to regulate toy model rockets which did not constitute a public safety hazard. The exemption for model rocket motors, common fireworks, and propellant-actuated industrial tools was intended to cover explosive items that because of the small quantities involved, would not likely be a source of explosives for a bomb or be a hazard during storage situations. The explosives exempted were toy paper caps and other similar items. The largest model rockets that we were aware of were the Estes model "D" type engine." Therefore, when inquired as to whether high-power rocket motors could be considered to be "propellant actuated devices," and thus exempt from the Federal explosives laws, the BATF explained that the original exemption legislation was never intended to include larger rocket motor products such as those used in high power rocketry, even though this was not readily apparent from reading the regulations. The BATF representatives at the NFPA meeting stated that the hobby of high-power rocketry has simply been promoted to a degree of public exposure and adverse incident potential where the BATF is now compelled to "draw the line", so to speak, at the 62.5 gram level where they believe the intent of the law limits the definition of "propellant actuated devices". The representatives also stated that this clarification will be written into the next revision of the BATF regulations. Implications and Analysis Based on this informal clarification from the BATF, it is our belief that: (a) single-use model rocket motors containing no more than 62.5 grams of propellant are exempt from Federal licensing and storage requirements; (b) reloadable rocket motor products are also exempt from Federal licensing and storage requirements, provided that the mass of each propellant grain is no more than 62.5 grams, and has received a DOT shipping designation as Explosive 1.4, but may not be made available to children; (c) any single-use motor containing propellant mass greater than 62.5 grams, or any reloadable rocket motor product containing a propellant grain which weighs more than 62.5 grams, is subject to Federal licensing and storage requirements. How Does This Affect the Rocket Community? Because BATF has now ruled that many of the products currently used by the high-power rocket community are, in fact, subject to Federal licensing and storage requirements, manufacturers, importers, dealers (which includes distributors), and most users are required to abide by various aspects of the Federal explosives law. Manufacturers of hobby rocket motors, which includes model and high-power rocket motors and reload kits, are subject to Federal, and possibly state and local, licensing requirements for the manufacturing of an explosive. On the Federal level, this involves obtaining a low explosive manufacturing license from BATF, at a cost of $50 for the first year, $25 for each subsequent three-year period. Dealers (and distributors), of high-power rocket motors and reload kits as described in item (c) above, are subject to Federal, and possibly state and local, licensing requirements for the dealing in explosives. On the Federal level, this involves obtaining a low explosives dealer license from BATF, at a cost of $20 for the first year, and $10 for each subsequent three-year period. Users (e.g. consumers, flyers) of high-power rocket motors and reload kits as described in item (c) above, are subject to Federal, and possibly state and local, permit requirements for the purchase and storage of explosives. On the Federal level, this involves obtaining an explosive user permit from BATF, at a cost of $20 for the first year, and $10 for each subsequent three-year period. An important exception to the Federal requirement for a user permit is if the user were to purchase a motor or reload kit in his state of residence as defined by BATF, and either (a) use the motor or reload kit at the site of purchase (e.g. a launch), or (b) transport it to an approved storage facility located within the boundaries of said state. Everyone--manufacturers, dealers (distributors), users--who stores (as defined by the BATF) a high-power rocket motor or reload kit as described in item (c) above is subject to Federal, and possibly state and local, requirements for the storage of explosives. All storage of a high-power rocket motor or reload kit must be in accordance with Federal explosive storage requirements, even if a Federal license/permit is not required for purchase. There are no exceptions to this rule. Thermalite Thermalite is a brand name for igniter cord. Purchase and storage of igniter cord is regulated by BATF. Purchase and/or storage of igniter cord, IN ANY QUANTITY, requires an explosive license and an approved storage facility, i.e. an explosive magazine. This includes thermalite in any length, including the one inch lengths commonly included with motors produced by various manufacturers. The only exception to this would be the purchase by a user for immediate use in the state where he/she resides. Changes Within The Consumer Organizations In order to keep the expenses of compliance to a minimum, it is highly recommended that clubs, such as Tripoli Prefectures, obtain an approved explosive magazine or magazines for the storage of its members' high-power rocket motors, reload kits, and/or igniter materials which are subject to the BATF storage regulations. Members Any high-power rocket consumer may obtain a magazine for his own private storage. However, it is not necessary, if motors were consumed at the point of purchase (e.g. a launch), for consumers to have an explosives magazine. Dealers Dealers will need to obtain an approved explosive magazine or magazines if high-power rocket motors, reload kits, and/or igniter materials which are subject to BATF storage regulations are stored. How Does This Affect NFPA 1127? At the most recent NFPA Pyrotechnics Committee meeting, held in Salt Lake City, Utah, it was decided that the draft document NFPA 1127, Code for High Power Rocketry, be distributed for public comment. During this public comment phase, members of the rocket caucus will be submitting comments requesting that NFPA 1127 include wording which would incorporate appropriate references to the BATF licensing and storage requirements for high-power motor products. Responsibility of the Members While no massive law enforcement action has been announced or is expected, we need to start immediately to work towards bringing the high-power rocketry community into full compliance with the law as it is now being interpreted. As long as the regulators see that there are consistent and substantial efforts being made towards compliance, enforcement actions can be avoided. Of course, we do not have an indefinite amount of time in which to work towards compliance. The Trade Association will be requesting a 6 to 12 month period from BATF to effect compliance. The BATF has already indicated that this may be an acceptable time period. Are the above our only options? No. The consumer groups and the Trade Association have already initiated the process to exempt high-power rocket motors, reloads, and related items from the Federal explosives laws. It is also our intention to investigate the possibility of obtaining an amendment to Title XI, Regulation of Explosives (18 U.S.C. Chapter 40) of the Federal explosives law. Unfortunately, both of these processes will take a considerable amount of time, and the high-power rocket community has to bring itself into full compliance with the law while these other avenues are pursued. While it may be tempting for an individual to voice his opinion to BATF over the above matter, at this time it is not prudent to do so. In fact, any such action would, at a minimum, be counterproductive, and, in all likelihood, would encourage the BATF to take on an adversarial role. Currently, the BATF has indicated a willingness to work with the high-power rocketry community. We need to preserve and foster this relationship for the good of the hobby. There will be a time in the future when the community will need to respond loudly. We, the rocket community, need to maintain the maturity required in order to see this through an amicable process to the desired conclusion. /s/ /s/ Michael W. Platt Charles E. Rogers President President High Power Rocket Manufacturers Tripoli Rocketry Association, Inc. and Dealers Association, Inc. From perry at snark.imsi.com Thu Apr 28 10:32:41 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 28 Apr 94 10:32:41 PDT Subject: spooks on cypherpunks In-Reply-To: Message-ID: <9404281732.AA14898@snark.imsi.com> Russell Nelson says: > Sorry, but this is no help. It's impossible to distinguish Agents > Provocateur from merely incompetent people. You need to deal with the > latter, and so the former fall out in the wash. > > If the cypherpunk movement is to be an effective non-violent force, it > must realize that secrecy is no help. The best designed action will > work even if your enemy helps you plan it and carry it out. Karn's CJR > is an example of this. Frankly, I agree. The NSA and the rest are roughly in the position of the Eastern block dictatorships a few years ago. There is basically nothing they can do to maintain their position. They have no mechanism available. With the arrival of good cryptographic techniques in the open literature they were basically given a death sentence. Anyone with a computer and some brains can now do lots of stuff they don't like, and there isn't anything they can do about it no matter how much they would like. They will search desperately for some miracle to save them, but there isn't going to be one. Even were they to succeed in getting lots of laws in place, there would be no way to enforce them where it counts the most -- the criminals will not obey, and the technology is easy for them to get. We need no secrecy. We need only keep doing what we are doing: looking for more and more ways to attack them in the legal system, pointing out how silly they look in the press, and writing more code. There is virtually nothing they can do no matter how much they like. The NSA will either adapt or die -- it seems to be trying to die right now rather than adapt, but thats not our problem. Frankly, I'm happier if they are watching. It tells us that we are worth looking at. Perry From perry at snark.imsi.com Thu Apr 28 10:35:26 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 28 Apr 94 10:35:26 PDT Subject: Directory of 'punks In-Reply-To: <9404281547.AA01037@Central.KeyWest.MPGN.COM> Message-ID: <9404281735.AA14914@snark.imsi.com> "Jim Sewell" says: > > Thank you for the preliminary (<2 hrs) response to the posting. I have > not gotten a "that's a bad idea" letter yet of the 7 replies so I will > assume this is a "Good Thing" tm. Here is my vote for "its a bad idea". Cypherpunks is NOT an organization. Leave the organizational fronting to people like CPSR and EFF who have good PR people and know what they are doing. They've done a great job thus far. If we want to answer blowhards who claim we are a small number of nuts, we can just show off the Time magazine poll. Perry From werner at mc.ab.com Thu Apr 28 10:35:54 1994 From: werner at mc.ab.com (tim werner) Date: Thu, 28 Apr 94 10:35:54 PDT Subject: Directory of 'punks Message-ID: <199404281735.NAA04751@sparcserver.mc.ab.com> >Date: Thu, 28 Apr 1994 10:28:40 -0400 (EDT) >From: "Jim Sewell" > >With tools like a "press kit" and a directory of members we will >become viewed as a cross-section of America, citizens with a >point of view shared by many, contributors to the general welfare >of society rather than a bunch of fanatical computer geeks ... Well, that leaves me out, but at least I'm not a pencil-neck (17.5"). tw From lefty at apple.com Thu Apr 28 10:53:32 1994 From: lefty at apple.com (Lefty) Date: Thu, 28 Apr 94 10:53:32 PDT Subject: Directory of 'punks Message-ID: <9404281752.AA08196@internal.apple.com> Perry writes: >"Jim Sewell" says: >> >> Thank you for the preliminary (<2 hrs) response to the posting. I have >> not gotten a "that's a bad idea" letter yet of the 7 replies so I will >> assume this is a "Good Thing" tm. > >Here is my vote for "its a bad idea". Cypherpunks is NOT an >organization. Leave the organizational fronting to people like CPSR >and EFF who have good PR people and know what they are doing. They've >done a great job thus far. > >If we want to answer blowhards who claim we are a small number of >nuts, we can just show off the Time magazine poll. Yeah, what he said. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From unicorn at access.digex.net Thu Apr 28 11:11:17 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 28 Apr 94 11:11:17 PDT Subject: spooks on cypherpunks In-Reply-To: <9404280150.aa02224@deeptht.armory.com> Message-ID: <199404281810.AA02180@access3.digex.net> [In response to a "tip"]: > Thanks for the hot fucking tip, Sparky. What was your first clue? > I suggest you not only learn to live with it, you learn to compete at > their level. You can ftp my Psychological Warfare Primer for Online > Activists at ftp.eff.org What, did he expose some of your friends or something? > > /pub/EFF/Issues/Activism/psychwar.primer > > You have the right to free speech, and you have the right to dissent. > > Use it or loose it slick. Imagine some spook taking a shit in a public > restroom. They're human. And they fuck up regular as well. I'm not sure I get your point. If I imagine the soldier in the field deficating he won't have any power over me? Or do I have to imagine the gun deficating? The profanity doesn't seem to help me follow your ideas. > -- > PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! > > * eagle at deeptht.armory.com email info at eff.org * > *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** > ***** Committed to Free Public Internet Access for World Peace ***** One of the problems with cypherpunks, and Mr. May mentioned this some posts ago, is that you have close to 700 views. If our friend at nobody wants to "out" someone (if that's what he's doing), he has his own purpose and motives, and Mr. Davis has little constructive to say about it. With 700 people on the list, it's likely that someone will have some useful purpose for this information. Since it's impossible to tell who, or even if anyone can do anything with it you might as well just let it pass. -russ says: If the cypherpunk movement is to be an effective non-violent force, it must realize that secrecy is no help. The best designed action will work even if your enemy helps you plan it and carry it out. Karn's CJR is an example of this. <- I couldn't disagree more. While secrecy may be difficult, it is HARDLY of no help. In many ways the discussions on cypherpunks frame the issues months in advance of the media, the executive and the policy arms. People come to cypherpunks with new ideas, code and structures. People in cypherpunks forward budding advances in centralism and technology both pro and anti - privacy and crypto. In short, cypherpunks is ahead of the game in many respects. Would be a prime source of more than SigInt, but also of HumInt. Its nice when the enemy can't do anything about your work, but it's also rare. The more likely is that the enemy is doing IT'S WORK secretly. Or at least quietly and with politically timed releases. The best directed action will work even if your enemy helps you plan it and carry it out without even knowing they did. -uni- (Dark) From jims at Central.KeyWest.MPGN.COM Thu Apr 28 11:12:31 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Thu, 28 Apr 94 11:12:31 PDT Subject: Apology In-Reply-To: <199404281735.NAA04751@sparcserver.mc.ab.com> Message-ID: <9404281812.AA02257@Central.KeyWest.MPGN.COM> I've said in a previous post and others like it: >With tools like a "press kit" and a directory of members we will >become viewed as a cross-section of America, citizens with a >point of view shared by many, contributors to the general welfare >of society rather than a bunch of fanatical computer geeks ... I want to apologize to the fine folk on this list that are not Americans for my self-centered phrasing. In everyday life you generally don't think of other countries and as such I've probably offended someone. I in no way meant to imply that everyone is American, that we are the most important, or that our political system is the best. If I offended anyone I apologize and will try to be more cautious with my wording in the future. -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From koontzd at lrcs.loral.com Thu Apr 28 11:16:18 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Thu, 28 Apr 94 11:16:18 PDT Subject: Paranoia Message-ID: <9404281815.AA16163@io.lrcs.loral.com> I heard last night the the 3rd Battalion of the 12th Special Forces is at Moffett, and that they wanted to modify a building to allow repelling practice. I personally can't think of any reason for an elite fighting force to be stationed in an area of urban sprawl. Has anyone noticed any other elite forces being located in high population areas? From prock at teetot.acusd.edu Thu Apr 28 11:28:01 1994 From: prock at teetot.acusd.edu (no depression) Date: Thu, 28 Apr 94 11:28:01 PDT Subject: Directory of 'punks In-Reply-To: <9404281752.AA08196@internal.apple.com> Message-ID: <9404281827.AA01818@teetot.acusd.edu> "Jim Sewell" says: > > Thank you for the preliminary (<2 hrs) response to the posting. I have > not gotten a "that's a bad idea" letter yet of the 7 replies so I will > assume this is a "Good Thing" tm. Oooh. I don't know about a good idea. I was never much in favor of giving my name out for free. I mean if someone want's to read this list and find my affiliation from the sporadic posts that I enter and then make random associations about me that is one thing. But to do it for them? Nahhh, that is part of the reason I entertain ideas like cryptography, and practices like only withdrawing my money from one bank in person while writing out of state checks for all mail purposes. I'd just rather that people didn't know my business. Thus, personally, I think it is "a bad idea". Andrew Prock prock at teetot.acusd.edu From habs at warwick.com Thu Apr 28 11:34:21 1994 From: habs at warwick.com (Harry S. Hawk) Date: Thu, 28 Apr 94 11:34:21 PDT Subject: e-mail for WSJ Message-ID: <9404282131.AA19485@cmyk.warwick.com> Here is the e-mail address that can be used to contact the author of the WSJ article on Philip Z. The author's name is William Bulkeley The e-mail address is 6095475 at mcimail.com Let's not overload him... /hawk From tcmay at netcom.com Thu Apr 28 11:37:33 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 28 Apr 94 11:37:33 PDT Subject: Papers on Crypto and the Future In-Reply-To: <9404281114.AA18648@toad.com> Message-ID: <199404281838.LAA27024@netcom.com> (Note on Names of Threads: I've changed the name of this thread from "questions" to something a bit more descriptive. I urge all of you to try to pick thread names with some care, as the thread name is what gets seen over and over again. I've been sorting some of the 80 MB of mail on my optical disk and I'm chagrinned to see just how many threads are titled "Re: your mail," "more questions," "mail," and even "huh?" Not to mention the recent long debate about telscope optics that was named something completely unrelated like "IRC prt 25 disabled?" or somesuch. Take the initiative! Pick meaningful titles!) Agent Orange defoliated us with: > I am currently getting together resources for a research paper on the > growth of encryption systems, from enigma to present day. Part of the > paper will examine the direction taken by encryption schemes in the > future (with particular reference to the likely acceleration of > computing power, greater need for personal privacy, etc etc) Yeah, well there have been some excellent histories already written, so you may want to save yourself some trouble and simply located them. Is this paper for a class, or for whom? I especially recommend Whit Diffie's review and history of crypto, reprinted in the readily-avialable collection, "Contemporary Cryptology," edited by Gus Simmons. Diffie was there, as they say, and has some fascinationg perspectives. He's also talked extensively to Don Coppersmith of IBM, about DES, and has some insights into the compromises made. (Coppersmith acknowledges in the new Shamir-Biham book on differential cryptanalysis that IBM knew of Diff Crypt. in the early 70s when the S-boxes and key size were being finalized. He would not tell S & B if IBM or himself knew of other attacks.) There are also magazine-type reviews in "IEEE Spectrum" and "Communications of the ACM," circa 1992-3. "Proceedings of the IEEE" also has devoted at least one recent issue to crypto, including some historical overviews. (I think this was circa 1990, give or take. I can't remotely access "Current Contents" at melvyl at ucop.edu right now, so this'll have to do.) > The paper will be written from the viewpoint of an encryption-aware > programmer, rather than that of an expert cryptanalyst! Plenty of > example code and practical applications will form the backbone of this > study, not pages of mathematics. What's wrong with pointing your readers at Schneier? This has become the de facto standard, and the extensive review and scrutiny of his code ensures more accuracy than most of us could get casusally. As they say, "Use the Force...read the source." > Are there any papers currently circulating dealing with the future of > encryption? Has anyone else on this list already investigated this area, > I'd appreciate any information you can submit (ftp addrs?), via this > mailing list or private email if you wish. > > Nick Many such papers, though we on this very list (I say modestly) are some of the best forward-thinkers to be found. Sci.crypt also has some stuff, but I think not as good as our own predicitons and speculations. Of course, the best way to see the technical aspects of the future (and a method I favor) is to scan the contents of the various "Crypto Conferences," in the Springer-Verlag series on "Advances in Cryptoology," "EuroCrypt," "AusCrypt," etc. If anyone out there is unaware of these volumes, you owe it to yourself to go to a nearby technical library and look them up. A few hours spent reading about amazing new protocols will open your eyes. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hayden at krypton.mankato.msus.edu Thu Apr 28 11:59:29 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Thu, 28 Apr 94 11:59:29 PDT Subject: Directory of 'punks In-Reply-To: <9404281827.AA01818@teetot.acusd.edu> Message-ID: On Thu, 28 Apr 1994, no depression wrote: > > Oooh. I don't know about a good idea. I was never much in favor > of giving my name out for free. I mean if someone want's to read this > list and find my affiliation from the sporadic posts that I enter and > then make random associations about me that is one thing. Keep in mind, anyone can 'who' the list from majordomo and get a list of who is subscribed. You face the assumption that you are a pencil-necked geek who was too busy doing your trig to attend Woodstock. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From mech at eff.org Thu Apr 28 11:59:48 1994 From: mech at eff.org (Stanton McCandlish) Date: Thu, 28 Apr 94 11:59:48 PDT Subject: Carl Ellison Message-ID: <2pp12u$g6u@eff.org> Anyone have Carl Ellison's new eaddr? It's important. Thanks. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G O P E N P L A T F O R M O N L I N E R I G H T S V I R T U A L C U L T U R E C R Y P T O From tcmay at netcom.com Thu Apr 28 12:03:53 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 28 Apr 94 12:03:53 PDT Subject: Paranoia Strikes Deep, Into your Heart it Will Creep... In-Reply-To: <9404281815.AA16163@io.lrcs.loral.com> Message-ID: <199404281904.MAA00844@netcom.com> David Koontz expresses alarm: > > I heard last night the the 3rd Battalion of the 12th Special Forces is > at Moffett, and that they wanted to modify a building to allow repelling > practice. > > I personally can't think of any reason for an elite fighting force to > be stationed in an area of urban sprawl. > > Has anyone noticed any other elite forces being located in high population > areas? So? Lots of military bases are near urban areas. I haven't seen this report before, but my hunch is that the plan is to use the large dirigible hangars (some of the largest buildings in the world, built in the 1920s and 30s) for the rappelling exerices. Just a hunch. In any case, since there aren't many other tall buildings around here likely to be occupied in the Coming Crisis (tm) by Cypherpunk Criminals (tm) and other CyberTerrorists (tm), I hardly think there's a correlation between where this merry band of Special Forces guys does their training and where, if anyplace, they get deployed. Do you think there's a correlation? In any case, guys rappelling down buildings is the least of our reasons for paranoia. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From unicorn at access.digex.net Thu Apr 28 12:18:50 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 28 Apr 94 12:18:50 PDT Subject: AT&T, Clipper, & Saudi Arabia In-Reply-To: <199404281615.AA11058@poboy.b17c.ingr.com> Message-ID: <199404281918.AA07020@access3.digex.net> > > > > I have great respect for you, Steve, but in this case I must humbly > > > disagree with you. The US government does have a very long record of > > > promoting US products for foreign sales, but it is certainly rare for > > > the President himself to get involved so publically. > > > No it is not. This is the second time Clinton has lobbied the Saudi's in > > favor of US companies [Examples] > > "Is too." > "Is not." > > In this case, "rare" is accurate when applied with respect to the long > history of US government involvement, not to this particular > president; as you point out, this is the second time that Clinton has > inserted himself into the loop. It wouldn't be too surprising to see > him do it again. > > However, this sort of intervention *is* rare by past standards. Do you > recall any non-FMS contracts where Presidents Bush, Reagan, Carter, or Ford > went to bat so overtly for US products? In general I dislike the amount of hands on management in this administration. See below. > -Paul > > -> Dear AT&T: If you'll roll over for us on Clipper, we will suitably incentivize you. /s/ The Clinton Administration I suppose most of us would consider a $4B contract a "suitable incentive." While there's probably no direct evidence of a quid pro quo, it strikes me as a bit odd that the President is personally intervening in a purely commercial deal. <- It's not odd while the commercial deal impacts domestic, or foreign policy programs, and while Clinton can appropriate agencies for his personal PR programs. If you look at the trend of Clinton leadership back to Little Rock, you can see a trend of misuse, or appropriation of officials for his personal or program use. Be it a law firm, or the NSA or AT&T it doesn't seem that this is anything new. It is, however, disturbing. Look at the goals of the administration with respect to technology. 1> Restrict strong crypto 2> Empower law enforcement with high technology. 3> Regulate the "information superhighway" The stepping stones to get to these points have included: A> Restricting export of strong crypto. B> Restricting or encouraging weak crypto Domestically (Clipper) C> Weaken the will of large telecommunications entities to resist with string incentives and the threat of Regulation (DigiTel '94) D> Make compliance so difficult that it's easier to yield the torch to a government agency. (NIST perhaps?) Now consider the methods: 1> Active frustration of the market. (Bought up AT&T's non clipper phones and destroyed most of them). 2> The use of NSA, the creation of NIST to promote domestic policy and accomplish the stepping stones. 3> The use and empowerment of the FBI at the expense of the CIA under the guise of the crime problem to highlight the "problem" and circumvent the autonomy of intelligence agencies. The methodology is dangerous. If the President can not only use the law enforcement and intelligence agencies to further goals only remotely connected to law enforcement and intelligence, and tie the hands of private corporations before pushing them off the plank, what happens when the goals get even more centralist? At this point it hardly matters that the United States is a "capitalist private sector economy" because the President can interfere when and where he likes in the private sector with relative ease. How did he get here? 50 Years of accretion of power by the State. Will the day come when AT&T, which backbones the majority of communication, including borrowing books from thousands of miles away and sending faxes from the beach, is merely a tool for domestic policy? Hell, it's a tool for domestic policy today. What happens when the PRIVATE largess of phone service (which by then will be much more important than it is today) is interrupted because you haven't paid that traffic ticket? Impossible? States are already taking driver's licenses away for reasons not remotely associated with driving or owning a car. (See that old Wired, can't remember which issue). Is the use of private companies with heavy reliance on government as tools that far off? In 1952 Justice Jackson commented, "The tools belong to the man who can use them." The quote from Napoleon was a cold reference to the inability of the court to empower the Congress unless the Congress would take hold of the reigns, or in his words, "We may say that the power to legislate for emergencies belongs in the hands of Congress, but only if Congress itself can prevent power from slipping through its fingers." _Youngstown Sheet & Tube Co. v. Sawyer_, 343 U.S. 579 (1952) (Jackson, J.). That was in 1952. The underlying suggestion was that a more powerful President, a President who held the Congress in his hands and dazzled the people with charisma might well wield tools that were outside the conception of the day. [It explains much to say that Truman was in Office] Jackson was wrong. Today we have a President whose every move is questioned. Who is embattled in controversy and conspiracy theories. Who is seen as a proponent of big government and branded a "one termer." A President who cannot grab hold, cannot quite steady himself in the rocking boat, cannot find a safe haven from the press, the people or the legislature, even in his own party. Still, here is a President who wields the tools of private industry and agencies because he can use them. I ask, what will a loved President accomplish with the same tools? -uni- (Dark) From jims at Central.KeyWest.MPGN.COM Thu Apr 28 12:19:13 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Thu, 28 Apr 94 12:19:13 PDT Subject: Directory of 'punks In-Reply-To: <9404281827.AA01818@teetot.acusd.edu> Message-ID: <9404281918.AA02744@Central.KeyWest.MPGN.COM> > > Oooh. I don't know about a good idea. I was never much in favor > of giving my name out for free. I mean if someone want's to read this > list and find my affiliation from the sporadic posts that I enter and > then make random associations about me that is one thing. > > But to do it for them? ... Good point, and well taken, but would the directory do much more than requesting a "whois" from the mailing list robot? It is a matter of one's priorities and it is obvious (and good!) that they vary from person to person. -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From unicorn at access.digex.net Thu Apr 28 12:24:17 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 28 Apr 94 12:24:17 PDT Subject: Directory of 'punks Message-ID: <199404281924.AA07408@access3.digex.net> Keep in mind, anyone can 'who' the list from majordomo and get a list of who is subscribed. You face the assumption that you are a pencil-necked geek who was too busy doing your trig to attend Woodstock. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) <- Annonymous posting gets more and more interesting. From cme at sw.stratus.com Thu Apr 28 12:44:17 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Thu, 28 Apr 94 12:44:17 PDT Subject: your WSJ article, today Message-ID: <199404281944.PAA02079@galt.sw.stratus.com> Bravo. Good article. Except: "What will they do when people start encrypting messages to each other?" suggests that this isn't happening. I've been routinely encrypting e-mail since 1981 -- including overseas traffic. Still -- good article. Thanks. - Carl P.S. We need to establish that publishing an article on an FTP server or via an e-mail newsletter is, in fact, publication according to the first amendment. This may be the wrong case to establish that precedent but it needs to be established. From djw at eff.org Thu Apr 28 12:45:19 1994 From: djw at eff.org (Daniel J. Weitzner) Date: Thu, 28 Apr 94 12:45:19 PDT Subject: Satellites, the NSA, & Clipper Message-ID: <199404281945.PAA17686@eff.org> I just returned from a presentation at Comsat about Clipper and other crypto issues. They asked EFF & NIST to come and square off before them so that they could begin to think about the issues. They may not get too deeply involved, but most of the manufacturers & users represented seemed quite sympathetic to our position. I also picked up an amusing tidbit. All satellites that carry US government traffic must have an NSA-designed black box which secures the satellite control channel from enemy interference (ie. Libya tries to move US satellites around to screw up our communications). Guess who builds the black box. You got it, Mykotronx. ************************************************************************** "Only in a police state is the job of a policeman easy." --Orson Welles ...................................................................... Daniel J. Weitzner, Senior Staff Counsel Electronic Frontier Foundation 202-347-5400 (v) 1001 G St, NW Suite 950 East 202-393-5509 (f) Washington, DC 20001 *** Join EFF!!! Send mail to membership at eff.org for information *** From sonny at netcom.com Thu Apr 28 13:32:56 1994 From: sonny at netcom.com (James Hicks) Date: Thu, 28 Apr 94 13:32:56 PDT Subject: Directory of 'punks In-Reply-To: <9404281428.AA11444@Central.KeyWest.MPGN.COM> Message-ID: <199404282033.NAA19219@netcom.com> > With tools like a "press kit" and a directory of members we will > become viewed as a cross-section of America, citizens with a > point of view shared by many, contributors to the general welfare Well, unfortunately I've got to clear this with my probation officer... +---------------------------------------------------------------------+ | james hicks | Give me your tired, your poor, | | | your huddled masses yearning to breathe free, | | ...can you hear | Send these, the homeless, tempest-tossed to me.| | the music?... | I lift my lamp beside the golden door! | +---------------------------------------------------------------------+ From hughes at ah.com Thu Apr 28 13:33:34 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 28 Apr 94 13:33:34 PDT Subject: ADMIN: Re: Paranoia In-Reply-To: <9404281815.AA16163@io.lrcs.loral.com> Message-ID: <9404282029.AA20371@ah.com> >I heard last night the the 3rd Battalion of the 12th Special Forces is >at Moffett, and that they wanted to modify a building to allow repelling >practice. This is not a cypherpunks topic. Please do not reply on the list to this message. Eric From sico at aps.hacktic.nl Thu Apr 28 14:20:58 1994 From: sico at aps.hacktic.nl (Sico Bruins) Date: Thu, 28 Apr 94 14:20:58 PDT Subject: PGP Question: In-Reply-To: <9404262046.AA00927@Central.KeyWest.MPGN.COM> Message-ID: Tuesday April 26 1994 22:46, "Jim Sewell": "S> From: "Jim Sewell" "S> Message-Id: <9404262046.AA00927 at Central.KeyWest.MPGN.COM> "S> Date: Tue, 26 Apr 1994 16:46:37 -0400 (EDT) [edited] "S> as" to my key. Since my name is the same in both and the "S> mentioned keysizes are all that have changed I'd like to remove "S> the AKA. Can I do this? If so how? That's a big problem with PGP, so before you go experimenting first backup your key. When I tried editing an aka on mine (my email address had changed) I lost other people's signatures on my key. :-( CU, Sico (sico at aps.hacktic.nl). [PGP public key:] bits/keyID Date User ID 1024/5142B9 1992/09/09 Sico Bruins Key fingerprint = 16 9A E1 12 37 6D FB 09 F6 AD 55 C6 BB 25 AC 25 (InterNet: sico at aps.hacktic.nl) From jpp at markv.com Thu Apr 28 14:30:03 1994 From: jpp at markv.com (jpp at markv.com) Date: Thu, 28 Apr 94 14:30:03 PDT Subject: DId you ever think... In-Reply-To: <9404281910.AA15338@buoy.watson.ibm.com> Message-ID: <9404281429.ab03574@hermix.markv.com> > From: uri at watson.ibm.com > Date: Thu, 28 Apr 1994 15:10:39 -0500 (EDT) > > jpp at markv.com says: > > Wasn't there some concern on IBM's part about liability -- > > Thus the US Governments participation, including the 'secret' changes > > to DES? > > Liabilities? To who and about what? Since it became a standard, the > US Gov't assumed the responsibility... Oh, for instance, say liability to the banks who's electronic fund transfers were stolen or forged. But yeah, my understanding was that IBM wouldn't release the cipher for general consumption unless some Gov't would 'standardize' it and take the liability heat. Even the smaller 56 bit key was IBM's idea? Why!??!? Weren't they in the business of making a _strong_ cipher? j' From warlord at MIT.EDU Thu Apr 28 14:33:46 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 28 Apr 94 14:33:46 PDT Subject: PGP Question: In-Reply-To: Message-ID: <9404282133.AA05939@toxicwaste.media.mit.edu> > That's a big problem with PGP, so before you go experimenting first > backup your key. When I tried editing an aka on mine (my email address > had changed) I lost other people's signatures on my key. :-( This makes sense.. A signature is a binding between a key and a userID. If you remove that userID, then clearly the signatures binding that userID to the key should be removed as well, since otherwise they are binding nothing. What should be available (although it is not implemented) is a userID revocation, where you can basically send out a messages that will remove userIDs from a key. Then again, signature revocations should be implemented as well... Hope this helps. -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord at MIT.EDU PP-ASEL N1NWH PGP key available From fnerd at smds.com Thu Apr 28 14:48:59 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Thu, 28 Apr 94 14:48:59 PDT Subject: Revenge of the Nerds who Missed Woodstock Message-ID: <9404282137.AA05767@smds.com> Anonymous quotes Stevens Miller paraphrasing Stuart Baker of the NSA: Focusing on his spin rather than his content is a good idea, let's spin a little more. > - The debate over the Clipper proposal is "really just a culture clash > among net-heads." Yes, between authoritarians and libertarians who are aware of the issue. > - Those opposing the proposal are late-coming counter-culturists, "who > couldn't go to Woodstock because they had to do their trig homework." Some things won in the 60s have suffered wear, tear, disrespect, distortion and retreat. Other changes that happened then were wrong. If Mr. Baker is saying that we're a later generation carrying on the work, I'm honored. I was a natural in trig and didn't do my homework, but I did extra reading in political topics in high school. George Orwell's essays come to mind. > - Opponents envision themselves as would-be "cybernauts in bandoliers and > pocket-protectors." Jes' patriotic citizens payin' our eternal vigilance dues. Mr. Miller continues: > I quote these remarks (as best I can from memory; my hands were shaking too > much to write clearly at this point) to make it clear that our government's > representative has reached a conclusion about the community opposing its > plan. He has concluded that the members of that community are so beneath > his respect that it is more appropriate to make fun of them than it is to > respond to their views. Or he may have that little confidence in the substance of his own position. Or he may have that little respect for reasoned public debate in general. Or he may be that clueless about his opposition. In any case I wouldn't assume (and Mr. Miller doesn't seem to) that Mr. Baker actually believes his own public statements. -fnerd quote me - - - - - - - - - - - - - - - Gradually, I become aware of a presence. Between me and sustenance stands a woman in a suit. --Michael Swaine -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From vkisosza at acs.ucalgary.ca Thu Apr 28 15:14:52 1994 From: vkisosza at acs.ucalgary.ca (Istvan Oszaraz von Keszi) Date: Thu, 28 Apr 94 15:14:52 PDT Subject: PGP Question: In-Reply-To: <9404282133.AA05939@toxicwaste.media.mit.edu> Message-ID: <9404282217.AA58112@acs5.acs.ucalgary.ca> Derek Atkins wrote: > What should be available (although it is not implemented) is a userID > revocation, where you can basically send out a messages that will > remove userIDs from a key. Then again, signature revocations should > be implemented as well... Sorry Derek, you lost me on this one. Why should there be signature revocations? When you sign a key, all you are vouching for is the integrity of the key, and not the integrity of the key issuer. At least that was my understanding. When would a signature revocation be necessary? The only time I can think of a use for this, is if someone has signed a key indiscriminately, in which case you shouldn't be trusting the validity of any of the signatory's signatures, since their signatures are untrustworthy. If I'm erring in some way, could someone please clairfy? > From warlord at MIT.EDU Thu Apr 28 15:31:23 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 28 Apr 94 15:31:23 PDT Subject: PGP Question: In-Reply-To: <9404282217.AA58112@acs5.acs.ucalgary.ca> Message-ID: <9404282231.AA06681@toxicwaste.media.mit.edu> > Sorry Derek, you lost me on this one. Why should there be > signature revocations? When you sign a key, all you are vouching There are a number or real reasons. Maybe you got coerced into signing they key, or you think that maybe the key was signed incorrectly, or maybe that person no longer uses that email address, because they lost the account, or that maybe you don't believe that the binding of key to userID is valid for any number of reasons. That is why signature revocations should exist. Comments? -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord at MIT.EDU PP-ASEL N1NWH PGP key available From pgf at srl.cacs.usl.edu Thu Apr 28 15:46:22 1994 From: pgf at srl.cacs.usl.edu (Phil G. Fraering) Date: Thu, 28 Apr 94 15:46:22 PDT Subject: Paranoia Message-ID: <199404282241.AA26973@srl03.cacs.usl.edu> >I personally can't think of any reason for an elite fighting force to >be stationed in an area of urban sprawl. Uh, last time I checked, the most recent two conflicts the U.S. may be getting involved in or got involved in were in Mogudishu and in urban areas in the former Yugoslavia. Not to mention the urban environment of Seoul. Whether you're a hawk or a dove, the fact is, the US has been, might be, or just plain is (if there's a war in Korea) committed to conflicts where there's going to be combat in an urban or "suburban" area. You might debate the wisdom of our overseas commitments, etc., but if you think we should have an army that should have as its hope of survival the idea that the enemy will always be fighting in rural areas, you're foolish in the extreme, and if you implement those ideas you will kill a great many of your own army. Phil From paul at hawksbill.sprintmrn.com Thu Apr 28 15:57:54 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Thu, 28 Apr 94 15:57:54 PDT Subject: Paranoia In-Reply-To: <199404282241.AA26973@srl03.cacs.usl.edu> Message-ID: <9404282359.AA22232@hawksbill.sprintmrn.com> C'mon guys -- take this off of the list.. - paul From lile at netcom.com Thu Apr 28 16:02:15 1994 From: lile at netcom.com (Lile Elam) Date: Thu, 28 Apr 94 16:02:15 PDT Subject: May 4 Crypto Talk... Message-ID: <199404282303.QAA20739@netcom.com> I thought you might be interested. It would be great if some folks from this list could show. -lile *************** Please Circulate Freely *************** You're Invited to Our Next General Meeting! Admission Free/Open to the Public Wednesday, May 4, 1994, 7:30 P.M. First Presbyterian Church 1140 Cowper Street, Palo Alto (3 Blocks North of Embarcadero -- See Map on Back) Wire Taps and Cryptography in Your Future with Nelson Bolyard Everyone is talking about the Clipper Chip, and lots of people are wondering about the FBI's digital telephony initiative. This talk will discuss both of those things and provide some historical perspective on the battle between Congress and the Administration over control of standards for civilian cryptography, and CPSR's role in that debate. Nelson Bolyard is an engineer for a major computer manufacturer in the Silicon Valley. He has background in cryptography and highly secure systems, and is presently working in high-speed networking. Sponsored By: Computer Professionals for Social Responsibility CPSR\Palo Alto: P.O. Box 717, Palo Alto, CA 94302 From vkisosza at acs.ucalgary.ca Thu Apr 28 16:09:54 1994 From: vkisosza at acs.ucalgary.ca (Istvan Oszaraz von Keszi) Date: Thu, 28 Apr 94 16:09:54 PDT Subject: PGP Question: In-Reply-To: <9404282231.AA06681@toxicwaste.media.mit.edu> Message-ID: <9404282312.AA33925@acs5.acs.ucalgary.ca> Derek Atkins wrote: > There are a number or real reasons. Maybe you got coerced into > signing they key, or you think that maybe the key was signed > incorrectly, or maybe that person no longer uses that email address, > because they lost the account, or that maybe you don't believe that > the binding of key to userID is valid for any number of reasons. Uhh, right. But all a person has to do is issue a key revocation certificate. Now if someone CAN'T issue a signed certificate, then that is a problem. And a good problem to have. Otherwise how would we know that a revocation is valid? Then again just create a new key and get the key signed. You can carry a key with you from email address to email address. You can edit your own user id, with I believe pgp -ke. If you do have to get a "brand new key" cut, you can get your key signed by someone over the phone, (that is if you trust the phone :-), But if no one trust you over the phone, your SOL, unless of course you had someone sign your keys and not just your key, in which case there really isn't a big problem. A gram of prevention is worth a whole hell of a lot. Did you say you were at MIT? From vkisosza at acs.ucalgary.ca Thu Apr 28 16:20:58 1994 From: vkisosza at acs.ucalgary.ca (Istvan Oszaraz von Keszi) Date: Thu, 28 Apr 94 16:20:58 PDT Subject: RSA-129 In-Reply-To: <199404270405.AAA02384@charon.MIT.EDU> Message-ID: <9404282323.AA21521@acs5.acs.ucalgary.ca> Derek Atkins wrote: > We are happy to announce that > > RSA-129 = 1143816257578888676692357799761466120102182967212423625625618429\ > 35706935245733897830597123563958705058989075147599290026879543541 > = 3490529510847650949147849619903898133417764638493387843990820577 * > 32769132993266709549961988190834461413177642967992942539798288533 > > To find the factorization of RSA-129, we used the double large prime > variation of the multiple polynomial quadratic sieve factoring method. > The sieving step took approximately 5000 mips years, and was carried > out in 8 months by about 600 volunteers from more than 20 countries, > on all continents except Antarctica. Combining the partial relations Now let's see, where's my slide rule, let's see 5,000 mips years at $30,000 /mips = damn, where is that calculator. :-) > We would like to thank everyone who contributed their time and effort > to this project. Without your help this would not have been possible. > > Derek Atkins Nahh, couldn't be, > Michael Graff > Arjen Lenstra > Paul Leyland > From lefty at apple.com Thu Apr 28 16:33:24 1994 From: lefty at apple.com (Lefty) Date: Thu, 28 Apr 94 16:33:24 PDT Subject: RSA-129 Message-ID: <9404282331.AA15291@internal.apple.com> Istvan Oszaraz von Keszi writes: > >Now let's see, where's my slide rule, let's see 5,000 mips years >at $30,000 /mips = damn, where is that calculator. :-) $30,000 per mips!? Want to buy a (slightly) used Quadra 700? -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From warlord at MIT.EDU Thu Apr 28 16:52:09 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 28 Apr 94 16:52:09 PDT Subject: PGP Question: In-Reply-To: <9404282312.AA33925@acs5.acs.ucalgary.ca> Message-ID: <9404282352.AA07123@toxicwaste.media.mit.edu> > Uhh, right. But all a person has to do is issue a key revocation > certificate. Now if someone CAN'T issue a signed certificate, then > that is a problem. The point is that someone shouldn't NEED to revoke their key if all they are doing is changing their email address. What if the binding of the userID is a result of a position that you hold... For example, I am the owner of a company and I sign people's identifiers, saying that they are employees of mine, and possibly what their position is. Now say I fire someone, I want to be able to revoke my signature since the binding is no longer valid! But I shouldn't need to force them to generate a new key. > Did you say you were at MIT? This is a joke, right? -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord at MIT.EDU PP-ASEL N1NWH PGP key available From vkisosza at acs.ucalgary.ca Thu Apr 28 17:36:09 1994 From: vkisosza at acs.ucalgary.ca (Istvan Oszaraz von Keszi) Date: Thu, 28 Apr 94 17:36:09 PDT Subject: PGP Question Message-ID: <9404290038.AA45080@acs5.acs.ucalgary.ca> Derek Atkins wrote: > This is a joke, right? Gee, either that or the Towers of Hanoi. O.K., quick now off the top of my head. Make a key. Make an ultimately trusted key for each of your employees. Have employees make their key. Sign each of the employees keys with your ultimately trusted key for employee. Fire all of your employees. Worry about someone thinking that said employee is still an employee, revoke ultimately trusted key for employee. Yes, a key management problem, but maybe someone could write some code . . . (You know, I much prefer multiple guess.) From vkisosza at acs.ucalgary.ca Thu Apr 28 17:46:01 1994 From: vkisosza at acs.ucalgary.ca (Istvan Oszaraz von Keszi) Date: Thu, 28 Apr 94 17:46:01 PDT Subject: RSA-129 In-Reply-To: <9404282353.AA16512@snark.imsi.com> Message-ID: <9404290048.AA31660@acs5.acs.ucalgary.ca> Perry E. Metzger wrote: > "Istvan Oszaraz von Keszi" says: > > Now let's see, where's my slide rule, let's see 5,000 mips years > > at $30,000 /mips = damn, where is that calculator. :-) > > $30,000/mips? Huh? You haven't gotten out much in ten years, have you? Sorry, we're in Canada, eh. Loooonies, eh. And you wonder why big-iron sales are bleak?? Quote of the week: IBM unveiled it's new line of mainframes before an audience of 300 customers at a Toronto hotel. Over heard at the bar: " I never realized, there were OTHERS, I thought we were the only ones !! " From rustman at netcom.com Thu Apr 28 18:33:33 1994 From: rustman at netcom.com (Rusty H. Hodge) Date: Thu, 28 Apr 94 18:33:33 PDT Subject: spooks on cypherpunks Message-ID: <199404290134.SAA05922@netcom.com> > From: nobody at jarthur.cs.hmc.edu > Date: Thu Apr 28 00:36:57 PDT 1994 > > NetSurfer > Robert Mathews > > be aware You know, spooks need strong Crypto, too. I think you're making the assumption that the only reason a spook is here is to infiltrate us and do us harm. I bet it is quite the opposite. What is the best way to stay hidden and secure? Use strong crypto that can be found almost anywhere (like PGP). Strong crypto that doesn't scream goverment or worse. Blend in with the rest fo the crypto traffic. Spooks get *caught* by doing things that are out of the ordinary. Spooks stay in business by not standing out and disappearing in the crowds. It probably sounds silly, but there are probably more or at least as many spooks who *like* what we're doing than those who oppose it. Rusty Hodge, Cyberbeticist, Resident Futurist. From grendel at netaxs.com Thu Apr 28 18:42:35 1994 From: grendel at netaxs.com (Michael Brandt Handler) Date: Thu, 28 Apr 94 18:42:35 PDT Subject: Random #'s via CD-ROM? Message-ID: <199404290142.VAA04213@access.netaxs.com> Hello cypherpunks (first post): In the hopes of starting an cryptograpy-related thread... I have been reading the section in _Applied Cryptography_ about random number generators, and some proposed hardware random number generators. It seems to me that with the CD-ROM drive becoming increasingly common these days, this could be exploited as a source of randomness. For example: [1] Read a pseudo-random section from the CD-ROM. Unless you catch the blank end of a sector, you should obtain random data (this is one obvious problem with this method). [2] Read a pseudo-random section from the CD-ROM, and use this data to select another chunk of data from the CD-ROM (more random, yet we still have a problem if we read the blank end of a sector...). The two above ideas are okay, but they both suffer from the same problem, namely if you read the unused portions of the cluster you will get a random sample of all 0's. Not good. The idea that really interests me is this: Place an *audio* CD in the CD-ROM drive. Most CD-ROM drives know about audio discs now, and I believe they can be made to read the binary waveform data even if they don't understand the Red Book audio format. If you have something really random/discordant (Ministry / NIN / Curve / Sonic Youth / Pain Teens / Diamanda Galas / Coil / etc) and you take samples of the waveform and play with them as described in _AC_, you could get some pretty random samples. Of course, care must be taken to only read within the portions of the CD/CD-ROM that have actually been encoded.... What do you all think? I have code to work with CD-ROM drives, works on my system and a friend's CD-ROM drive as well (for DOS machines). I don't know about Mac / UNIX CD-ROM drive programming, sorry. =( I welcome all comments, criticisms, flames, love letters, etc. Post if there's wide enough appeal, or just email me. [ I am also taking suggestions for random / discordant / loud music to use with this method. Please email me, don't post, as I'm sure the rest of the list would dislike us discussing that in public ] -- ========================================================================== | Michael Brandt Handler | | Philadelphia, PA | ========================================================================== From grendel at netaxs.com Thu Apr 28 19:06:04 1994 From: grendel at netaxs.com (Michael Brandt Handler) Date: Thu, 28 Apr 94 19:06:04 PDT Subject: Tempest info wanted Message-ID: <199404290205.WAA04696@access.netaxs.com> Sorry, I forgot to put this in my last message: Can someone point me toward TEMPEST info / vendors / etc? On the net is a plus, but not required... -- ========================================================================== | Michael Brandt Handler | | Philadelphia, PA | ========================================================================== From nelson at crynwr.com Thu Apr 28 19:06:31 1994 From: nelson at crynwr.com (Russell Nelson) Date: Thu, 28 Apr 94 19:06:31 PDT Subject: spooks on cypherpunks In-Reply-To: <9404281732.AA14898@snark.imsi.com> Message-ID: Cc: cypherpunks at toad.com Reply-To: perry at imsi.com X-Reposting-Policy: redistribute only with permission Date: Thu, 28 Apr 1994 13:32:10 -0400 From: "Perry E. Metzger" Russell Nelson says: > Sorry, but this is no help. It's impossible to distinguish Agents > Provocateur from merely incompetent people. You need to deal with the > latter, and so the former fall out in the wash. > > If the cypherpunk movement is to be an effective non-violent force, it > must realize that secrecy is no help. The best designed action will > work even if your enemy helps you plan it and carry it out. Karn's CJR > is an example of this. Frankly, I agree. That's a [my] change from a few years ago, eh? The NSA will either adapt or die -- it seems to be trying to die right now rather than adapt, but thats not our problem. Cautionary note here, Perry. People who feel that have no choices often don't care if the only choice they see is a bad one. Hitler [yeah, yeah, I know] convinced the German people that all their choices were bad, but his was best. They killed a few people -- it was in all the papers at the time. What can crypto do to counteract fascism? Especially given that crypto will be used as an excuse for said fascism. You could argue that it is already, but if you'll notice, the public reasoning for Clipper never includes "Clipper exists to displace ubiquitious public key crypto". -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From jpp at markv.com Thu Apr 28 19:20:55 1994 From: jpp at markv.com (jpp at markv.com) Date: Thu, 28 Apr 94 19:20:55 PDT Subject: Random #'s via CD-ROM? In-Reply-To: <199404290142.VAA04213@access.netaxs.com> Message-ID: <9404281919.aa08006@hermix.markv.com> This strikes me as another variant on the venerable 'book' cypher. To quote Kahn (is that even close? The guy who wrote _The Code Breakers_.) 'What you gain in key size, you loose in key coherency.' In general book ciphers are not very strong. (At least thats what I think the big boys said...) But, speaking of random numbers. In Crypto '92 (or '93?) there is this great protocol for two players (Andy and Beth say) to listen to a poorly heard (radio) source (a low power satalite, or perhaps Radio Free Bosnia) and extract a shared secret key -- even when an evil opponent (Eve say) is listening with much better equipment. This is really a great result! It is at least as exciting as DH key exchange (to me). It's strength is based on probability and information theory and not on 'unproven' complexity theory assumtions (such as 'discrete logrithms are hard to compute'). But -- how do we make it work on the net? j' -- O I am Jay Prime Positive jpp at markv.com 1250 bit fingerprint B06229 = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit fingerprint 2A915D = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys via `finger jpp at markv.com', or via email to pgp-public-keys at io.com Your feedback is welcome directly or via my symbol JPP on hex at sea.east.sun.com Resist the Clipper Chip, write "I oppose Clipper" to Clipper.petition at cpsr.org From merriman at metronet.com Thu Apr 28 19:46:49 1994 From: merriman at metronet.com (David Merriman) Date: Thu, 28 Apr 94 19:46:49 PDT Subject: Remailers wanted Message-ID: <199404290246.AA28380@metronet.com> I'm in the process of writing a remailer front-end for Windows (I can hear it now - "Oh, GROSS!" :-), and am looking to collect the addresses of as many remailers as possible. I've already got the listing from SODA.BERKELEY, so anything not on that list is welcome. Please let me know if the system handles plaintext, PGP, RIPEM, or ????. Unless somebody screams at me not to, I'll upload the finished program (it'll be free) to SODA. My Email address is merriman at metronet.com and you can finger me for PGP/RIPEM keys/fingerprints Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCNAi12VeYAAAEEAOqndSk+w1iAtW1nJDtdajTZEZEOuMjeKoFbXWuMK8H93Ckx Ba6c0Z8+STXtscP2WWKwRUVcrM0iZa2X4/7Z/Brl31aaA4DT6AVoxet3CLY0JUfi FciusBFCfPB6wfDdwABLZAzTd49YDyWI/Fq0MlNJ3JAeTFwhPeJ9eOnzcfP1AAUR tCVEYXZlIE1lcnJpbWFuIDxtZXJyaW1hbkBtZXRyb25ldC5jb20+ =3ppL -----END PGP PUBLIC KEY BLOCK----- From blancw at microsoft.com Thu Apr 28 19:51:18 1994 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 28 Apr 94 19:51:18 PDT Subject: CIA & FBI, a marriage made in ___? Message-ID: <9404290152.AA21446@netmail2.microsoft.com> From: Black Unicorn (from an earlier post) In so far as the law is a matter of perspective, I think everyone should try to embrace the concepts of the law, and in particular, the constitution. (from the above named post) Yes, I'm tired of the issue [of the political aspects of crypto] being framed as a crime problem that needs political attention through law enforcement when in actuality it is a question of regulation and domestic policy. ...................................................... I'm not seeing the consistency in embracing the concepts of the law, while questioning the regulation of crypto through law enforcement. It all rather looks the same to me: political attention-> law enforcement-> regulation-> domestic policy. ?? Blanc From unicorn at access.digex.net Thu Apr 28 20:28:58 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 28 Apr 94 20:28:58 PDT Subject: CIA & FBI, a marriage made in ___? In-Reply-To: <9404290152.AA21446@netmail2.microsoft.com> Message-ID: <199404290328.AA10287@access3.digex.net> > > > From: Black Unicorn > > (from an earlier post) > In so far as the law is a matter of perspective, I think everyone should > try to embrace the concepts of the law, and in particular, the constitution. > > (from the above named post) > Yes, I'm tired of the issue [of the political aspects of crypto] being > framed as a crime problem that needs political attention through law > enforcement when in actuality it is a > question of regulation and domestic policy. > ...................................................... > > I'm not seeing the consistency in embracing the concepts of the law, > while questioning the regulation of crypto through law enforcement. > > It all rather looks the same to me: political attention-> law > enforcement-> regulation-> domestic policy. > > ?? The hinge question is what I, or you, mean by "concepts of law." In the first post, a cypherpunk was dismissing the importance of the constitution as valueless to his quest, because current law meant nothing to him and was an authority he did not respect. (I'm extracting from memory, if the poster would care to comment...?) My point was that one should never dismiss the constitution, and that the framers had some heads between them. The concepts of law I refer to are the original frameworks embodied in the constitution. In reality I have a great deal of respect for the concepts and the notions and the genius I see in the document that is the Constitution of the United States. Just the process, the intellectual endeavor of that, of developing a stable structure restraining the various powers from dominating still gives me chills. Call me a fanatic. The question of its application to current events is another matter. Was the separation of power just to keep the infighting to a low level, or was it to keep any one power from growing too large? Therein lies the answer you seek. If the current structure of government is proper true to the constitution, and more importantly the goal of a stable government with co-equal branches, then respecting those "concepts of law" is to embrace centralism, regulation of markets, export restrictions and an ever growing executive branch. If the current structure of government is improper, and goes beyond the bounds of power the framers intended, then respecting those "concepts of law" is to reject the current state of affairs. It all depends on the ground you start from, I start from the latter, and not the former. In my framework, I feel it is consistent to embrace the constitution and its doctrine while still resisting regulation. You'll note my quote in the first post: "In so far as the law is a matter of perspective, I think everyone should try to embrace the concepts of the law, and in particular, the constitution." Perspective is key. > > Blanc > -uni- (Dark) From jdwilson at gold.chem.hawaii.edu Thu Apr 28 20:47:26 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Thu, 28 Apr 94 20:47:26 PDT Subject: spooks on cypherpunks In-Reply-To: <9404280741.AA15944@toad.com> Message-ID: I suggest that you not make accusations unless you are sure of your facts. Neither I nor Mr. Mathews work for ANY government intelligence (isn't that an oxymoron?) or other type agency. My only interest in ADP security is that which helps me protect systems I manage from attack, both internal and external. L8rs -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQBNAi2Ig+EAAAECALImsR18LE9I6NKICf8TVhbV6yJgF95ynGHnWnNo1ERfdqzk Zl3Icl2N5klNM3KQ9zM3uN/z55smi2QOiD3hL80ABRO0L0phbWVzIEQuIFdpbHNv biA8amR3aWxzb25AZ29sZC5jaGVtLmhhd2FpaS5lZHU+ =JTj1 -----END PGP PUBLIC KEY BLOCK----- ................................ . == = = James D. Wilson. . " " " P. O. Box 15432............................. . " " /\ " Honolulu, HI 96830-5432......Fr. Excelsior........ . \" "/ \" jdwilson at gold.chem.hawaii.edu.FRC/FAM/AASR/GWB/OTO. ................................................................... On Thu, 28 Apr -1 nobody at jarthur.cs.hmc.edu wrote: > Date: Thu Apr 28 00:36:57 PDT 1994 > From:nobody at jarthur.cs.hmc.edu > To: cypherpunks at toad.com > Subject: spooks on cypherpunks > > NetSurfer > Robert Mathews > > be aware From joshua at cae.retix.com Thu Apr 28 20:47:30 1994 From: joshua at cae.retix.com (joshua geller) Date: Thu, 28 Apr 94 20:47:30 PDT Subject: spooks on cypherpunks Message-ID: <199404290346.UAA04376@sleepy.retix.com> >It probably sounds silly, but there are probably more or at least as many >spooks who *like* what we're doing than those who oppose it. I have a childhood friend who grew up to be a new york city cop. we used to smoke mega drugs together. I met him at my brothers wedding and asked him about his vocational choice, it seemed strange. he said 'there are 20,000 new york city cops. every kind of person you can imagine is a new york city cop'. all generalizations are false. josh From eagle at deeptht.armory.com Thu Apr 28 20:55:42 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Thu, 28 Apr 94 20:55:42 PDT Subject: Some Other Friends of Mine Message-ID: <9404282055.aa09351@deeptht.armory.com> Some other friends of mine I've been involved with since their inception. ---------------------------------------------------------------------- WHAT'S NEW . . . The following article was published recently in GLOSAS NEWS. We've had a few folks request this information and thought that others (and particularly new subscribers) might find the information in this article of interest so we are republishing this in today's issue of the Digest. GLOSAS News is the electronic bulletin of the GLObal Systems Analysis and Simulation Association in the USA (GLOSAS/USA). It is distributed free of charge by fax and electronic mail. *************************************************************************** WWW: "Friends and Partners" *************************************************************************** From Russia and America comes a new information service called "Friends and Partners" -- one of the first such information systems jointly developed by citizens of these two nations. Its purpose is to help facilitate the creation of a "human network" across cultural and political boundaries by utilizing resources of the increasingly global Internet computer network. A special emphasis is placed on building relationships between people of the United States and people of the former Soviet Union -- countries and cultures isolated from each other for most of the 20th century. This new service was 'born' with an announcement on the Internet on Wednesday, January 19, 1994. It is only 3 months old but growing up rather quickly. With almost 700 regular subscribers to its daily mailing list service and over 90,000 file retrievals from people representing over 40 countries, it has become a quite active service. But it is best considered for the moment as a very new and immature creation -- a 'framework' for an information system with more 'heart' than substance -- but with lots of promise. The task at hand is to help others build upon the framework -- to create and link together information on our nation's histories; our art, music, literature, and religion; our educational and scientific resources; our business and economic opportunities; our geography and natural resources, our languages; and our opportunities for communicating, travelling, and working together. The 'end product' should be an evolving and continually changing information resource that will hopefully help bridge the gulf of understanding that exists between our nations and that will provide a common 'meeting place'. What are the practical uses of this service? Scientists should be able to use the service to find information about funding opportunities and exchange programs, access various databases and library resources, and locate potential colleagues and co-workers. Teachers and educators at all levels should be able to find and contribute interesting and up-to-date material to assist in their instruction -- making their courses more 'alive' and more pertinent to real world issues. Business people should be able to learn about the economic environments and opportunities in both countries as well as the rules and laws pertaining to conducting business. Artists (and their patrons) should be able to learn about, meet and work with each other. This effort hopes to build upon the excellent work already being accomplished by our governments and by the various groups, centers, institutes and individuals who have been working for so many years towards the same goal of building cooperation and friendship. Perhaps the main difference from other efforts is the use of the World Wide Web on the Internet as the method of communicating information. The World Wide Web was chosen because of its ability to handle mixed media (text, graphics, audio, and, someday soon, video), the excellent graphic and non-graphic browsers available for free on the Internet, and its ability to 'integrate' information from all of the best Internet-based tools and utilities -- Usenet news, Gophers, WAIS indexes, FTP archives, telnet sessions, etc. The Friends and Partners server already makes use of some of the multi-media capabilities -- with several graphic images and maps available for display and at least one example of music which can be played by computers connected to the Internet (much more digitized music will be available soon). The service currently consists of several primary 'sections' including: (1) History ; (2) Geography; (3) Art and music; (4) Literature; (5) Language; (6) Related Internet Resources; (7) Education; (8) Science; (9) Funding and Exchange Opportunities; (10) Economics and Business; (11) Tourism and Travel; (12) "Life" (includes health and medical issues, cuisine, etc.); (13) News and Weather; (14) USA Demographics; (15) Russia Demographics. These sections point to information all over the world. This 'hypertext' capability makes it very simple for the user to access information globally but from a single, easy-to-use environment. While we hope that, over the coming weeks and months, all of these areas will be developed by those with appropriate interest, there are several areas on which we are currently focusing attention. These include: (1) development of a computer searchable "annotated white pages" directory which will focus on people and organizations within the Former Soviet Union and on people and organizations elsewhere who are working or wish to work in this area. We are hoping to work with the IREX organization on this and have just recently received approval by the Citizen's Democracy Corps (CDC) to place their NIS email directory on-line; (2) creation of a vast collection of information resources dealing with business and economics -- including material to help business-people in the FSU create and manage successful business enterprise and to help others who wish to conduct business in the FSU; (3) further development of a top-notch news service; (4) development of a comprehensive base of funding opportunity information; (5) development of a medical / health issues forum; (6) creation of a network for the exchange of research and education information. Our primary development emphasis during the time since the server was announced has been to collect ideas and correspond with the many people who have offered to help with this effort. The outpouring of support from around the world has been quite remarkable and most encouraging. The project demonstrates the potential for good that exists with this wonderfully chaotic, global resource we call the Internet -- which makes possible and simple the communication of information anywhere within its vast reach throughout our world. This information resource is at least as significant a development as the printing press was several centures ago -- the creation of global 'virtual communities' will undoubtedly prove to be one of the most significant events of human history. It has been asked "why do this?". The authors had a discussion several months ago about experiences growing up in the 1960s, about fears both had regarding the potential both countries had to destroy each other, and about how effectively our nations had planned and allocated resources to help create weapons of destruction that could realistically eliminate life in our world. Given the immensity of this effort and the success with which it was carried out, we both agreed (perhaps naively) to help focus attention on the enormous good our nations could do if they applied even a fraction of the resources to more constructive work together. We feel that creating a joint information service could be a useful aid in furthering the often invisible but very real infrastructure which supports cooperative and constructive endeavor. To visit the WWW server using the Mosaic software, use the URL: http://solar.rtd.utk.edu/friends/home.html . If you cannot use Mosaic, just telnet to solar.rtd.utk.edu and enter 'friends' at the login: prompt (in all lowercase and without the quotes). To join the listserv with which we post email and notices of new developments on the server, just send a one line e-mail message to listproc at solar.rtd.utk.edu consisting of: SUBSCRIBE FRIENDS firstname lastname We are 'rank amateurs' -- currently unfunded, untrained in political theory or economics. But both authors are experienced with the collection and dissemination of information and the construction of tools to enable more effective use of information. With the active participation and assistance of others, we believe we can further the cooperative infrastructure that already exists between our nations. This is our hope and our ambition for this effort. Natasha Bulashova, Pushchino, Russia Email: natasha at ibpm.serpukhov.su Greg Cole, Research Services, The University of Tennessee 211 Hoskins Library, Knoxville, TN 37996 Phone: (615) 974-2908; Fax: (615) 974-6508 Email: gcole at solar.rtd.utk.edu ---------------------------------------------------------------------- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From wmo at rebma.rebma.mn.org Thu Apr 28 20:57:05 1994 From: wmo at rebma.rebma.mn.org (Bill O'Hanlon) Date: Thu, 28 Apr 94 20:57:05 PDT Subject: Remailer traffic Message-ID: <199404290347.WAA00265@rebma.rebma.mn.org> To whoever is sending the piles of messages through my remailer that contain the "Do-Inject:" header line: You might as well leave the remailer at rebma.mn.org out of whatever it is you are doing. Your mail is not making it through. I'm not directly on the Internet. If your goal is to supply bogus traffic to make traffic analysis impractical, I applaud your thinking, but not your implementation. You're filling up my disk drive, dude. From unicorn at access.digex.net Thu Apr 28 20:58:32 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 28 Apr 94 20:58:32 PDT Subject: spooks on cypherpunks In-Reply-To: Message-ID: <199404290358.AA11637@access3.digex.net> > > Cc: cypherpunks at toad.com > Reply-To: perry at imsi.com > X-Reposting-Policy: redistribute only with permission > Date: Thu, 28 Apr 1994 13:32:10 -0400 > From: "Perry E. Metzger" > > Russell Nelson says: > > Sorry, but this is no help. It's impossible to distinguish Agents > > Provocateur from merely incompetent people. You need to deal with the > > latter, and so the former fall out in the wash. > > > > If the cypherpunk movement is to be an effective non-violent force, it > > must realize that secrecy is no help. The best designed action will > > work even if your enemy helps you plan it and carry it out. Karn's CJR > > is an example of this. > > Frankly, I agree. > > That's a [my] change from a few years ago, eh? > > The NSA will either adapt or die -- it seems to be trying to die right > now rather than adapt, but thats not our problem. > > Cautionary note here, Perry. People who feel that have no choices > often don't care if the only choice they see is a bad one. Hitler > [yeah, yeah, I know] convinced the German people that all their > choices were bad, but his was best. They killed a few people -- it > was in all the papers at the time. Concur. Confront them with annihilation, and they will then survive; plunge them into a deadly situation, and they will then live. When people fall into danger, they are then able to strive for victory. -Sun Tzu > > What can crypto do to counteract fascism? Especially given that > crypto will be used as an excuse for said fascism. You could argue > that it is already, but if you'll notice, the public reasoning for > Clipper never includes "Clipper exists to displace ubiquitious public > key crypto". Crypto defies fascism when it is widespread and solid in the citizenry. If enslavement is the ability to stifle speech, crypto is the liberator. > -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav > Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key > 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light > Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. > I think the dismissal of the NSA is premature. I think the rumors of the NSA's death are greatly exaggerated. I think the focus on the NSA in this group over looks more dangerous threats. Crypto helps, but it's not the end all. Why ask for trouble on the assumption that the intelligence agencies are fighting a losing battle? Especially when the assumption is dubious. Digitel and Clipper could turn the tide very quickly. Perhaps a more public NSA and FBI could be more dangerous to liberty than hidden ones? It's certainly much easier to apply influence in public than in secret and behind the scenes. I'm not sure how much the NSA needs to adapt here. I'm not sure those who would resist centralism and regulation WANT the NSA to adapt. Considering the way in which AT&T fell into line I wonder how poorly the NSA, and the administration, are doing. If anyone doubts that the administration and more importantly, the Congress, still finds use for intelligence agencies try to get a copy of today's M&L news hour. (4/28/94) Foreknowledge cannot be gotten from ghosts and spirits, cannot be had by analogy, cannot be found out by calculation. It must be obtained from people, people who know the conditions of the enemy. - Sun Tzu From jdwilson at gold.chem.hawaii.edu Thu Apr 28 21:00:27 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Thu, 28 Apr 94 21:00:27 PDT Subject: Phil Z in the WSJ In-Reply-To: Message-ID: On Thu, 28 Apr 1994, Duncan Frissell wrote: > Date: Thu, 28 Apr 1994 09:00:15 -0400 (EDT) > From: Duncan Frissell > To: cypherpunks at toad.com > Subject: Phil Z in the WSJ > > Get today's Wall Street Journal. Phil and PGP are profiled in the left > hand "profile" column on page 1. > > Usual crypto errors. "PGP is more unbreakable than any code in history." > > They spelled our name wrong too. > > It's "cypherpunks" not cipherpunks. > > DCF > > > And if you check out the May Issue of Fantasy and Science Fiction pps. 73-85, Bruce Sterling's Science column is entitled "The New Cryptography". A good plain-language explanation of crypto, private and public key, and the current problems facing Phil Z. -Jim -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQBNAi2Ig+EAAAECALImsR18LE9I6NKICf8TVhbV6yJgF95ynGHnWnNo1ERfdqzk Zl3Icl2N5klNM3KQ9zM3uN/z55smi2QOiD3hL80ABRO0L0phbWVzIEQuIFdpbHNv biA8amR3aWxzb25AZ29sZC5jaGVtLmhhd2FpaS5lZHU+ =JTj1 -----END PGP PUBLIC KEY BLOCK----- ................................ . == = = James D. Wilson. . " " " P. O. Box 15432............................. . " " /\ " Honolulu, HI 96830-5432......Fr. Excelsior........ . \" "/ \" jdwilson at gold.chem.hawaii.edu.FRC/FAM/AASR/GWB/OTO. ................................................................... From jdwilson at gold.chem.hawaii.edu Thu Apr 28 21:07:25 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Thu, 28 Apr 94 21:07:25 PDT Subject: spooks on cypherpunks In-Reply-To: Message-ID: On Thu, 28 Apr 1994, Russell Nelson wrote: > Date: Thu, 28 Apr 94 10:20 EDT > From: Russell Nelson > To: cypherpunks at toad.com > Subject: Re: spooks on cypherpunks > > From: nobody at jarthur.cs.hmc.edu > Date: Thu Apr 28 00:36:57 PDT 1994 > > NetSurfer > Robert Mathews > > be aware > > Sorry, but this is no help. It's impossible to distinguish Agents > Provocateur from merely incompetent people. You need to deal with the > latter, and so the former fall out in the wash. > > If the cypherpunk movement is to be an effective non-violent force, it > must realize that secrecy is no help. The best designed action will > work even if your enemy helps you plan it and carry it out. Karn's CJR > is an example of this. > > -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav > Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key > 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light > Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. I contest and resent either incorrect nametag. -Jim -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQBNAi2Ig+EAAAECALImsR18LE9I6NKICf8TVhbV6yJgF95ynGHnWnNo1ERfdqzk Zl3Icl2N5klNM3KQ9zM3uN/z55smi2QOiD3hL80ABRO0L0phbWVzIEQuIFdpbHNv biA8amR3aWxzb25AZ29sZC5jaGVtLmhhd2FpaS5lZHU+ =JTj1 -----END PGP PUBLIC KEY BLOCK----- ................................ . == = = James D. Wilson. . " " " P. O. Box 15432............................. . " " /\ " Honolulu, HI 96830-5432......Fr. Excelsior........ . \" "/ \" jdwilson at gold.chem.hawaii.edu.FRC/FAM/AASR/GWB/OTO. ................................................................... From phantom at u.washington.edu Thu Apr 28 21:33:14 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Thu, 28 Apr 94 21:33:14 PDT Subject: Elliptic Curve response Message-ID: After seeing the post about elliptic curve encrytion (mentioning neal koblitz as an authority) I took the liberty of forwarding it to him and asking for his response as well as a good reference. Here's the response. (I'd never heard of elliptic curve crypto. I have now.) ---- Date: Thu, 28 Apr 94 16:10:39 -0700 From: Neal Koblitz To: phantom at u.washington.edu Subject: reply Matt, Thanks for the message. The guy is basically correct in what he says (except for minor inaccuracies in terminology and so on). The best source on this subject is the recent book: ``Elliptic Curve Public Key Cryptosystems'' by Alfred Menezes, Kluwer Acad. Pub., 1993. Regards, Neal ------ Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From karn at qualcomm.com Thu Apr 28 22:19:37 1994 From: karn at qualcomm.com (Phil Karn) Date: Thu, 28 Apr 94 22:19:37 PDT Subject: WSJ editorial email or fax address? Message-ID: <199404290519.WAA13283@servo.qualcomm.com> Anybody know if the WSJ accepts letters to the editor by fax or email? I've drafted the following letter to the editor, but I couldn't find anything but a snail mail address in today's paper. I *did* send a copy to Mr. Bulkeley's MCI mail address, so please do NOT forward it to him again...Phil 7431 Teasdale Ave San Diego, CA 92122 karn at unix.ka9q.ampr.org April 28, 1994 Editor Wall Street Journal Re: "Cipher Probe: Popularity Overseas of Encryption Code Has the US Worried", WSJ 4/28/94, Page 1. Sirs: The Zimmermann case is as much about the First Amendment as it is about privacy and irrational US export controls on encryption. Recently I obtained a formal ruling from the US State Department that a new textbook, "Applied Cryptography" by Bruce Schneier, could be freely exported anywhere in the world -- even though it prints actual source code from Pretty Good Privacy (PGP). The State Department applied a "public domain" exemption to my request. Indeed, the First Amendment demands such an exemption. Dozens of other books and journals on cryptography, many with similar source code listings, enjoy the same protection. However, the State Department has so far refused to approve my request to export a floppy disk containing the same exact source code that appears in Schneier's book. And they still insist that "publishing" cryptographic software on the Internet is illegal. Why the distinction? Do they seriously believe that only Americans can program a computer, much less type? No, not even the government is THAT stupid. They're using fear and intimidation in a desperate attempt to delay the inevitable, no matter what the consequences. Philip R. Karn From jdwilson at gold.chem.hawaii.edu Thu Apr 28 22:51:08 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Thu, 28 Apr 94 22:51:08 PDT Subject: No Subject Message-ID: The following anon msg sent to the cpunks list contained your account (ebrandt at jarthur.cs.hmc.edu) as the reply to: ============================================================ Date: Thu Apr 28 00:36:57 PDT 1994 From: nobody at jarthur.cs.hmc.edu Reply to: ebrandt at jarthur.cs.hmc.edu To: cypherpunks at toad.com Subject: spooks on cypherpunks NetSurfer Robert Mathews be aware ============================================================ Are you the sender? Do you know who the sender is? Why exactly is this person defaming my name with this outrageous accusation? The only recent contact I know of was that Robert Mathews sent a message to soda.berkeley.edu where (for whatever his reason was) he was warning against Sameer's 14.4 link. I personally do NOT know why he (Mathews) felt it necessary to send that message on like he did. The only reason I sent it to him was as part of a discussion of bandwidth/services for a network we are working on which will support multiple users and multiple connect types. But in either case, if this was the source of the msg from nobody at jarthur.cs.hmc.edu, it was way off base. -Jim -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQBNAi2Ig+EAAAECALImsR18LE9I6NKICf8TVhbV6yJgF95ynGHnWnNo1ERfdqzk Zl3Icl2N5klNM3KQ9zM3uN/z55smi2QOiD3hL80ABRO0L0phbWVzIEQuIFdpbHNv biA8amR3aWxzb25AZ29sZC5jaGVtLmhhd2FpaS5lZHU+ =JTj1 -----END PGP PUBLIC KEY BLOCK----- ................................ . == = = James D. Wilson. . " " " P. O. Box 15432............................. . " " /\ " Honolulu, HI 96830-5432......Fr. Excelsior........ . \" "/ \" jdwilson at gold.chem.hawaii.edu.FRC/FAM/AASR/GWB/OTO. ................................................................... From tcmay at netcom.com Thu Apr 28 23:21:41 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 28 Apr 94 23:21:41 PDT Subject: Anonymous accusations not worth much In-Reply-To: Message-ID: <199404290622.XAA24358@netcom.com> > The following anon msg sent to the cpunks list contained your account > (ebrandt at jarthur.cs.hmc.edu) as the reply to: > Date: Thu Apr 28 00:36:57 PDT 1994 > From: nobody at jarthur.cs.hmc.edu > Reply to: ebrandt at jarthur.cs.hmc.edu > To: cypherpunks at toad.com > Subject: spooks on cypherpunks > > NetSurfer > Robert Mathews be aware > ... > > Are you the sender? Do you know who the sender is? Why exactly is this > person defaming my name with this outrageous accusation? Cheer up, NetSurfer, as nobody takes anonymous accusations too seriously...at least not anyboy with any common sense. Reputations matter, and anonymous entities who provide no verifiable info (not that many of us want to see such info, or would bother to investigate it) have almost zero reputation. The calculus of reputations thus means that anonymous accusations carry little weight. There's a lot more to be said here. This issue lies close to the heart of how crypto anarchy works. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From ebrandt at jarthur.cs.hmc.edu Thu Apr 28 23:29:55 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Thu, 28 Apr 94 23:29:55 PDT Subject: your mail In-Reply-To: Message-ID: <9404290629.AA03939@toad.com> > Are you the sender? Do you know who the sender is? Why exactly is this > person defaming my name with this outrageous accusation? Like it says in the header, "Remailed-By: ebrandt at jarthur.claremont.edu". I remailed it; I did not originate it. No, I do not know who the sender is, and cannot find out. Without belittling your dismay at being called a "spook", I think it's worth noting that nobody has posted to say "Thanks for the hot tip!", while several have said "Yeah, right." This is as it should be in reponse to an unsigned message making unsupported claims. Eli ebrandt at hmc.edu From perry at snark.imsi.com Fri Apr 29 04:08:36 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Fri, 29 Apr 94 04:08:36 PDT Subject: Random #'s via CD-ROM? In-Reply-To: <199404290142.VAA04213@access.netaxs.com> Message-ID: <9404291108.AA21168@snark.imsi.com> Michael Brandt Handler says: > [1] Read a pseudo-random section from the CD-ROM. Unless you catch > the blank end of a sector, you should obtain random data (this is one > obvious problem with this method). How do you pick the random section in the first place? Oh, I see, we use a random number generator! Ahem. Its very hard to determine if a pseudrandom number generator is "good enough" for cryptographic purposes. Many generators that look "good enough" for doing normal work fail miserably for cryptography. If one is using, say, a one-time pad, one has a need to generate a large number of truly random numbers quickly. Hacked up schemes usually don't cut it when thats the case. If you only need a few bits, you might as well use a non-deterministic process outside of the program's control, like a user tapping a key. However, for work requiring significant numbers of bits, ad-hoc methods fail miserably. > Place an *audio* CD in the CD-ROM drive. Most CD-ROM drives know > about audio discs now, and I believe they can be made to read the binary > waveform data even if they don't understand the Red Book audio > format. If you are going to use this for cryptography, is an ancient cipher known as a book cipher, updated to use CD-ROMs. This is NOT a secure way to encrypt things. Although its probably better than most silly schemes people come up with, it isn't as good as real cryptosystems, and they are available, so why use such a hack? > What do you all think? I think its good that you are evincing enthusiasm, but I really think you ought to learn more cryptography. Remember, most obvious ideas have already been thought of -- others are often as bright as you are, and have come before you. Ask yourself why someone else hasn't done it before proposing things. Perry From perry at snark.imsi.com Fri Apr 29 04:12:22 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Fri, 29 Apr 94 04:12:22 PDT Subject: spooks on cypherpunks In-Reply-To: Message-ID: <9404291112.AA21177@snark.imsi.com> Russell Nelson says: > The NSA will either adapt or die -- it seems to be trying to die right > now rather than adapt, but thats not our problem. > > Cautionary note here, Perry. People who feel that have no choices > often don't care if the only choice they see is a bad one. Hitler > [yeah, yeah, I know] convinced the German people that all their > choices were bad, but his was best. They killed a few people -- it > was in all the papers at the time. Naturally, they won't take things lying down. It is certainly in our interest to make sure that they don't cause trouble, especially bad trouble, during their demise. (Actually, I don't think they will stop existing, just that they will have to accept that their work IS going to be hard from now on and leave it at that.) My point is merely that they have no real choice in the matter -- just as a congressman falling out a window can shout at the law of gravity all he wants, and threaten legal action, to no effect, so the NSA can pretend that it can restrict the growth of private sector cryptography but it is already too late. You can't stop people from learning something they already know. Perry From jkreznar at ininx.com Fri Apr 29 04:28:34 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Fri, 29 Apr 94 04:28:34 PDT Subject: CIA & FBI, a marriage made in ___? In-Reply-To: <199404290328.AA10287@access3.digex.net> Message-ID: <9404291127.AA15821@ininx> -----BEGIN PGP SIGNED MESSAGE----- Unicorn writes: > If the current structure of government is proper true to the > constitution, and more importantly the goal of a stable government with > co-equal branches, then respecting those "concepts of law" is to embrace > centralism, regulation of markets, export restrictions and an ever > growing executive branch. > If the current structure of government is improper, and goes beyond the > bounds of power the framers intended, then respecting those "concepts of > law" is to reject the current state of affairs. Surely someone of Unicorn's erudition is aware of Lysander Spooner's words on this subject, but just to remind the others, here are some of them: Spooner wrote these words in 1869 (_eighteen_ sixty-nine); imagine what he might have written today! The Constitution has no inherent authority or obligation. It has no authority or obligation at all, unless as a contract between man and man. And it does not so much as even purport to be a contract between persons now existing. It purports, at most, to be only a contract between persons living eighty years ago.... Furthermore, we know, historically, that only a small portion even of the people then existing were consulted on the subject, or asked, or permitted to express either their consent or dissent in any formal manner. Those persons, if any, who did give their consent formally, are all dead now.... _And the Constitution, so far as it was their contract, died with them._ They had no natural power or right to make it obligatory upon their children. ... APPENDIX. Inasmuch as the Constitution was never signed, nor agreed to, by anybody, as a contract, and therefore never bound anybody, and is now binding upon nobody; and is, moreover, such an on as no people can ever hereafter be expected to consent to, except as they may be forced to do so at the point of the bayonet, it is perhaps of no importance what its true legal meaning, as a contract, is. Nevertheless, the writer thinks it proper to say that, in his opinion, the Constitution is no such instrument as it has generally been assumed to be; but that by false interpretations, and naked usurpations, the government has been made in practice a very widely and almost wholly, different thing from what the Constitution itself purports to authorize. He has heretofore written much, and could write much more, to prove that such is the truth. But whether the Consitution really be one thing, or another, this much is certain --- that it has either authorised such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist. These are excerpts from Spooner's article "No Treason: The Constitution of No Authority", available from Laissez Faire Books, 1-415-541-9780 in San Francisco. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcDuh8Dhz44ugybJAQG8lgQAlNkH0XGRMZbNvwYVOm0kPn6ECAMxPvf4 4Ue1llTfFtQEyLWC+NwpxPULDvVzkstFGngHhVfQtv1dWRFpKulL5NuuDoiY1xqp 4kU+8iT0NeRu/NEBck/Gh3MolNHrXCmhbHvCAx83UHk0aWDEZrxH6tpuqKXTn3tj PWzSblyPAKw= =+nMS -----END PGP SIGNATURE----- From rishab at dxm.ernet.in Fri Apr 29 04:57:18 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Fri, 29 Apr 94 04:57:18 PDT Subject: not a geek ;-) Message-ID: "Jim Sewell" : > Alternate: Do you think we should forget the names and such and just > compile stats as to how many Doctors, etc are on the list and simply > use that? i.e."Our group consists of 5 professors of higher education > level, 18 professional land surveyors, 9 contract laborers, and 1 > computer geek from 18 different countries including Australia, India, ^^^^^^^^^^^^^^^^^^ ^^^^^ I object ;-) True, I might have geeky tendencies, and might be one if I had the time; however though I do program in assembly on occasion, I am a technology consultant, and write 5 columns a month, for India's #1 computer magazine, and for a major newspaper. ------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! ------------------------------------------------------------------------------- From snyderra at dunx1.ocs.drexel.edu Fri Apr 29 05:16:48 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Fri, 29 Apr 94 05:16:48 PDT Subject: Gee... Message-ID: <199404291215.IAA24788@dunx1.ocs.drexel.edu> At 8:08 AM 4/28/94 -0700, Sandy Sandfort wrote: >Do you think your fastidious compliance with the law will keep them from >branding you a criminal, anyway? Wake up. Errr, no, but they'd still need to prove it. Generally, it is easier to get a guilty verdict when you have committed a crime than when you have not. >The whole purpose of wide-spread availability and use of strong crypto is >to what "others" say or think, irrelevant. Strong crypto means never >having to say you're sorry. I'm not arguing this point. I agree. I just think that people should work to change the current government policy through legal means before resorting to illegal measures. I think we are seeing some sucess in this area, with the hearings on Clipper and the push by at least one legislator to ease the cryptography export restrictions. We are getting reasonable press coverage, which is growing. Just like you only heard a bit about the Internet a few years ago, but now you can't pick up a newspaper or magazine without some mention of the Internet, you are starting to see articles about Cryptography (like the WSJ article, or NPR's piece). Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From rishab at dxm.ernet.in Fri Apr 29 05:17:20 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Fri, 29 Apr 94 05:17:20 PDT Subject: Apology Message-ID: "Jim Sewell" : > I want to apologize to the fine folk on this list that are not Americans > for my self-centered phrasing. In everyday life you generally don't > think of other countries and as such I've probably offended someone. > > I in no way meant to imply that everyone is American, that we are the > most important, or that our political system is the best. > > If I offended anyone I apologize and will try to be more cautious with > my wording in the future. That's very good of you, Jim, but we non-Americans are quite used to Americans forgetting that there's something beyond the 50 states ;-) The thing about Clipper, DT, etc, is of course that though it will affect the rest of the world (America leads the world into the information society...), it *is* hapenning in the US. My signature, that of a non-US citizen, non-US resident, on an Anti-Clipper petition to the US congress is not likely to be very useful! Eventually, all of us aim for a world where, to quote Tim's .sig, national borders are but speed bumps on the information superhighway. ------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! ------------------------------------------------------------------------------- From eagle at deeptht.armory.com Fri Apr 29 05:21:16 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Fri, 29 Apr 94 05:21:16 PDT Subject: Rings of Saturn Message-ID: <9404290521.aa01425@deeptht.armory.com> Y'all are doing real well with the satellite discussion. It may interest some of you to know that the rings of Saturn were found to be braided in 4's. This blew the hell out of the direction they were going on unified field theory which predicted they would be braided in 3's. With no atmospheric refraction to contend with, this was still a rather accomplished feat. Some of you are thinking very solid on intel sats. Think eliptical orbits with a pass "on the deck" over 2 target areas, and think multiple mirrored geosynchonous orbits. With a large target area, enhancement of specific sections can be acomplished. Also, quit limiting your thinking to the visible light spectrum. Electomagnetic waves are electromagnetic waves- just a bunch of rolling circle turns actually. In case someone eats my lunch on the geosynchonous multi-mirrored suggestion, take a look at multiple coverage of primary target areas with large general surveillance able to be enhanced to specific detail in selected sectors in mind. BTW- pretty much anything Russkii and nuclear leaks like a seive... -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From dmandl at lehman.com Fri Apr 29 05:30:25 1994 From: dmandl at lehman.com (David Mandl) Date: Fri, 29 Apr 94 05:30:25 PDT Subject: Cypherpunks as lobbying/propagandizing group Message-ID: <9404291230.AA19156@disvnm2.lehman.com> From: "Jim Sewell" > I agree with Julie that we need some P.R. for this. I also think we > should do it by writing and getting the word out. > > However, I think we should form a small informal group of people seriously > interested in putting together a well thought out document that is factual > and without emotional flair that a member of the press would respect, could > understand, and might pass on to the public. > > I want to propose that this small group develop a document to the best of > their abilities, refine it, and when they think it is ready post it to the > list for a "final lookover". [etc., etc.] > Let me know what you think, I think this is a very bad idea and not the purpose of the cypherpunks list. --Dave. From m5 at vail.tivoli.com Fri Apr 29 05:33:11 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Fri, 29 Apr 94 05:33:11 PDT Subject: Random #'s via CD-ROM? In-Reply-To: <199404290142.VAA04213@access.netaxs.com> Message-ID: <9404291233.AA00470@vail.tivoli.com> Data on CD-ROM will in general be decidedly non-random, unless the CD-ROM was purposely generated as a collection of random bits. ASCII text files and executables have all sorts of structure. Even music CD's are pretty useless as random bit sources. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From paul at hawksbill.sprintmrn.com Fri Apr 29 05:39:01 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Fri, 29 Apr 94 05:39:01 PDT Subject: Cypherpunks as lobbying/propagandizing group In-Reply-To: <9404291230.AA19156@disvnm2.lehman.com> Message-ID: <9404291340.AA29015@hawksbill.sprintmrn.com> Dave Mandl writes - > > I think this is a very bad idea and not the purpose of the cypherpunks list. > Ditto. Leave the political battles to those with more (desired) visibilty (ie, EFF, CPSR, SEA). _______________________________________________________________________________ Paul Ferguson US Sprint Enterprise Internet Engineering tel: 703.904.2437 Herndon, Virginia USA internet: paul at hawk.sprintmrn.com From perry at snark.imsi.com Fri Apr 29 05:48:10 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Fri, 29 Apr 94 05:48:10 PDT Subject: Rings of Saturn In-Reply-To: <9404290521.aa01425@deeptht.armory.com> Message-ID: <9404291247.AA21327@snark.imsi.com> Jeff Davis says: > Y'all are doing real well with the satellite discussion. It may interest > some of you to know that the rings of Saturn were found to be braided in > 4's. This blew the hell out of the direction they were going on unified > field theory which predicted they would be braided in 3's. With no > atmospheric refraction to contend with, this was still a rather accomplished > feat. Jeff Davis turns out not to just be the ordinary garden variety loon, but a genuine reincarnation of net.psycho Robert McElwaine! For his next act, he will explain why it is that the U.S. government has been hiding information on aliens visitors being kept frozen in a secret lab in Oregon!!! Perry From geoffw at nexsys.net Fri Apr 29 06:03:03 1994 From: geoffw at nexsys.net (Geoff White) Date: Fri, 29 Apr 94 06:03:03 PDT Subject: Clipper Chip 2/ Wired (fwd) Message-ID: <199404291300.GAA28549@nexsys.nexsys.net> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =-=-=-=-=-=-Copyright 1993,4 Wired USA Ltd. All Rights Reserved=-=-=-=-=-= -=-=For complete copyright information, please see the end of this file=-=- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= WIRED 2.04 Electrosphere The End Of Privacy Did you know there's a working group of security agents and telecommunications companies designing backdoors into the information infrastructure? Now you do. By Brock N. Meeks [Note: The following article will appear in the April 1994 issue of WIRED. We, the editors of WIRED, are net-casting it now in its pre-published form as a public service. Because of the vital and urgent nature of its message, we believe readers on the Net should hear and take action now. You are free to pass this article on electronically; in fact we urge you to replicate it throughout the net with our blessings. If you do, please keep the copyright statements and this note intact. For a complete listing of Clipper-related resources available through WIRED Online, send email to with the following message: "send clipper.index". - The Editors of WIRED] If privacy isn't already the first roadkill along the information superhighway, then it's about to be. The panel members didn't try to finesse the subject. They went right for the privacy jugular, saying law enforcement agencies wanted to "front load" the NII with trapdoor technologies that would allow them easy access to digital conversations, including capturing electronic communications midstream. But these are tools the "good guys" said would be used only to catch the "bad guys." Honest. We hard-working, law-abiding citizens have nothing to fear from these cops selling out our privacy rights to make their jobs easier. Nope, we can rest easy, knowing that child pornographers, drug traffickers, and organized crime families will be sufficiently thwarted by law enforcement's proposed built-in gadgetry, which they want to hang off every telephone and data network, not to mention fax machine and PBX. There's just one small crack in this logic: No law enforcement agency has yet proven it needs all these proposed digital trapdoors. In fact, "Right now most law enforcement personnel don't have any idea what the NII is," this according to Assistant US Attorney Kent Walker, who appeared on the panel. Gore Gives Go Ahead In January, Vice President Gore had promised that the White House would work to ensure that the NII would "help law enforcement agencies thwart criminals and terrorists who might use advanced telecommunications to commit crimes." Panel members representing the Justice Department, FBI, and US Attorney's office said they had taken his promise as a tacit approval of their proposals to push for digital wiretap access and government-mandated encryption policies. Gore buried those remarks deep in a speech he made in Los Angeles in which he fleshed out how the administration planned to rewrite the rules for communications in a new, perhaps more enlightened age. His pledge went unnoticed by the mainstream press. Notwithstanding that it fell on reporters' deaf ears, Gore dropped a bombshell. Forget Ross Perot's NAFTA-inspired "giant sucking sound." This was the dull "thump" of Law Enforcement running over the privacy rights of the American public on its way **at the on-ramp??**to the information superhighway. The real crime is that the collision barely dented the damn fender. Walker blithely referred to this cunning, calculated move to install interception technologies all along the information superhighway as "proactive" law enforcement policy. Designing these technologies into future networks, which include all telephone systems, would ensure that law enforcement organizations "have the same capabilities [they] enjoy right now," Walker said. For today's wiretap operations, the Feds must get a court to approve their request, after supplying enough evidence to warrant one. But Walker seemed to be lobbying for the opposite. Giving the Feds the ability to listen in first and give justification later amounts to "no big difference," he said. Besides, "it would save time and money." And Walker promised that law enforcement would only use this power against evil, never abusing it. "Frankly, I don't see the empirical evidence that law enforcement agencies have abused [wiretap authority]," he said. With a straight face. It's Us vs. Them For Walker, privacy issues weighed against law-enforcement needs is a black-and-white, or rather good-guys-versus-bad-guys, issue. For example, he said, the rapid rise of private (read: not government-controlled) encryption technologies didn't mean law enforcement would have to work harder. On the contrary, "it only means we'll catch fewer criminals," he said. But if law enforcement is merely concerned with the task of "just putting the bad guys in jail," as James Settle, head of the FBI's National Computer Crime Squad insists, then why are we seeing a sudden move by government intelligence agencies into areas they have historically shied from? Because law enforcement agencies know their window of opportunity for asserting their influence is open right now, right at the time the government is about to make a fundamental shift in how it deals with privacy issues within the networks that make up the NII, says David Sobel, general counsel for Computer Professionals for Social Responsibility, who also addressed the Working Group on Privacy. "Because of law enforcement's concerns (regarding digital technologies), we're seeing an unprecedented involvement by federal security agencies in the domestic law enforcement activities," Sobel said, adding that, for the first time in history, the National Security Agency "is now deeply involved in the design of the public telecommunications network." Go ahead. Read it again. Sobel backs up his claims with hundreds of pages of previously classified memos and reports obtained under the Freedom of Information Act. The involvement of the National Security Agency in the design of our telephone networks is, Sobel believes, a violation of federal statutes. Sobel is also concerned that the public might soon be looking down the throat of a classified telecommunications standard. Another move he calls "unprecedented" is that - if the National Security Agency, FBI, and other law enforcement organizations have their way - the design of the national telecommunications network will end up classified and withheld from the public.**These two sentences are the same** Sobel is dead on target with his warnings. The telecommunications industry and the FBI have set up an ad hoc working group to see if a technical fix for digital wiretapping can be found to make the bureau happy. That way, legislation doesn't need to be passed that might mandate such FBI access and stick the Baby Bells with the full cost of reengineering their networks. The industry-FBI group was formed during a March 1992 meeting at the FBI's Quantico, Virginia, facilities, according to previously classified FBI documents released under the Freedom of Information Act. The group was only formalized late last year, under the auspices of the Alliance for Telecommunications Industry Solutions. The joint group operates under the innocuous sounding name of the Electronic Communications Service Provider Committee. The committee meets monthly, pursuing a technological "solution" to the FBI's request for putting a trapdoor into digital switches, allowing agents easy access to phone conversations. To date, no industry solution has been found for the digital-wiretap problem, according to Kenneth Raymond, a Nynex telephone company engineer, who is the industry co-chairman of the group. Oh, there's also a small, but nagging problem: The FBI hasn't provided concrete proof that such solutions are needed, Raymond said. Sobel, of Computer Professionals for Social Responsibility, raised this same point during the panel discussion. The telecommunications industry is "trying to evaluate just what is the nature of the [digital-access] problem and how we can best solve it in some reasonable way that is consistent with cost and demand," Raymond said. One solution might be to write digital wiretap access into future switch specifications, he said. If and when the industry does find that solution, do you think the FBI will put out a press release to tell us about it? "I doubt it very much," said FBI agent Barry Smith of the Bureau's Congressional Affairs office. "It will be done quietly, with no media fanfare." Underscoring Sobel's warnings was the little-noticed move by the Commerce Department to establish the Federal Wireless Policy Committee. The work of this seemingly benign committee will be "invaluable" as the administration evaluates key issues in wireless communications with the NII, said Larry Irving, administrator of the National Telecommunications Information Agency. But the devil is in the details. The policy committee's four subcommittees include Policy, Standards and Requirements, Security and Privacy, and Acquisitions. Standards and Requirements is headed by Richard Dean, a National Security Agency official. And Security and Privacy is to be chaired by Raymond Kammer of the National Institute of Standards and Technology. Kammer's organization, of course, is knee-deep responsible for the government's Clipper Chip encryption scheme. Is it just me or are these headlights getting awfully close? The FBI's Settle is also adamant about trapdoor specifications being written into any blueprints for the National Information Infrastructure. But there's a catch. Settle calls these "security measures," because they'll give his office a better chance at "catching bad guys." He wants all networks "to be required to install some kind of standard for security." And who's writing those standards? You guessed it: The National Security Agency, with input from the FBI and other assorted spook agencies. Settle defends these standards, saying that the "best we have going for us is that the criminal element hasn't yet figured out how to use encryption and networks in general. When they do, we'll be in trouble. We want to stay ahead of the curve." In the meantime, his division has to hustle. The FBI currently has only 25 "Net literate" personnel, Settle admitted. "Most of these were recruited two years ago," he said. Most have computer science degrees and were systems administrators at one time, he said. You think that's funny? Hell, the Net is still a small community, relatively speaking. One of your friends is probably an FBI Net snitch, working for Settle. Don't laugh. The law enforcement establishment doesn't think you really know what you expect when it comes to privacy. Assistant US Attorney Walker said: "If you ask the public, 'Is privacy more important than catching criminals?' They'll tell you, 'No.'" (Write him with your own thoughts, won't you?) **e-mail addresses here for our outraged readers to express themselves - We haven't got addresses for Walker. There's president at whitehouse.gov and vice- president at whitehouse.gov....** Because of views like Walker's, the Electronic Communications Privacy Act "needs to be broader," said Mike Godwin, legal counsel for the Electronic Frontier Foundation. The act protects transmitted data, but it also needs to protect stored data, he said. "A person's expectation of privacy doesn't end when they store something on a hard disk." But Walker brushed Godwin aside, saying, "It's easy to get caught up in the rhetoric that privacy is the end all be all." **correct cliche is "the be- all and end-all"** Do you have an expectation of privacy for things you store on your hard disk, in your own home? Walker said that idea is up for debate: "Part of this working group is to establish what is a reasonable expectation of privacy." That's right. Toss everything you know or thought you knew about privacy out the window, as you cruise down the fast lane of the information superhighway. Why? Because for people like Walker, those guardians of justice, "there has to be a balance between privacy needs and law enforcement needs to catch criminals." Balance, yes. Total abrogation of my rights? Fat chance. Brock N. Meeks (brock at well.sf.ca.us) is a frequent contributor to WIRED. He is a reporter for Communications Daily, a Washington, DC-based trade publication. =-=-=-=-=-=-=-=-=-=-=-=WIRED Online Copyright Notice=-=-=-=-=-=-=-=-=-=-=-= Copyright 1993,4 Wired USA Ltd. All rights reserved. This article may be redistributed provided that the article and this notice remain intact. This article may not under any circumstances be resold or redistributed for compensation of any kind without prior written permission from Wired Ventures, Ltd. If you have any questions about these terms, or would like information about licensing materials from WIRED Online, please contact us via telephone (+1 (415) 904 0660) or email (info at wired.com). WIRED and WIRED Online are trademarks of Wired Ventures, Ltd. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ----- End Included Message ----- From ravage at bga.com Fri Apr 29 06:16:41 1994 From: ravage at bga.com (Jim choate) Date: Fri, 29 Apr 94 06:16:41 PDT Subject: FYI: ATF and other stuff (fwd) Message-ID: <199404291316.AA18936@zoom.bga.com> Forwarded message: From samman at CS.YALE.EDU Fri Apr 29 06:26:25 1994 From: samman at CS.YALE.EDU (Llywelyn) Date: Fri, 29 Apr 94 06:26:25 PDT Subject: Rings of Saturn In-Reply-To: <9404291247.AA21327@snark.imsi.com> Message-ID: On Fri, 29 Apr 1994, Perry E. Metzger wrote: > > Jeff Davis says: > > Y'all are doing real well with the satellite discussion. It may interest > > some of you to know that the rings of Saturn were found to be braided in > > 4's. This blew the hell out of the direction they were going on unified > > field theory which predicted they would be braided in 3's. With no > > atmospheric refraction to contend with, this was still a rather accomplished > > feat. > > Jeff Davis turns out not to just be the ordinary garden variety loon, > but a genuine reincarnation of net.psycho Robert McElwaine! > > For his next act, he will explain why it is that the U.S. government > has been hiding information on aliens visitors being kept frozen in a > secret lab in Oregon!!! What!? You're going to tell me that a man with your obvious intelligence and joie de vivre didn't know? The aliens(Skree-nok as they're called) are being kept hostage in order to prompt their government into transferring technology to the evil NSA in order to help it. The Clipper chip was just a tidbit of the power that the aliens have. The NSA among its other projects is trying to wangle a device that will allow the access to the brain of PRZ to help them put a back door inside PGP and the aliens want a sacrifice of 2^10 virgins for this. We're all doomed..... Ben. From jims at Central.KeyWest.MPGN.COM Fri Apr 29 06:26:37 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Fri, 29 Apr 94 06:26:37 PDT Subject: Clipper Chip 2/ Wired (fwd) In-Reply-To: <199404291300.GAA28549@nexsys.nexsys.net> Message-ID: <9404291326.AA07496@Central.KeyWest.MPGN.COM> > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > =-=-=-=-=-=-Copyright 1993,4 Wired USA Ltd. All Rights Reserved=-=-=-=-=-= > -=-=For complete copyright information, please see the end of this file=-=- > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > WIRED 2.04 > Electrosphere > The End Of Privacy > >Did you know there's a working group of security agents and telecommunications >companies designing backdoors into the information infrastructure? Now you do. If you were the director of the NSA would you have your guys looking for ways to eavesdrop on phone conversations between wives and lovers or guys like the CIA agent actively selling every secret he can get his hands on to the "enemy"? Jim From jims at Central.KeyWest.MPGN.COM Fri Apr 29 06:32:02 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Fri, 29 Apr 94 06:32:02 PDT Subject: Cypherpunks as lobbying/propagandizing group In-Reply-To: <9404291340.AA29015@hawksbill.sprintmrn.com> Message-ID: <9404291331.AA07605@Central.KeyWest.MPGN.COM> > Dave Mandl writes - > > > > > I think this is a very bad idea and not the purpose of the cypherpunks list. > > > > Ditto. Leave the political battles to those with more (desired) > visibilty (ie, EFF, CPSR, SEA). I replied to Dave via mail but it may warrant a public clarification. My intent is not to form a group to go lobby congress or anything of that nature. My idea was to create a list of "credentials" for the group as a whole so that when active folks do go to the press or to meetings between CPSR & the NSA then they can have in their hands a bit of "proof" that we aren't the computer-student-woodstock-wannabes the NSA et al. say we are. Remember the E.F. Hutton commercials where a guy is asked for investment advice and he says "My broker is EF Hutton and EF Hutton says..." and everyone in the room gets quiet and leans over to hear the advice? That is what the Cypherpunks name doesn't have... respect. Your comments, either for or against, are appreciated and counted. They will be used to help me see if there is sufficient interest in my opinion to warrant trying to organize such a thing. Right now it's slightly in favor but there are too few replies to be fair either way. Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From f_griffith at ccsvax.sfasu.edu Fri Apr 29 06:46:41 1994 From: f_griffith at ccsvax.sfasu.edu (f_griffith at ccsvax.sfasu.edu) Date: Fri, 29 Apr 94 06:46:41 PDT Subject: PGP ban rumor - any truth? Message-ID: <9404291346.AA06939@toad.com> >From: polaris93 at aol.com >To: libernet at Dartmouth.EDU >Date: Thu, 28 Apr 94 22:38:15 EDT >Subject: Re: Somethin' Spooky ... >Errors-To: owner-libernet at Dartmouth.EDU >Sender: owner-libernet at Dartmouth.EDU >Reply-To: libernet-d at Dartmouth.EDU >Precedence: bulk >X-Mailing-List: libernet at Dartmouth.EDU > >I just purchased Bruce Schneier's _Applied Cryptography_ (John Wiley & Sons, >1994; ISBN # 0-471-59756-2; $49.95). Worth every cent I paid for it. It >covers every single possible aspect of computer information security -- >including a section on the infamous PGP = the security program Pretty Good >Privacy," which can _not_ be broken by _anyone_ who does not have whatever >key you yourself choose for the encryptation on your data. The next edition >will _not_ carry that chapter -- the government has stepped in and is >threatening a court action unless the publishers strike it from the next >edition. So get your copy now -- and get one of PGP, because the feds have a >bill _already_ in the words to make sale, distribution, etc of it completely >illegal in the US. > From whitaker at dpair.csd.sgi.com Fri Apr 29 06:47:52 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Fri, 29 Apr 94 06:47:52 PDT Subject: (Fwd) PARTY: Pre-Extro I conference party 29 April 94 Message-ID: <9404290645.ZM25784@dpair.csd.sgi.com> The first annual Extropians conference (Extro-I) occurs 30 April - 1 May, this weekend, at the Sheraton in Sunnyvale, California. I'm holding a party the night before (TONIGHT), Friday 29 April, at the Nexus (our house) in Cupertino. Directions follow this message. Extropians, cypherpunks, and other fellow travellers are welcome to come to the party, even if not attending the conference this weekend. The party starts at 1900. ************ This is potluck!!! ************************ ************ You know what that means: **************** ************ Bring food or drink ********************** Discouraged: Salty nachos, icky sweet soft drinks, and other such stuff Encouraged: Interesting, novel, healthy, tasty foods. Know how to make something interesting? Do so and bring it! Amara's "Latvian Pancakes" were a big hit at the last party! This probably won't be an all-nighter, as the conference starts early tomorrow morning. Translation: don't expect crash space. Unless I really, really *like* you. There are good hotels all around. I reserve the right, along with my housemates, to turn people away at the door, or eject them at whim. I've never had to do this before, and I don't expect I'll ever need to. However... this *is* the open net... Come on along and have some fun in good company. Be seeing you. DIRECTIONS: Nexus Lite is located at 21090 Grenola Drive in Cupertino. Geoff Dale's phone number (in case you get lost) is 408-253-1692. >From 280: Take the Saratoga/Sunnyvale Exit (which is actually the 85 South detour). Turn north on DeAnza (aka Saratoga/Sunnyvale Road) at the exit (a left turn if you are coming from San Francisco; right if you are coming from San Jose). Turn left at Homestead; go three blocks to N. Stelling, take left (at the McDonalds). (Note: North Stelling is called Hollenbeck on the other side of Homestead. Don't be fooled!) >From 101: Take 85 south and exit at Homestead; turn left onto Homestead. Proceed several blocks (you will pass a high school); then turn right on N. Stelling. Once on N. Stelling: Right at first light: Greenleaf First left, Flora Vista First Right on to Grenola Dr 21090 (mnemonic: anagram for Beverly Hills zip code) is a tannish house on left with a high roof that slopes toward the street. Park on the street -- in the direction of traffic, or you may get a $15 ticket. This has happened. OBLIGATORY CRUDE ASCII MAP (not to scale; up is not north): /\ || ^ ^ || (85) | | || | | || |Hollenbeck | /|| | | <----++---/ /-- (Homestead) ---+------------------+------------------> || | | || |N.Stelling | || | | || | DeAnza|Saratoga/Sunnyvale || | | <=========/ /== (280) =======] | [================+==================> || | || | || ^ | || | | Greenleaf \/ <----------+-------+-----------------> | | Flora Vista| | | | | | Grenola | | <-------------+ | *=21090 | | | | V V -- Russell Earl Whitaker whitaker at sgi.com Silicon Graphics Inc. Technical Assistance Center, Mountain View CA (415) 390-2250 ================================================================ #include From smb at research.att.com Fri Apr 29 07:15:30 1994 From: smb at research.att.com (smb at research.att.com) Date: Fri, 29 Apr 94 07:15:30 PDT Subject: PGP ban rumor - any truth? Message-ID: <9404291415.AA07071@toad.com> >>From: polaris93 at aol.com >>To: libernet at Dartmouth.EDU >>Date: Thu, 28 Apr 94 22:38:15 EDT >>Subject: Re: Somethin' Spooky ... >>Errors-To: owner-libernet at Dartmouth.EDU >>Sender: owner-libernet at Dartmouth.EDU >>Reply-To: libernet-d at Dartmouth.EDU >>Precedence: bulk >>X-Mailing-List: libernet at Dartmouth.EDU >> >>I just purchased Bruce Schneier's _Applied Cryptography_ (John Wiley & Sons, >>1994; ISBN # 0-471-59756-2; $49.95). Worth every cent I paid for it. It >>covers every single possible aspect of computer information security -- >>including a section on the infamous PGP = the security program Pretty Good >>Privacy," which can _not_ be broken by _anyone_ who does not have whatever >>key you yourself choose for the encryptation on your data. The next edition >>will _not_ carry that chapter -- the government has stepped in and is >>threatening a court action unless the publishers strike it from the next >>edition. So get your copy now -- and get one of PGP, because the feds have a >>bill _already_ in the words to make sale, distribution, etc of it completely >>illegal in the US. I find this very hard to believe. Do you have a source for this rumor? The rationale? The legal grounds for this alleged bill? First of all, the book already exists and has sold tens of thousands of copies. Even assuming that there was somehow some classified information in it, it's already out -- and the courts won't let them try to put the genie back in the bottle. They rarely even permit prepublication suppression; see, for example, the Pentagon Papers case or the H-bomb design in Progressive. (Btw -- read the opinions; don't just look at the outcome.) Second -- the book has far too little about PGP to be worth the effort. Apart from the source code to IDEA -- which is readily available in the published version of Lai's dissertation (and which is printed by a non-U.S. publisher) -- the discussion of PGP is purely descriptive, and occupies less than a page. Contrast that with, say, the book's discussion of PEM. Third -- Bruce knows nothing of this. At least, he said nothing about it when he was here at Murray Hill last week, and I'm sure he would have, given the other topics we talked about. Fourth -- the Commerce Department has already granted Phil Karn a blanket export license. They're going to permit the current edition to be exported freely, but suppress it domestically -- with all that implies in terms of court fights, newspaper stories, etc.? Fifth -- it's a book, it's got no nuclear secrets, and it's not obscene. He can say anything he want. If Bruce obtained some information improperly, he might be in trouble personally -- but the book itself is more or less untouchable. (C.f. the Phillip Agee case.) I've spent far too much time on this already. Do you have any real evidence for this rumor? From cfrye at mason1.gmu.edu Fri Apr 29 07:18:18 1994 From: cfrye at mason1.gmu.edu (Curtis D Frye) Date: Fri, 29 Apr 94 07:18:18 PDT Subject: Cypherpunks as Lobbying/Political Group Message-ID: <9404291418.AA22578@mason1.gmu.edu> David Mandl argues that putting out a document illustrating why Clipper is a catastrophe "is a very bad idea and not the purpose of the list". I disagree for several reasons. First, the purpose of the list is whatever we decide it is. While the genesis of the document shouldn't be broadcast in real time over the list, the final product would certainly benefit from the folks on here giving it as thorough a going-over as they have time and energy for. Second, the DC Cypherpunks meeting held simultaneously with the Northern CA and other sessions dealt with appropriate and effective ways to bring political pressure against Clipper/Digital Telephony. Hey, you live here, you think like you live here :-). To offset the market pressure ("suitable incentivization") the Clinton Administration is bringing to bear we need to use a variety of tools and, continuing Dark Unicorn's Sun Tzu theme, attack the government position at the corners. Unless and until someone puts out a competing product or add-on, all we have are guerrilla tactics. Handing out information in disk form at trade shows *was* brought up at the DC meeting and, while I disagree slightly with Jim Sewell on exactly how non-inflammatory the language used should be, ththis tactic is usable, variable, and potentially very effective. Third, many Cypherpunks subscribers have been interviewed for radio and print pieces on Clipper/Digital Telephony. This project is no different -- we just ask the questions as well as give the answers :-). Fourth, I couldn't imagine the piece would be represented as an official position of "the Cypherpunks". You have to be a coherent organization to have a position and, while we all tend to agree that Clipper is a bad idea, a unified whole we ain't. Fifth, don't read it if you don't want to. I'll make sure it's labeled clearly so you can delete it straight away if you so desire. "The Cypherpunks" will never be a lobbying group to supplant EFF or CPSR, there's no reason small bands can't form temporary teams to accomplish a common goal. In this case, the goal is to further spread the word that Clipper and Digital Telephony should be seen as the privacy killer it is. And dealt with accordingly. Curt From perry at snark.imsi.com Fri Apr 29 07:22:48 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Fri, 29 Apr 94 07:22:48 PDT Subject: PGP ban rumor - any truth? In-Reply-To: <9404291346.AA06939@toad.com> Message-ID: <9404291422.AA21498@snark.imsi.com> No, no truth to it. "Polaris93" has just been off his medication for too long. Perry f_griffith at ccsvax.sfasu.edu says: > >From: polaris93 at aol.com > >To: libernet at Dartmouth.EDU > >Date: Thu, 28 Apr 94 22:38:15 EDT > >Subject: Re: Somethin' Spooky ... > >Errors-To: owner-libernet at Dartmouth.EDU > >Sender: owner-libernet at Dartmouth.EDU > >Reply-To: libernet-d at Dartmouth.EDU > >Precedence: bulk > >X-Mailing-List: libernet at Dartmouth.EDU > > > >I just purchased Bruce Schneier's _Applied Cryptography_ (John Wiley & Sons, > >1994; ISBN # 0-471-59756-2; $49.95). Worth every cent I paid for it. It > >covers every single possible aspect of computer information security -- > >including a section on the infamous PGP = the security program Pretty Good > >Privacy," which can _not_ be broken by _anyone_ who does not have whatever > >key you yourself choose for the encryptation on your data. The next edition > >will _not_ carry that chapter -- the government has stepped in and is > >threatening a court action unless the publishers strike it from the next > >edition. So get your copy now -- and get one of PGP, because the feds have a > >bill _already_ in the words to make sale, distribution, etc of it completely > >illegal in the US. > > > From perry at snark.imsi.com Fri Apr 29 07:44:14 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Fri, 29 Apr 94 07:44:14 PDT Subject: Cypherpunks as Lobbying/Political Group In-Reply-To: <9404291418.AA22578@mason1.gmu.edu> Message-ID: <9404291441.AA21579@snark.imsi.com> Curtis D Frye says: > David Mandl argues that putting out a document illustrating why Clipper is a > catastrophe "is a very bad idea and not the purpose of the list". No. Dave Mandl said that putting out a document listing the qualifications of the non-existant "Cypherpunks group" is bad and not the purpose of the list. Perry From cknight at crl.com Fri Apr 29 07:58:12 1994 From: cknight at crl.com (Chris Knight) Date: Fri, 29 Apr 94 07:58:12 PDT Subject: Rings of Saturn In-Reply-To: <9404291247.AA21327@snark.imsi.com> Message-ID: On Fri, 29 Apr 1994, Perry E. Metzger wrote: > > Jeff Davis turns out not to just be the ordinary garden variety loon, > but a genuine reincarnation of net.psycho Robert McElwaine! > > For his next act, he will explain why it is that the U.S. government > has been hiding information on aliens visitors being kept frozen in a > secret lab in Oregon!!! > > Perry > Hey, You are stealing his show! -ck From nowhere at chaos.bsu.edu Fri Apr 29 08:09:31 1994 From: nowhere at chaos.bsu.edu (Chael Hall) Date: Fri, 29 Apr 94 08:09:31 PDT Subject: REMAIL: Logging turned off Message-ID: <199404291612.KAA21273@chaos.bsu.edu> The BSU remailers are behaving very well lately. So I am going to turn off the complete message logging again. It appears that adding Anon-To did the trick. Anyone with problems remailing through either nowhere at bsu-cs.bsu.edu or remailer at chaos.bsu.edu should first check the following finger information before giving up: remailer.help at chaos.bsu.edu remailer.list at chaos.bsu.edu Any requests for help or information will be referred to these finger addresses. If you cannot finger, send an e-mail message to remailer.help at chaos.bsu.edu and it will mail you a personalized copy of the same file. :) Questions, problems, and complaints that can't be solved with the help info provided should be addressed to remailer-admin at chaos.bsu.edu. By the way, there is lots more information available from chaos via finger. Try fingering remailer at chaos.bsu.edu for a list of other account names to finger. For example, remailer.policy at chaos.bsu.edu... Happy remailing! Chael -- Chael Hall, nowhere at chaos.bsu.edu From paul at hawksbill.sprintmrn.com Fri Apr 29 08:19:16 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Fri, 29 Apr 94 08:19:16 PDT Subject: REMAIL: Logging turned off In-Reply-To: <199404291612.KAA21273@chaos.bsu.edu> Message-ID: <9404291620.AA00114@hawksbill.sprintmrn.com> > > Questions, problems, and complaints that can't be solved with the help > info provided should be addressed to remailer-admin at chaos.bsu.edu. By > the way, there is lots more information available from chaos via finger. > Try fingering remailer at chaos.bsu.edu for a list of other account names to > finger. For example, remailer.policy at chaos.bsu.edu... > Chael, Perhaps a tad confused, but which is the correct remailer host - chaos.bsu.edu or bsu-cs.bsu.edu - paul From lefty at apple.com Fri Apr 29 08:27:08 1994 From: lefty at apple.com (Lefty) Date: Fri, 29 Apr 94 08:27:08 PDT Subject: PGP ban rumor - any truth? Message-ID: <9404291526.AA24045@internal.apple.com> >>From: polaris93 at aol.com >>To: libernet at Dartmouth.EDU >>Date: Thu, 28 Apr 94 22:38:15 EDT >>Subject: Re: Somethin' Spooky ... >> >>I just purchased Bruce Schneier's _Applied Cryptography_ (John Wiley & Sons, >>1994; ISBN # 0-471-59756-2; $49.95). Worth every cent I paid for it. It >>covers every single possible aspect of computer information security -- >>including a section on the infamous PGP = the security program Pretty Good >>Privacy," which can _not_ be broken by _anyone_ who does not have whatever >>key you yourself choose for the encryptation on your data. The next edition >>will _not_ carry that chapter -- the government has stepped in and is >>threatening a court action unless the publishers strike it from the next >>edition. So get your copy now -- and get one of PGP, because the feds have a >>bill _already_ in the words to make sale, distribution, etc of it completely >>illegal in the US. >> Rubbish. Not even _amusing_ rubbish. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From nowhere at chaos.bsu.edu Fri Apr 29 08:34:56 1994 From: nowhere at chaos.bsu.edu (Chael Hall) Date: Fri, 29 Apr 94 08:34:56 PDT Subject: REMAIL: BSU Remailers and information availability Message-ID: <199404291638.KAA22281@chaos.bsu.edu> In response to Paul's question, chaos is the primary remailing site by virtue of its being my computer under my control. I have setup the following e-mail aliases to make it easier to get information about the remailers: remailer-help, remailer-info Sends you the help file for the BSU remailers. remailer-list Sends you the list of current remailers and how to use them. remailer-policy Sends you the policy for the BSU remailers. By the way, periods and dashes are interchangeable, I made aliases for both. So sending mail to remailer.help is the same as sending mail to remailer-help. Note that all of the e-mail addresses above are for chaos.bsu.edu. Chael -- Chael Hall, nowhere at chaos.bsu.edu From sandfort at crl.com Fri Apr 29 08:39:05 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 29 Apr 94 08:39:05 PDT Subject: Gee... In-Reply-To: <199404291215.IAA24788@dunx1.ocs.drexel.edu> Message-ID: C'punks, On Fri, 29 Apr 1994, Bob Snyder wrote: > At 8:08 AM 4/28/94 -0700, Sandy Sandfort wrote: > > >Do you think your fastidious compliance with the law will keep them from > >branding you a criminal, anyway? Wake up. > > Errr, no, but they'd still need to prove it. Generally, it is easier to > get a guilty verdict when you have committed a crime than when you have > not. (1) Tell that to the people who have had their assets seized and sold without any criminal charges ever being made. (2) "Proof" and "guilty" are legal words of art. Stop looking at them in some ultimate sense of right and wrong. Everyday, proof that isn't proof is used to find people guilty who are not guilty. > . . . I just think that people should work > to change the current government policy through legal means before > resorting to illegal measures. No arguement there, *if* it works. > I think we are seeing some sucess in this > area, with the hearings on Clipper and the push by at least one legislator > to ease the cryptography export restrictions. There are 435(?) legislators. > We are getting reasonable > press coverage, which is growing. Just like you only heard a bit about the > Internet a few years ago, but now you can't pick up a newspaper or magazine > without some mention of the Internet, you are starting to see articles > about Cryptography (like the WSJ article, or NPR's piece). Press coverage is . . . "nice" but is it stopping the Clipper? Is it guaranteeing strong crypto? There are those among us who are taking actions that don't require winning the hearts and minds of politicians and entrenched bureaucrats. Would you rather wait until it is too late? S a n d y From mg5n+ at andrew.cmu.edu Fri Apr 29 08:54:00 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Fri, 29 Apr 94 08:54:00 PDT Subject: Remailers wanted In-Reply-To: <199404290246.AA28380@metronet.com> Message-ID: David Merriman > I'm in the process of writing a remailer front-end for Windows > (I can hear it now - "Oh, GROSS!" :-), and am looking to collect > the addresses of as many remailers as possible. I've already got > the listing from SODA.BERKELEY, so anything not on that > list is welcome. You can get my list via finger remailer-list at chaos.bsu.edu or by sending mail to mg5n+remailers at andrew.cmu.edu From dave at marvin.jta.edd.ca.gov Fri Apr 29 09:20:00 1994 From: dave at marvin.jta.edd.ca.gov (Dave Otto (the Wizard of TOTOSoft)) Date: Fri, 29 Apr 94 09:20:00 PDT Subject: C'Punk list Message-ID: <9404291619.AA16742@marvin.jta.edd.ca.gov> A good idea (or at least not a "bad" one). While I agree that CPSR, EFF and company should be supported in their fight, too often has the cry been heard, "It's not OUR task, leave it to the professionals." PZ was willing to put it ALL on the line. [ ASIDE: I am assuming that simply being ON this mailing list is sufficient to get you _On_File_. ] We can NOT allow the likes of Dr.'s Sternlight and Denning to dictate public opinion. Adding our (Respectable, Considerable, Informed, etc.) voice can only help. It's time to take the field.... .................................... Four of the "top ten" reasons to support Jim's proposal: 10) It's voluntary. 9) It's too late for many of us (to preserve a low profile) anyway. 8) The public *NEEDS* to be educated about Crypto-Privacy!!!!! 7) It will teach them to spell Cypherpunks. (Look out Stu! The "geeks" are educated, politically aware, respected entrepreneurs, financially successful and *ACTIVE*.) **************************************************************************** Dave Otto -- dave at gershwin.jta.edd.ca.gov -- daveotto at acm.org "Pay no attention to the man behind the curtain." % cat flames > /dev/nul [sorry, don't have PGP sig, but am working on it... :-( ] From anon at desert.hacktic.nl Fri Apr 29 09:35:28 1994 From: anon at desert.hacktic.nl (anon at desert.hacktic.nl) Date: Fri, 29 Apr 94 09:35:28 PDT Subject: Remailer for DOS-Waffle: 2nd attempt Message-ID: <199404291634.AA05578@xs4all.hacktic.nl> I made a simple remailer for DOS Waffle. It supports both mail and news: Request-Remailing-To: kafka at desert.hacktic.nl Request-Remailing-To: alt.security.pgp Please flame me on the code. Try my remailer: anon at desert.hacktic.nl -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAi2+t1EAAAECALUS6KI7WLBB47y5dDIN+vHAW2XLxu+ELJCNkHLKYxhAr6vY Ku1e9oMry+bHizW8wCt0JPWMlnzZOkhZplIGsqkABRG0O0Rlc2VydCBBbm9ueW1v dXMgUmVtYWlsaW5nIFNlcnZpY2UgPGFub25AZGVzZXJ0LmhhY2t0aWMubmw+iQBV AgUQLb63vZRymF15lPcFAQF88AH/TdqfNlZ2uNH/CpQiy6BneDa0+FJTmBFgy5W+ wcpbsljOFFheH3zz5zA2rkpxIBoy/nd4vQ9kaa6fc1TkVMeBfokAlQIFEC2+t6C+ ZjYIMi0DBQEBT4YD/0NK9fCG8JjE0fS/0SlFshWAGSZxUYREKoQiwo8/ZPEbORHa +a6E8mXOjy7XHVH00S8/1aOO+ji89FFY2aVNqVVDfZI53er9pZAeNSQ1mvD7isor B3IOQ+WeKgXL/IvOEaZro0ZA/FWtry0Ty7RZbPwX4j1TkBTxlRI08e2dG7YI =MfIT -----END PGP PUBLIC KEY BLOCK----- I based much of the functionality on the cypherpunks remailer, as described in the document: How to use the Cypherpunks Remailers ------------------------------------ by Hal Finney, <74076.1041 at compuserve.com> You install it by putting an entry in your /waffle/system/aliases file. If you support encryption you have to create a PGP key for your remailer. You also have to put the password of your secret key in the environment variable "REMAILERPASS". (if somebody has a better solution, let me know). It assumes that the environment variable "WAFFLE" is present and point to the Waffle STATIC file (e.g. SET WAFFLE=C:\WAFFLE\SYSTEM\STATIC). The arguments are remail If the username of your remailer is "anon", you have to put the following line in /waffle/system/aliases: anon | remail anon FUTURE I want to make it Penet style, with a database of (passworded) anon accounts. Support of putting a "Subject:" in an encrypted message, to make traffic analysis more difficult. To make it possible to reply, I think the following approach will do: the 'reply-to:' address will be " (NickName Anon-ID=XXXXXX)" where XXXXXX is the number of the anon account you want to send mail to, and NickName your (possible) nickname. Somebody mailed me that some mailers munge the comment field, so if you have a better idea please let me know. ------------------------- There are two general ways of specifying the remailing instructions. The simplest is to add an extra field to the header of the message. All of the Cypherpunks remailers will accept the field name "Request-Remailing-To:". (Several of the remailers also accept shorter versions of this name, but there is no standard for the short versions accepted.) Simply put the address that you want the mail to be forwarded to after "Request-Remailing-To:" in the message header, and the forwarding will be done. (Case is important in this header field, so be sure to put in the capital letters as shown.) This remailer software also supports "X-Anon-To:". Many people have mailers which will not allow them to add fields to the headers of the messages they send. Instead, they can only put material into the bodies of the mail. In order to accomodate such systems, the Cypherpunks remailers provide a mechanism for "pasting" the first few lines of the message body into the header. These lines can then contain "Request-Remailing-To:" / "X-Anon-To:" commands. This is done by having the first non-blank line of your message be the special token "::" (two colons). If the Cypherpunks remailers see this as the first non-blank line, all following lines up to a blank one will be pasted into your mail header. Then the message will be processed as usual. Here is how the message above would be prepared if Sue were not able to add lines to her outgoing message header. ------------------------- Please let me know your comments... Patrick :) ---------------------- cut here --------------------------- #include #include #include #include #include #include #include #include #include #include #include #define MAIL 0 #define NEWS 1 #define MAXLINELEN 1024 char *getStatic( char *field, char *buffer); void main(int argc, char *argv[]); void wipe(FILE *f); void main(int argc, char *argv[]) { const char *Months[]={"Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul","Aug","Sep","Oct","Nov","Dec", NULL}; const char *Days[]={"Mon","Tue","Wed","Thu","Fri","Sat","Sun",NULL}; char UnixDate[30]; char type = 0; char c[MAXLINELEN] = "\0"; FILE *f; FILE *pgp; char to[1024] = "\0"; char from[60] = "\0"; char subj[128] = "\0"; char cmd[128] = "\0"; char *fname; char *templ = "XXXXXX"; char buffer[128] = "\0"; struct dosdate_t d; struct time t; int encrypted = 0; char *passphrase = getenv("REMAILERPASS"); char env[100]; char oldenv[100]; if (argc < 2) { printf("Usage: remail \n"); printf("Example: remail anon\n"); return; } // try to read fields from header while (strlen(gets(c)) != 0 && ! feof(stdin)) { if (strstr(c, "Subject: ") != NULL) strncpy(subj, &c[9], sizeof(subj)); // if (strstr(c, "From: ") != NULL) // strcpy(from,&c[6]); if (strstr(c, "X-Anon-To: ") != NULL) strncpy(to,&c[11], sizeof(to)); if (strstr(c, "Request-Remailing-To: ") != NULL) strncpy(to,&c[22], sizeof(to)); if (strstr(c, "Encrypted: PGP") != NULL) encrypted = 1; } // if no X-Anon-To: or Request-Remailing-To: // and no Encryption: PGP are specified // we go looking for the header pasting token (::) if (strlen(to) == 0 && ! encrypted) { while (strlen(gets(c)) != 0 && ! feof(stdin)) { if (strstr(c, "::") != NULL) { while (strlen(gets(c)) != 0 && ! feof(stdin)) { if (strstr(c, "X-Anon-To: ") != NULL) strncpy(to,&c[11], MAXLINELEN); if (strstr(c, "Request-Remailing-To: ") != NULL) strncpy(to,&c[22], MAXLINELEN); } if (strstr(c, "Encrypted: PGP") != NULL) encrypted = 1; } break; } } if ( encrypted ) { pgp = fopen("msg.pgp", "wt"); while (! feof(stdin)) putc(getc(stdin), pgp); fclose(pgp); sprintf(env,"PGPPASS=%s",passphrase); putenv(env); system("pgp +verbose=0 +force msg.pgp msg"); putenv("PGPPASS="); unlink("msg.pgp"); pgp = fopen("msg", "rt"); while (strlen(fgets(c, MAXLINELEN, pgp)) != 1 && ! feof(pgp)) { if (strstr(c, "::") != NULL) { while ((strlen(fgets(c, MAXLINELEN, pgp)) != 1) && (! feof(pgp))) { if (strstr(c, "X-Anon-To: ") != NULL) strncpy(to,&c[11], MAXLINELEN); if (strstr(c, "Request-Remailing-To: ") != NULL) strncpy(to,&c[22], MAXLINELEN); } } // remove the lf fgets leaves in string to[strlen(to)-1] = '\0'; break; } } if (strlen(to) == 0) { puts("No recipient found"); return; } if (strstr(to, "@") != NULL) // || (strstr(to, "!") != NULL)) type = MAIL; else type = NEWS; gettime(&t); _dos_getdate(&d); sprintf(UnixDate, "%s, %d %s %d %02d:%02d:%02d %s", Days[d.dayofweek], \ d.day, Months[d.month-1], d.year,t.ti_hour, t.ti_min, t.ti_sec, getStatic("timezone", buffer)); if (type == MAIL) { fname = mktemp(templ); f = fopen(fname, "wt"); fprintf(f, "From %s %s remote from %s\n", argv[1], UnixDate, getStatic("uucpname", buffer)); fprintf(f, "From: %s@%s\n", argv[1], getStatic("node", buffer)); fprintf(f, "To: %s\n", to); fprintf(f, "Subject: %s\n", subj); fprintf(f, "Date: %s\n\n", UnixDate); if ( encrypted ) { while (! feof(pgp)) { putc(getc(pgp), f); } putc('\n', f); wipe(pgp); fclose(pgp); unlink("msg"); } else { while (! feof(stdin)) putc(getc(stdin), f); } fclose(f); printf("Remailing to: %s\n", to); sprintf(cmd, "rmail -v -f %s -u %s %s < %s", argv[1], argv[1], to, fname); system(cmd); unlink(fname); } else if (type == NEWS) { fname = mktemp(templ); f = fopen(fname, "wt"); fprintf(f, "Path: %s!%s\n", argv[1], getStatic("uucpname", buffer)); fprintf(f, "From: %s@%s\n", argv[1], getStatic("node", buffer)); fprintf(f, "Subject: %s\n", subj); fprintf(f, "Date: %s\n", UnixDate); fprintf(f, "Message-ID: \n",d.day,t.ti_hour, t.ti_min, t.ti_sec, getStatic("node",buffer)); fprintf(f, "Newsgroups: %s\n", to); fprintf(f, "Organization: %s - Anonymous Remailing Service\n\n", getStatic("organ", buffer)); if ( encrypted ) { while (! feof(pgp)) { putc(getc(pgp), f); } putc('\n', f); wipe(pgp); fclose(pgp); unlink("msg"); } else { while (! feof(stdin)) putc(getc(stdin), f); } fclose(f); printf("Posting to: %s\n", to); sprintf(cmd, "rnews < %s", fname); system(cmd); unlink(fname); } } char *getStatic( char *field, char *buffer) { ifstream Static; char s[128]; buffer[0] = '\0'; Static.open(getenv("WAFFLE")); while ( Static ) // while EOF is not reached { Static.getline(buffer, 128); // get line from file // check if line contains a field if (strstr(buffer, field) == buffer ) { int i=0; while( buffer[i] != ':' && buffer[i] != ' ' && buffer[i] != '\0') { s[i] = buffer[i]; i++; } s[i] = '\0'; char *p = buffer; p += strlen(field); // now we know for sure it's the right line in the phile if (strlen(s) == strlen(field)) { while((p[0] == ' ' || p[0] == ':') && ! p[0] == '\0') p++; } strcpy(buffer, p); break; } } Static.close(); return (buffer); } void wipe(FILE *f) { long len = fseek(f, 0L, SEEK_END); long n; fseek(f, 0L, SEEK_SET); for (n=0;n < len;n++) fputc('\0', f); } ---------------------- cut here --------------------------- begin 600 remail.exe M35K@ "H 0 @ X __\4!8 /@ $ ^U!J<@ M ! M M M M M M M M M M "Z]P,NB1:- K0PS2&++@( BQXL ([:HY( C :0 M (D>C ")+J@ Z($!Q#Z* (O'B]BY_W_\\J[C84,F. 5U]H#-@/?9B0Z* +D! M -/C@\,(@^/XB1Z. (S:*^J+/O8/@?\ G,'OP "B3[V#X''Q!%R* ,^C ]R M(K$$T^]'.^]R&8,^]@\ = >#/HP/ '4.OP 0.^]W!XO]ZP/IW &+WP/:B1Z@ M (D>I "AD KV([ M$I7S2%?T^?ZCM*+Y_LSP"Z.!HT"OW(1N<01*\_\\ZJ# M/EX/%'9'@#Z2 -R0'<'@#Z3 !YR-[@!6+L" ,TA7 at _-(7(@M$B[ M 0#-(7(70*.H $B.P+1)S2%R"K@!6+L ,TA

C0 /\VB #_-H8 _S:$ . at Y M 5#HR PNC@:- E97OG(1OW(1Z*T 7U[#5EPXOLM$R*1 at +-(;D. +I( .G5 !ZX #7-(8D> M= ",!G8 N 0US2&)'G@ C 9Z +@%-@ ",!H( MN EC,J.VKJ@ N EQ19T ,TA'QZX!"7%%G@ S2$?'K@%)<46? #- M(1\>N 8EQ1: ,TA'\.!_F 1= 0RY.L"M/^+UXO>.]]T(R: /_]T&('^8!%T M!B8Z9P'K!"8X9P%W!B:*9P&+TX/#!NO9.]=T&XO:)H _ ";&!_\&= +I6 "Z.'HT"Z.K_N , 4.BF"P 0!5 MB^R!['X*5E<6C4;04!YHJ@"Y&@#HWPT6C4; 4!YHQ "Y$ #HT W&1O\ %HV& MHOM0'FC4 +D !.B\#1:-AJ+W4!YHU 2Y 3HK T6C89F]U >:-0(N3P Z)P- M%HV&YO90'F at 0";F .B,#1:-AF;V4!YHD FY@ #H? W'1OC<"A:-AN;U4!YH M$ JY@ #H9PW'1NP &CC"NA!((/$ HE&ZH-^! )]%FCP"NB'(X/$ F at 3"^A^ M(X/$ E]>R*H/$! O =!-H@ "-AJO[4(V&YO90Z!LJ M@\0&:#,+C8:B^U#H.2J#Q 0+P'03: $C8:M^U"-AJ+W4.CV*8/$!F at _"XV& MHOM0Z!0J@\0$"\!T$V@ !(V&N/M0C8:B]U#HT2F#Q 9H5 at N-AJ+[4.CO*8/$ M! O = 7'1NP! (V&HOM0Z.T?@\0"4.B.*8/$ @O = OW!B .( !U ^E9_XV& MHO=0Z'0I@\0""\!T ^G% (-^[ !T ^F\ .F8 &AE"XV&HOM0Z)DI@\0$"\!U M ^F! .M*:#,+C8:B^U#H at BF#Q 0+P'03: $C8:M^U"-AJ+W4. at _*8/$!F at _ M"XV&HOM0Z%TI@\0$"\!T$V@ !(V&N/M0C8:B]U#H&BF#Q :-AJ+[4.A-'X/$ M E#H[BB#Q (+P'0(]P8@#B =)AH5 at N-AJ+[4.@:*8/$! O = 7'1NP! .LA MC8:B^U#H%A^#Q )0Z+#GP,BQXH#O\&* Z*!^L):!X.Z'P=@\0"4.BI(8/$ M!/<&( X@ '2J5^BJ&(/$ O]VZFAS"XV&@O50Z"PG@\0&C8:"]5#H7"2#Q )H M?@OH?1:#Q )HH OH2B2#Q )H: OH"PR#Q )HJ0MHG OH9!N#Q 2+^.F9 &AE M"XV&HOM0Z"(H@\0$"\!T;NM*:#,+C8:B^U#H#BB#Q 0+P'03: $C8:M^U"- MAJ+W4.C+)X/$!F at _"XV&HOM0Z.DG@\0$"\!T$V@ !(V&N/M0C8:B]U#HIB># MQ 97: $C8:B^U#HYQB#Q 90Z'8G@\0"/0$ = ?W10(@ '24C8:B]U#H7R># MQ )(C9:B]P/"B]C&!P#K)5=H 2-AJ+[4.BL&(/$!E#H.R>#Q (] 0!T"O=% M B =0/I0O^-AJ+W4. at A)X/$ @O =0UHK OH'22#Q )?7LG#:+\+C8:B]U#H M2">#Q 0+P'0&QD;_ .L$QD;_ 8U&[E#HZ >#Q *-1O)0Z! '@\0"C8;F]5!H MX OH3 at 2#Q 10BD;QM !0BD;NM !0BD;OM !0_W;TBD;SM #1X(U6S@/"B]C_ M-XI&\K0 4(I&]K0 T>"-5L #PHO8_S=HP0N-1J)0Z)0E@\04@'[_ '0#Z=L! M_W;XZ$<=@\0"B4;Z:' +_W;ZZ-T9@\0$B4;\C8;F]5!H! SHTP.#Q 10C4:B M4(M>!O]W FCI"_]V_.C4&8/$"HV&YO50:!H,Z*X#@\0$4(M>!O]W F at -#/]V M_.BS&8/$"(V&HO=0:!\,_W;\Z*(9@\0&C8;F]E!H)PS_=OSHD1F#Q :-1J)0 M:#0,_W;\Z($9@\0&@W[L '4#Z8\ ZTJ+7OS_!WTD_PU\"HM="O]%"HH'ZP=7 MZ/H:@\0"BU[\BW<*_T<*B 2T .L?_W;\_PU\"HM="O]%"HH'ZP=7Z-,:@\0" M4.@ 'X/$!/=% B =*^+7OS_!WT1BU[\BW<*_T<*L J(!+0 ZPO_=OQJ"NC6 M'H/$!%?H_P.#Q )7Z- at 5@\0":)P+Z&<)@\0"ZV#K5HM>_/\'?2K_#AX.? R+ M'B at ._P8H#HH'ZPEH'@[H91J#Q *+7OR+=PK_1PJ(!+0 ZR7_=OS_#AX.? R+ M'B at ._P8H#HH'ZPEH'@[H.!J#Q )0Z&4>@\0$]P8@#B =*+_=OSH9!6#Q *- MAJ+W4&@_#. at O'H/$!/]V^HV&HO=0BUX&_W<"BUX&_W<":%$,C89F]E#HQR.# MQ R-AF;V4. at A$X/$ O]V^NBX"(/$ ND: H!^_P%T ^D1 O]V^.AC&X/$ HE& M^FAP"_]V^NCY%X/$!(E&_(V&YO50: 0,Z.\!@\0$4(M>!O]W FAN#/]V_.CT M%X/$"(V&YO50:!H,Z,X!@\0$4(M>!O]W F at -#/]V_.C3%X/$"(V&YO90:"<, M_W;\Z,(7@\0&C4:B4&A[#/]V_.BR%X/$!HV&YO50:!H,Z(P!@\0$4(I&\;0 M4(I&[K0 4(I&[[0 4(I&\K0 4&B%#/]V_.A_%X/$#HV&HO=0:*L,_W;\Z&X7 M@\0&C8;F]5!H[ SH2 &#Q 10:+L,_W;\Z%,7@\0&@W[L '4#Z8\ ZTJ+7OS_ M!WTD_PU\"HM="O]%"HH'ZP=7Z,P8@\0"BU[\BW<*_T<*B 2T .L?_W;\_PU\ M"HM="O]%"HH'ZP=7Z*48@\0"4.C2'(/$!/=% B =*^+7OS_!WT1BU[\BW<* M_T<*L J(!+0 ZPO_=OQJ"NBH'(/$!%?HT0&#Q )7Z*H3@\0":)P+Z#D'@\0" MZV#K5HM>_/\'?2K_#AX.? R+'B at ._P8H#HH'ZPEH'@[H-QB#Q *+7OR+=PK_ M1PJ(!+0 ZR7_=OS_#AX.? R+'B at ._P8H#HH'ZPEH'@[H"AB#Q )0Z#<<@\0$ M]P8@#B =*+_=OSH-A.#Q *-AJ+W4&CR#.@!'(/$!/]V^F@"#8V&9O90Z*HA M@\0&C89F]E#H!!&#Q +_=OKHFP:#Q )?7LG#58OL@>S6 %97:@"-1JI0Z+XL M@\0$BUX&Q@< : T-Z%P8@\0"B4;^H> 0B4;\_W;\:@'_=OZ-1JI0Z#XL@\0( MZ9L :@IH@ #_=@:-1M)0Z 0O@\0(_W8$_W8&Z&TB@\0$.T8&=7 at S]NL*BUX& MB@"(@BK_1HM>!H X.G00BUX&@#@@= B+7@: . !UWL:"*O\ BWX&_W8$Z.LA M@\0" _B-ABK_4.C>(8/$ E#_=@3HU"&#Q ):.]!U&>L!1X ]('0%@#TZ=0R* M!9CWV!O 0 O =.E7_W8&Z%@A@\0$ZQB+7JKW1P:& '0$,\#K XM&J at O = /I M3?^-1JI0Z)R<-5B^R# M[ A6BW8$:@)J &H 5NA;%8/$")F)5OZ)1OQJ &H :@!6Z$<5@\0(QT;Z #' M1O@ .L15FH Z*H:@\0$@T;X 8-6^@"+1OJ+5O@[1OY\Y'4%.U;\R<-5 MB^R#/A0-('4%N $ ZQ.+'A0-T>.+1 at 2)AW(1_P84#3/ 7<-5B^S_=@3HI I9 M7<-5B^Q65[\! (MV"(O&"\!T'C/_ZPZ+WH/& O\WZ+P at 64 #^(,\ '0'BQR M/P!UYD>#?@8 = S_=@;HGR!9!0, _B!_P @<@/I@ "+QP4/ %#H' M9B] + MP'1PBUX$B1>#P@^#XO"+=@B+Q at O ="J#/ !T)>L5B]Z#Q at +_-U+H1@E968O0 MB]K&!P!"@SP = ^+'( _ '7?ZP:+VL8' $*+VL8' $*#?@8 =!J+VL<' 0"# MP at +_=@92Z P)65F+T(O:Q@< 0HO"*\?K C/ 7UY=P at 8 58OLM$,RP(M6!,TA M<@F+7@:)#S/ ZP10Z$X!7<-5B^RT0[ !BU8$BTX&S2%R!#/ ZP10Z#,!7<-5 MB^Q6BW8$M"K-(8A$!(@4B'0!B4P"7EW#58OL5HMV!+0LS2&(+(A, 8AT HA4 M UY=P\-5B^Q6BW8("_9U'NL._PX4#8L>% W1X_^77<(& %6+[#/ 4%#_ M=@3HIO]=PU6+[+@! % SP%#_=@3HE/]=PS/ 4+@! % SP%#HA?_#N $ 4% S MP%#H>?_#58OL5HMV!+0JS2&)#(E4 EY=PU6+[%:+=@2T+,TAB0R)5 )>7<.X M #?-(8K"M ##58OLN $WBE8$S2%=PU6+[%:+=@0+]GP5 at _Y8?@.^5P")-HX/ MBH20#YB+\.L-]]Z#_B-_Z<<&C at ___XDVE "X__]>7<(" %6+[%:+=@16Z+S_ MB\9>7<(" %6+[+@ 1(M>!,TADB6 %W#58OL@^PB5E<&BWX*'@>+7 at B#^R1W M6(#[ G)3BT8,BTX."\E]$8!^!@!T"\8%+4?WV??8@]D C7;>XP^1*]+W\Y'W M\X at 41N,)Z_$KTO?SB!1&"\!U]8U.WO?9 \[\3HH$+ IS! 0ZZP,"1 at 2JXN^P M *H'BT8*7UZ+Y5W"# !5B^PSP%#_=@;_=@2X"@!0L !0L&%0Z&K_7<($ %6+ M[(M>!-'C@:=@#__]M$**1 at J+7@2+3 at B+5@;-(7("ZP50Z.3^F5W#58OL5HMV M"(M6!@OV=0.^LA'_=@0+TG4%N.H/ZP*+PE!6Z($&65E0Z)#_N.X/4%;HRQQ9 M68O&7EW"!@!5B^R#[ )65XMV!HM^!%8SP%"#/?]U!;@" .L#N $ 06+!5#H MGO^+\(U&_E!6Z$7]65D+P'37B\9?7HOE7<($ %6+[(/L J'T#XE&_HM&!*/T M#XM&_HOE7<-5B^R#[ )6BW8$"_9T!(O&ZP.X 0"+\.L$_Q;T#U;HF =9B4;^ M"\!U!X,^] \ =>F+1OY>B^5=PU6+[%97'L5V!,1^"/S1Z?.E$\GSI!]?7EW" M" !5B^R+7 at 31X_>'8 \" '0&N 4 4.L2M#^+7 at 2+3@B+5@;-(7("ZP10Z,W] M7<.Z!0 [%EX/#W+5H"(.F%#HVOU9"\!U!H$F( [__;@ E#W!B . )T!;@! .L" M,\!0,\!0N!X.4.A9&H/$"* R#IA0Z*;]60O =0:!)C .__VX )0]P8P#@ " M= 6X @#K C/ 4#/ 4+ at N#E#H)1J#Q C#58OLN $ 4#/ 4%#_=@3H$_Z#Q A= MPU6+[+1!BU8$S2%R!#/ ZP10Z 3]7<.*QN@" (K"U!"&X.@" (;@!) G%$ G MJL-5B^R![)8 5E?'1NX ,=&[% QT;J #K1E>Y__\RP/*N]]%)7\,VB 5' M_D[L=2]345(&C89J_ROXC89J_U!7_W8(_U8*"\!U!<=&Z@$ QT;L4 !?NZ- MOFK_!UI96\,&_(V^:O^)?OR+?OR+=@:L"L!T$CPE=!$VB 5'_D[L?^[HK/_K MZ>G5 XEV\*P\)73GB7[\,\F)3O*)3OZ(3O7'1OC__\=&]O__ZP&L,N2+T(O8 M at .L@@/M@N3Z3,#BWX$-HL%@T8$ H#] G,2"\!Y!O?8 at T[^ HE&^+4# MZ6__@/T$==>)1O;^Q>EB_X#]!'/*M03_1O;I5?^2+#"8@/T"=QFU H=&^ O M?-'1X(O0T>#1X /" 4;XZ3/_@/T$=9N'1O8+P'2UT>"+T-'@T> #P@%&]ND7 M_X-._A#I9?^!3OX 8-F_N_I6?^W".L*MPKK"K<0L^D"VL9&]0"(5OLSTHA6 M^HM^!#:+!>L0MPK&1OH!B%;[BWX$-HL%F4='B78&]T;^$ !T!3:+%4='B7X$ MC7Z["\!U#0O2=0F#?O8 =0?I:/Z#3OX$4E!7BL>84(I&^E!3Z#+[%@>+5O8+ MTGT#Z?( Z?T B%;[B78&C7ZZBUX$-O\W0T.)7 at 3W1OX@ '00-HL70T.)7 at 06 M!^B=_; ZJA8'6NB4_3;&!0#&1OH @V;^^XU.NBOYA\^+5O8[T7\"B]'IGP") M=@:(5ON+?@0VBP6#1 at 0"%@>-?KLRY#:)!;D! .G" (EV!HA6^XM^!/=&_B M=0TVBSV#1 at 0"'@<+_^L+-L0]@T8$!(S "\=U!1X'O_@/Z%7].T[V=@.+3O;I MA0")=@:(5ON+?@2+3O8+R7T#N08 5U&-7KM34K@! "-&_E"+1OZI %T";@( M (-&! KK!X-&! BX!@!0Z/($%@>-?KOW1OX( '08BU;X"])^$>CW_": /2UU M 4DKT7X#B5;R)H ]+70+BD;U"L!T%$\FB 6#?O( ?@J+3O8+R7T#_T[RZ,7\ MB_>+?OR+7OBX!0 C1OX]!0!U$XIF^X#\;W4- at W[R '\%QT;R 0#K&X#\>'0% M@/Q8=1OY 2TN#;O("?07'1O( -.\O=&_@( =0SK!K @Z'[\2SO9?_;W M1OY '0+L##H;?R*1OOH9_R+5O(+TGXG*\HKVB:*!#PM= @\('0$/"MU!R:L MZ$C\24N'RN,'L##H/?SB^8?*XQ(KV2:L-H@%1_Y.['\#Z##\XO +VWX)B\NP M(.@:_.+YZ5K\B78&BWX$]T;^( !U"S:+/8-&! (>!^L'-L0]@T8$!+A0 "I& M[ -&[B:)!?=&_A = ='1R;'!0 Z1O\BW;PBW[\L"7HSONL"L!U^(!^[%!] M ^C)^P>#?NH = 6X___K XM&[E]>B^5=P@@ F!*"$LT2C1+[$@@31A--$U(3 MMA)[$UD371-A$]43 at A0E%$44Q!4 %@ 6 !:H$JX258OL5E>+?@3_=@;H!A=9 MB_! 4/]V!E?HJPV#Q :+QP/&7UY=PU6+[(M&!(O4@>H CO"

CG SP.L) MQP:4 @ N/__7<-5B^R+1 at 2+5@8#!IP @]( B\@+TG40@<$ G(*.\QS!H<& MG #K"<<&E ( +C__UW#58OL_W8$Z*3_65W#58OLBT8$F5)0Z+?_65E=P[I@ M$.L#NF40N04 M$"[ @#-(;DG +IJ$+1 S2'I9>M5B^R+5 at BT1(I&!HM>!(M. M"LTA<@R#?@8 =02+PNL&ZP10Z&3W7<-65XOTBUP&@^L$<@X['I00= 7H0@#K M ^@# %]>PSD>DA!T(XMW O8$ 70&B3:4$.L at .S:2$'0-B][H5 "+1P*CE!#K M#8O>,\"CDA"CE!"CEA!3Z/;^6\/_#SL>DA!T&(MW HL$J %U#P,'B02+/P/[ MB74"B][K ^@R (L_ _N+!:@!= '# 0>+]P/PB5P"B]^+?P8[WW0.B3Z6$(MW M!(EU!(E\!L/'!I80 ##BS:6$ OV=!"+? :)7 :)702)?P:)=P3#B1Z6$(E? M!(E?!L-65XOTBT0&"\!T4 at 4% '(V)?[_/0@ AK M__\'B\,%! !?7L-0,\!04. at V_EM;)0$ = DSTE)0Z"C^6UM84#/;4U#H'?Y; M6SW__W04B]B)'I(0B1Z4$%A B0>#PP2+P\-;,\##4#/;4U#H]OU;6SW__W06 MB]BAE!")1P*)'I006$")!X/#!(O#PU at SP,,I!XOS S>+_@/X0(D$B5P"B74" M@\8$B\;#B^Q34%%0Z!7_6XO8"\!T'QX'_(OXBW;^BPR#Q at 16@^D%T>GSI8E& M_N at D_EN+7OZ#Q ;#B\*#P@@[T7 MM1F)-J(0B3ZD$/R.!I OH ,N0FK$",Q8?6DXLVB@!&1KD! ( ^D@ # /")U JQ)"_;#Z0?H60/*+HX>M1F) M'I at 00P/;B_2+["OK+#HH 4>@W_5F+ M^ O ="(>'@>.'HP ,_;\\Z0?B_@&_S:. . at 9_5N+V >CIA +P'4#Z7KG,\"Y M__^ /0!T#(D_@\,"\JXF. 5U](D'7UZAIA"CB ## %6+[(/L+E8>5P86 M!XM&"(S:"\!T!K$$T^@#PHE&\HMV!HEV](Q>]K@!*8U^THE^^(Q&^D;-(8H$ M/"!T"SP)= <\#70#1NOON $IC7[BB7[\C$;^S2$&C@:0 (MV!+^ +E_ /RL MA,!T!:KB^+ J@=5'HU>\HX>D "Z@ "X $LV_S8N #;_-C +HP6(1LNB28? M&\TA^BZ.%B$;+HLF'QO[-H\&, VCP8N !]=LJBD;^ M!/Z(!$;H%/*(!$:XN!!05NCD^5E9B_!74.C;^5E9B_#&! U&*W;^_S:F$/]V M^HU&_%#H^^^+^ O =1#'!I0 " !6Z(SZ6;C__^LK_Q88#E=6_W;ZZ&/^@\0& MB4;X_W;\Z&[Z65;H:?I9 at W[X_W4%N/__ZP(SP%]>B^5=PU6+[#/ 4/]V!. at E M %E9B]"#^O]T&O=&!@( = ;WP@$ =00SP.L)QP:4 4 N/__7<-5B^R+3 at BT M0XI&!HM6!,TA<@.1ZP10Z&WQ7<-5B^R+5 at 0[%EX/<@FX!@!0Z%CQZP^+VM'C MQX=@#P 4N@# %E=PU6+[+0^BUX$S2%R#-'CQX=@#P ,\#K!%#H*?%=PU6+ M[(/L!(M&!#L&7@]R!K@& %#K6XM>!-'C]X=@#P "= 6X 0#K3+@ 1(M>!,TA M+?@2^__\Y?0YU7X-] M!@!T'(,] 'T)5^A6 %D+P'5+]T4"! !T!_]U".@=^5F ?00 ? N*10284.@% M_UF+\,=% @ QT4& #'!0 QD4$_X-]# !T%#/ 4%#_=0SH:O%0Z"_S6<=% M# B\9?7EW#58OL5E>+?@0+_W4%Z,X ZV8Y?0YT!;C__^M>@ST ?"GW10(( M '4*B\<%!0 Y10IU1L<% "+QP4% #E%"G4XBT4(B44*ZS#K+HM%!@,%0(OP M*350BT4(B44*4(I%!)A0Z%8/@\0&.\9T#?=% @ "=0:#30(0ZY\SP%]>7<-5 MB^Q65S/2BWX$ZP.(%4>#^@IT)O].!GXABUX(_P]\#(MW"O]'"HH$M #K!_]V M".B8 UF+T#W__W72 at _K_=0D[?@1U!#/ ZQ3&!0"+7 at CW1P(0 '0$,\#K XM& M!%]>7<-5B^R#[ )65\=&_@ BSY>#[X>#NL2]T0" P!T"%;H O]9_T;^@\80 MB\=/"\!UYXM&_E]>B^5=PU6+[(/L E97BW8(QT;^ "+WD:*#XK!/')U"+H! M +\! .L@@/EW=06Z @/K"(#Y874-N@()QT;^@ "_ @#K!#/ ZVF*#$: ^2MT M#X \*W4?@/ET= 6 ^6)U%8#Y*W4"B at R#XOR#R at 3'1OZ ;\# (#Y='4&@ M!(M&_HD'B\=?7HOE7<(& %6+[(/L!%:+=@K_=@:-1OY0C4;\4. at T_XE$ @O M="" ? 0 ?2?_=OR+1OX+1 at 10_W8(Z,T$@\0&B$0$"L!]#<9$!/_'1 ( #/ MZT&*1 284.AI[ED+P'0%@4P" *X )0]T0" )T!;@! .L",\!0,\!05NCM M"H/$" O = =6Z#_]6>O"QT0, "+QEZ+Y5W"" !6OAX.@'P$ 'P3H5X/L033 MX 4>#HO6@\80.\)WYX!\! !\!#/ ZP*+QE[#58OLZ,__B] +P'4$,\#K#5+_ M=@3_=@8SP%#H)/]=PU6+[+ at I*%#_=@3_=@:-1 at A0Z);P7<-5B^Q65XMV!(,\ M 'T*BU0& Q1"B_KK"XL$F3/"*\*+T(OX]T0"0 !U+(M,"H,\ 'T=ZPE)B]F M/PIU 4>+PDH+P'7PZQ"+V4& /PIU 4>+PDH+P'7PB\=?7EW" @!5B^Q65XMV M!(M^"E;HU_Q9"\!T!;C__^M'@_\!=1"#/ !^"U;H?/^9*48&&58(@60"7_[' M! BT0(B40*5_]V"/]V!HI$!)A0Z,OM@\0(@_K_=0H]__]U!;C__^L",\!? M7EW#58OL@^P$5HMV!(I$!)A0Z'WO68E6_HE&_(/Z_W4%/?__=!V#/ !]#5;H M$_^9 4;\$5;^ZPM6Z ;_F2E&_!E6_HM6_HM&_%Z+Y5W#5E>_% "^'@[K$XM$ M B4 ST W4%5N@>_%F#QA"+QT\+P'7F7U[#58OL5HMV!/=$ @ "= /HR/__ M= :+1 B)1 I0BD0$F%#H4 B#Q :)! O ?@B#9 +?,\#K'H,\ '4.BT0")7_^ M#2 B40"ZPC'! @TP"$+C__UY=P@( 58OL5HMV!/\$5N@$ %E>7<-5B^Q6 MBW8$"_9U!KC__^F7 (,\ 'X-_PR+7 K_1 J*!^F# (,\ 'Q4]T0"$ %U3?=$ M @$ =$:!3 * (-\!@!T#%;H4_\+P'3-Z\#KR?=$ @ "= /H&O^X 0!0N, 1 M4(I$!)A0Z*0'@\0&"\!U(XI$!)A0Z$;Z63T! '0&@TP"$.N)BT0")7_^#2 MB40"Z7K_@#[ $0UU!_=$ D =*Z#9 +?H, 1M !>7<.X'@Y0Z$[_6<-5B^R# M[ )65XM^!!X'"_]T&K BB6Y___\\J[WT4ET"XL^IA +_XE^_G4+,\#K*H-& M_@*+?OZ+/0O_=.^*!0K =.DZX'7IB]F .3UUXHMV!/.FA\MUV4>+QU]>B^5= MPU6+[%97BWX$B_?K X at 41O\.'@Y\#HL>* [_!B at .B@>T .L(N!X.4.BR_EF+ MT#W__W0%@_H*==6#^O]U"#OW=00SP.L1Q at 0 ]P8@#A = 0SP.L"B\=?7EW# M58OL5E<>!XM^!(MV!HM."-'I_/.EB^5=PU6+[(M. M!+0\BU8&S2%R NL$4.B&Z5W"! !5B^R+7 at 0KR2O2M$#-(5W" @!5B^R#[ 16 M5XMV!HM^"/?& ,!U"*&(#R4 P OP,\!0_W8$Z,7W65F)1O[WQ@ !='@C/HH/ MB\>I@ %U![@! %#H+NF#?O[_=2.#/HX/ G0*_S:.#^@:Z>GM /?'@ !T!#/ MZP.X 0")1O[K#/?& 1T-[A0 %#KW/?&\ !T&?]V!#/ 4.A/_XOX"\!] ^FU M %?HF/=9ZQ+_=@3_=O[H-O^+^ O ?6SIG !6_W8$Z)T 65F+^ O ?%HSP%!7 MZ"GQ65F)1ORI@ !T'H'. "#WQ@" =!XE_P -( !0N $ 4%?H!O&#Q ;K"O?& M )T!%?H_O[W1OX! '0:]\8 704]\;P '0.N $ 4%#_=@3HW/:#Q 8+_WPO M]\8 W0%N 0ZP(SP(O6@>+_^ O04O=&_@$ = 0SP.L#N !6 at O0B]_1XXF7 M8 ^+QU]>B^5=PU6+[(/L K !BTX&]\$" '4*L +WP00 =0*P (M6!+'P(DX& M"L&T/+Y5W#58OL MN"DH4+ at N#E#_=@2-1 at 90Z-CJ7<-5B^Q6BW8&_PQ6BD8$F%#H!0!965Y=PU6+ M[%97BWX&BD8$HL(1 at SW_?3K_!8M="O]%"H@']T4"" !U ^GU ( ^PA$*= J M/L(1#70#Z>0 5^@R]UD+P'4#Z=@ N/__Z=< Z<\ ]T4"D !U!_=% @( =0:# M30(0Z^.!30( 8-]!@!T18,] '0)5^CY]ED+P'7*BT4&]]B)!8M="O]%"J#" M$8@']T4"" !U ^F& ( ^PA$*= > /L(1#75X5^C&]ED+P'1OZY7K:XI%!)C1 MX(O8]X=@#P (=!.X @!0,\!04(I%!)A0Z,[G@\0(@#["$0IU'_=% D =1BX M 0!0N,004(I%!)A0Z#D'@\0&/0$ =1BX 0!0N,(14(I%!)A0Z"$'@\0&/0$ M= KW10( G4#Z3__H,(1M !?7EW#58OLN"X.4/]V!.C._EE97<-5B^R#[ )6 M5XM^!(M&!HE&_O=% @@ ="GK&E>+7 at C_1@B*!YA0Z*+^65D]__]U!3/ Z54! MBT8&_TX&"\!UW.E% ?=% D =0/IWP"#?08 =0/IF "+108[1 at 9S3X,] '0) M5^C3]5D+P'7%BD4$F-'@B]CWAV / AT$[@" % SP%!0BD4$F%#HW^:#Q C_ M=@;_=@B*10284.A:!H/$!CM&!G(#Z> ZX?IVP"+!0-&!GP;@ST =0JX__\K M10:)!>L,5^AS]5D+P'0#Z6+__W8&_W8(_W4*Z"/[@\0&BP4#1@:)!8M&!@%% M"NF: (I%!)C1X(O8]X=@#P (=!.X @!0,\!04(I%!)A0Z%WF@\0(_W8&_W8( MBD4$F%#HV 6#Q 8[1 at 9S8>D'_^M<@WT& '0]ZR__!7T4BUT*_T4*BW8(_T8( MB at 2(![0 ZP]7BUX(_T8(B@=0Z%S]65D]__]U ^G._HM&!O].!@O =F+V8 Y/77B MBW8$\Z:'RW79BW[^BT8$B07K0XM>_BL>IA"#PP(['HX #PPA3Z,#M68OX M'@<+_W2CAPZ. %&+-J80\Z2'!J804.C5[(/$ EN+/J80BT8$AT'^B0$SP%]> MB^5=PU6+[%97BW8$"_9U!#/ ZS-6Z.,"68OX5E"X+ at Y0Z(S].\=T!;C__^L: MN"X.4+@* %#H0OQ963T* '0%N/__ZP.X"@!?7EW#58OL@^P$5E>+1 at 0[!EX/ M<@JX!@!0Z,#CZ:< BT8(0#T" '(-BUX$T>/WAV / )T!3/ Z8P _W8(_W8& M_W8$Z)[E@\0&B4;^0#T" '(-BUX$T>/WAV / $!U!8M&_NMBBT[^BW8&'@>+ M_HO>_*P\&G0M/ UT!:KB].LL at 4[@! %#WV1O 4%'_=@3H'N2#Q B+7 at 31XX&/8 \ ELK^Y=? M7HOE7+?@:+=@17_W8( M_S3HN/>#Q 8!/(L!,8' +A9+%"-1 at 10_W8&_W8(Z/SD7<-5B^Q65_R+?@0> M!XO7,L"Y___RKHUU_XM^!KG___*N]]$K^8?W]\8! '0"I$G1Z?.E M7<-5B^Q65XS8CL#\,\"+V(M^!HOW,L"Y___RKO?1B_Z+=@3SIHI$_XI=_RO# M7UY=PU6+[%97'@?\BWX&B_7<-5B^R#[ )6 M5XMV!%;H(P!90(E&_E#HK^I9B_ at +P'0+_W;^5E#HO/:#Q :+QU]>B^5=PU6+ M[%>,V([ BWX$,\#\N?__\JZ1]]!(7UW#58OL5E>,V([ _(M^!HOW,L"+7 at B+ MR_*N*]F+?@2'R_.DB\OSJHM&!%]>7<-5B^Q65XM>!HH'F O =06+1 at 3K2!X' M_(M^!(O?,\"Y___RKO?1A\J+?@:+[S/ N?__\JY!]]&+]:R'^X?*\JZ+WW4$ M.\IS!;L! .L-A\KC"8O!2?.FB\AUW8O#2%]>7<-5B^R![(@ 5E>+?@2+=@8[ M/EX/<@JX!@!0Z&;@Z=\ BT8(0#T" ',%,\#IT0"+W]'C]X=@#P (= ^X @!0 M,\!04%?H,^&#Q B+W]'C]X=@#P! =0[_=@A65^BH (/$!NF< (O?T>.!IV / M__V)=OJ+1 at B)1O[K3?]._HM>^O]&^HH'B$;]/ IU!,8$#4:*1OV(!$:-AGC_ MB]8KT('Z@ !\)ROP5E!7Z%L @\0&B] [QG02 at _K_=06X___K/8M&""M&_NLQ MC;9X_X-^_@!UJ8V&>/\K\(O&"\!V(5:-AGC_4%?H( "#Q :+T#O&= Z#^O]T MQ8M&" /"*\;K XM&"%]>B^5=PU6+[(M>!-'C]X=@#P$ = :X!0!0ZQ^T0(M> M!(M."(M6!LTA<@]0BUX$T>.!CV / !!8ZP10Z$;?7 M#W,6]T0" P!T!5;H>>Y9@\801SL^7@]RZE]>PU97OP0 OAX.ZQ#W1 (# '0% M5NC+[EE/@\80"_]U[%]>PU6+[(/L E97BW8$@WP6_W4%QT0: "#?!H =00S MP.M1,_^#? P = B+1 PK1 KK C/ "\!T&KC__U!6BQS_5PQ963W__W4%N $ MZP(SP(OX_W06Z#GM68E&_L=$%O__QT0: "+QPM&_G0$,\#K HO&7UZ+Y5W# M58OL5E>+=@0+]G4.N"0 4. at DX%F+\ O =&E6Z"X+6<<$RA#'1!;__\=$& MQT0: #'1!X ,=$' N 0"4.CTWUF+^ O_=#FX 0!0B\<%! )05U;HL R# MQ B+QP4$ %"+QP4$ %!6Z#X-@\0&B\<%! !0B\<%! !05U;H[@R#Q B+QE]> M7<-5B^Q65XMV!(M^!@OV=#''!.(0 at WP8 '0'5NCC_EGK#+C__U!6BQS_5PQ9 M63/ 4%;HZ M96??' 0!T!5;HK-M97UY=PU6+[(/L E97BWX$@WT: '0+BT48 M)0, /0$ =0:X___IU "#?00 =0:#?08 =2J#?@;_=0/IO "*1@:(1O^X 0!0 MC4;_4/]U%N at G_H/$!CT! '4#Z9T Z\2#?0P = B+10PK10KK C/ B_ +]G01 M4/]U"O]U%NCZ_8/$!CO&=9V+10 at K108]" !^!;@$ .L#N $ B4;^BW4&BT4( M*T4&B]8#T%*+Q at -&_E!7Z# ,@\0&B\8#1OY0B\8#1OY05E?HX N#Q B#?@;_ M="F+5@:+10P[10YR#XK"M !05XL=_U<,65GK#(M=#/]%#(K"B >T /]%$K@! M %]>B^5=PU6+[(/L E97BW8$BWX(@WP: '4$"_]U!3/ Z>P ]\<" '0K]\ MB40<@WP>_W4)@WP<_W4#Z5G_BWP&"_]T%8M$""M$!CT( 'X%N 0 ZP.X 0#K M C/ B4;^B\<#1OY0B\<#1OY05NCQ"H/$!HO' T;^4(O' T;^4%=6Z*$*@\0( MB\9?7HOE7<-5B^R#[ )65XMV!(M^!HM6"(-\&@!T"H-\!@!T!#/ ZUP+_W06 M"])^$H/Z"'X%N 0 ZP.X 0")1O[K"3/ B4;^B] S_S/ 4(O' \)05U;HX F# MQ B+QP-&_E"+QP-&_E!6Z&X*@\0&B\<#1OY0B\<#1OY05U;H'@J#Q B+QE]> MB^5=PU6+[(/L"%97BW8$BT8(BU8&B4;^B5;\@WP, '0(BT0,*T0*ZP(SP(OX M"_]T&E#_= K_=!;HK?N#Q 8[QW1,NO__N/__Z=H @WX* 74]BT04.T02=@4K M1!+K C/ B_ at +P'0HF2E&_!E6_O=$&( =1J+5!+K$(O:0H _"G4(@V[\ 8-> M_@ Y5!1UZX-^"@!U!#/ ZPZ#?@H!=06X 0#K [@" (E&^E#_=O[_=OS_=!;H M;-N#Q B)5!Z)1!R#? 0 =4:#? 8 =$"+1 @K1 8]" !^!;@$ .L#N $ B4;X MBWP&B\<#1OA0B\<#1OA05NA?"8/$!HO' T;X4(O' T;X4%=6Z \)@\0(@WP> M_W4. at WP<_W4(NO__N/__ZP:+5!Z+1!Q?7HOE7<-5B^Q6BW8$@WP, '0(BT0, M*T0*ZP(SP O =!:X__]05HL<_U<,65D]__]U:+C__^MEBT04.T02=@4K1!+K M C/ "\!T4+@! %"+1!0[1!)V!2M$$NL",\#WV)E24/]T%NB5VH/$"(E4'HE$ M'/]T$O]T$O]T$%;H= B#Q C_=!+_=!)6Z*,(@\0&@WP>_W4&@WP<_W28,\!> M7<-5B^R#[ 965XMV!(-\&@!T"XM$&"4# #T" '4&N/__Z2#Q B+1OH#1OQ0BT;Z T;\ M4%;HJP>#Q 8+_W12BUP2B@>T (E&_NM&N $ 4(O&!2( 4/]T%NA1]8/$!HOX M at ___=0O'1O[__S/ 4%#K&8I$(K0 B4;^B\8%(P!0B\8%(@!0B\8%(@!05N at 9 M!X/$" O_=07'1O[__XM&_E]>B^5=PU6+[%:+=@2+Q at 4$ %#H#_E9"\!T"C/ M4/\TZ-D'ZPFX @!0_S3HE at A965Y=PU6+[%97BW8$BWX&"_9U#KA* %#HBME9 MB_ +P'0W"_]U$8O&!2@ B02+Q at 4H %#HS =9QT0"^!"+',<'^A"+Q at 4$ %#H M(_E9B\8%! !0_S3H 0A968O&7UY=PXO<-H-' MCI !5B^Q65XMV!(M^!@OV M=#G'1 +\$(L+=@2+?@8+]G4.N% 4.AZ MV%F+\ O =$8+_W49B\8%+@")!(O&!2X B40HB\8%+@!0Z+0&6;@! %!6Z*[^ M65FX 0!0B\8%* !0Z)D 65G'1 ( $<=$*@(1BQS'!P01B\9?7EW#B]PV at T<" MTND* (O<-H-' MCI !5B^Q65XMV!(M^!@OV=$;'1 (&$<=$*@@1BQS'!PH1 M,\!0B\8%* !0Z \!65DSP%!6Z*/^65GWQP( = XSP%"+Q at 4N %#H3P996??' M 0!T!5;H_--97UY=PXO<-H-' M+IG?^+W#:#1P+8Z9/_58OL5E>+=@2+?@8+ M]G4.N"@ 4.B0UUF+\ O ="4+_W41B\8%!@")!(O&!08 4.C2!5G'1 (,$8L< MQP<.$<=$! B\9?7EW#B]PV at T<"^NE[ %6+[%97BW8$BWX&QT0$ "+'(-_ M!@!T!#/ ZUN+'(-_! !T, at O_="6+7P*+1Q2+'(M? CM'$G8/BQR+7P*+'(M? M BM'$NL",\ [QWT)BQS_=P3HN@%9"_]U#HL<]T<( %T!5;H6P!9BQR#?P8 M=06X 0#K C/ 7UY=PU6+[%97BW8$BWX&"_9T*L=$ A 1BQS'!Q(1]\<" '0. M,\!0B\8%!@!0Z#$%65GWQP$ = 56Z-[265]>7<.+W#:#1P+ZZ;G_58OL5E>+ M=@3K+8L+=@2+?@:X 0!05NBA_EE9"\!U ^F< (E^_L=&_ ZSS_1 2+'(M? HM' M$HLL(BQR+7P+_1Q**1 at J8.T;\=$&* M1OR(!4?_3 at A^-HL+?@2+110[11)V!2M%$NL",\")1OR#?OP ?BE0_W42 M_W8&Z#_H@\0&BT;\ 48&B4;Z 442ZPZ+7@:*1OZ(!_]&!O]&_(M&_#M&"'TK MBT42.T44B^5=PU6+[(/L!%97BWX$BT4.*T4,B4;^@W[^ 'X>4/]V!O]U#.C YX/$ M!HM&_@%&!HE&_ %%#.L#_T;^BT;^.T8(?3.+7@;_1@:*!YB+T(M%##M%#G(/ MBL*T %!7BQW_5PQ96>L,BUT,_T4,BL*(![0 /?__=<*+1OY?7HOE7<-5B^Q6 M5XMV!(M^!@OV=!S'!"H1 at WP" '0'_W0&Z+'/6??' 0!T!5;HIL]97UY=PU6+ M[(M&!+C__UW#58OLBT8$N/__7<-5B^Q6BW8$BU8&,\!0B\(#1 at A04E;H" "# MQ B+QEY=PU6+[%97BW8$BWX&@WP" '02 at WP& '0,.7P&= ?_= ;H2<]9B7P& M"_]T$(-^" !T"CE^"'(%BT8(ZP*+QXE$" O_=06X 0#K C/ B40$@WX* '0) M"_]T!;@! .L",\")1 )?7EW#58OL5HMV!(M>!HM6"(M."@O2= @+VW0$B\/K M HO"B400B502"])T# O)= @[RG($B\'K HO"B4047EW#58OL5HMV!(M6!HM. M"(O"B40,B40*"])T# O)= @[RG($B\'K HO"B40.7EW#58OLBT8$NO__N/__ M7<-5B^Q6BW8$_W8*,\!0_W8(_W8&5HL<_U<.@\0*7EW#58OL5HMV!(M$%#M$ M$G8%*T02ZP(SP O =1B#? P = B+1 PK1 KK C/ "\!U!#/ ZP.X__]>7<-5 MB^Q6BW8$BT04.T02=@F+7!**![0 ZPF+1!2)1!*X__]>7<-5B^Q6BW8$BT8& M)?\ BU0&@>* O"B40&BT0()0#_"T0&B40(BT0*)0#_"T0&B40*7EW#58OL M5HMV! OV=0ZX(@!0Z)'168OP"\!T"<<$0!''1!X (O&7EW#58OL5E>+=@2+ M?@8+]G07<-5B^Q6BW8$ MQT0@ SP(E$"HE$!L=$" !QT0. #'1 P! #/ B402B400QT04( #'1 0 M (M&!HE$ EY=PU6+[%:+=@2+5@:+PB7_ E$!HO")?_\"40(B\(E__T)1 I> M7<, $)O7)I9VAT(#$Y.3$@ M0F]R;&%N9"!);G1L+@!.=6QL('!O:6YT97(@87-S:6=N;65N= T*1&EV:61E M(&5R6UO=7, at 4F5M86EL:6YG(%-E#@ M M M M M !0 6 "8 )@!* "H M ! __\ !," @0%!@@( M"!05!1/_%@41 O________________\%!?____________________\/_R," M_P______$___ @(%#P+___\3__________\C_____R/_$_\ 5$U0 "XD)"0 M ! H;G5L;"D !04 105%!04% ( % ,$% D%!04%!04%!044%!04%!04 M%!04% \7#P at 4%!0'%!84%!04%!04%!0-%!04%!04%!04%! *#P\/" H4% 84 M$@L.%!01% P4% T4%!04%!04 '!R:6YT('-C86YF(#H at 9FQO871I;F<@<&]I M;G0 at 9F]R;6%T Message-ID: <9404291740.AA08624@toad.com> [...] >I just purchased Bruce Schneier's _Applied Cryptography_ (John Wiley & Sons, >1994; ISBN # 0-471-59756-2; $49.95). Worth every cent I paid for it. It >covers every single possible aspect of computer information security -- [...] Saw it on a bookshelf here, yesterday, for AUS$86.00. Next to it was anoher book on Cryptography, for $97.95 by "Rhee", I didn't have pen/paper to get the details down, but it was hardback and seemed to be a good compliement to "Applied Cryptography" as it delt (almost purely from a quick browse) with the theroies and mathematics of it, rather than giving C source code for bits and pieces. Are either of these worth their weight in gold ? (so to speak) From hayden at krypton.mankato.msus.edu Fri Apr 29 10:41:57 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 29 Apr 94 10:41:57 PDT Subject: not a geek ;-) In-Reply-To: Message-ID: nOn Fri, 29 Apr 1994 rishab at dxm.ernet.in wrote: > I object ;-) > True, I might have geeky tendencies, and might be one if I had the time; however > though I do program in assembly on occasion, I am a technology consultant, and > write 5 columns a month, for India's #1 computer magazine, and for a major > newspaper. Please note, a geek encompasses so much more than that. Finger me for information :-) ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From f_griffith at ccsvax.sfasu.edu Fri Apr 29 11:10:16 1994 From: f_griffith at ccsvax.sfasu.edu (f_griffith at ccsvax.sfasu.edu) Date: Fri, 29 Apr 94 11:10:16 PDT Subject: PGP ban rumor - any truth? Message-ID: <9404291810.AA08811@toad.com> Thanks for your good response. I forwarded it to Libernet, where the original posting cme from. From nelson at crynwr.com Fri Apr 29 11:13:04 1994 From: nelson at crynwr.com (Russell Nelson) Date: Fri, 29 Apr 94 11:13:04 PDT Subject: spooks on cypherpunks In-Reply-To: Message-ID: Date: Thu, 28 Apr 1994 18:04:48 -1000 (HST) From: NetSurfer On Thu, 28 Apr 1994, Russell Nelson wrote: > Sorry, but this is no help. It's impossible to distinguish Agents > Provocateur from merely incompetent people. You need to deal with the > latter, and so the former fall out in the wash. I contest and resent either incorrect nametag. I didn't mean *you*. Cut back on the caffine. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From ebrandt at jarthur.cs.hmc.edu Fri Apr 29 13:23:01 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Fri, 29 Apr 94 13:23:01 PDT Subject: Random #'s via CD-ROM? In-Reply-To: <9404291108.AA21168@snark.imsi.com> Message-ID: <9404292022.AA09530@toad.com> > How do you pick the random section in the first place? Oh, I see, we > use a random number generator! Every PRNG needs to be seeded somehow. I was thinking he meant to start the process with a secret key. The main problem I see (assuming you hash the blocks down to get decent random data) is that CD-ROMs aren't all that big. (The vast majority of CD-ROM drives, by the way, cannot make a bit-for-bit copy of audio CD's. The record industry was unhappy with this idea.) Eli ebrandt at hmc.edu From nelson at crynwr.com Fri Apr 29 13:27:18 1994 From: nelson at crynwr.com (Russell Nelson) Date: Fri, 29 Apr 94 13:27:18 PDT Subject: Random #'s via serial port dongle? Message-ID: Date: Fri, 29 Apr 1994 07:08:19 -0400 From: "Perry E. Metzger" How do you pick the random section in the first place? Oh, I see, we use a random number generator! This has probably been discussed before, but has anyone built a little device that amplifies the white noise from a transistor junction, and converts it into serial data? You could easily build a self-powered dongle that sits on an RS-232 port and continuously spits out truly random bytes. I could probably sell them for $25 if I could sell more than a hundred of them. Is there a market for true random number generators? -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From cpsr at cpsr.org Fri Apr 29 14:15:09 1994 From: cpsr at cpsr.org (CPSR National Office) Date: Fri, 29 Apr 94 14:15:09 PDT Subject: Clipper Petition Delivered to White House Message-ID: <9404291712.AA07900@Hacker2.cpsr.digex.net> CPSR PRESS RELEASE Computer Professionals for Social Responsibility P.O. Box 717 Palo Alto, CA 94301 415-322-3778 (voice) 415-322-4748 (fax) cpsr at cpsr.org "CLIPPER" PETITION DELIVERED TO WHITE HOUSE COMPUTER USERS CALL ON ADMINISTRATION TO DROP ENCODING PLAN NEW PRIVACY CENTER ESTABLISHED Washington, DC -- A national public interest organization today delivered to the White House a petition asking for withdrawal of the controversial Clipper cryptography proposal. The Clipper plan would provide government agents with copies of the keys used to encoded electronic messages. The petition was signed by more than 47,000 users of the nation's data highway. The petition drive occurred entirely across the Internet. It is the largest electronic petition to date. Earlier this year, the White House announced support for the Clipper proposal. But the plan has received almost unanimous criticism from the public. A Time/CNN found that 80% of the American public opposed Clipper. Computer Professionals for Social Responsibility began the petition drive in January. In the letter addressed to the President, the organization said that if Clipper goes forward, "privacy protection will be diminished, innovation will be slowed, government accountability will be lessened, and the openness necessary to ensure the successful development of the nation's communications infrastructure will be threatened." The petition asks for the withdrawal of Clipper. It is signed by many of the nation's leading cryptographers including Whitfield Diffie, Martin Hellman, and Ronald Rivest. Users from nearly 3,000 different sites across the Internet are represented. Responses came from more than 1300 companies including Microsoft, IBM, Apple, DEC, GE, Cray, Tandem, Sun, SGI, Mead Data Central, AT&T, and Stratus. Signatures also came from more than 850 colleges and universities and 150 non-profit organizations. Many responses came from public networks such as America Online and Compuserve. Nearly a thousand came from government and military sites including NASA, the Army and the Navy. Next week hearings will be held in Congress on the controversial cryptography proposal, an initiative developed by the FBI and the National Security Agency. Most of the witnesses are expected to testify against the plan. In a related development, the establishment of the Electronic Privacy Information Center was announced today. EPIC is jointly sponsored by CPSR and the Fund for Constitutional Government. It will focus on emerging privacy issues surrounding the information data highway. [see accompanying release]. CPSR is national membership organization, based in Palo Alto, California. For more information about CPSR, contact CPSR, P.O. Box 717, Palo Alto, CA 94302. 415 322 3778 (tel) 415 322 4748 (fax) cpsr at cpsr.org (email). From epic at cpsr.org Fri Apr 29 14:17:34 1994 From: epic at cpsr.org (Dave Banisar) Date: Fri, 29 Apr 94 14:17:34 PDT Subject: New Electronic Privacy Group Formed Message-ID: <9404291702.AA33383@Hacker2.cpsr.digex.net> EPIC Press Release Electronic Privacy Information Center 666 Pennsylvania Ave., SE, Suite 301 Washington, DC 20003 (202) 544-9240 (tel) (202) 547-5482 (fax) epic at cpsr.org (email) April 29, 1994 NEW PRIVACY CENTER ESTABLISHED EPIC TO MONITOR DATA HIGHWAY WASHINGTON, DC -- A new organization was launched today to address growing public concerns about privacy protection for the national information infrastructure. The Electronic Privacy Information Center (EPIC) will focus on emerging threats to personal privacy. Among the threats are the government's controversial Clipper computer encryption proposal, which has caused widespread protests from companies and computer users around the world. Proposals for an information superhighway and recent plans to reform the nation's health care system also involve significant threats to personal privacy. "We have established EPIC to focus public attention on these new privacy issues -- the Clipper Chip, the Digital Telephony Proposal, medical record privacy, and the sale of consumer data." said Marc Rotenberg, director of EPIC. A 1993 poll by the Lou Harris organization found 80 percent of Americans concerned about threats to their privacy. More than two thirds believe they have lost all control over personal information. Still, 70 percent believe that privacy is a fundamental right comparable to "life, liberty and the pursuit of happiness," and a clear majority of Americans favor establishment of a privacy agency within the government. EPIC brings together an unprecedented group of experts from computer science, information law, civil liberties, human rights, public interest advocacy, library and research communities, as well as privacy experts and scholars. Among the members of the EPIC Advisory Board is former Congressman and Presidential candidate John B. Anderson. Mr. Anderson said today at a Capitol Hill press conference he was very pleased by the establishment of the new organization. "Privacy is one of the bedrock American values. EPIC will help ensure that privacy is protected in the information age," said Mr. Anderson. Simon Davies, the Director General of Privacy International, welcomed the launch of EPIC. Speaking from London, England today he said, "EPIC is an exciting initiative on the leading edge of privacy protection. My hope is that EPIC will be the forerunner of many such organizations around the world." EPIC is a joint project of the Fund for Constitutional Government and Computer Professionals for Social Responsibility. FCG is a non-profit charitable organization established in 1974 to protect civil liberties and constitutional rights. CPSR is a national membership organization established in 1982 by professionals in the computing field concerned about the social impact of computer technology. For more information contact EPIC, 666 Pennsylvania Ave., SE Suite 301, Washington, DC 20003. 202 544 9240 (tel), 202 547 5482 (fax) epic at cpsr.org (email). Current materials include a program description and list of Frequently Asked Questions about EPIC. Marc Rotenberg, EPIC Director David L. Sobel, Legal Counsel Dave Banisar, Policy Analyst From sico at aps.hacktic.nl Fri Apr 29 14:20:07 1994 From: sico at aps.hacktic.nl (Sico Bruins) Date: Fri, 29 Apr 94 14:20:07 PDT Subject: PGP Question: In-Reply-To: <9404282352.AA07123@toxicwaste.media.mit.edu> Message-ID: Friday April 29 1994 01:52, Derek Atkins wrote: DA> From: Derek Atkins DA> Subject: Re: PGP Question: DA> Message-Id: <9404282352.AA07123 at toxicwaste.media.mit.edu> DA> Date: Thu, 28 Apr 94 19:52:01 EDT [edited] DA> The point is that someone shouldn't NEED to revoke their key if all DA> they are doing is changing their email address. Right, that's the point indeed. DA> What if the binding of the userID is a result of a position that you DA> hold... For example, I am the owner of a company and I sign people's DA> identifiers, saying that they are employees of mine, and possibly what DA> their position is. Now say I fire someone, I want to be able to DA> revoke my signature since the binding is no longer valid! But I DA> shouldn't need to force them to generate a new key. But here I disagree. Should one wish to use PGP to assert something *other* than that a certain PGP public key really belongs to someone, then write a message and sign *that*. I'm not sure if I really understand you here, your phrasing ("people's identifiers") is a bit unclear. CU, Sico (sico at aps.hacktic.nl). [PGP public key:] bits/keyID Date User ID 1024/5142B9 1992/09/09 Sico Bruins Key fingerprint = 16 9A E1 12 37 6D FB 09 F6 AD 55 C6 BB 25 AC 25 (InterNet: sico at aps.hacktic.nl) From tcmay at netcom.com Fri Apr 29 14:27:52 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 29 Apr 94 14:27:52 PDT Subject: Random #'s via serial port dongle? In-Reply-To: Message-ID: <199404292128.OAA28043@netcom.com> Russ Nelson asks: > This has probably been discussed before, but has anyone built a little > device that amplifies the white noise from a transistor junction, and > converts it into serial data? You could easily build a self-powered > dongle that sits on an RS-232 port and continuously spits out truly > random bytes. > > I could probably sell them for $25 if I could sell more than a hundred > of them. Is there a market for true random number generators? Yes, it's been debated many times on this list. The forthcoming FAQ has a section on random number generators, noise sources, Zener diodes, commercial implementations, etc. Several people have said they could sell them for $25. So far, I know of no such serial port dongles for $25. If you really think you can do it, go for it. (But, as politely as I can put it, don't make a lot of vague promises to the list, ask for ideas and feedback, and then let the whole thing drop. This has happened several times before.) I don't think generating random numbers is all that much of a priority. The Blum-Blum-Shub C code is available, and I defy anyone to break _that_ PRNG! (Issues of entropy are a bit different, but I expect the entropy with the BBS generator to be about as high as one can get, and as high as what would get in some instance with a "physically random" RNG.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From cdodhner at indirect.com Fri Apr 29 14:30:34 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Fri, 29 Apr 94 14:30:34 PDT Subject: Applied Cryptography In-Reply-To: <9404291740.AA08624@toad.com> Message-ID: On Sat, 30 Apr 1994, Darren Reed wrote: > Saw it on a bookshelf here, yesterday, for AUS$86.00. > > Next to it was anoher book on Cryptography, for $97.95 by "Rhee", I didn't I don't have a clue about this other book. > Are either of these worth their weight in gold ? (so to speak) Applied Cryptography could easily be renamed 'the cypherpunk's bible' in my opinion. It cost me about US$50, and it was definatly worth it. What makes it valuable is that it's focus is on the implimentation of crypto, not just the big math. It deals extensively with the different protocalls as well as all the major algorithims. I recomend it highly. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ From baum at newton.apple.com Fri Apr 29 15:04:39 1994 From: baum at newton.apple.com (Allen J. Baum) Date: Fri, 29 Apr 94 15:04:39 PDT Subject: Encryption in the news Message-ID: <9404292115.AA02605@newton.apple.com> The latest Microprocessor Reports have an article on WaveMeter, an Nat'l Semi spinoff. It is basically a smartcard chip, which uses DES to handle decryption and keep its credit balance secure. The idea is that you establish credit with a server, over a modem somehow. Then, you can decrypt the data on a CDROM, which will cost you some of this digital credit. When your credit balance goes to 0, you can call the server, and withdraw more digital money. It also, at that time, sends info about which files have been decrypted, so the owners of that data can be credited. Also, the newest issue of Government Computing, or something like that, has an article on the IRS, which is strongly thinking of using RSA for authentication. This is primarily because they need something right now, and they can't wait for the controversy surrounding the NIST DSS standard to settle down. ************************************************** * Allen J. Baum tel. (408)974-3385 * * Apple Computer, MS/305-3B * * 1 Infinite Loop * * Cupertino, CA 95014 baum at apple.com * ************************************************** From bsteve at zontar.com!bsteve Fri Apr 29 15:33:10 1994 From: bsteve at zontar.com!bsteve (Steve Blasingame) Date: Fri, 29 Apr 94 15:33:10 PDT Subject: Tempest info wanted In-Reply-To: <199404290205.WAA04696@access.netaxs.com> Message-ID: Dear Colleagues; An overview of TEMPEST can be found in DCA Circular 300-95-1, available from your nearest Federal Documents Depository / Government Library. The section of interest in is Volume 2, DCS Site and Building Information, sections SB4 & SB5, (Grounding,Shielding,HEMP). SB5 though not directly covering RFI/RF Emanation is devoted to shielding for high altitude electromagnetic pulse radiation (HEMP). The documents discuss Earth Electrode Systems, Fault Protection Systems, Lightning Protection Systems, Signal Reference Systems, and RFI containment, they also briefly discusses radio signal containment (TEMPEST) as well. This is a must-read for anyone wishing to keep their bits to themselves. Discussions of testing and validation methods are not discussed in the unclassified documents. I have included the references to the Secret/Classified documents for the sake of completeness. It is possible that some of them are by now de-classified, or may be requested through FOIA. Several other U.S. Federal documents are of interest: MIL-STD-188-124, "Grounding, Bonding, and Shielding for Common Long Haul/Tactical Communication Systems", U.S. Dept. of Defense, June 14, 1978. MIL-HDBK-419, "Grounding, Bonding, and Shielding for Electronic Equipments and Facilities", U.S. Dept. of Defense, July 1, 1981. "Design Practices for High Altitude Electromagnetic Pulse (HEMP) Protection", Defense Communications Agency, June 1981. "Systems Engineering Specification 77-4, 1842 EEG SES 77-4", Air Force Communications Command, January 1980. "EMP Engineering Practices Handbook", NATO File No. 1460-2, October 1977 "Tempest Fundamentals", NSA-82-89, NACSIM 5000, National Security Agency, February 1, 1982 (Classified). "Guidelines for Facility Design and RED/BLACK Installation, NSA-82-90, NACSIM 5203, National Security Agency, June 30, 1982 (Classified). "Physical Security Standards for Sensitive Compartmented Information Facilities (SCIF), Manual No. 50-3 Defense Intelligence Agency (For Official Use Only), May 2, 1980. "Tempest Countermeasures for Facilities Within the United States", National COMSEC Instruction, NACSI 5004, January 1984 (Secret). "Tempest Countermeasures for Facilities Outside the United States", National COMSEC Instruction, NACSI 5005, January 1985 (Secret). "Ground-based Systems EMP Design Handbook", AFWL-NTYCC-TN-82-2, Air Force Weapons Laboratory, February 1982. "R.F. Shielded Enclosures for Communications Equipment: General Specification", Specification NSA No. 65-6, National Security Agency Specificaton, October 30, 1964. Happy Reading! Steve Blasingame (510) 866 1864 Voice (510) 866 1861 FAX bsteve at zontar.com From unicorn at access.digex.net Fri Apr 29 17:30:31 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 29 Apr 94 17:30:31 PDT Subject: Constitution and Contract [Was: CIA & FBI] In-Reply-To: <9404291127.AA15821@ininx> Message-ID: <199404300029.AA07483@access1.digex.net> -----BEGIN PGP SIGNED MESSAGE----- > >- -----BEGIN PGP SIGNED MESSAGE----- > > Unicorn writes: > > > If the current structure of government is proper true to the > > constitution, and more importantly the goal of a stable > > government with co-equal branches, then respecting those > > "concepts of law" is to embrace centralism, regulation of > > markets, export restrictions and an ever growing executive > > branch. > > > If the current structure of government is improper, and goes > > beyond the bounds of power the framers intended, then > > respecting those "concepts of law" is to reject the current > > state of affairs. > > Surely someone of Unicorn's erudition is aware of Lysander Spooner's > words on this subject, but just to remind the others, here are some > of them: > > Spooner wrote these words in 1869 (_eighteen_ sixty-nine); imagine > what he might have written today! > > The Constitution has no inherent authority or obligation. It has > no authority or obligation at all, unless as a contract between > man and man. And it does not so much as even purport to be a > contract between persons now existing. It purports, at most, to > be only a contract between persons living eighty years ago.... > [Lack of representation makes Constitution an invalid contract] > This is part of the reason I reject the contention that the Constitution is a contract among peoples. As far as contract law goes, this makes every Constitution invalid and a pointless exercise if you adopt this theory. Under this model all constitutions, indeed all governments would have to be passed unanimously by a national vote. Those constitutions that do not bear the signatures of all the citizens are either not valid or not binding to those citizens. How can this be rationalized in context? Are we to adopt all the elements of contract law to constitutions? Are we to apply the doctrines of inability to contact to constitutional protections? This would require us to deny constitutional protections to minors, and infants. What about the mentally infirm? Women in the 17-1800's? Will we apply doctrines of efficient breach? Commercial impracticability? (No government would exist!) Promissory estoppel? Can 3rd party beneficiaries sue for losses? Clearly an attack on a constitution on these grounds has no bearing in practical application, or explanation. Even in 1869, the heyday of Victorian Legal Thought, where one could not be held liable except by an act of self volition, the idea of strict contract law being applied to social duty, or limitations on power, and thus Spooner's theory, was rejected. This in an era where debts were non-assignable because it was looked upon as pushing the parties into an agreement they never contemplated or consented to. Yet, Victorian Freedom of Contract at its height still rejected the "constitution as contract" theory. The federal government rules by the sword, but proports to due so under the Constitution. The continued acceptance of the process, the participation in elections, the oath that high officials take, the amendment process, the continued existence of the three branches of government, all lend themselves to the assumption that if not accepted, the Constitution is at least tolerated by the populous and the rulers. Consider the Supreme Court of the United States. The Court has no police, no army, no command authority, no enforcement branch what so ever. (Forgetting the Supreme Court Police who guard the building) What then keeps the other branches from disobeying the rulings of the Court? Nothing but respect for the structure of government. This in itself is impressive for a structure established by a document with "no authority." If there is a historical precedent for such an institution, an institution of unelected officials who pass down at times massively unpopular decisions that are none the less followed without the slightest force to back them, I am unaware of it. How can one deny the genius of this structure? (Even if the current trend of decisions is questionable). The United States does not claim its authority to be rooted in divine grant, nor in pure power over the people, nor in a quest for utopia, but in consent of the people. In so far as the United States remains a representative democracy, it looks to the Constitution for its rules. The Constitution is not a contract at all, but a grant of authority. A deed with covenants of sorts. You may rule provided you follow these rules, and if you don't, the people reserve the right to overthrow you. Spooner's position represents a tact that was fashionable in the day, that being the dismissal of sovereign authority on many grounds and using disciplines from economics to philosophy to science. What Spooner's theories lack is timeliness. They are, in fact, really just reiterations of the anti-federalist position in the late 1700's. These included objections to the notion of a constitution because of its betrayal of the concepts that the revolution was fought for. The anti-federalist position relied heavily on the objectionable nature of removing people from the political process and the lack of individual control. See generally, H. Storing, What the Antifederalists Were For (1981). This line of argument is quite old and tired by 1869, and really represents a throwback. One must remember that power was surrendered to the federal government by the people and the states conditioned upon limits. Power was not, in the reverse, granted to the people and signed for in receipt. It is such that I reject the following assumption: > The Constitution has no inherent authority or obligation. It > has no authority or obligation at all, unless as a contract > between man and man. Instead I feel the Constitution should be looked at as a grant of power. The argument that such grant should expire after the grantors do seems to rely upon the notion that the grant was some sort of limited term leasehold on power. "You may rule for one generation" in effect. To my view, this is silly. Instead it is a conditional grant of power providing in part that: All legislative Powers herein granted SHALL be vested in a Congress of the United States.... Art I sec.1 [1] No Person SHALL be a Representative who shall not have attained to the Age of twenty five Years.... Art I sec.2 [2] The Executive power SHALL be vested in a President of the United States of America.... Art II sec.1 [1] My emphasis. See also, U.S. CONST. Amend. X. Insofar as these conditions are met, government authority is legitimate by the terms it was granted. Or as I said before: > > If the current structure of government is improper, and goes beyond > > the bounds of power the framers intended, then respecting those > > "concepts of law" is to reject the current state of affairs. > > APPENDIX. > > Inasmuch as the Constitution was never signed, nor agreed to, by > anybody, as a contract, and therefore never bound anybody, and is > now binding upon nobody; and is, moreover, such an on as no people > can ever hereafter be expected to consent to, except as they may > be forced to do so at the point of the bayonet, it is perhaps of > no importance what its true legal meaning, as a contract, is [Deletions] The government rules by the bayonet only because it was given the bayonet by the states and the people. The problem of preventing tyranny is in the structure established with the grant, and it is here that the need for embracing the concepts of "law" within the constitution is important. Questioning the previous generations for their audacity in waiving your "rights" to anarchy is on the same order as questioning the audacity of those who set down the doctrine of Freedom of Contract. The hand of the dead does influence the exercise of power. Mr. Sandfort is correct in my view. There is no "magic" in the Constitution. It is a guidebook, and no more; but what a guidebook it is. It contains within a concept of government structure that has endured and maintained relative stability and freedom from tyranny for quite a while now. The Constitution of the United States does not say, "Follow me because I am law", but rather "This is the recipe for a stable check against tyranny." If the federal government mixes the recipe with too much power, the checks against tyranny established by the Constitution threaten to topple. It is this that worries me. It is this that worried the framers. Should we dismiss their genius because it is old? Because it did not bear the unanimous mandate of the people? > >These are excerpts from Spooner's article "No Treason: The Constitution >of No Authority", available from Laissez Faire Books, 1-415-541-9780 in >San Francisco. > > John E. Kreznar | Relations among people to be by > jkreznar at ininx.com | mutual consent, or not at all. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ A Victorian after my own heart. I think we disagree, if we differ at all, in the application of this theory to grants of authority. >- -----BEGIN PGP SIGNATURE----- > Version: 2.3a [...] >- -----END PGP SIGNATURE----- - -uni- (Dark) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLcGzExibHbaiMfO5AQGZxAQAvDDL7pZRGjgQyhXLD7hoXrEEQezCcwtO X9bv2uW1JJwmuVeF23nSOV1LL1Dodp2YUS0xw2hIJU99wwtcBc3XwERkidywbL5k NJL1KAaCpA4lizJZB4q1e0Hp+hGKIxrhF2wPcQIz0lVPuZDOrDeSi0pS4D+GpEKE Q9NOKO7fWLo= =UCQz -----END PGP SIGNATURE----- From unicorn at access.digex.net Fri Apr 29 17:35:59 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 29 Apr 94 17:35:59 PDT Subject: Cypherpunks as lobbying/propagandizing group Message-ID: <199404300035.AA07728@access1.digex.net> Jim Sewell says: My intent is not to form a group to go lobby congress or anything of that nature. My idea was to create a list of "credentials" for the group as a whole so that when active folks do go to the press or to meetings between CPSR & the NSA then they can have in their hands a bit of "proof" that we aren't the computer-student-woodstock-wannabes the NSA et al. say we are. <- I don't want the NSA to know what or who I am. I want them to think we're a bunch of politically isolated geeks. If they keep saying so, the political opposition to whatever they are trying to defend on the grounds that the opponents are geeks will only support us and discredit the NSA in general. -uni- (Dark) From nelson at crynwr.com Fri Apr 29 18:05:54 1994 From: nelson at crynwr.com (Russell Nelson) Date: Fri, 29 Apr 94 18:05:54 PDT Subject: Random #'s via serial port dongle? In-Reply-To: <199404292128.OAA28043@netcom.com> Message-ID: From: tcmay at netcom.com (Timothy C. May) Date: Fri, 29 Apr 1994 14:28:33 -0700 (PDT) Russ Nelson asks: > This has probably been discussed before, but has anyone built a little Yes, it's been debated many times on this list. .... I don't think generating random numbers is all that much of a priority. ... Well enough, then. I won't bother. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From blancw at microsoft.com Fri Apr 29 19:47:05 1994 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 29 Apr 94 19:47:05 PDT Subject: CIA & FBI, a marriage made in ___? Message-ID: <9404300148.AA25868@netmail2.microsoft.com> From: Black Unicorn Uni: "The hinge question is what I, or you, mean by "concepts of law." What I understand by concepts of law is "methods of coercion & constraint". Uni: ". . . In my framework, I feel it is consistent to embrace the constitution and its doctrine while still resisting regulation." In my earlier statement, that "I'm not seeing the consistency in embracing the concepts of the law, while questioning the regulation of crypto through law enforcement", I was contrasting endorsing the use of coercion while at the same time resisting its use. In the framework of a lot of legislators, they would appear to embrace the doctrine of the Constitution while yet substituting mindless coercion for intelligent understanding of the intent of the Constitution. I don't think that it was the intent of this document to establish a more perfect government by those means. What is regulation, but the threat of the use of coercion & constraint? What is a domestic policy which does not involve regulation? That which is being regulated must appear to require this from having a potential for crime, in which case isn't this why it would be classified as a "crime problem" needing "political attention through law enforcement" (from their perspective)? Blanc From blancw at microsoft.com Fri Apr 29 20:34:42 1994 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 29 Apr 94 20:34:42 PDT Subject: Constitution and Contract [Was: CIA & FBI] Message-ID: <9404300235.AA26287@netmail2.microsoft.com> From: Black Unicorn "If the federal government mixes the recipe with too much power, the checks against tyranny established by the Constitution threaten to topple. It is this that worries me. It is this that worried the framers. Should we dismiss their genius because it is old? Because it did not bear the unanimous mandate of the people?" It is not that the genius or the their document should be dismissed; it is only to understand that written works do not produce automatic effects of their own power, and that therefore the Constitution cannot be looked to by the general population as an automatic savior which will release them from the grip of tyranny. No matter what guidance the original document provides, each generation, each era, each individual must still do the work of thinking, reasoning, and determining their own fate, and they must again agree among themselves whether to accept that contract or reject it. Or improve upon it. The current structure of government is modelled after the Constitution, but the substance of it makes no sense accordingly. If the federal government mixes the recipe with too much power, it is because they want it there and mean to increase it according to a self-benefitting bias towards it. "One must remember that power was surrendered to the federal government by the people and the states conditioned upon limits." Patrick Henry warned everyone that once they had surrendered to it the power of the purse and the power of the sword, there would be no power left to them with which to save themselves from it. So who would be respecting those limits? Blanc From karn at qualcomm.com Fri Apr 29 21:03:31 1994 From: karn at qualcomm.com (Phil Karn) Date: Fri, 29 Apr 94 21:03:31 PDT Subject: Random #'s via serial port dongle? In-Reply-To: Message-ID: <199404300403.VAA19733@servo.qualcomm.com> The easiest way to get true random numbers on a PC nowadays is with a sound board, preferably 16 bit. Just MD-5 hash some gibberish speech and/or background noise. I am looking at various ways of generating good random numbers for my IP security protocol, so I'm thinking about this stuff. Unfortunately I can't always depend on there being a sound board, so I'm still open to other ideas. Recently I tried looking at phase jitter between the CPU and timer crystals, but this doesn't work on every machine. Timing keyboard hits is a tried-and-true technique in PGP, but I can't necessarily rely on that either (I want this to work in a standalone system that boots by itself). Suggestions would be appreciated. Phil From mg5n+ at andrew.cmu.edu Fri Apr 29 22:12:12 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Fri, 29 Apr 94 22:12:12 PDT Subject: REMAIL: BSU Remailers and information availability In-Reply-To: <199404291638.KAA22281@chaos.bsu.edu> Message-ID: BTW: For those who can't use finger, send mail to mg5n+finger at andrew.cmu.edu, and then put the addresses you want to finger either in the subject or in the body of the message. (ie remailer at soda.berkeley.edu, remailer-list at chaos.bsu.edu, etc) I suppose inserting a little message into all the replies from this server might be a easy way to get away with a lot of net.advertising. :) Putting little sound bites about Clipper, PGP, EFF or whatever might gain some people's interest, without having to send unsolicited email/posts like a certain law firm did. I was thinking of something like "Oppose Clipper... write to clipper-petition at cpsr.org", but that's already over with... oh well, any ideas? From d7urban at dtek.chalmers.se Fri Apr 29 23:20:58 1994 From: d7urban at dtek.chalmers.se (Urban Nilsson) Date: Fri, 29 Apr 94 23:20:58 PDT Subject: Different remailer software Message-ID: <199404300621.IAA18083@hacket.dtek.chalmers.se> I've just taken a quick look at soda.berkeley.edu's remailers. There's several of them, and if I'm now to install one of them, what are their strengths/weaknesses? Should I choose hal's remailer? Or maybe Nate's? Or hh-remailer? Sameer's anon- remailer? The INDEX file doesn't say anything about what differs one remailer from the next, just who wrote it... Help me out, please! Urban Nilsson | Use 'finger' for PGP2.3a public key. d7urban at dtek.chalmers.se |------------------------------------- Chalmers University of Technology |A person is just as big as the things Gothenburg, Sweden |that makes him angry. From hughes at ah.com Fri Apr 29 23:21:12 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 29 Apr 94 23:21:12 PDT Subject: Cypherpunks as lobbying/propagandizing group In-Reply-To: <9404291230.AA19156@disvnm2.lehman.com> Message-ID: <9404300617.AA23378@ah.com> >> However, I think we should form a small informal group of people seriously >> interested in putting together a well thought out document that is factual [etc] >I think this is a very bad idea and not the purpose of the cypherpunks list. It's a fine idea, except there's no way such a group can claim to represent cypherpunks at large. Or, Hey! get you own name. Eric From hughes at ah.com Fri Apr 29 23:48:16 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 29 Apr 94 23:48:16 PDT Subject: Random #'s via serial port dongle? In-Reply-To: Message-ID: <9404300644.AA23413@ah.com> >This has probably been discussed before, but has anyone built a little >device that amplifies the white noise from a transistor junction, and >converts it into serial data? As Tim mentions, lots of people have talked about doing this, but few actually have. Nevertheless, the device is still needed and no one has done it. I estimate you could sell 500 at $50 each within four months if there were PGP support for it. And I'll give you advertising space on the archive site. Real random numbers should be a standard part of every computer. Eric From hughes at ah.com Fri Apr 29 23:50:40 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 29 Apr 94 23:50:40 PDT Subject: spooks on cypherpunks In-Reply-To: Message-ID: <9404300647.AA23430@ah.com> >the public reasoning for >Clipper never includes "Clipper exists to displace ubiquitious public >key crypto". That's because it won't. Public key techniques will still be used for key management and authentication. The problem with Clipper is that one will have no secrecy with respect to any sufficiently powerful entity, using the government as a vector. Eric From jkreznar at ininx.com Sat Apr 30 00:42:58 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Sat, 30 Apr 94 00:42:58 PDT Subject: Constitution and Contract [Was: CIA & FBI] In-Reply-To: <199404300029.AA07483@access1.digex.net> Message-ID: <9404300742.AA16079@ininx> -----BEGIN PGP SIGNED MESSAGE----- Summary: Unicorn thoughtfully underscores the need for the defense afforded by strong cryptography and other means. He writes: > The federal government rules by the sword, but proports to due so under > the Constitution. Thank you. It's good for a freedom-loving person to be reminded of the nature of the threat. The appeal of strong cryptography is that it may help to defend against those who embrace this deceitful attitude. > The continued acceptance of the process, the > participation in elections, the oath that high officials take, the > amendment process, the continued existence of the three branches of > government, all lend themselves to the assumption that if not accepted, > the Constitution is at least tolerated by the populous and the rulers. It is for _exactly this reason_ that the freedom-loving person forbears from willful participation. > The United States does not claim its authority to be rooted in divine > grant, nor in pure power over the people, nor in a quest for utopia, but > in consent of the people. ...which is fine for a person who consents. The problem comes when he assumes that the authority extends to his neighbor who does not consent. > > John E. Kreznar | Relations among people to be by > > jkreznar at ininx.com | mutual consent, or not at all. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > A Victorian after my own heart. I think we disagree, if we differ at > all, in the application of this theory to grants of authority. Again, this is no doubt wonderful for a person who grants his authority. The trouble begins when he presumes that his neighbor, too, has granted his authority. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcIK9sDhz44ugybJAQFdAQP/SIox/IF4WjOGCjppJngkNF1Y/kJ+g1cQ 0YxXQYQjFLkeRPHszXX6OtBjWpoFER2CZha107sVBo791YxekBU0KE16ItcUZ548 86IZMj/JKSrANbjtHXC6qZ0YKOFLiLA/ZdpDRHOTsKN1OSCApVumtFHmNTKue/TF +bu6kFbeBX4= =42fR -----END PGP SIGNATURE----- From sameer at soda.berkeley.edu Sat Apr 30 00:45:13 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Sat, 30 Apr 94 00:45:13 PDT Subject: Different remailer software In-Reply-To: <199404300621.IAA18083@hacket.dtek.chalmers.se> Message-ID: Urban Nilsson spake: > > I've just taken a quick look at soda.berkeley.edu's remailers. > There's several of them, and if I'm now to install one of them, > what are their strengths/weaknesses? Should I choose hal's > remailer? Or maybe Nate's? Or hh-remailer? Sameer's anon- > remailer? The INDEX file doesn't say anything about what > differs one remailer from the next, just who wrote it... > Help me out, please! > =) I thought I wrote up the INDEX with more verbosity than you imply was there. Let's see. > hal's.instructions.gz Instructions on how to use Hal's style of remailer Instructions that everyone should read because it outlines the basics of encrypted remailer blocks & chaining pretty well with good examples. > hal's.remailer.gz The code to run Hal's remailer Hal's code, rather obsolete and hard to install. Other people have improved upon it, which are listed below. > hh-remailer-0.9.tar.gz The code for the hh at soda remailer (hmm, a little out of date.) hh-remailer-X.tar.gz -- the current version of the remailer at soda software, not quite in stable, ready-to-release form, but it's available if people want to take a crack at running the code running on remailer at soda. > nates-remailer.tar.gz The code for Nate Sammons nates at netcom.com remailer I don't know too much more about this one. I think its in C. > hh-soda-remailer-instructions > How to use the hh at soda.berkeley.edu remailer > blind-server.docs Instructions on using Sameer's blind anon-server How to use the anon-server I wrote which uses encrypted remailing blocks. The anon-server isn't quite "open for business" yet. Wait until June. Hopefully by then I'll have a good client written as well. > morpheus-remailer-hack.zip > Additions to a remailer to help with > verification that it is up & running I don't know much about this but it is probably obsolete with the addition of Ray's pinger.pl code into remailer at soda. > pubkeys.tar.gz The public keys of a few remailers > pubkeys.zip The public keys of a few remailers I think these are out of date. > scripts.tar.gz Some UNIX scripts to help with remailer chaining > anonmail.arj A C++ program to help with chaining > chain.zip A DOS program to help with chaining > dosbat.zip Some DOS .BAT files to help with chaining Various tools > remailer-install.tar.gz A system to make installation of a r An easy to install version of Hal's remailer above with a few minor modifications. Soon this and hh-remailer will be integrated and the hh-remailer code will be all spiffy and releaseable and easy to install. Hope that answers your questions. -Sameer From rustman at netcom.com Sat Apr 30 00:45:15 1994 From: rustman at netcom.com (Rusty H. Hodge) Date: Sat, 30 Apr 94 00:45:15 PDT Subject: Random #'s via Sound Cards Message-ID: <199404300746.AAA23008@netcom.netcom.com> At 9:03 PM 4/29/94 -0700, Phil Karn wrote: >The easiest way to get true random numbers on a PC nowadays is >with a sound board, preferably 16 bit. Just MD-5 hash some gibberish >speech and/or background noise. Great idea. Hell, you don't even really need random gibbirish; most sound cards have such poor analog audio front ends, you could just turn up the gain and look at the LSBs. I've mostly used the mid-level Mac products from Digidesign, and even they have analog noise that is easily detectable in the lower bits. And for MacPGP- most Macs now have a sound-in; you could either do the noise trick again (won't work as well in 8-bit, probably), or just base it on the backgroud sounds. Rusty H. Hodge, Hodge Productions (714) 532-6800 GAT d--@ -p+(p---) c++ !l u++ m+(*) s+/++ !n(-) h* f+(*) !g w++ t@ r- y* From rustman at netcom.com Sat Apr 30 00:45:19 1994 From: rustman at netcom.com (Rusty H. Hodge) Date: Sat, 30 Apr 94 00:45:19 PDT Subject: Random #'s via serial port dongle? Message-ID: <199404300746.AAA23011@netcom.netcom.com> At 9:03 PM 4/29/94 -0700, Phil Karn wrote: >I am looking at various ways of generating good random numbers for my >IP security protocol, so I'm thinking about this stuff. Unfortunately >I can't always depend on there being a sound board, so I'm still open >to other ideas. Again, being more Mac literate than PC; can't you look at the battery voltage from the bios? Depending on the resolution here, it might be a good seed value. Or maybe base it on something coming from the Ethernet interface? Time between packets, collision avoidence statistics (can you even get to this?). And who says you have to do t only one way? Start with the sound board, if not there rely on the keyboard or something? Rusty H. Hodge, Hodge Productions (714) 532-6800 GAT d--@ -p+(p---) c++ !l u++ m+(*) s+/++ !n(-) h* f+(*) !g w++ t@ r- y* From MIKEINGLE at delphi.com Sat Apr 30 00:58:27 1994 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Sat, 30 Apr 94 00:58:27 PDT Subject: Secure Drive is now obsolete Message-ID: <01HBRTDS3EQ0935JW0@delphi.com> Secure Drive, the disk encryption system written by me and improved by Edgar Swank, has been completely rewritten by two programmers in the Netherlands, Max Loewenthal and Arthur Helwig. I was not aware of this until I saw the program yesterday. They changed it to Secure Device. It still uses the IDEA algorithm, but you no longer have to create a partition! Secure Device uses a file as a phantom partition, like Stacker or inDiskreet. It has a .SYS driver of about 6K. There is a login program, or you can use another TSR which does a pop-up login prompt. There is also keyboard logout and time-delay logout. Another advantage of Secure Device is ease of backup. You just backup the container file onto your tape, and the data stays encrypted. Secure Device includes source code and is copylefted. FTP wuarchive.wustl.edu, /pub/MSDOS_UPLOADS/cryptography/secdev11.arj. --- Mike From unicorn at access.digex.net Sat Apr 30 01:14:31 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 30 Apr 94 01:14:31 PDT Subject: Constitution and Contract [Was: CIA & FBI] In-Reply-To: <9404300742.AA16079@ininx> Message-ID: <199404300813.AA25162@access1.digex.net> > > Summary: Unicorn thoughtfully underscores the need for the defense > afforded by strong cryptography and other means. > > He writes: > > > The federal government rules by the sword, but proports to due so under > > the Constitution. > > Thank you. It's good for a freedom-loving person to be reminded of the > nature of the threat. Are you being sarcastic here or...? You seem to think I look upon the above description with fondness and adoration. I do not. > > The appeal of strong cryptography is that it may help to defend against > those who embrace this deceitful attitude. Which deceitful attitude, mine or the federal government's? > > The continued acceptance of the process, the > > participation in elections, the oath that high officials take, the > > amendment process, the continued existence of the three branches of > > government, all lend themselves to the assumption that if not accepted, > > the Constitution is at least tolerated by the populous and the rulers. > > It is for _exactly this reason_ that the freedom-loving person forbears > from willful participation. I think that's difficult to do and still live in the United States, or most nations. Regardless of how persuasive I find the argument, you do probably benefit from the police, fire, emergency rescue, and national defense services provided by the government. You also probably benefit from what deterence the civil litigation and criminal processes affords those who would do you ill. While I don't find this justifies the abridgement of the constitution, I do think it stifles the argument that one is not willfully participating or partaking of soceital benefit. > > The United States does not claim its authority to be rooted in divine > > grant, nor in pure power over the people, nor in a quest for utopia, but > > in consent of the people. > > ...which is fine for a person who consents. The problem comes when he > assumes that the authority extends to his neighbor who does not consent. I think your position is basically "I didn't sign the Constitution, so the government has no power over me." I don't really see a rationale for this position, only the position itself. The clause "but in consent of the people" is a collective form of "the people." I wish it needn't be, but it is none-the-less. > > > John E. Kreznar | Relations among people to be by > > > jkreznar at ininx.com | mutual consent, or not at all. > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > A Victorian after my own heart. I think we disagree, if we differ at > > all, in the application of this theory to grants of authority. > > Again, this is no doubt wonderful for a person who grants his authority. > The trouble begins when he presumes that his neighbor, too, has granted > his authority. Again, I don't know where to go with this. You give me a position, and use it to support your position. I will say that if I believed a soceity could exist without some minority oppression I would reject all regulation. -uni- (Dark) From unicorn at access.digex.net Sat Apr 30 01:32:27 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 30 Apr 94 01:32:27 PDT Subject: Constitution and Contract [Was: CIA & FBI] In-Reply-To: <9404300235.AA26287@netmail2.microsoft.com> Message-ID: <199404300832.AA25324@access1.digex.net> > > From: Black Unicorn > > "If the federal government mixes the recipe with too much power, the > checks against tyranny established by the Constitution threaten to > topple. It is this that worries me. It is this that worried the > framers. Should we dismiss their genius because it is old? Because it > did not bear the unanimous mandate of the people?" > > It is not that the genius or the their document should be dismissed; it > is only to understand that written works do not produce automatic > effects of their own power, and that therefore the Constitution cannot > be looked to by the general population as an automatic savior which > will release them from the grip of tyranny. Concur. > > No matter what guidance the original document provides, each > generation, each era, each individual must still do the work of > thinking, reasoning, and determining their own fate, and they must > again agree among themselves whether to accept that contract or reject > it. Or improve upon it. This seems to me like the Jeffersonian notion that the Constitution should be amended in every generation. Letter to Samuel Kercheval, July 12 1816, The Portable Thomas Jefferson 557-558 (M. Peterson ed. 1975). I think this is perhaps excessive, and if you consider the effect of short term politics, one could well find his or her own generation is the one which does away with the 4th and 5th amendments because of a "Crime Crisis." If your suggestion is more along the lines of a more reasoned and enduring amendment process with some respect for the concepts of old and more importantly an attempt to adapt the spirit of the document to the reality of the day, I concur wholeheartedly. > The current structure of government is modelled after the Constitution, > but the substance of it makes no sense accordingly. If the federal > government mixes the recipe with too much power, it is because they > want it there and mean to increase it according to a self-benefitting > bias towards it. And as such the federal government runs beyond the bounds of the document's "spirit." > "One must remember that power was surrendered to the federal government > by the people and the states conditioned upon limits." > > Patrick Henry warned everyone that once they had surrendered to it the > power of the purse and the power of the sword, there would be no power > left to them with which to save themselves from it. So who would be > respecting those limits? It seems in many ways Mr. Henry was correct. I think it is a question of apathy however. The accretion of power and the expansion of the federal government is to my thinking a function of "...the generative force of unchecked disregard of the restrictions that fence in even the most disinterested assertion of authority...." _Youngstown Sheet & Tube Co. v. Sawyer_, 343 U.S. 579 (1952). (Frankfurter, J., concurring). I don't think the United States has gone over the edge quite yet, or I wouldn't be here. What disturbs me most, especially in light of Mr. Henry's quote that Mr. Weber brings to our attention, is that the citizenry do not seem interested in any form of resistance. Funny how it is hard to say that and not sound like a subversive isn't it? Regardless, the political machine in the United States is incredibly responsive to REAL public pressure. The intergovernmental respect for the Supreme Court is to me a demonstration that all is not lost. I don't believe that all the power in the citizens has been stripped, but it is being slowly bled dry. Mr. May has indicated many times that in his opinion a vicious coup and a dictatorship will not spring up overnight, but rather might come about through a slow disregard for the protections that reign in power. I must agree. > > Blanc > -uni- (Dark) From unicorn at access.digex.net Sat Apr 30 01:37:14 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 30 Apr 94 01:37:14 PDT Subject: CIA & FBI, a marriage made in ___? In-Reply-To: <9404300148.AA25868@netmail2.microsoft.com> Message-ID: <199404300837.AA25343@access1.digex.net> -----BEGIN PGP SIGNED MESSAGE----- 123456789012345678901234567890123456789012345678901234567890123456789012 Mr. Weber comments: >From: Black Unicorn >Uni: "The hinge question is what I, or you, mean by "concepts of law." >What I understand by concepts of law is "methods of coercion & >constraint" >Uni: ". . . In my framework, I feel it is consistent to embrace the >constitution and its doctrine while still resisting regulation." >In my earlier statement, that "I'm not seeing the consistency in >embracing the concepts of the law, while questioning the regulation of >crypto through law enforcement", I was contrasting endorsing the use >of coercion while at the same time resisting its use. Coercion is a tricky concept. See below. >In the framework of a lot of legislators, they would appear to embrace >the doctrine of the Constitution while yet substituting mindless >coercion for intelligent understanding of the intent of the >Constitution. I don't think that it was the intent of this document to >establish a more perfect government by those means. No argument here. >What is regulation, but the threat of the use of coercion & constraint? >What is a domestic policy which does not involve regulation? >That which is being regulated must appear to require this from having a >potential for crime, in which case isn't this why it would be >classified as a "crime problem" needing "political attention through >law enforcement" (from their perspective)? Consider this example, of which I am fond. 1> A state, call it Indinois, employs a program in prisons. A given robbery convict is consistently sentenced to 5 years. After 2, the robber is given the option of taking an experimental vaccine in exchange for the waiver of her remaining sentence. Coercion? 2> Indinois sentences robbers to 2 years, but towards the end of the sentence the warden gives the robber a choice. Either take the vaccine or get 3 years slapped on the sentence. Coercion? Why? The robber is no better or worse off. Is it merely the idea that the robber was "tricked" in the second example that makes coercion? Or are both coercion? I begin to shy away of calling all regulation coercive for this reason. It gets to the point where incentive and coercion are indistinguishable. The function of government becomes impossible. The slippery slope to complete anarchy (one which I prefer not to follow ALL the way down) lies in this direction. I find interference in the market offensive in general. I accept regulation only in the instance that a market failure has occurred, and then grudgingly. Large number problems, gaps in the availability of information, holdout problems or too few participants in the market are about the only situations that warrant regulation in my mind. For a detailed examination of permissible market regulation with which I agree see Stewart, Krier & Manell, _Environmental Law and Policy_ (3d ed.). The Supreme Court draws the line today such: Most regulation today takes the form of conditional grants of funds to states under the federal spending power. This is how the national minimum drinking age and the national speed limits are enforced at the federal level. Provided the "strings" attached to the grant are "related to the federal interest in [the] particular national project[] or program[]" the grant seeks to promote, they are constitutional. _South Dakota v. Dole_, 483 U.S. 203 (1987). I tend to find these sorts of incentives acceptable provided the grant of funds is not craftily calculated to make functioning competitively impossible, which today they often are. Clipper is a prime example. It's not intended merely to incentivize makers to accept Clipper, but to drive other systems out of the market. To me this is offensive regulation. Were all systems equal, no export regulations, no threat of removal, a government subsidized production of the system the federal government would have employed is, when properly legislated (another question entirely), legitimate "regulation" in my view when the intent is not to throttle the life out of the offending market participants. I might add that I don't think the crypto market needs regulation because I don't feel there is a market failure. Instead the government is trying to assert that an externality (one of national security) exists which makes regulation a necessity. I treat this topic and questions of coercion through threat of withdrawal of government largess in more detail in the legal note I posted to the list some months ago. Anyone interested in my ramblings who missed the posting is free to mail and ask for a copy. The constitutional requirement and the need for some coherent policy to be attached to grants explains why the Clipper and Digitel projects are hefted under the umbrella of the crime crisis. It allows huge federal grants (bigger now that the crime bill is law) to be "stringed" and these projects (Clipper etc.) to be "voluntarily encouraged" by the threat of withdrawal of government largess. (In this instance the crime bill grants). In the words of Judge Stone, "...threat of loss and not hope of gain is the essence of economic coercion." _United States v. Butler_, 297 U.S. 1 (1936). Unfortunately this is often taken to mean that as long as you frame the regulation as a conditional grant, it is constitutional. In practice this is silly. Any regulation can be drawn either way. The core question should revolve around the definition of "threat of loss." What are the basic entitlements that apply? What assumptions are made about what a given person/corporation is entitled to and what is the baseline of entitlement that lies beyond the reach of the federal government? In my view this line lies close to the right to a free market, and one free of government monopoly. For a detailed analysis of coercion See, Nozick, Coercion, in Philosophy, Science and Method (S. Morgenbesser ed. 1969); Zimmerman, Coercive Wage Offers, 10 Phil. & Pub. Aff. 121 (1981). >Blanc - -uni- (Dark) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLcIcgxibHbaiMfO5AQEMSgP+OnYrBv+fg4DJMBaKouyqda4gdjwyWUxU Ek2ThiyygbNsfjFFi24pVqFn51aS3d7R0XUaILYc0qw6gn9gF4mYDG4YfpAAhdDU 3CRjWig+R+w3eXlY8pY8ZIrsPvN/oKyhqFfh4uQiFsVoJKOj1SAZVxR7NHcVMZkZ ESN2Wt7Iec4= =67gc -----END PGP SIGNATURE----- From unicorn at access.digex.net Sat Apr 30 01:49:32 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 30 Apr 94 01:49:32 PDT Subject: CIA & FBI, a marriage made in ___? Message-ID: <199404300849.AA25426@access1.digex.net> -> The constitutional requirement and the need for some coherent policy to be attached to grants explains why the Clipper and Digitel projects are hefted under the umbrella of the crime crisis. It allows huge federal grants (bigger now that the crime bill is law) to be "stringed" and these projects (Clipper etc.) to be "voluntarily encouraged" by the threat of withdrawal of government largess. (In this instance the crime bill grants). <- I should mention that the crime bill is still in joint commitee and not yet "law." At least I think that's the case. It's to early to check. From smb at research.att.com Sat Apr 30 05:05:17 1994 From: smb at research.att.com (smb at research.att.com) Date: Sat, 30 Apr 94 05:05:17 PDT Subject: Random #'s via serial port dongle? Message-ID: <9404301205.AA14980@toad.com> >This has probably been discussed before, but has anyone built a littl e >device that amplifies the white noise from a transistor junction, and >converts it into serial data? As Tim mentions, lots of people have talked about doing this, but few actually have. Nevertheless, the device is still needed and no one has done it. I estimate you could sell 500 at $50 each within four months if there were PGP support for it. And I'll give you advertising space on the archive site. Real random numbers should be a standard part of every computer. Absolutely. Given a choice between a hardware encryptor -- even a public key hardware encryptor -- and a true random number generator, I'd unhesitatingly choose the latter. From Spooks-R-Us at sersol.com Sat Apr 30 06:10:27 1994 From: Spooks-R-Us at sersol.com (Spooks-R-Us at sersol.com) Date: Sat, 30 Apr 94 06:10:27 PDT Subject: spooks on cypherpunks Message-ID: >Don't worry about it your rep will be judged by contributions not trivial >accusations. > >Vaccinia at uncvx1.oit.unc.edu Thanks - I'll keep that in mind ;-) From Spooks-R-Us at sersol.com Sat Apr 30 06:15:09 1994 From: Spooks-R-Us at sersol.com (Spooks-R-Us at sersol.com) Date: Sat, 30 Apr 94 06:15:09 PDT Subject: Rings of Saturn (fwd) Message-ID: >The NSA among its other projects is trying to wangle a device that will >allow the access to the brain of PRZ to help them put a back door inside >PGP and the aliens want a sacrifice of 2^10 virgins for this. > > > >We're all doomed..... > >Ben. Don't give up yet - after all, where are they going to find 2^10 virgins? (We in the islands gave up volcano sacrifices for the same reasons some time ago) -Jim From klbarrus at owlnet.rice.edu Sat Apr 30 08:40:16 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Sat, 30 Apr 94 08:40:16 PDT Subject: Crypto books Message-ID: <9404301540.AA06746@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- > Next to it was anoher book on Cryptography, for $97.95 by "Rhee", I > didn't have pen/paper to get the details down, but it was hardback and > seemed to be a good compliement to "Applied Cryptography" as it delt > (almost purely from a quick browse) with the theroies and mathematics > of it, rather than giving C source code for bits and pieces. I have this book - "Cryptography and Secure Communications" by Man Young Rhee. It covers basic cryptography (number theory, DES, block ciphers, stream ciphers, public key systems) and also communications (BCH codes, Reed-Solomon Codes, Error control for cryptosystems). Late chapters cover more crypto protocols (authentication, digital signatures, ZKIP, smart cards, key management). The book is pretty good, but Schneier's book covers far more cryptographic protocols. This one seems to be a fusion of cryptography and error control coding. But then, the author's previous book was "Error Control Coding Theory." ;-) Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcJ7o4OA7OpLWtYzAQHuDgP9FjafBBP6cXfTT7qqgSjVVc94zxGzGOVv 5IR79KxwE1VthSgJxY0L3RWJa77GjdM0CxN60nBPpQ5tt4MUpO+TSG9pWLz6lC85 tW7SDsJ6uiErdT2eCZ49mMi98QXlNyjp4aaVaSYpfIpoD4pTAvtnxmer0OAf8kKK XBl1Irt0/Ck= =oD1y -----END PGP SIGNATURE----- From fhalper at pilot.njin.net Sat Apr 30 10:26:08 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Sat, 30 Apr 94 10:26:08 PDT Subject: Detweiler Message-ID: <9404301725.AA03894@pilot.njin.net> If Detweiler is a big nut. Why was he involved in the implementation of MacPGP along with people like Atkins and Finney? Reuben Halper Montclair High -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi16KosAAAEEAMUwRni4a9+GbuAhHDLcBWK60hCJUYxhr2hYokpELAhx0ejp 2fq61Tu9Hjn051CN8Xy5nu6sv2ODfG/t59l4DJSb5pirQaII3zaX0rMX0ydwGDoW YakL4ow1lNY+d/k14KpIuUW404+fNuNhIGSkdVLQIfbOgh0preK7/P44AKvdABEB AAG0JlJldWJlbiBIYWxwZXIgPGZoYWxwZXJAcGlsb3Qubmppbi5uZXQ+iQCVAgUQ Lam+x9xF3PzIgw7tAQHPogP/VmoF5AHJNBFlpxl1tvHAzrMLE8nkpengs94Y8zmF 1r5+hk0TaYeEEUzYf1QNfflya5md3WKeXnI3WhO2SRpdH953AD/tNmxw2LLEegat 5sI1XNPuNqxeompiHFRnCz4dI14qjDvRwnPay187/Q5q2F3m0nP8qA6wgl59mDq3 FuCJAJUCBRAteitx4rv8/jgAq90BARTHBACh99OJtGXATm01BUa+u6WHU5CBc2FN F5z29RpTA/JTrgUhn4qeZ19iCIlhe1wi0D3QQH0wN7FrMp6onMw49KFU05/KLDLb JSWdCzjbl/wPEG8z//O6+Pqzj+ZcNM9Rm0b08/QdVoQZMljXkl19Gq2P/D4ceewe WAKePQ2ciFdNbw== =K4ez -----END PGP PUBLIC KEY BLOCK----- From paul.elliott at hrnowl.lonestar.org Sat Apr 30 14:08:30 1994 From: paul.elliott at hrnowl.lonestar.org (Paul Elliott) Date: Sat, 30 Apr 94 14:08:30 PDT Subject: Detweiler Message-ID: <2dc2c1e6.flight@flight.hrnowl.lonestar.org> >If Detweiler is a big nut. Why was he involved in the implementation of MacPGP >along with people like Atkins and Finney? >Reuben Halper >Montclair High Hey, I liked his FAQ on anonymity on the internet. But I understand that he has since gone off the deep end. Does any one have the details? What went wrong? I have a copy of the Jargon File and Tentacle is not listed. Surely cypherpunk words like tentacle and cypherpunk could be added. -- ------------------------------------------------------------------------------ Paul Elliott Telephone: 1-713-781-4543 Paul.Elliott at hrnowl.lonestar.org Address: 3987 South Gessner #224 Houston Texas 77063 From snyderra at dunx1.ocs.drexel.edu Sat Apr 30 15:20:23 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Sat, 30 Apr 94 15:20:23 PDT Subject: Applied Cryptography Message-ID: <199404302219.SAA01323@dunx1.ocs.drexel.edu> At 2:31 PM 4/29/94 -0700, Christian D. Odhner wrote: >Applied Cryptography could easily be renamed 'the cypherpunk's bible' in >my opinion. It cost me about US$50, and it was definatly worth it. What >makes it valuable is that it's focus is on the implimentation of crypto, >not just the big math. It deals extensively with the different protocalls >as well as all the major algorithims. I recomend it highly. I ordered my copy about a week ago from the local Borders; it should be in fairly soon. From the discussion here (and the export controls WWW page) I understand a disk can be purchased with the code on it. Where do you order this from? I tried emailing Bruce Schneier, but he's out of the country for the next few months, so..... Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From cdodhner at indirect.com Sat Apr 30 16:14:10 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Sat, 30 Apr 94 16:14:10 PDT Subject: Secure Device - Plaintext/Cyphertext size difference? In-Reply-To: <01HBRTDS3EQ0935JW0@delphi.com> Message-ID: I just started using this program (secure device) yesterday. I love the concept, however there is something that bugs the hell out of me... I set it up for a 30-meg encrypted 'volume', and the file is indeed about 30 megs. However when I 'log in' to it, a dir shows only about ten megs of space. I tried creating an additional secure device volume, and this one was 25 megs on the outside and a bout 8 megs on the inside. From what I glean from Applied Cryptography, IDEA usualy produces cyphertext approximately the same size as the cleartext, right? so why the massive difference in available space? Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ On Sat, 30 Apr 1994, Mike Ingle wrote: > Secure Drive, the disk encryption system written by me and improved by > Edgar Swank, has been completely rewritten by two programmers in the > Netherlands, Max Loewenthal and Arthur Helwig. I was not aware of this > until I saw the program yesterday. > > They changed it to Secure Device. It still uses the IDEA algorithm, but > you no longer have to create a partition! Secure Device uses a file as a > phantom partition, like Stacker or inDiskreet. It has a .SYS driver of > about 6K. There is a login program, or you can use another TSR which does > a pop-up login prompt. There is also keyboard logout and time-delay logout. > > Another advantage of Secure Device is ease of backup. You just backup the > container file onto your tape, and the data stays encrypted. Secure Device > includes source code and is copylefted. > > FTP wuarchive.wustl.edu, /pub/MSDOS_UPLOADS/cryptography/secdev11.arj. > > --- Mike > > From mikeingl at news.delphi.com Sat Apr 30 16:25:20 1994 From: mikeingl at news.delphi.com (MIKEINGLE@DELPHI.COM) Date: Sat, 30 Apr 94 16:25:20 PDT Subject: Secure Device updated to 1.2 Message-ID: <199404302310.XAA16953@news.delphi.com> >Path: news.delphi.com!noc.near.net!howland.reston.ans.net!pipex!uknet!EU.net!sun4nl!tudelft.nl!liberator.et.tudelft.nl!dutetvd!arthur >From: arthur at dutetvd (Arthur Helwig) >Newsgroups: sci.crypt,alt.security.pgp >Subject: SecureDevice 1.2 available (bugfix) >Followup-To: sci.crypt >Date: 30 Apr 1994 20:08:06 GMT >Organization: Delft University of Technology, Dept. of Electrical Engineering >Lines: 27 >Message-ID: <2pudr6$836 at liberator.et.tudelft.nl> >Reply-To: A.W.S.Helwig at ET.TUDelft.NL >NNTP-Posting-Host: dutetvd.et.tudelft.nl >X-Newsreader: TIN [version 1.2 PL1] >Xref: news.delphi.com sci.crypt:19554 alt.security.pgp:11466 SECDEV12.ARJ SecureDevice version 1.2 by Max Loewenthal and Arthur Helwig Version 1.1's MKVOLUME.COM had a bug when creating volumes bigger than 8 MB. Version 1.2 is a bugfix that solves this problem. Sorry for the inconvenience. WHERE TO GET IT: Secdev12.arj is available from: wuarchive.wust.edu : /pub/MSDOS_UPLOADS/cryptography/secdev12.arj I've also uploaded it to ftp.funet.fi, but I don't know in what subdirectory it will be placed. You can use 'SITE FIND secdev' to search the ALL_FILES database there on your ftp> prompt. You can also download or file-request SECDEV12.* from Fido node 2:512/56 (+31-15-568396 - 14k4 line) I probably won't be able to read mail or news for the next 3 months. Max Loewenthal will be monitoring my mail for me, and reply to all your questions or comments about SecureDevice. Yours, Arthur Helwig (A.W.S.Helwig at ET.TUDelft.NL) From cdodhner at indirect.com Sat Apr 30 16:26:03 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Sat, 30 Apr 94 16:26:03 PDT Subject: PGP Large-Keyfile Add Error Message-ID: Hello all... I was just trying to add the 1.7meg keyfile from io.com to my keyring, and pgp (MS-Dos version 2.3A) bombs out with an 'out of memory' error... I tried coming up on a pretty bare boot, and I have 3 megs of upper memory and 590 or more k of conventional memory available. How can I get all these keys added?? Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ From CCGARY at MIZZOU1.missouri.edu Sat Apr 30 18:08:03 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Sat, 30 Apr 94 18:08:03 PDT Subject: The American money capture Message-ID: <9405010107.AA23507@toad.com> "Authority serves authority." hey! I said that. This post was provoked by two previous posts. They follow: Blanc Weber says >Patrick Henry warned everyone that once they had surrendered to it >the power of the purse & the power of the sword, there would be no >power left to them with which to save themselves from it[the State] >So who would be respecting those limits? Black Unicorn says >...the President can interfere when & where he likes in the private >sector with relative ease. How did he get here? 50 years of accretion >of power by the State. Black Unicorn was off by 31 years. The first great power grab by the State occurred in 1913. Blanc Weber makes a good point & I'll add to it. The American economy was captured in 1913. Following is text from the book THE COMING CURRENCY COLLAPSE (subtitled) and what you can do about it. The publisher is Bantam Books & the author is Jerome F. Smith, among other things, a follower of the Austrian school of economics. The following is a brief description of the banking fraud in America. start of text for THE COMING CURRENCY COLLAPSE ----------------------------------------------------------------------- AFTER 1913 Beginning with 1913, in the United States in particular, two entirely different concepts came to the fore & resulted subsequently in the de- struction of the soundness of official paper money. The two different concepts I am referring to are the Federal Reserve System & the Income Tax. The Federal Reserve System came in, in the United States, through legislation that was introduced on December 23 just as the Congressmen were preparing to go home for the holiday. It was passed, not because anyone understood what they were voting on or had examined it care- fully, but simply because they wanted to go home for Christmas. During that same year, the Constitutional Amendment to establish the Income Tax was voted in, by default; mostly people accepted it & brought it through Constitutional Amendment process on the basis of the assurances of the promoters that the tax rate would never go over one percent of most people's income, so why worry about it? Those two political changes laid the cornerstones for the rise of the warfare/welfare state & for the destruction of the soundness of the United States currency. In the present century, so far at least, population, technology, production & government have grown at highly disparate rates. --------------- BREAK ------------------------------------------ ---------------- BREAK ------------------------------------------- ---------------- BREAK ------------------------------------------ FRACTIONAL RESERVE BANKING TODAY In former times, profligate states (especially those lacking a central bank) often simply printed additional currency notes to make up the deficit between their current tax revenues & their current spend- ing programs. In today's bookkeeping economy, with modern well-dev- loped financial markets (and a central bank), however, the creation of fiat money is done in a much subtler & simpler manner (from the stand- point of the state). It simply borrows the money it needs. The deficit between revenues & expenditures is "monetized." In the United states, this means that the Federal Reserve Bank buys U.S. Treasury bonds for its own account & "pays" for them by simply crediting the Treasury's account - a bookkeeping technique well known to embezzlers When the Treasury writes a check on its account at one of the 12 Federal Reserve Banks & pays a supplier or welfare recipient, the "money" enters the commercial banking system. Let's trace it through the system; not one person in a thousand knows this technical process, & eve fewer understand its significance. The recipient can do basically on of two things with the government check: he can simply cash the check, take the cash & not spend it. In this case, the money supply (narrowly defined, M1) is defined as curr- ency in circulation outside banks plus demand deposits, it simply increases by the amount of the government check. Or, he can cash the check & spend the cash, or he can deposit the check in his deposit account. Suppose he does the latter. A new deposit is created in the commercial banking system & since demand deposits are part of M1, the money supply increases by the amount of the check. BUT in this case it doesn't stop there. The deposit now becomes part of the bank's reserves & because of the fractional-reserve banking system, the bank only has to keep on hand a small fraction of the deposit - currently(October, 1981) around 12 per- cent for deposit accounts. What the bank does then is lend out the equi- valent of 88 percent of the demand deposit to, say, another customer of the bank whose deposit account is credited. Now we have the original deposit addition to the money supply plus the new credit in the second deposit account. When a check is written on one of these accounts & deposited in another bank, it then becomes another addition to the money supply & an addition to that bank's reserves & continues until, after the process repeats five or six times, the money supply is in- creased by a multiple of the original government check. Recently the multiplier has been around 2.5 the initial injection. For example, assume the Federal Reserve Bank takes on $50 billion of new federal deficit in a given year. The increase in money supply (M1) should turn out to be around $125 billion (50 x 2.5). This explanation only elaborates the effect on M1, the narrowly defined money supply; M2, a broader definition including time deposits, through a similar process more highly leveraged (because of lower reserve re- quirements) has a multiplier of 6. Under the Monetary Control Act of 1980 the Fed is empowered to reduce reserve requirements still further &, for the first time, is further empowered to purchase & monetize debt securities issued by private cor- porations, banks, municipalities, states, etc. In other words this act authorizes the Fed to buy any IOUs it chooses in unlimited amounts, & to create Federal-Reserve dollars & dollar credits in unlimited amounts to "pay" for them! PAPER MONEY BACKED BY PAPER There is only one cause of inflation; it is officially - but not constitutionally - authorized counterfeiting of money, the official issue of paper money substitutes that are not fully backed by & redeemable in the real lawful money they purport to represent. Redeemable money substitutes backed by actual money (e.g., gold or silver) are the only form of genuine official paper money. Such paper money derives its ability to function as a money substitute from the fact that it is backed by real money assets & is a valid claim on them. This is the key characteristic that distinguishes genuine paper money from counterfeit paper money. Genuine paper money is fully redeemable. Official counterfeit paper money, originally at least, carries the promise of redeemability WHICH THE ISSUER KNOWNS TO BE FRAUDULENT. Official paper money which is not redeemable & which does not carry even the (false) promise of redeem- ability is worse than common counterfeit paper money - it is fait money; fake, worthless paper which your government orders you to accept as though it were genuine. Briefly defined, fiat money is simply fractional-reserve banking carried to its logical extreme. It is money-substitute paper with no money backing whatever. It is not even a promise to pay money; it is only a paper promise to pay paper(which is patent nonsense). Fait money is what is left when the redeemable fractional-reserve money becomes so fractionalized that the central bank issuer defaults on its redemption promise because, for actual or anticipated lack of specie(gold or silver), it is no longer able or willing to make specie payments. Through the long series of perverse modifications to the rules & practices of monetary institutions since 1913, the currencies of the Western nations, once fully backed by gold, were rendered first partially counterfeit &, since 1971, completely fraudulent fiat paper. ------------------------------------------------------------------- end of text of THE COMING CURRENCY COLLAPSE The author & conspiracy buff Robert Anton Wilson also has something of significance to say on banking conspiracies. According to Wilson, it is exceedingly difficult to discuss or debate banking conspiracies due to the myth of the Jewish banking conspiracy. To broach the subject brings suspicion that you are anti-Semiitic. Wilson states that the American banking industry seems to be controlled by old line New England, Protestant families. This is a very useful myth in suppressing dissent. For those of you who are still doubtful of the banking conspiracy, consider this analogy: Pretend that the U.S. Constitution has granted you & your family the exclusive right to coin money. You print it by the billions, its fait money(meaning you back it with nothing), it is "legal tender for all debts public & private", most Americans deal exclusively in your currency, & the world enthusiastically accepts it. It is also debt money & must be paid back with interest. The question is: is there any way you can go bankrupt or go into deep debt? Barring a huge fraud, there is no way that you & your family can go into serious debt. So why is it that non-government hotshot economists are predict- ing that there is no way for the U.S. government to pay off its debts & that within a few years, the American economy goes into the toilet. Why does the U.S. government have huge debt if it has its own popular fiat money printing machine? BECAUSE IN 1913 THE TRAITORS GAVE IT AWAY TO THE PRIVATE ORGANIZATION - THE FEDERAL RESERVE! The U.S. Congress wen from a "money maker" to a "money renter"? The American economy was surrendered to a private elite &, largely, so were the American people. Every dollar that the Federal Reserve puts into the economy is a debt dollar & must be paid back with interest - a mathematical impossi- bility! Instead of debt free government, we get a giant yearly Federal deficit. OTHER NOTABLE FACTS The Federal Reserve is a private entity that has never had an exter- nal audit! For years there has been a determined political effort with the backing of some Congressmen to force the Federal Reserve to submit to an external audit. The Federal Reserve has so far fought it off. The mass media has determinedly ignored this political fight. Who owns the Federal debt? Who owns America? It is also notable & not coincidental that the tax gestapo, the Internal Revenue Service, was established in 1913. I understand that the other industrial & post industrial nations are under similar arrangements with their central banks. Ok, what does all this have to do with Cypherpunks & its bandwith? - flamers want to know. Much of Cypherpunks is made up of people who like technological & scientific challenges. But that is not the only reason they take an interest in electronic privacy. Much of the drive is political; fueled by events such as the successful economic capture of the American economy in 1913 & by what these events imply about the nature of the ruling elites. I would guess that this is what largely motivates Chaum & associates & other electronic privacy fighters. Yours Truly, Gary Jeffers Cypherpunk PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKKK! BBBEEEAAATTTT STATE ! P.S. The national debt & the Federal Reserve were both created with the stroke of a pen. They can both be eliminated with the stroke of a pen! Our predicaments are largely the illusions we have of our lack of Power! :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) From jkreznar at ininx.com Sat Apr 30 19:27:47 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Sat, 30 Apr 94 19:27:47 PDT Subject: Constitution and Contract [Was: CIA & FBI] In-Reply-To: <199404300813.AA25162@access1.digex.net> Message-ID: <9405010227.AA16303@ininx> -----BEGIN PGP SIGNED MESSAGE----- Strong cryptography renders moot the Statist's arrogant pretense that every person is a national of some nation. With it, the determined individual can make good his wish to be part of no nation. Why would a person want to do this? Read on. > > Summary: Unicorn thoughtfully underscores the need for the defense > > afforded by strong cryptography and other means. > > He writes: > > > The federal government rules by the sword, but proports to due so under > > > the Constitution. > > Thank you. It's good for a freedom-loving person to be reminded of the > > nature of the threat. > Are you being sarcastic here or...? (Sarcastic???) You made a fitting assertion which I believe to be true and worth reemphasizing, and I thanked you for it. That's all. > > The appeal of strong cryptography is that it may help to defend against > > those who embrace this deceitful attitude. > Which deceitful attitude, mine or the federal government's? Government, deceit and all, is sustained and nourished by willful participation, as you have previously pointed out in the passage immediately following. If you participate, it's your conscience you have to live with. > > > The continued acceptance of the process, the > > > participation in elections, the oath that high officials take, the > > > amendment process, the continued existence of the three branches of > > > government, all lend themselves to the assumption that if not accepted, > > > the Constitution is at least tolerated by the populous and the rulers. > > It is for _exactly this reason_ that the freedom-loving person forbears > > from willful participation. > I think that's difficult to do and still live in the United States, or > most nations. Keep in mind that the United states is a membership association, not a geographical region, so to ``live in the United States'' means to willfully be a member of the United States. So, yes, to ``live in the United States'' is certainly to be a willful participant. But if you're saying it's difficult for a non-member to avoid participation, I agree; it's difficult. Where participation is unavoidable, it's not willful. > While I don't find this justifies the abridgement of the constitution, I > do think it stifles the argument that one is not willfully participating > or partaking of soceital benefit. Except nobody's arguing about willful partaking of societal benefit. The issue is willful participation in _government_. The benefit of society results from voluntary association among people. Imposed relations, as institutionalized in government, benefit only their perpetrators. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcMSesDhz44ugybJAQGDeAP8CUpBpQkAPNQda3iHBcpOZ+B8qU2rP1+x TDh229mhBVWShMbnXIaA6idLBRine+zfvHtH52XFRUx5ehE88AzGxV+oQIhUczi4 lFOkSr5M9ogMbKeWmISrFcnXeiDxqJoMM/xR1bp+qiY8JZnBdvDDisGPt/Aq022l cF+EjKt3DEk= =8Tbq -----END PGP SIGNATURE----- From qjones at infi.net Sat Apr 30 20:30:24 1994 From: qjones at infi.net (Wayne Q Jones) Date: Sat, 30 Apr 94 20:30:24 PDT Subject: Paranoia In-Reply-To: <9404281815.AA16163@io.lrcs.loral.com> Message-ID: They are spec warfare groups in every urban area.... police,atf,dea, fbi, they go on and on..On Thu, 28 Apr 1994, David Koontz wrote: > > I heard last night the the 3rd Battalion of the 12th Special Forces is > at Moffett, and that they wanted to modify a building to allow repelling > practice. > > I personally can't think of any reason for an elite fighting force to > be stationed in an area of urban sprawl. > > Has anyone noticed any other elite forces being located in high population > areas? **************************************************************************** Qjones at infi.net She kissed me- I felt the hot blush * * Qjones at larry.wyvern.com Of raging passion incinerate my heart * **************************************************************************** From cfrye at mason1.gmu.edu Sat Apr 30 20:49:08 1994 From: cfrye at mason1.gmu.edu (Curtis D Frye) Date: Sat, 30 Apr 94 20:49:08 PDT Subject: Cypherpunks as lobbying/propagandizing group Message-ID: <9405010348.AA21105@mason1.gmu.edu> Eric Hughes says: "It's a fine idea, except there's no way such a group can claim to represent cypherpunks at large." True enough -- my idea would be to say that our group is composed of folks who happen to be Cypherpunks subscribers. I agree that claiming to represent an anarchy is illogical and, well, an outright untruth. Curt From qjones at infi.net Sat Apr 30 21:35:04 1994 From: qjones at infi.net (Wayne Q Jones) Date: Sat, 30 Apr 94 21:35:04 PDT Subject: Constitution and Contract [Was: CIA & FBI] In-Reply-To: <199404300029.AA07483@access1.digex.net> Message-ID: actually, it is just a piece of paper. Burn the paper it's all gone. 4!/4! +-0 Bye all **************************************************************************** Qjones at infi.net She kissed me- I felt the hot blush * * Qjones at larry.wyvern.com Of raging passion incinerate my heart * **************************************************************************** From wcs at anchor.ho.att.com Sat Apr 30 22:07:15 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sat, 30 Apr 94 22:07:15 PDT Subject: Revenge of the Nerds who Missed Woodstock Message-ID: <9405010506.AA28763@anchor.ho.att.com> Fnerd writes: > Jes' patriotic citizens payin' our eternal vigilance dues. Eternal vigilance means Big Brother watching you all the time - It's what we charge for liberty around here. NSA New Employees' Manual, page 3 :-) From unicorn at access.digex.net Sat Apr 30 23:00:13 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 30 Apr 94 23:00:13 PDT Subject: Constitution and Contract [Was: CIA & FBI] Message-ID: <199405010600.AA01253@access3.digex.net> -> actually, it is just a piece of paper. Burn the paper it's all gone. 4!/4! +-0 Bye all <- It's too bad despondancy has sunk to this, your, level. From johnsonr at spot.Colorado.EDU Sat Apr 30 23:29:53 1994 From: johnsonr at spot.Colorado.EDU (Richard Johnson) Date: Sat, 30 Apr 94 23:29:53 PDT Subject: Constitution and Contract [Was: CIA & FBI] In-Reply-To: <199405010600.AA01253@access3.digex.net> Message-ID: <199405010629.AAA29017@spot.Colorado.EDU> signoff LEGITIMACY-OF-GOVT-L at toad.com Sorry, but I didn't know I'd subscribed to an alt.talk.politics-style or alt.anarchy-style mailing list. The discussion is interesting, and the essays erudite, but the topic is not what I was looking for. Can someone tell me if there's a list around somewhere that cypherpunks use to discuss the means and mechanisms, and the pros and cons of open and guerilla crypto? Richard (for the humor impaired... ;-)